The Star Trek physicist enters the Seed Salon to discuss participation, the politics of knowledge production, and seduction with the artist/engineer.

Lawrence Krauss and Natalie Jeremijenko | Seed Video

Zorba is a general purpose XQuery processor implementing in C the W3C family of specifications. It is not an XML database. The query processor has been designed to be embeddable in a variety of environments such as other programming languages extended with XML processing capabilities, browsers, database servers, XML message dispatchers, or smartphones. Its architecture employes a modular design, which allows customizing the Zorba query processor to the environment’s needs. In particular the architecture of the query processor allows a pluggable XML store (e.g. main memory, DOM stores, persistent disk-based large stores, S3 stores). Zorba runs on most platforms and is available under the Apache license v2.

Zorba: The XQuery Processor

If you're a security pro, you might be familiar with the U.S. Treasury Department's Office of Foreign Asset Control (OFAC) requirements, which basically require companies to check their customers' identities against a list of known terrorists to prevent them from unwittingly providing products or services to an enemy. Most major credit bureaus check customers and applicants against these lists, so if you're vetting your partners and customers that way, you're probably covered.

However, you may not have heard yet about the Federal Trade Commission's "Red Flag" program, which is designed to warn companies when they are about to do business with identity thieves or money-laundering operations. The Red Flag program, which takes effect Nov. 1, requires enterprises to check their customers and suppliers against databases of known online criminals -- much like what OFAC does with terrorists -- and also carries potential fines and penalties for businesses that don't do their due diligence before making a major transaction.

"The final rules require each financial institution and creditor that holds any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft, to develop and implement an Identity Theft Prevention Program for combating identity theft in connection with new and existing accounts," the FTC says in the rules, which were passed last year.

Companies May Be Held Liable for Deals With Terrorists, ID Thieves

Robert Kaplan:

All the debate about Colombian free trade has obscured something important: Colombia is far safer now than it was five years ago. In fact, if Iraq were reclaiming terrorist-controlled areas as effectively as Colombia is, even the most die-hard opponents of the Iraq War would admit error. Colombia is, after Iraq and Afghanistan, our third-biggest nation-building project, and it is by far our most successful.

Colombia demonstrates the value of the indirect approach in our overseas military deployments. Our military role there, started by Bill Clinton and continued by George W. Bush, has been significant: Army Special Forces have trained elite Colombian units, who have in turn engaged the narco-terrorists. When I first visited Colombia in early 2003, the border with Venezuela was a no-go zone. Now new businesses are opening, and the streets are crowded, even at night. Parts of the south and east are experiencing the same success. Indeed, by 2006 I could visit large swathes that were inaccessible before.

Colombia is what Iraq should eventually look like, in our best dreams. Colombian President Alvaro Uribe has fought -- and is winning -- a counterinsurgency war even as he has liberalized the economy, strengthened institutions, and improved human rights. Nuri al Maliki and Hamid Karzai could learn from him. The failure of Congress to pass a free-trade pact indicates that the greatest threat to our power is our own domestic dysfunction. What should be the icing on the cake to a successful nation-building program has become an embarrassment.

A Colombian Vision for Iraq

Commanders on the battlefield will soon be able to anticipate enemy moves through Deep Green, a new program developed in part by USC's Viterbi Information Sciences Institute.

On the Battlefield, There Are No Surprises

I recently worked on a project that involved embedded systems and reverse engineering. This sort of territory can be a little hairy the first few times out. I ran into some interesting challenges and discoveries along the way which I thought might be worth writing a little bit about. I can’t tell you what the target was. But, it was important. And, we beat the crap out of it. So instead, I’ll tell you what I wish it was: a networked 4-slot toaster.

Now… to make things interesting; Early on, I’d discovered a vulnerability in the toaster that allowed any attacker to load their own firmware on the device. Ouch! My toast! My beautiful toast!

In order to drive home the risk (mostly to the vendor) of the firmware loading vulnerability, I was asked by my customer (also the vendor’s customer) to demonstrate the attack by actually loading malicious firmware onto the device and getting it to run.

Mind you, the request to prove this is actually pretty sane. I had little knowledge of the boot loader, or even of the firmware image format. I couldn’t say for sure that there wasn’t a code-signing feature, which would prevent the toaster from loading any image that wasn’t cryptographically signed by the vendor. That would have rendered the firmware loading attack impotent. To make things worse, the vendor was being pretty light on details. Can’t say I blame them.

Matasano Chargen » Retsaot is Toaster, Reversed: Quick ‘n Dirty Firmware Reversing

This paper seeks to explain the causes and consequences of the United States subprime mortgage crisis, and how this crisis has led to a generalized credit crunch in other financial sectors that ultimately affects the real economy. It postulates that, despite the recent financial innovations, the financial strategies—leveraging and financial risk mismatching—that led to the present crisis are similar to those found in the United States savings-and-loan debacle of the late 1980s and in the Asian financial crisis of the late 1990s. However, these strategies are based on market innovations that have heightened, not reduced, systemic risks and financial instability. They are as the title implies: old wine in a new bottle. Going beyond these financial practices, the underlying structural causes of the crisis are located in the loose monetary policies of central banks, deregulation, and excess liquidity in financial markets that is a consequence of the kind of economic growth that produces various imbalances—trade imbalances, financial sector imbalances, and wealth and income inequality. The consequences of excessive risk, moral hazards, and rolling bubbles are discussed.

Old Wine in a New Bottle: Subprime Mortgage Crisis—Causes and Consequences

RCFLs are a network of digital forensics labs sponsored by the FBI and staffed by local, state, and federal law enforcement personnel. These labs are available—free of charge—to 4,750 law enforcement agencies across 17 states.

Yes, RCFLs perform digital forensic exams in cyber crime cases, but they contribute to so many more kinds of investigations: terrorism, espionage, public corruption, civil rights, organized crime, white-collar crime, and violent crime. These days, computers and other technological devices are such a part of daily life that you’d be hard-pressed to find any type of criminal or terrorist who doesn’t use one. And when they do, RCFL examiners are there to extract and enhance information from these devices that may serve as evidence at trial.

You can read all about the accomplishments of these 14 labs—collectively and individually—in the RCFL Program’s Fiscal Year 2007 Annual Report.

Regional Computer Forensics Laboratory: Program Annual Report

IT security and control firm Sophos has published its latest Security Threat Report, which looks at worldwide cybercrime during the first quarter of 2008. The findings show a dramatic increase in web-based threats compared to 2007 – the first three months of 2008 showed Sophos finding and blocking a new infected webpage every five seconds, compared with one every 14 seconds last year.

One new infected webpage found every five seconds, reveals latest Sophos Security Threat Report

All of the streets in the lower 48 United States: an image of 26 million individual road segments. No other features (such as outlines or geographic features) have been added to this image, however they emerge as roads avoid mountains, and sparse areas convey low population. The pace of progress is seen in the midwest where suburban areas are punctuated by square blocks of area that are still farm land.

This began as an example I created for a student in the fall of 2006, and I just recently got a chance to document it properly. Alaska and Hawaii were initially left out for simplicity's sake, but I felt guilty because of the sad emails received from zipdecode visitors. Unfortunately, the two states don't "work" because there aren't enough roads to outline their shape, so I left them out permanently. More technical details can be found here.

all streets | ben fry