Last week, federal, state, and local police in Tennessee, Mississippi, and Arkansas conducted a massive sweep dubbed "Operation Sudden Impact."
The operation included raids of businesses, homes, and boats; traffic roadblocks; and personal searches. They say they were looking for "terrorists." If they found any, they haven't announced it yet. They did arrest 332 people, 142 of whom they describe as "fugitives." They also issued about 1,300 traffic tickets, and according to one media account, seized "hundreds" of dollars.
...
The FBI along with hundreds of officers said they are looking for anything out of the ordinary. Agents take computers and paperwork from businesses.
"What we have found traditionally is that terrorists are involved in a number of lesser known type crimes," said Mark Luttrell, Shelby County sheriff.
There you have it. All law enforcement is anti-terrorism. The police cannot legally establish "anti-terrorism" roadblocks that essentially serve as forums for random search and seizure.
RE: Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications
Topic: Miscellaneous
11:43 pm EDT, Apr 22, 2008
Acidus wrote:
In the automatic patch-based exploit generation problem, we are given two versions of the same program P and P' where P' fixes an unknown vulnerability in P. The goal is to generate an exploit for P for the vulnerability fixed in P'. More formally, we are given a safety policy F, and the programs P and P'. The purpose of F is to encode what constitutes an exploit. Our goal is to generate an input x such that F(P(x)) = unsafe, but F(P′(x)) = safe.
... ... !!!
There is something humbling about seeing hours work (reading the Microsoft security bulletin, using IDA and BinDiff, discovering the security changes, performing the needed "magic" like unicode evasion, no null's etc) reduced to a math equation.
This article seems to have stirred up a bit of drama. I finally got time to read it this evening. These people have developed a powerful toolset that can be used to achieve some very interesting results, but I also think that what they've demonstrated here falls far short of what their abstract claims.
Basically, you get the impression that they can take a patch diff, pop it in a black box, and pull a program out the other side that can be used to launch remote code execution attacks. They then go on to assume that attackers can use tools like this to instantly produce exploits from a patch, and discuss the implications of that for patch distribution strategies. But thats not what they've produced.
What they've produced takes a patch diff as well as either input sufficient to reach the vulnerable code, or information about the place in the binary where the specific input values that exploit the vulnerability are read in, and produces permutations of that input which would be rejected by the patched version of the code.
In my view the time spent determining what sort of input can reach the vulnerable code (what inputs not what values of those inputs), and more importantly the time spend actually exploiting the vulnerability to gain unauthorized code execution, contribute more to the time required to produce working exploits from patch diffs than the part of the problem that has been solved by this paper, and so their conclusions about the impact of this result on the time from patch distribution to exploit distribution is not correct.
This tool could be helpful in analyzing vulnerabilities where a great deal of permutation occurs to data before the vulnerable code is reached, but it does not result in automatic generation of anything from patches alone, and it does not generate what I would call an exploit.
The underlying toolset, however, is very interesting. Its basically a computer that reads assembly code. You can program it to answer questions about that code. There are many questions that one could ask about binary code that would be helpful in vulnerability research and analysis beyond those envisioned here. Its a shame that these tools seem to not be available to the public.
Abraham writes: "My fascination with Tesla started in elementary school, when my science teacher compared Tesla and Edison. I decided to pay my tribute to the wizard with a patent drawing on an electric magnetic motor, submitted by Tesla in the late 1800's."
“If states are unable to guarantee such protection,” the pope said, “the international community must intervene with the juridical means provided in the United Nations charter and in other international instruments.”
Vile wrote: Yo, you bitches got a lotta fucking nerve posting these here shits on the motherfucking web. Get with the times, motherfucker. This ain't like, columbus day or nothing. Cut the shit! This is like a fucking site...on the internet. And you use it to this effect. I am only pissin' off here with no good reason though, bitches. You are just stealin' up realty on the side of the information superhighway. You should vacate cuz I could make something that's called memestreams and has www.memestreams.com as it's little slice of internet acreage and it would be cooler than what you are using that shit for now. Just you wait. Look into my words, kids. I ain't playin' witchall.
The evidence is now overwhelming that Mark Dowd was, in fact, sent back through time to kill the mother of the person who will grow up to challenge SkyNet. Please direct your attention to Dowd’s 25-page bombshell on a Flash bytecode attack.
Some context. Reliable Flash vulnerabilities are catastrophes. In 2008, we have lots of different browsers. We have different versions of the OS, and we have Mac users. But we’ve only got one Flash vendor, and everyone has Flash installed. Why do you care about Flash exploits? Because in the field, any one of them wins a commanding majority of browser installs for an attacker. It is the Cyberdyne Systems Model 101 of clientsides.
So that’s pretty bad-ass. But that’s not why the fate of humanity demands that we hunt down Dowd and dissolve him in molten steel.
