BoingBoing is linking to the Security Focus article with a summary of the situation. Its great coverage. Mike has got to love this:

"This guy is my new hero." -- Cory Doctorow

Boing Boing: Security researcher quits job and blows whistle on Cisco's fatal flaws

Well, damn. Just damn.

Even after presenting this information in front of a few thousand highly skilled and trusted security professionals (let's face it, if you can get your office to shell out $1,500 to attend BlackHat Briefings, they pretty much must trust you) Cisco's lawyers are _still_ trying to spin this as if Abaddon's exploit technique were not "mature enough" and that he "did not follow proper industry disclosure rules".

Oh yes, and the link mentions that the settlement of the suit they slapped him with (in bloody record time!) requires him to _never_ repeat what he spoke of at BlackHat. So much for the tradition of having PDFs of everyone's presentations available, and so much for anyone outside of that conference room being able get straightforward details on what is a _very_ serious matter that IT professionals should damn well know about.

That, in a word, is _bullshit_. Abaddon has been doing his due diligence and then some on this issue for _months_. There is absolutely nothing that they could possibly say he didn't do. He talked with the FBI, the DHS (Department of Homeland Security), Cisco themselves (he even went to San Jose personally to tell them about it) and did his damnedest to make sure absolutely everyone involved knew the exact scope of the problem.

Abaddon and the Lawyers of Cisco (spoiler)

Today in the news, some person or persons unknown apparently attempted to beat some sense into a spammer.

One has to wonder whether or not this is justice--whether or not willfully contributing to the degradation of the Internet and the lesser evils of irritating the hell out of hundreds of millions of people daily actually adds up to this kind of punishment... I, personally, think that killing the guy was going a little too far, and hopefully their next endeavor will be an Internet-broadcast pillorying instead.

Lord knows they wouldn't have to spam to get people to pay to see that... word of mouth alone would probably manage to set new records for viewership on Yahoo and AOL combined.

One down, many more to go.

Julian Beever is an English artist who is famous for his art on the pavements of England, France, Germany, USA, Australia and Belgium. It's peculiarity? Beever gives his drawings an anamorphosis view, his images are drawn in such a way which gives them three dimensionality when viewing from the correct angle.

It really is pretty amazing.

3D street drawings. Too cool!

Tycho of Penny Arcade made a pretty sizable ruckus the other day (http://www.penny-arcade.com/news.php?date=2005-07-21) pertaining to the distinction the ESRB makes between their "M" (Mature, 17+) rating, and their "AO" (Adults Only, theoretically 18+) rating for video games. Apparently their written distinction is that it's the _length_ of the scenes of violence and/or sex that determine what rating the game gets, and he doesn't like it. Neither do I really, I think it's too vague to be useful as a determination, and can lend itself too easily to circus antics to swing the "offical rating" one way or the other.

For a rating system to be useful, it *must* be applied equally to all the things it's supposed to rate, and in this instance, the circus antics of Senator Clinton and the various video-game haters of America have clearly swung the rating. I present to you a blatant evasion of the smoking gun by Patricia Vance (president of the ESRB) as posted in a Gamespot article today...

From: http://www.gamespot.com/news/2005/07/21/news_6129557.html?part=rss&tag=gs_news&subj=6129557

GameSpot: Arguably [Sony Computer Entertainment's] God of War has similar levels of violence and even more graphic portrayal of sexual activity. Rockstar could argue that its Grand Theft Auto has been singled out...

Patricia Vance: I'm certainly familiar with the materials that were submitted to us, and it was rated, you know, as a relatively high M, with a number of content descriptors that indicate the game is inappropriate for anybody under the age of 17. Our action [on San Andreas] was really as a result of determining that the content--the sexual depictions--were the result of the developer creating those depictions and leaving them on the disc, coded not to be accessed by the player. Nevertheless, once they were made available and made accessible, we had no choice but to change the rating.

What this boils down to is that Sony managed to get God Of War (which is by and far more graphically violent than GTA:SA) to market without making too many ripples so that no one would have a chance to make a stink over it, so it got to keep the "M" rating. Manhunt (which is another Rockstar North title BTW) which also has an "M" rating, practically redefines "extended duration" for scenes of graphic violence, since the whole point of the game is to make the violence as sadistic and malicious as possible. In Manhunt, you are being forced to make a snuff flick for pete's sake.

Now, I'm not particularly against graphic and adult-oriented games in the least. Personally, I like playing something with more bite than a damp spongebat when I play a video game, but this business of giving Grand Theft Auto: San Andreas an "AO" rating because a third-party modification drew attention to it is complete and utter bullshit. Rockstar *is* being singled-out because there's been a big media stink, even though there are multiple other titles that the ESRB has failed to rate as "AO" which contain even more graphic content than this.

