Create an Account
username: password:
 
  MemeStreams Logo

Titles suck

search

skullaria
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

skullaria's topics
Arts
  Fine Arts
  Fiction
  Non-Fiction
  Movies
   Documentary
  Photography
Business
  Tech Industry
  Telecom Industry
  Markets & Investing
Games
Health and Wellness
Home and Garden
  Repair and Improvement
  Parenting
  Pets
Miscellaneous
  Humor
Current Events
  War on Terrorism
  Elections
  Israeli/Palestinian
  North Ireland
Recreation
  Astrology
  Martial Arts
Local Information
  Georgia
   Atlanta
    Atlanta Events
Science
  Astronomy
  Biology
  Environment
  Geology
  Medicine
  Space
Society
  Activism
  Crime
  Education
  Futurism
  International Relations
  History
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
  Military
  Philosophy
  Relationships
  Religion
  Security
Sports
Technology
  Computers
   Computer Security
    Cryptography
   Cyber-Culture
   Human Computer Interaction
   Knowledge Management
   Computer Networking
   Linux
   Microsoft Windows
   Perl Programming
   PHP Programming
   Spam
   Web Design
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
From User: Rattle

"To laugh often and much; to win the respect of intelligent people and the affection of children; to earn the appreciation of honest critics and endure the betrayal of false friends; to appreciate beauty; to find the best in others; to leave the world a bit better, whether by a healthy child, a garden patch or a redeemed social condition; to know even one life has breathed easier because you have lived. This is to have succeeded." - Ralph Waldo Emerson

Boing Boing: Security researcher quits job and blows whistle on Cisco's fatal flaws
Topic: Computer Security 11:09 pm EDT, Jul 29, 2005

I think he's a hero. If people don't realize that, its because they are idiots.

Boing Boing: Security researcher quits job and blows whistle on Cisco's fatal flaws


Mike Lynn is a Whistleblower, he should be protected
Topic: Computer Security 10:57 pm EDT, Jul 29, 2005

The EFF should support Mike Lynn in his defense against ISS and Cisco. If security researchers are not protected as Whistleblowers when they uncover major flaws, our critical communication infrastructure will be at serious risk. These are the Good Guys.

Mike has taken on enormous personal risk to do the right thing. So far, the general impression in the blogs is that he is doing the right thing. The mainstream media coverage has been good as well. This is a departure from the past, and a good one at that. The headlines contain words like "Whistleblower" and "Coverup"..

It is quite ironic that Cisco & ISS are taking the "Intellectual Property" tactic. Just to add some irony to it, here is a a post of Mike Lynn here on MemeStreams proving CherryOS stole OSS code from the PearPC project:

just incase anyone didn't believe them already here goes the analysis (I do this sort of thing for a living) first off CherryOS.exe is what we call in the security industry "packed", that means that they have taken a compiled binary and run it through an obfuscator to make it hard to reverse engineer (or at least with hard if all you're doing is strings)...this is common for virus writers, worm writers, 31337 bot net kiddies, and on the legitimate side, game developers do this a lot...its not very common among the commercial (or free) legitimate software market (mostly because it doesn't work and doesn't do any good) so, the easiest way to defeat the packing is simply to let it start up (this one has several annoying checks for debuggers so its easiest to just attach after its loaded)...

the eula for this thing says its a violation to reverse engineer it, but if you do disassemble it you find they never had the rights to license it in the first place, so I don't feel worried to put this here...

I think I have made it clear beyond a shadow of a doubt that CherryOS.exe, shipped as the core of cherryos is nothing but a recompiled version of PearPC...it has at most minor changes, most to strip attribution, hide the theft, or remove debugging output...

The only way we can fault Mike's research is with petty things like not consistently using upper case letters in his posts. The technical end of his work is flawless.

Both Cisco and ISS are attempting to spin Mike's research and make it look incomplete, but the truth of the matter is he demo'ed his technique in front of a room of people, and no one has found fault with it.

If this tactic continues, it will approach a very transparent form of character assassination. It will backfire on Cisco.

In the field of Security Research, Whistleblowing has always been a controversial issue. It is not a black and white thing. This article at CNET covers a number of the issues with disclosure of security problems that often come up. If you compare the ideas expressed in the article with what Mike actually did, you should come away thinking that Mike handled this ethically.

Mike Lynn is a Whistleblower, he should be protected


Wired News: Cisco Security Hole a Whopper
Topic: Computer Security 10:14 pm EDT, Jul 27, 2005

Wired just posted the best article so far.. Here are some of the highlights:

Lynn likened IOS to Windows XP, for its ubiquity.

"But when there is a Windows XP bug, it's not really a big deal," Lynn said. "You can still ship (data through a network) because the routers will transmit (it). How do you ship (data) when the routers are dead?"

"Can anyone think why you would steal (the source code) if not to hack it?" Lynn asked the audience, noting that it took him six months to develop an attack to exploit the bug. "I'm probably about to be sued to oblivion. (But) the worst thing is to keep this stuff secret."

"There are people out there looking for it, there are people who have probably found it who could be using it against either national infrastructure or any enterprise," said Ali-Reza Anghaie, a senior security engineer with an aerospace firm, who was in the audience.

