| |
|
Scientists Say They’ve Found a Code Beyond Genetics in DNA - New York Times |
|
|
|---|
| Topic: Science |
4:54 pm EDT, Jul 25, 2006 |
The genetic code specifies all the proteins that a cell makes. The second code, superimposed on the first, sets the placement of the nucleosomes, miniature protein spools around which the DNA is looped. The spools both protect and control access to the DNA itself.
Scientists Say They’ve Found a Code Beyond Genetics in DNA - New York Times |
|
OpenDNS Autofix: Very Bad Idea (tm) |
|
|
|---|
| Topic: Miscellaneous |
3:49 pm EDT, Jul 13, 2006 |
In return, sites like the notoriously sluggish MySpace.com load significantly faster, thanks to the way OpenDNS caches IP addresses. Users who type "wordpres.sorg" or "craigslist.or" into their browser's address field are automatically routed to the correct address, instead of getting a 404 error page.
This is such a very bad idea. Any time you have a computer try to figure out what you meant at the end of a connection, you are creating a serious security vulnerability. Prime example: Apache's mod_speling (SIC). If I send a request for indexh.tml, mod_speling detects the mistake and will serve back index.html. The problem is any security products like an IDS/IPS won't have this intelligence to try and "fix" the request before they analyze it. The IDS/IPS simply sees and logs a request for indexh.tml Modspelling, like this feature in OpenDNS, allows an attacker to side step the attack signatures on a IDS/IPS to exploit a site because the web server will "fix" the attack once it reaches its target. OpenDNS Autofix: Very Bad Idea (tm) |
|
MySpace case opens security can of worms [printer-friendly] | The Register |
|
|
|---|
| Topic: Miscellaneous |
3:38 pm EDT, Jul 13, 2006 |
...paradoxically, the closer we get to systems that achieve a reasonable score in keeping evildoers out, the more vulnerable we are to attack from those evildoers who bypass our filters. So when the Attorney General of a US State speaks of requiring MySpace to achieve giant strides, it's worth suggesting that he's not only being unreasonable; he may even be making things worse. The simple argument is that if parents think MySpace is a safe place to leave their children alone, they are likely to leave them far more vulnerable to the predators who do break in, than if they recognise the reality of the situation. That reality is that predators will break in. The way to deal with it is to supervise and monitor, so that people know they are being watched - exactly the same way you stop fights in the school playground. It's not rocket science.
Hear hear. MySpace case opens security can of worms [printer-friendly] | The Register |
|
invisiblethings: Introducing Blue Pill |
|
|
|---|
| Topic: Miscellaneous |
3:25 pm EDT, Jul 13, 2006 |
Interesting... I know some of y'all MSers will be at Blackhat. I expect a report :) -k invisiblethings: Introducing Blue Pill |
|
Human Space Flight (HSF) - Orbital Tracking |
|
|
|---|
| Topic: Science |
3:18 pm EDT, Jul 13, 2006 |
Objects like ISS and the Space Shuttle are fairly large and relatively low. Its possible to see them with the naked eye. This Nasa site helps you figure out when they'll be visible in your area. Human Space Flight (HSF) - Orbital Tracking |
|
Welcome to Heavens-Above! |
|
|
|---|
| Topic: Science |
3:17 pm EDT, Jul 13, 2006 |
Our aim is to provide you with all the information you need to observe satellites such as the International Space Station and the Space Shuttle, spectacular events such as the dazzlingly bright flares from Iridium satellites as well as a wealth of other spaceflight and astronomical information.
Another great site for figuring out when you can see stuff in space from your backyard. Welcome to Heavens-Above! |
|
Unwise Microwave Oven Experiments |
|
|
|---|
| Topic: Miscellaneous |
4:37 pm EDT, Jun 26, 2006 |
] Are you a kid? Does your microwave oven belong to your
] parents? If so, then don't even THINK about trying any of
] these experiments. I'm serious. If I wreck my microwave
] oven, I can buy another. Also, I'm a professional
] electrical engineer. I know enough physics and RF effects
] to take correct safety precautions when I'm
] experimenting. But you don't know the precautions, so you
] should be smart: read and enjoy my writing, but don't
] duplicate my tests unless you grow up to become an
] electronics tech, engineer, etc., and buy your OWN
] microwave oven. Yes! Unwise Microwave Oven Experiments |
|
Blue Boxing Wiretapping Systems |
|
|
|---|
| Topic: Technology |
4:24 pm EDT, Jun 26, 2006 |
In a research paper appearing in the November/December 2005 issue of IEEE Security and Privacy, we analyzed publicly available information and materials to evaluate the reliability of the telephone wiretapping technologies used by US law enforcement agencies. The analysis found vulnerabilities in widely fielded interception technologies that are used for both "pen register" and "full audio" (Title III / FISA) taps. The vulnerabilities allow a party to a wiretapped call to disable content recording and call monitoring and to manipulate the logs of dialed digits and call activity. In the most serious countermeasures we discovered, a wiretap subject superimposes a continuous low-amplitude "C-tone" audio signal over normal call audio on the monitored line. The tone is misinterpreted by the wiretap system as an "on-hook" signal, which mutes monitored call audio and suspends audio recording. Most loop extender systems, as well as at least some CALEA systems, appear to be vulnerable to this countermeasure.
