As a consequence of that experience, I intend to provide the following instructions to students (until something changes):
1. If you find strange behaviors that may indicate that a web site is vulnerable, don’t try to confirm if it’s actually vulnerable.
2. Try to avoid using that system as much as is reasonable.
3. Don’t tell anyone (including me), don’t try to impress anyone, don’t brag that you’re smart because you found an issue, and don’t make innuendos. However much I wish I could, I can’t keep your anonymity and protect you from police questioning (where you may incriminate yourself), a police investigation gone awry and miscarriages of justice. We all want to do the right thing, and help people we perceive as in danger. However, you shouldn’t help when it puts you at the same or greater risk. The risk of being accused of felonies and having to defend yourself in court (as if you had the money to hire a lawyer — you’re a student!) is just too high. Moreover, this is a web site, an application; real people are not in physical danger. Forget about it.
4. Delete any evidence that you knew about this problem. You are not responsible for that web site, it’s not your problem — you have no reason to keep any such evidence. Go on with your life.
5. If you decide to report it against my advice, don’t tell or ask me anything about it. I’ve exhausted my limited pool of bravery — as other people would put it, I’ve experienced a chilling effect. Despite the possible benefits to the university and society at large, I’m intimidated by the possible consequences to my career, bank account and sanity. I agree with HD Moore, as far as production web sites are concerned: “There is no way to report a vulnerability safely”.
RE: Better Reality Through Technology (demonstrations!)
Topic: Technology
2:17 am EDT, May 25, 2006
Dagmar wrote: Someone's basically got a very interesting video feedback loop protection going on a table in some nightclub.
Talk about setting a mantrap for people on hallucinogens...
Messed around with some similar things in Linux last year:
http://effectv.sourceforge.net/
http://waterworks.sourceforge.net/
There's a lot of good code out there. A bunch of pd (kind of an open source MAX/MSP) stuff that I haven't yet messed with as well that looks like it could pull this off no prob.
Wouldn't surprise me if they're using MAX/MSP under the hood for these installations.
Okay. I saw this mentioned on CNN last night, and thought it might have been bullshit, or at least a complex fraud.
Apparently, they're being pretty brazen about it working now... It still sounds a bit too good to be true, but if the bloody link will work you'll see a number of things that would indicate that they might actually have a wholly viable mechanism for getting cars to run on freaking water.
Okay, so the Portland protests aren't entirely recent, but the point is this...
American rights were shit on and thrown out the window by the authorities of Portland, and nothing was done about it. They did literally everything you'd expect cold-war KGB or perhaps East German police (before the wall fell) to do about a riot, short of just running people over with tanks.
Time for Bush to fucking GO. He's irresponsible, he's a bad leader, and he's ruining the country. An empty chair would be better.
Stratfor: Geopolitical Intelligence Report - May 16, 2006
Civil Liberties and National Security
By George Friedman
USA Today published a story last week stating that U.S. telephone companies (Qwest excepted) had been handing over to the National Security Agency (NSA) logs of phone calls made by American citizens. This has, as one might expect, generated a fair bit of controversy -- with opinions ranging from "It's not only legal but a great idea" to "This proves that Bush arranged 9/11 so he could create a police state." A fine time is being had by all. Therefore, it would seem appropriate to pause and consider the matter.
Let's begin with an obvious question: How in God's name did USA Today find out about a program that had to have been among the most closely held secrets in the intelligence community -- not only because it would be embarrassing if discovered, but also because the entire program could work only if no one knew it was under way? No criticism of USA Today, but we would assume that the newspaper wasn't running covert operations against the NSA. Therefore, someone gave them the story, and whoever gave them the story had to be cleared to know about it. That means that someone with a high security clearance leaked an NSA secret.
Americans have become so numbed to leaks at this point that no one really has discussed the implications of what we are seeing: The intelligence community is hemorrhaging classified information. It's possible that this leak came from one of the few congressmen or senators or staffers on oversight committees who had been briefed on this material -- but either way, we are seeing an extraordinary breakdown among those with access to classified material.
The reason for this latest disclosure is obviously the nomination of Gen. Michael Hayden to be the head of the CIA. Before his appointment as deputy director of national intelligence, Hayden had been the head of the NSA, where he oversaw the collection and data-mining project involving private phone calls. Hayden's nomination to the CIA has come under heavy criticism from Democrats and Republicans, who argue that he is an inappropriate choice for director. The release of the data-mining story to USA Today obviously was intended as a means of shooting down his nomination -- which it might. But what is important here is not the fate of Hayden, but the fact that the Bush administration clearly has lost all control of the intelligence community -- extended to include congressional oversight processes. That is not a trivial point.
At the heart of the argument is not the current breakdown in Washington, but the more significant question of why the NSA was running such a collection program and whether the program represented a serious threat to l... [ Read More (2.0k in body) ]
To be perfectly honest with you, as stupid as the COPE Act is, this video clip actually explains it quite well, symbolically speaking.
If you didn't know what the "net neutrality" business was about, hit the link while your ISP still allows you to visit web sites that didn't pay them money.
Here is a conceptual project based on flexible screen technology. “Timeflex” is a disposable watch that can be bent or rolled with the flexibility of paper. The menu is controlled by touchscreen technology. The energy will be supplied by small super batteries, located in a thin layer of the watch.
