| |
| "To laugh often and much; to win the respect of intelligent people and the affection of children; to earn the appreciation of honest critics and endure the betrayal of false friends; to appreciate beauty; to find the best in others; to leave the world a bit better, whether by a healthy child, a garden patch or a redeemed social condition; to know even one life has breathed easier because you have lived. This is to have succeeded."
- Ralph Waldo Emerson |
|
Bad Vibes in Glastonbury after Cathololics Against Pagans |
|
|
|---|
| Topic: Religion |
12:12 pm EST, Nov 6, 2006 |
"BY THE light of the full moon, witches in Glastonbury will tonight be casting a "circle of protection" around Britain's centre of mysticism after a group of militant Christians cast salt at them in an attempt to "cleanse" the town of paganism. One Roman Catholic was fined and two cautioned by police after
the "alternative Hallowe'en" festival in Britain's centre of magical mysticism turned into a spiritual battle between Christianity and paganism. Now even the local Catholic priest has told his fellow Christians
that they are not welcome in the town. " Bad Vibes in Glastonbury after Cathololics Against Pagans |
|
Schneier on Security: Forge Your Own Boarding Pass |
|
|
|---|
| Topic: Security |
4:15 pm EST, Nov 2, 2006 |
Soghoian claims that he wanted to demonstrate the vulnerability. You could argue that he went about it in a stupid way, but I don't think what he did is substantively worse than what I wrote in 2003. Or what Schumer described in 2005. Why is it that the person who demonstrates the vulnerability is vilified while the person who describes it is ignored? Or, even worse, the organization that causes it is ignored? Why are we shooting the messenger instead of discussing the problem? The way to fix it is equally obvious: Verify the accuracy of the boarding passes at the security checkpoints. If passengers had to scan their boarding passes as they went through screening, the computer could verify that the boarding pass already matched to the photo ID also matched the data in the computer. Close the authentication triangle and the vulnerability disappears. The problem is real, and the Department of Homeland Security and TSA should either fix the security or scrap the system. What we've got now is the worst security system of all: one that annoys everyone who is innocent while failing to catch the guilty.
Bruce Schneier has chimed in on TSAGATE. This essay can be found on his weblog or published in Wired. The message coming out of the security community seems to unanimously contain the same basic ideas: The TSA needs to fix the problem and not shoot the messenger. Schneier on Security: Forge Your Own Boarding Pass |
|
|
|---|
| Topic: Elections |
3:10 pm EST, Nov 2, 2006 |
Early voting runs through Friday, November 3rd.
KFDM continues to get complaints from Jefferson County voters who say the electronic voting machines are not registering their votes correctly.
Friday night, KFDM reported about people who had cast straight Democratic ticket ballots, but the touch-screen machines indicated they had voted a straight Republican ticket.
Gee, didn't see that coming... KFDM-TV Channel Six News |
|
Military Blog Index - Now Censored Blog Index |
|
|
|---|
| Topic: War on Terrorism |
11:56 am EST, Nov 2, 2006 |
This site is a huge index of military blogs. " I filed a radio report today for the NPR News program "Day to Day" on news that Pentagon officials are cracking down on "mil-bloggers," military men and women who write blogs about their wartime experiences. The Pentagon is concerned about operational security. The increased scrutiny has quieted some blogs, while driving many to look for ways to follow the new rules." Military Blog Index - Now Censored Blog Index |
|
|
|---|
| Topic: Miscellaneous |
10:02 pm EST, Oct 30, 2006 |
Update: Ed Markey put out a press release today softening his stance on this. Congressman Markey, While I'm not one of your constituents, your statements and actions often have an impact that reaches beyond your district. Yesterday you were quoted in several news media outlets as having called for the arrest of Christopher Soghoian, a PHD candidate at the University of Indiana Bloomington, because he created a web page that generates phoney airline boarding passes. As you are likely aware, your call was answered by the FBI who reportedly broke into Soghoian's house last night and seized all of his computer equipment. I am a professional computer security researcher. I work for one of the worlds largest IT companies. My job involves finding vulnerabilities in software systems and getting them fixed. Responsible vendors are