BTW, if anyone's still stocking the "AO" version of the game, let me know. I won't wait for the price drop--I'd rather buy it without the taint of politics.

I'm with Tycho on this one, ESRB is bullshit.

This is a regular web broadcast (i.e., large downloadable video files) which is mainly a parody of hardcore gamers.

Well, at least we *hope* it's a parody. I find it entertaining, anyway.

Pure Pwnage

-----Original Message-----
From: First Last [mailto:c01n0p@yahoo.com]
Sent: Sunday, July 17, 2005 11:50 AM
To: pen-test@securityfocus.com
Subject: list of address that you don't want to scan

FYI...

Original site link -
http://professionalsecuritytester.com/modules.php?name=News&file=article&sid=70

IP address you should NOT scan
Posted by cdupuis on Thursday, April 01 @ 09:38:09 CST Contributed by cdupuis

The Government Security website at
http://www.governmentsecurity.org has produced a nice list of IP address you should be aware of as a tester.
They are mostly government agencies addresses and could quickly get you in trouble if you would scan them by mistake.

Click on Read More... below see the whole list

Enjoy!

Clement

--------------------------------------------------------------------------------
With kindly thanks to Mountainman, the list of dangerosly ranges is updated again!!!
-------------------------------------------------

RANGE 6
6.* - Army Information Systems Center

RANGE 7
7.*.*.* Defense Information Systems Agency, VA

RANGE 11
11.*.*.* DoD Intel Information Systems, Defense Intelligence Agency, Washington DC

RANGE 21
21. - US Defense Information Systems Agency

RANGE 22
22.* - Defense Information Systems Agency

RANGE 24
24.198.*.*

RANGE 25
25.*.*.* Royal Signals and Radar Establishment, UK

RANGE 26
26.* - Defense Information Systems Agency

RANGE 29
29.* - Defense Information Systems Agency

RANGE 30
30.* - Defense Information Systems Agency

RANGE 49
49.* - Joint Tactical Command

RANGE 50
50.* - Joint Tactical Command

RANGE 55
55.* - Army National Guard Bureau

RANGE 55
55.* - Army National Guard Bureau

RANGE 62
62.0.0.1 - 62.30.255.255 Do not scan!

RANGE 64
64.70.*.* Do not scan
64.224.* Do not Scan
64.225.* Do not scan
64.226.* Do not scan

RANGE 128
128.37.0.0 Army Yuma Proving Ground
128.38.0.0 Naval Surface Warfare Center
128.43.0.0 Defence Research Establishment-Ottawa 128.47.0.0 Army Communications Electronics Command 128.49.0.0 Naval Ocean Systems Center 128.50.0.0 Department of Defense 128.51.0.0 Department of Defense 128.56.0.0 U.S. Naval Academy 128.60.0.0 Naval Research Laboratory 128.63.0.0 Army Ballistics Research Laboratory 128.80.0.0 Army Communications Electronics Command 128.98.0.0 - 128.98.255.255 Defence Evaluation and Research Agency 128.102.0.0 NASA Ames Research Center 128.149.0.0 NASA Headquarters 128.154.0.0 NASA Wallops Flight Facility 128.155.0.0 NASA Langley Research Center 128.156.0.0 NASA Lewis Network Control Center 128.157.0.0 NASA Johnson Space Center 128.158.0.0 NASA Ames Research Center 128.159.0.0 NASA Ames Research Center 128.160.0.0 Naval Research Laboratory 128.161.0.0 NASA Ames Res... [ Read More (4.7k in body) ]

Sites you should never *ever* scan

Now this is a truly new application of a keyboard, which I am sure will be rather hellishly expensive, but will probably not have any problem finding people to buy it judging from how much some fools are willing to pay for the reduced-size "Happy Hacker" keyboard--particularly since they willingly pay even more for the version where no one bothered to silkscreen labels onto the keys.

I give it a whole three months of this thing on the market before someone codes up a Drempels-style hack to make the keys change color and so on while the keyboard is being used. The possibilities are damn near endless.

Pimp.

This man deserves a patent with a large sack of money pinned to it.

Apparently, someone needs to tell Iain that no matter how funny it seems at the time, the things you come up with after fifteen or sixteen really superlative bong hits should probably not be posted to one's professional blog.

Iain Thompson of vnunet.net gets really, high.

One of my geek friends who I've yet to mention this site to (I think... Nobody smack me.) has put up a little blog for his adventures in Florida.

While for we here in Nashville, it will merely mean blessed rain, it's apparently gotten pretty exciting down there. But as long as the intarweb is intact, all will come out well in the end. :)

On-the-spot coverage of Hurricane Dennis