Adobe is aware of recently published reports of a ‘Clickjacking’ issue in multiple web browsers that could allow an attacker to lure a web browser user into unknowingly clicking on a link or dialog. It has been determined that this potential “Clickjacking” issue affects Adobe Flash Player.
[..]
Adobe is working to address the issue in an upcoming Flash Player update, scheduled for release before the end of October.
If you don’t want to wait that long, here is a better solution.
Has the current economic crisis caused you personal debt problems? As a cybercrime researcher I’d like to make one recommendation. If you need help with your debt, please DO NOT turn to Russian spammers who use Chinese domain name registrars to create domains they claim to host in Panama.
A hacker claims to have cracked the web site of Fox News commentator Bill O’Reilly and purloined a list of subscribers to the site, which includes their names, e-mail addresses, city and state, and the password they use for their registration to the site.
The attack was retaliation for comments that O’Reilly made on the air this week about web sites that published e-mails obtained from the Yahoo account of Alaska Governor Sarah Palin, according to a press release distributed by WikiLeaks late Friday.
In the video above, O’Reilly spoke with Amanda Carpenter, a reporter for Townhall.com who agreed with him and said that a web site that published such information was “complicit” in the hack of Palin’s e-mail account.
“They think it’s newsworthy, even though the information was absolutely, illegally obtained,” she said.
Neither O’Reilly nor Carpenter mentioned the First Amendment protection that media organizations, such as Fox News and Townhall.com, are generally afforded for publishing newsworthy information.
That segment was followed the next day by a segment with Fox News anchor, Megyn Kelly, a lawyer, who explained why the First Amendment would protect the sites. (See video below.)
O’Reilly, disagreed with her, however.
“If your grandma sends you 50 bucks for your birthday and somebody steals the letter and gives it to somebody else and they take the 50 bucks, they’re going to get charged as well as this person who stole the letter,” he said.
Kelly explained that taking stolen money and publishing news were not the same.
“That’s crazy,” he said.
“No it’s not crazy,” Kelly replied. “Because . . . what if somebody obtained a document illegally that proved some massive conspiracy among the presidential candidates and they leaked it to Fox News and we knew it was stolen. You don’t think we’d put it on the air? You’re darn right we would. And it’s not illegal.”
Will Mr. O’Reilly be notifying all of his subscribes of the breach? He might also want to point out that if someone has used the same password at BillOReilly.com and their email account, then the bad guys can potentially break into a lot of other Web site accounts.
Shouldn’t these same people be standing up today and insisting that if Sarah Palin has done nothing wrong, then she should have nothing to hide? If Sarah Palin isn’t committing crimes or consorting with The Terrorists, then why would she care if we can monitor her emails? And if private companies such as Yahoo can access her emails — as they can — then she doesn’t really have any “privacy” anyway, so what’s the big deal if others read through her communications, too? Isn’t that the authoritarian idiocy that has been spewed since The Day That 9/11 Changed Everything — beginning with the Constitution — to justify vesting secret and unchecked surveillance powers in our Great and Good Leaders?
And then, even better, there is the righteous outrage over the fact that this hacker engaged in what they call [spat with whispered contempt] . . . . “illegal surveillance.” Why, whoever broke into Palin’s Yahoo account broke the law, and we all know that that can’t be tolerated!
Mario Labbé, an executive with a Montreal-based record company, says his Canadian passport triggers a red alert on the computers of U.S. customs agents every time he tries to board a flight to the U.S. — which is about once a month for the past seven years.
The U.S. Department of Homeland Security wrote a letter to Labbé in 2004, saying he had been placed on their watch list after falling victim to identity theft. At the time, the department said there was no way for his name to be removed.
Although Labbé wrote letters to the U.S. department, his efforts were in vain, prompting him to legally change his name.
“So now, my official name is François Mario Labbé,” he said.
“Then you have to change everything: driver’s license, social insurance, medicare, credit card — everything.”
Although it’s not a big change from Mario Labbé, he said it’s been enough to foil the U.S. customs computers.
In a study of terrorism prepared for the Copenhagen Consensus project by Professor Todd Sandler, of the University of Texas, and two other economists, they conclude that “guarding against terrorism can use large resources for little reduction in risk”.
What’s more, defensive measures against terrorism “may simply change the focus of attacks (for example from hijacking to kidnaps) and even increase attacks by creating new grievances”.
