"I don't think the report is true, but these crises work for those who want to make fights between people." Kulam Dastagir, 28, a bird seller in Afghanistan
YouTube - The Life and Death of a Pumpkin
Topic: Miscellaneous
5:51 pm EST, Oct 29, 2006
Halloween, from the perspective of a pumpkin. Man...I feel like an asshole now:)
Congressman Edward Markey - October 29, 2006 - MARKEY: DON'T ARREST STUDENT, USE HIM TO FIX LOOPHOLES
Topic: Miscellaneous
2:01 pm EST, Oct 29, 2006
Under the circumstances, any legal consequences for this student must take into account his intent to perform a public service, to publicize a problem as a way of getting it fixed. He picked a lousy way of doing it, but he should not go to jail for his bad judgment.
Thank you Ed Markey! I'm sure that everyone who wrote you appreciates the fact that you are listening and that you took the time to take a closer look at this case.
Being strong on security means exposing a problem and addressing it, not covering it up by punishing the messenger.
"The nail that sticks up gets hammered down." It's one of those phrases that embodies a principle that means different things in different situations, to different people. When a person exposes a problem, is the problem the problem, or is the person the problem? I believe that people of knowledge and ability are our greatest assets.
I think this is directly relevant to what we see unfolding before our eyes right now. On one hand, I have massive respect for the law enforcement agencies that tackle security problems. On the other, I fear their potential to be reactionary rather than mindful of purpose.
If we are to achieve real security, we can not simply opt for the path of least resistance. We must tackle problems rather than brush them under the rug, where they still exist, and can be found by others. As many on this system can attest, exposing security problems is like donning a big target; few are happy to see the messenger.
The manor in which information about a vital problem is exposed must be done ethically, but it is important to remember that ethical (or responsible) disclosure is an area that has no clear black and white distinctions. Many of the gray areas are defined by the means of the messenger. Do not lose sight of the big picture.
Update: Ed Markey put out a press release today softening his stance on this.
Congressman Markey,
While I'm not one of your constituents, your statements and actions often have an impact that reaches beyond your district. Yesterday you were quoted in several news media outlets as having called for the arrest of Christopher Soghoian, a PHD candidate at the University of Indiana Bloomington, because he created a web page that generates phoney airline boarding passes. As you are likely aware, your call was answered by the FBI who reportedly broke into Soghoian's house last night and seized all of his computer equipment.
I am a professional computer security researcher. I work for one of the worlds largest IT companies. My job involves finding vulnerabilities in software systems and getting them fixed. Responsible vendors are usually very responsive and willing to work with my team when we contact them with information about problems with their products. Through this process we are able to locate and repair vulnerabilities in IT infrastructure before the bad guys can find them and exploit them. However, there are always a few unsophisticated people who seek to shoot the messenger instead of dealing with the flaw.
Christopher Soghoian is one of the good guys. He is not a criminal and he is not enabling criminals. He did not create the vulnerability in the boarding pass screening process. This problem has existed for years, and it has been noted in other quarters, most recently by Sen. Chuck Schumer. However, the problem hasn't been fixed. Soghoian's website was intended to demonstrate how simple this is, and he has clearly and repeatedly stated that his intent in creating the site was to raise awareness about the problem so that it will be fixed. His website does not make this much easier than standard desktop publishing software available on anyone's personal computer.
Your call for his arrest, and the subsiquent events that have unfolded over the past 24 hours, have done serious harm to the national security of the United States. You could have simply contacted him, informed him of the legal problems that one could face for operating such a website, and discussed shutting it down. By choosing instead to prosecute him you are sending a message to security professionals in this country that if you observe a problem with national security policies or practices and make people aware of those problems in good faith so that they might be fixed, the government will treat you as an enemy and will prosecute you if possible. The inevitable result will be that people will hold their tongues, and problems will persist until they are discovered by someone who has malicious intent.
I strongly urge you to reconsider your position on this matter. The current course of action is not in the best interests of this country.
I didn't sleep at home last night. It's fair to say I was rather shaken up.I came back today, to find the glass on the front door smashed.Inside, is a rather ransacked home, a search warrant taped to my kitchen table, a total absence of computers - and various other important things.
So, they go to his house yesterday, talk to him, and then leave... And then they return in the middle of the night, break in, and take his stuff?! Why didn't they just seize stuff when he was there in the afternoon?
The dumbest words that have ever come out of Ed Markey's mouth:
Topic: Politics and Law
3:47 pm EDT, Oct 27, 2006
"The Bush Administration must immediately act to investigate, apprehend those responsible, shut down the website, and warn airlines and aviation security officials to be on the look-out for fraudsters or terrorists trying to use fake boarding passes in an attempt to cheat their way through security and onto a plane."
Shoot the messenger! Shoot the messenger! For the love of god won't somebody PLEASE shoot that messenger!?
A New Campaign Tactic: Manipulating Google Data - New York Times
Topic: Blogging
3:48 pm EDT, Oct 26, 2006
Fifty or so other Republican candidates have also been made targets in a sophisticated “Google bombing” campaign intended to game the search engine’s ranking algorithms. By flooding the Web with references to the candidates and repeatedly cross-linking to specific articles and sites on the Web, it is possible to take advantage of Google’s formula and force those articles to the top of the list of search results.
The project was originally aimed at 70 Republican candidates but was scaled back to roughly 50 because Chris Bowers, who conceived it, thought some of the negative articles too partisan.
The articles to be used “had to come from news sources that would be widely trusted in the given district,” said Mr. Bowers, a contributor at MyDD.com (Direct Democracy), a liberal group blog. “We wanted actual news reports so it would be clear that we weren’t making anything up.”
Each name is associated with one article. Those articles are embedded in hyperlinks that are now being distributed widely among the left-leaning blogosphere. In an entry at MyDD.com this week, Mr. Bowers said: “When you discuss any of these races in the future, please, use the same embedded hyperlink when reprinting the Republican’s name. Then, I suppose, we will see what happens.”
The popular news page on Technorati indicates that enough blogs are participating in this to make the target stories some of the most widely linked in the blogosphere right now.
File this under information warfare case studies... Rattle made the prediction awhile back that we would see a rise in politically motivated Google Bombing at key times.
The Eavesdropper's Dilema - Matt Blaze et al... [PDF]
Topic: Computer Security
12:22 pm EDT, Oct 26, 2006
This paper examines the problem of surreptitious Internet interception from the eavesdropper’s point of view. We introduce the notion of ‘fidelity” in digital eavesdropping. In particular, we formalize several kinds of “network noise” that might degrade fidelity, most notably “confusion,” and show that reliable network interception may not be as simple as previously thought or even always possible. Finally, we suggest requirements for “high fidelity” network interception, and show how systems that do not meet these requirements can be vulnerable to countermeasures, which in some cases can be performed entirely by a third party without the cooperation or even knowledge of the communicating parties.