usually very responsive and willing to work with my team when we contact them with information about problems with their products. Through this process we are able to locate and repair vulnerabilities in IT infrastructure before the bad guys can find them and exploit them. However, there are always a few unsophisticated people who seek to shoot the messenger instead of dealing with the flaw. Christopher Soghoian is one of the good guys. He is not a criminal and he is not enabling criminals. He did not create the vulnerability in the boarding pass screening process. This problem has existed for years, and it has been noted in other quarters, most recently by Sen. Chuck Schumer. However, the problem hasn't been fixed. Soghoian's website was intended to demonstrate how simple this is, and he has clearly and repeatedly stated that his intent in creating the site was to raise awareness about the problem so that it will be fixed. His website does not make this much easier than standard desktop publishing software available on anyone's personal computer. Your call for his arrest, and the subsiquent events that have unfolded over the past 24 hours, have done serious harm to the national security of the United States. You could have simply contacted him, informed him of the legal problems that one could face for operating such a website, and discussed shutting it down. By choosing instead to prosecute him you are sending a message to security professionals in this country that if you observe a problem with national security policies or practices and make people aware of those problems in good faith so that they might be fixed, the government will treat you as an enemy and will prosecute you if possible. The inevitable result will be that people will hold their tongues, and problems will persist until they are discovered by someone who has malicious intent. I strongly urge you to reconsider your position on this matter. The current course of action is not in the best interests of this country. Respectfully,
Tom Cross My Letter to Ed Markey |
|
Google Sightseeing Jumbolair |
|
|
|---|
| Topic: Miscellaneous |
12:43 pm EDT, Oct 27, 2006 |
A post about Travolta's fly-in house. Google Sightseeing Jumbolair |
|
The Northwest Airlines Boarding Pass Generator |
|
|
|---|
| Topic: Miscellaneous |
12:39 pm EDT, Oct 27, 2006 |
This webpage will produce a boarding pass good enough to get anyone past TSA, and thus, into the "secure" gate areas of the airport terminal.
I have a big "i told you so" (tm) to say about this one... btw, i can just see the headlines now "Juniper Researcher Michael Lynn helps terrorists board planes illegally" for posting this link...heres hoping that ellen messmer doesn't read my blog... The Northwest Airlines Boarding Pass Generator |
|
Ebay Motors Hijacked via redirects |
|
|
|---|
| Topic: Computer Security |
6:11 am EDT, Oct 24, 2006 |
These redirects were still happening earlier today, from what I could tell on eBay's boards. One possibility is that this could be a problem with eBay allowing sellers to insert swf movies from 3rd party sites, which use actionscript redirects. It happens almost instantly, and buyers are not noticing they are taken off ebay. Literally TAKEN off eBay. eBay is taking pages with this exploit down as soon as they become known, so I've not got to look at any directly. Some say it is some javascript doing it, but eBay disabled javascript and encrypted js a while back - the flash has always worried me... Ebay Motors Hijacked via redirects |
|
Dr. Phil show totally rigged |
|
|
|---|
| Topic: Education |
9:54 pm EDT, Oct 23, 2006 |
Interesting read! "We certainly left our young ones behind. We did this, because of our passion for homeschooling, and Dr. Phil preyed upon this passion in having us as his audience, so that we could be the flimsy 15% that raised their hands in favor of homeschooling, so that he could have his biased TV show. He preyed upon our cause, our dreams, our passion and our hope. A true predator. The show is actually only about a half hour long. In between sets, the guests are quickly hurried off stage, and swiftly replaced with new, equally bewildered guests. Between sets, Dr. Phil deliberately goes out of his way to avoid eye contact with the audience, thus avoiding engaging the audience. Everything is done very fast, and there is so much activity with the cameras that there is no opportunity to ask questions, and no time to verbalize thoughts and ideas. It is most unnerving to witness Dr. Phil's deliberate disengagement and clearly overt avoidance of the audience. For those who love Dr. Phil, this is not the Dr. Phil that they see on TV." Dr. Phil show totally rigged |
|
