Anyone predicting that Michael Lynn did severe damage to his career might want to retract those statements now that the former ISS researcher and current Cisco nemesis has landed at Juniper Networks. Although it's unclear what Lynn's role is or how long he's been with Cisco's biggest rival, I'm sure that conspiracy theorists will have a field day with this one. Lynn, you'll remember if you weren't on Mars this summer, has become infamous for a Black Hat presentation during which he proved what most savvy network administrators already suspected: Cisco's IOS had a serious flaw that could let hackers not just take down a Cisco switch or router but also hijack networking equipment and execute code.

It's finally public that Mike has joined Juniper. Several outlets are covering it. Wired also has an interview with Jeff Moss about the situation.

I guess we should get around to taking down the link for Mike's defense fund...

It's now public: Abaddon has been hired by Juniper

Under the shield and stars of the FBI crest, the letter directed Christian to surrender "all subscriber information, billing information and access logs of any person" who used a specific computer at a library branch some distance away. Christian, who manages digital records for three dozen Connecticut libraries, said in an affidavit that he configures his system for privacy. But the vendors of the software he operates said their databases can reveal the Web sites that visitors browse, the e-mail accounts they open and the books they borrow.

The FBI now issues more than 30,000 national security letters a year, according to government sources, a hundredfold increase over historic norms. The letters -- one of which can be used to sweep up the records of many people -- are extending the bureau's reach as never before into the telephone calls, correspondence and financial lives of ordinary Americans.

The situation with NSLs has always gotten me riled up. I think giving the investigative agencies a license to request information without any type of review is a disaster for civil liberties happening silently.

I do understand the value of having as much information on hand as possible to do link analysis. It's a subject I might even qualify as an expert on. Let's just say you are pulling telephone call records for a suspect, and the records of everyone he was in contact with. You certainly do have a good pool there to do link analysis. Going out another level would be pointless, but from what you find at the first level, you may decide to expand certain specific people who show connections or become of interest. It's a very reasonable way to conduct a non-intrusive investigation. That's exactly the type of thing going on, I'm sure of it, and it has a hell of a lot more to it than phone records.

However non-intrusive that may appear at first glance, some review is still necessary. There is a big difference between a directed and scoped search, and trying to find needles in a haystack by x-raying the haystack. We do have this thing called the 4th amendment. I would like to think that our right to privacy extends to data of ours that we entrust to others, like our banks, schools, libraries, service providers, etc.. I fear that rather than privacy, we only simply have the right to be left alone. Which when put that way, doesn't say anything against ransacking your digital records, as long as you don't know about it.

Is the citizens' duty in the Global War on Terrorism to submit to being a node in a big graph? What kind of node are you? What kind of nodes are your friends? All mine are hackers, and we are nervous. Nodes can easily look nefarious when that's what you are looking to find.

I strongly suggest reading this entire article.

The FBI's Secret Scrutiny (Washington Post)

If, based on their zip code, voters could access wiki based information about upcoming local and federal races and referenda items relevant to their districts, working families would have a powerful and democratic information resource at their disposal in the ballot box.

I've discussed this idea with Decius in depth. A Wiki voter guide would be possible, but extremely hard. In terms of spam and attacks, this would pose the greatest challenge to the Wiki format either of us can think of. No content would be as charged as a voter guide.

Even seeding the Wiki would be tough. Just finding out who is running in what district and what zip codes cover a district is non-trivial.

A wiki voter information guide | SinceSlicedBread.com

Francis Fukuyama checks in on radical Islam. Before diving into the quotes, here is your question of the day: Is Francis Fukuyama a NeoCon? Why?

There is good reason for thinking, however, that a critical source of contemporary radical Islamism lies not in the Middle East, but in Western Europe. In addition to Bouyeri and the London bombers, the March 11 Madrid bombers and ringleaders of the September 11 attacks such as Mohamed Atta were radicalized in Europe. In the Netherlands, where upwards of 6% of the population is Muslim, there is plenty of radicalism despite the fact that Holland is both modern and democratic. And there exists no option for walling the Netherlands off from this problem.