John Markoff has a story on this today. Ha... They were using old school dtmf techniques to detect call status! Thats a bizarre approach. You'd think they'd have some device that spoke SS7 and the network would simply send the digital call traffic to them. U: I just read the paper. Apparently there IS no good reason they are using inband signals. Its a good paper. Read it. Of course, this kind of vulnerability isn't what I'm really interested in with respect to CALEA equipment. The big question is how does Law Enforcement get access to the CALEA system and is the security/authentication of that access method sufficient to prevent other parties from using the system. I've heard unsubstantiated whisperings that it isn't... U: The paper seems to allude to this suspicion as well... Blue Boxing Wiretapping Systems |
|
|
|---|
| Topic: Society |
3:22 pm EDT, Jun 26, 2006 |
I just received fairly reliable word that the Georgia Private Investigator Felony Statute has been vetoed by the Governor. Unfortunately I don't have a press link on that, so if anyone out there has a secondary source they can confirm this through, that would be helpful, but it seems like the Governor has heard the message from the technology community and understood the ramifications of this law. Thank you to everyone who communicated with them! Confirmed: The existing definition of “private detective business,” continued in this bill, in conjunction with the applicable exemptions in the law, fails to exclude from the private investigator licensing requirement many professions that collect information or may be called as expert witnesses in court proceedings. To expand the penalty from a misdemeanor to a felony without revision of the existing definitions in the law could result in unintended consequences; I therefore VETO HB1259.
HB 1259 Vetoed! |
|
Civil Liberties and National Security |
|
|
|---|
| Topic: Current Events |
2:48 pm EDT, Jun 26, 2006 |
Stratfor: Geopolitical Intelligence Report - May 16, 2006 Civil Liberties and National Security By George Friedman USA Today published a story last week stating that U.S. telephone
companies (Qwest excepted) had been handing over to the National
Security Agency (NSA) logs of phone calls made by American
citizens. This has, as one might expect, generated a fair bit of
controversy -- with opinions ranging from "It's not only legal but
a great idea" to "This proves that Bush arranged 9/11 so he could
create a police state." A fine time is being had by all. Therefore,
it would seem appropriate to pause and consider the matter. Let's begin with an obvious question: How in God's name did USA
Today find out about a program that had to have been among the most
closely held secrets in the intelligence community -- not only
because it would be embarrassing if discovered, but also because
the entire program could work only if no one knew it was under way?
No criticism of USA Today, but we would assume that the newspaper
wasn't running covert operations against the NSA. Therefore,
someone gave them the story, and whoever gave them the story had to
be cleared to know about it. That means that someone with a high
security clearance leaked an NSA secret. Americans have become so numbed to leaks at this point that no one
really has discussed the implications of what we are seeing: The
intelligence community is hemorrhaging classified information. It's
possible that this leak came from one of the few congressmen or
senators or staffers on oversight committees who had been briefed
on this material -- but either way, we are seeing an extraordinary
breakdown among those with access to classified material. The reason for this latest disclosure is obviously the nomination
of Gen. Michael Hayden to be the head of the CIA. Before his
appointment as deputy director of national intelligence, Hayden had
been the head of the NSA, where he oversaw the collection and
data-mining project involving private phone calls. Hayden's
nomination to the CIA has come under heavy criticism from Democrats
and Republicans, who argue that he is an inappropriate choice for
director. The release of the data-mining story to USA Today
obviously was intended as a means of shooting down his nomination
-- which it might. But what is important here is not the fate of
Hayden, but the fact that the Bush administration clearly has lost
all control of the intelligence community -- extended to include
congressional oversight processes. That is not a trivial point. At the heart of the argument is not the current breakdown in
Washington, but the more significant question of why the NSA was
running such a collection program and whether the program
represented a serious threat to l... [ Read More (2.0k in body) ] Civil Liberties and National Security |
|