Look at the details of this attack. It’s a weaponized NULL pointer attack that desynchronizes a bytecode verifier to slip malicious ActionScript bytecode into the Flash runtime. If you’re not an exploit writer, think of it this way: you know that crazy version of Super Mario Brothers that Japan refused to ship to the US markets because they thought the difficulty would upset and provoke us? This is the exploit equivalent of that guy who played the perfect game of it on YouTube.
Food Inflation, Riots Spark Worries for World Leaders - WSJ.com
Topic: Miscellaneous
9:09 am EDT, Apr 15, 2008
There was a somewhat phony story circulating about tent cities cropping up in Los Angeles as a result of the credit crunch. This story isn't phony.
Surging commodity prices have pushed up global food prices 83% in the past three years, according to the World Bank -- putting huge stress on some of the world's poorest nations. Even as the ministers met, Haiti's Prime Minister Jacques Edouard Alexis was resigning after a week in which that tiny country's capital was racked by rioting over higher prices for staples like rice and beans.
Among other targets, they singled out U.S. policies pushing corn-based ethanol and other biofuels as deepening the woes.
James Connaughton, chairman of the White House's council on environmental quality, said biofuels are only one contributor to rising food prices. Rising prices for energy and electricity also contribute, as does strong demand for food from big developing countries like China.
When I was in Nice I noticed one of these. Ironically, Nice is not listed here. Ironically I did not notice any in Montpellier. There are tons of them there.
I was too busy early this week to pay attention to the disclosure of the John Yoo memos. Most of the drama seems to be circling around this peculiar footnote, which makes reference to another memo that remains classified:
10: Indeed, drawing in part on the reasoning of Verdugo-Urquidez, as well as the Supreme Court's treatment of the destruction of property for the purposes of military necessity, our Office recently concluded that the Fourth Amendment had no application to domestic military operations. See Memorandum for Alberto R. Gonzales, Counsel to the President, and William J. Haynes, n, General Counsel, Department of Defense, from John C. Yoo, Deputy Assistant Attorney General and Robert J. Delahunty, Special Counsel, Re: Authority for Use of Military Force to Combat Terrorist Activities Within the United States at 25 (Oct 23, 200 I).
There is a bunch of discussion at the link about this footnote. It raises disturbing questions. What is a domestic military operation? If the President wants to avoid obtaining a warrant need he merely send the army instead of the police? Is domestic NSA spying a military operation, removing not only the 4th amendments warrant requirement, but its reasonableness requirement as well? More here. I would add, are there acts not regulated by FISA which would not meet the "reasonableness" requirement of the 4th amendment which this administration engaged in under this memo's advice?
Also interesting is the following footnote:
11: Our analysis here should not be confused with a theory that the Constitution somehow does not "apply" during wartime: The Supreme Court squarely rejected such a proposition long ago in Ex parte Milligan, 71 U.S. (4 Wall.) 2, 119-20 (1866), and at least that part of the Milligan decision is still good law. See, e.g., Kennedy v. MendozaMartinez, 372 U.S. 144, 164-65 (1963); United States v. L. Cohen Grocery Co., 255 U.S. 81, 88 (1921) ("[T]he mere existence of a state of war could not suspend or change the operation upon the power of Congress of the guaranties and limitations of the Fifth and Sixth Amendments ...."). Instead, we conclude that the restrictions outlined in the Fifth Amendment simply do not address actions the Executive takes in conducting a military campaign against the Nation's enemies.
Get it? The Constitution "applies" during wartime, but only to the acts of Congress, not the actions of the Executive.
Recent reports in this paper and others allege the existence of broad intelligence programs run by the National Security Agency to process wide-ranging personal data on Americans' activities. One of us (Eshoo) sees this as the latest in a string of troubling accusations about the erosion of privacy and civil liberties since 9/11. The other (McConnell) sees it as more hyperbole and inaccurate press reports designed to mislead the public into thinking that the intelligence community is acting against American law and values. Honest people can differ on these tough issues. We think it is healthy. This is America, after all.
Despite our diverging opinions, it would be useful to set forth those areas where we agree...
A cyber attack could be more devastating economically than Sept. 11. Preventing a cyber attack will require tremendous cooperation between the government and the private sector, and above all, a common understanding that our liberty and our security go hand in hand.
Comments like "our liberty and our security go hand in hand" are usually made by people when they are doing away with liberty.
Finally, no cyber-security plan will succeed without congressional support. Checks and balances are essential in a democracy, particularly when the matter concerns secret government programs that rightly remain out of the public view. Active congressional oversight gives the public confidence that their rights and their security are being properly attended to, and such oversight allows Congress to say so confidently and publicly.
This, I assume, is as opposed to judicial review... I give you Arlen Specter.