We profoundly misunderstand contemporary Islamist ideology when we see it as an assertion of traditional Muslim values or culture. In a traditional Muslim country, your religious identity is not a matter of choice; you receive it, along with your social status, customs and habits, even your future marriage partner, from your social environment. In such a society there is no confusion as to who you are, since your identity is given to you and sanctioned by all of the society's institutions, from the family to the mosque to the state.

It is in this context that someone like Osama bin Laden appears, offering young converts a universalistic, pure version of Islam that has been stripped of its local saints, customs and traditions. Radical Islamism tells them exactly who they are--respected members of a global Muslim umma to which they can belong despite their lives in lands of unbelief. Religion is no longer supported, as in a true Muslim society, through conformity to a host of external social customs and observances; rather it is more a question of inward belief. Hence Mr. Roy's comparison of modern Islamism to the Protestant Reformation, which similarly turned religion inward and stripped it of its external rituals and social supports.

Further, radical Islamism is as much a product of modernization and globalization as it is a religious phenomenon; it would not be nearly as intense if Muslims could not travel, surf the Web, or become otherwise disconnected from their culture. This means that "fixing" the Middle East by bringing modernization and democracy to countries like Egypt and Saudi Arabia will not solve the terrorism problem, but may in the short run make the problem worse. Democracy and modernization in the Muslim world are desirable for their own sake, but we will continue to have a big problem with terrorism in Europe regardless of what happens there.

Read the whole article.

A key property of ideologies is that after they have taken root and become accepted, they don't go away. They can't really be changed either. They can only be augmented, causing the weaker portions to erode out of their active belief. If they have deep histories, they can be recast to be things they never were, just using the whole upon which they are built. The size of the base determines the actual level of power the ideology possesses. I'm pretty sure that al-Qaeda gets this, just based on their name.

I've made the argument in several discussions lately that the only way to attack radical Islam is to pull what amounts to an "embrace and extend" strategy, and of course it must happen from within, hence the "embrace" part. If there is a key to that strategy, Fukuyama lays it out here. The degree to which society creates the person is usually a role of the state. The inner belief that caries the rest of the person, is the role of modern religion or other belief systems, some more organized than others, but all of them complex. The same thing that has made globalized Islam possible, must be used to kill radical Islam.

It's a battle of revisions.

Francis Fukuyama - A Year of Living Dangerously

1 Some electronic voting systems did not encrypt cast ballots or system audit logs, thus making it possible to alter them without detection.

2 It is easy to alter a file defining how a ballot appears, making it possible for someone to vote for one candidate and actually be recorded as voting for an entirely different candidate.

3 Falsifying election results without leaving any evidence of such an action by using altered memory cards.

4 Access to the voting network was easily compromised because not all digital recording electronic voting systems (DREs) had supervisory functions password-protected, so access to one machine provided access to the whole network.

5 Supervisory across to the voting network was also compromised by repeated use of the same user IDs combined with easily guessed passwords.

6 The locks protecting access to the system were easily picked and keys were simple to copy.

7 One DRE model was shown to have been networked in such a rudimentary fashion that a power failure on one machine would cause the entire network to fail.

8 GAO identified further problems with the security protocols and background screening practices for vendor personnel.

Voting machine security should truly be a non-partisan issue, yet it's only the democrats I ever see making an issue of it. That's truly disturbing. Will this start to become a wider issue now that the GAO is calling out the problems as well?

Daily Kos: Nonpartisan GAO Confirms Security Flaws in Voting Machines

The entire experience was frustrating and irritating. Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files.

While I believe in the media industry’s right to use copy protection mechanisms to prevent illegal copying, I don’t think that we’ve found the right balance of fair use and copy protection, yet. This is a clear case of Sony taking DRM too far.

Sony has gone very far over the line here. I will happily join in the chorus of people screaming lawsuit. Letting this one go would establish the premise that it's acceptable for the media industry to violate your property in order to protect theirs. That approach can only lead to worse problems.

Mark's Sysinternals Blog: Sony, Rootkits and Digital Rights Management Gone Too Far

Harriet, we hardly knew ye. The following week of strips on the planned confirmation hearings for Supreme Court nominee Harriet Miers were intended for publication beginning Monday, October 31st. Rendered obsolete by the announcement of her withdrawal from consideration on Thursday the 27th, they are nonetheless presented below for your reading pleasure. Next week's strips will be repeats.