During his talk, Lynn demonstrated an attack in real time using his own router, but did not allow the audience to see the steps. The attack took less than a minute to execute.

"In large part I had to quit to give this presentation because ISS and Cisco would rather the world be at risk, I guess," Lynn said. "They had to do what's right for their shareholders; I understand that. But I figured I needed to do what's right for the country and for the national critical infrastructure."

lolol@ the name recognition. :) I've seen one of those dudes running around here on memestreams somewhere....now, where'd he go?

Wired News: Cisco Security Hole a Whopper


BBC NEWS | Americas | Bush rejects Kyoto-style G8 deal
Topic: International Relations 9:36 am EDT, Jul  4, 2005

President George W Bush has ruled out US backing for any Kyoto-style deal on climate change at the G8 summit.

Speaking to British broadcaster ITV, he said he would instead be talking to fellow leaders about new technologies as a way of tackling global warming.

But he conceded that the issue was one "we've got to deal with" and said human activity was "to some extent" to blame.

This is exactly the type of thing that ensures Bush's legacy will not a positive one. At this point in history, any world leaders not actively doing something to curb destruction of the environment will be remembered as part of the problem, when the brunt of the problem truly comes down on us. I think its pretty safe to lay out blanket statements to this effect at this point in time.

We started as a leader when it came to environmental issues, but that is waning. When it came to CFC emissions, we passed the Clean Air Act, and at this point in time the science concretely shows that it has had a positive effect in curbing destruction of the ozone layer. We can make a difference, and to do so requires going farther then saying "we've got to deal with" this problem. We need to deal with the damn problem.

The approach of the Bush administration seems to begin and end with the idea that "new technology" is going to come around and save us. This is a copout. "New technology" is going to continue to come at a snails pace without government legislation pushing it along. There is very little economic incentive to help the environment. It looks good in commercials, but you don't have to actually be doing anything significant to market yourself as a "green company". The government needs to lead in the form of incentives and concrete deadlines for changes in emission standards.. It does play out on a global stage. The companies that can have the most significant effect on environmental issues are globalized.

We need energy policy. And not just as a domestic economic issue, but as a matter of our foreign policy. We do not even remotely appear as if we have our shit together in this area.

At this point in time, China has better emission standards then we do for new automobiles. That alone should really irk people. Where is this new technology Bush keeps touting going to come from? Beijing?

Concerts for the starving and copouts for the environment... Your term of the day is: Global Leadershit

BBC NEWS | Americas | Bush rejects Kyoto-style G8 deal


CNOOC: Unocal Bid Not About Politics - Yahoo! News
Topic: Business 7:34 am EDT, Jun 29, 2005

Chinese state-controlled oil and gas company CNOOC Ltd. is waging a high-stakes public relations campaign to focus its bid for U.S. energy producer Unocal Corp. on shareholder value, and away from politics.

Even before making public its $18.5 billion for Unocal last week, competing with a $16.6 billion deal with Chevron Corp., members of Congress sent President Bush a letter warning him of the threats posed by China's "pursuit of world energy resources."

"This is a commercial deal, a commercial bid from one New York Stock Exchange listed company to another New York Stock Exchange listed company designed to improve shareholder value for both," said Mark Palmer, a managing director at Public Strategies Inc. of Austin, Texas, one of two public relations firms hired by CNOOC.

Paul Krugman thinks we should be worried about this.

Two things that have been said often apply here. First, Chinese foreign policy consists of one word: oil. Second, its likely that any conflicts with China would be fought out on an economic battlefield.

So what does everything think? Should we be concerned about this?

I agree. I'm worried about this. Our dependance on oil is our biggest weakpoint. Its like having a insecure modem pool bypassing your firewall.

CNOOC: Unocal Bid Not About Politics - Yahoo! News


RNC Protests
Topic: Miscellaneous 9:05 am EDT, Aug 30, 2004

C-SPAN has a camera looking around 7th Av, which as far as the eye can see is packed with protesters. All was looking like a nice peaceful protest until some group decided it would be a good idea to set a big green float on fire. I just finished watching a big green thing burning in front of the McDonalds just north of The Garden. Seems very early for burning things in the street.

I have been hoping that the people would respect the city, respect each other, and even respect the rights of the political opponents being protested. Stuff like the burning floats will only force the police and fire department to close the street. Not a good sign of things to come.

I was planning to head into the city Monday or Tuesday, however now I have a feeling I will not be able to get anywhere near the place.

.....I came into work and the title of the AJC said "RNC focuses on Unity" or something like that, and I got such a great laugh. Unity. Bush. Right.

RNC Protests


Fahrenheit 9/11 in 4 Sentences
Topic: Movies 3:04 am EDT, Jun 27, 2004

The Bush family has many financial ties to the Saudis. The Bush family makes money from war. Eat the rich.

Fahrenheit 9/11 in 4 Sentences


Interz0ne3 Network Security Data Visualization
Topic: Technology 6:24 am EDT, Apr 21, 2004

The slides from Greg Conti's talk about Network Security Data Visualization are available here.

Greg gave a very good talk. Many links and references to visualization tools.

Interz0ne3 Network Security Data Visualization


(Last) Newer << 1 - 2 - 3 - 4 >>
 
 
Powered By Industrial Memetics
RSS2.0