Gary Trudeau had to pull next week's Miers strips following her pullout. Here are the Doonesbury strips that could have been.

Doonesbury@Slate - Mier's Strips

Then it seemed that the White House actually believed everything liberals say about conservative Christians—that we are “uneducated” and “easily led.” After administration officials snookered a few evangelical leaders into supporting Miers, they sat back and congratulated themselves on a job well done. But evangelicals are, at best, split down the middle on Miers. Apparently, Christians aren’t so easily led. (That’s what you get for believing The Washington Post!)

I fully realize that recommending an Ann Coulter article about the withdraw of Miers is kind of like putting out a person on fire by pissing on them. That's why I'm doing it. (That's what you get for linking The Washington Times!)

Now, rather than go on about how this is a good thing while stating that I half expect the next nomination to be just as laughable... I think I'm going to make a comment that "Miered" as a verb fits this situation as perfectly as "Borked" did in 1987.

Ann Coulter on Miers Withdrawal: It's Morning in America!

TinyDisk is a program from saving and retrieving files from TinyURL and TinyURL-like services such as Nanourl. It overlays a write-once-read-many anonymous, persistent and globally shared filesystem. Once something is uploaded, only the database admin can delete it. Everyone can read it. No one can know who created it. Think of it as a magical CD-R that gets burned and placed on a network.

This is a file system Acidus demoed at Phreaknic that runs on top of the link shortening service TinyURL. Its the perfect case study of how to write meaningful extensions on top of existing web applications, which was the topic of Acidus's presentation.

He's already uploaded some fun stuff into TinyURL, like The Adventures of Sherlock Holmes, and even TinyDisk itself. Thats right, the program to read and write to TinyURL is stored inside TinyURL! It was also very cool to see other people starting to use it.

I was doing some searching around yesterday, and it appears there is some interest in this tool coming from China.

TinyDisk - An anonymous shared file system on top of TinyURL

Sorry it took me so long to post some commentary about PhreakNIC. After a convention, convergence, congress, or whatever term you wish to apply to a con, I feel its important to take some time to put the pieces together and reflect on what happened and what was learned before attempting to express any of it. The point of these things, in my minds eye, is to come together, engage in as much discourse as possible, and take away every bit each individual is capable of maintaining. The focus of my work surrounds building communities, enhancing media, and addressing security threats. It would be a great act of hypocrisy if I did not attempt to apply these crafts wherever possible. That means doing so, failing, and preparing to get it right the next time around.

It also doesn't help that I had no shortage of work to get done in the past few days. I literarily have not had a chance to stop working on things since the weekend. This upcoming weekend, I'm looking forward to some rest.. Anyway, here is my PhreakNIC review. You are forewarned, this is going to be a long post.

During the talks, I was attending to the speaker area on the 9th floor. This may have been the most rewarding place to be at the con. I was very surprised when I showed up to do my part of the AV to find that no one else was tasked with watching the room. It was a vacuum I was happy to fill. All the speakers were great about taking cues to finish up their talks, so the schedule went along as planned, mostly. I'd love to do it next year as well. Everything up there was going pretty smoothly, all things considered. All the talks were good. I was able to catch the bulk of them. There were a few I missed parts of, opting to monitor the situation from the back balcony, and only focus on the beginning, end, and helping with the switch over. I look forward to catching the video of what I missed. Being heavily addicted to smoking cigarettes, I needed some breaks for that. That back balcony made it very easy for me to do this. Not to mention, the view of the city from back there is excellent.

Speaking of the video, Wilpig has already posted the talk video online on his website. Major props. This isn't the first year he has come through on this. I encourage others to mirror his site once all the video us up, and I'm sure several people will. Several people already have, although the only one I know at this time is MaxieZ's mirror. Some BitTorrent files for each of the talks would be a good idea too.

I got up to the speaker area shortly after Dolemite's opening comments when Catonic's "Professional Wifi" talk was underway. This was Catonic's first time as a convention speaker, and he told me afterwards that he had been a little ... [ Read More (2.6k in body) ]