Sandler and his colleagues conducted an analysis of the costs and benefits of five different approaches to combating terrorism. I must warn you that, because of the dearth of information, this study is even more reliant on assumptions than usual. Even so, in three cases the cost of the action so far exceeds the benefits that doubts about the reliability of the estimates recede.
Because the loss of life is so low, they measure the benefits of successful counter-terrorism measures in terms of loss of gross domestic product avoided. Trouble is, terrorism does little to disrupt economic growth, as even September 11 demonstrated.
Using the case of the US, Sandler estimates that simply continuing the present measures involves costs exceeding benefits by a factor of at least 10. Adopting additional defensive measures (such as stepping up security at valuable targets) would, at best, entail costs 3.5 times the benefits. Taking more pro-active measures (such as invading Afghanistan) would have costs at least eight times the benefits.
According to Sandler, only greater international co-operation, or adopting more sensitive foreign policies to project a more positive image abroad, could produce benefits greater than their (minimal) costs.
What’s that? You don’t care what it costs because no one can put a value on saving a human life? Heard of opportunity cost? Taxpayers’ money we waste on excessive counter-terrorism measures is money we can’t spend reducing the gap between white and indigenous health - or, if that doesn’t appeal, on buying Olympic medals.
The Wellcome Trust would like to apologise for any concern caused by the recent technical error in its Biometrics interactive exhibit at Wellcome Collection. The exhibit captures a person’s pulse rate, height, age, fingerprint and iris scan and generates a “biometric identity” expressed as a graphic icon. The user is then invited to receive a copy of their biometric identity by email.
It has come to our attention that a technical error has resulted in users of the exhibit receiving URL links to data sets of around 40 other users. These profiles do not contain identifiers such as names or email addresses.
The Wellcome Trust has investigated whether erroneous transmission of the data captured could constitute a breach of confidentiality or pose a security risk. It is satisfied that this is not the case.
To change your password, please contact your nearest ophthalmologist for an eye transplant. Also, please revoke your fingerprints…
Almost everyone forgets a Web site password once in a while. When you do, you click on the familiar “Forgot your password?” link and, after entering your pet’s name, identifying your high school mascot or answering some other seemingly obscure questions, you can get back into your account.
But there’s a problem: A criminal can do that, too. With the help of social networking sites like Facebook and MySpace, personal trivia is getting less obscure all the time. You’d be surprised how easily someone can uncover Fido’s name or your alma mater with a little creative searching.
Some security researchers are beginning to sound the alarm about “password resetting” tools, suggesting they could be the weakest link in Web security.
I change my cat’s name every 3 months just to be on the safe side; yet ironically, that just seems to make my cat increasingly insecure.
ContactPoint will include the names, ages and addresses of all 11 million under-18s in England as well as information on their parents, GPs, schools and support services such as social workers.
The £224 million computer system was announced in the wake of the death of Victoria Climbié, who was abused and then murdered after a string of missed opportunities to intervene by the authorities, as a way to connect the different services dealing with children.
It has always been portrayed as a way for professionals to find out which other agencies are working with a particular child, to make their work easier and provide a better service for young people.
However, it has now emerged that police officers, council staff, head teachers, doctors and care workers will use the records to search for evidence of criminality and wrongdoing to help them launch prosecutions against those on the database - even long after they have reached adulthood.
MI5 has concluded that there is no easy way to identify those who become involved in terrorism in Britain, according to a classified internal research document on radicalisation seen by the Guardian.
[...]
The main findings include:
The list it too interesting to quote only parts, so go read the article. And pay attention to this comment on the site:
So ethnicity and socio-economic status seem to be the common ties. Sounds very similar to the profile of a street gang. I’m curious as to what motivates these “terrorists.” Talk to enough street gang members here in the States and you’ll quickly realize that they are motivated by two things, respect and money, in that order.
Let’s face it, terrorists are feared and therefore respected here in the West. By associating themselves with these bigger movements (Al-Qaida, Muslim Brotherhood, Hizbullah, etc.) these people are improving their lot in life, even if only in their deluded minds. We are never going to win the “war on terror” until we address the underlying issue of lack of hope and widespread sense of oppression that is rampant in the global Muslim community. We’ll always have the “true believers” out there that will “hate us for our freedom,” but they are not the foot soldiers of these movements. Let’s find out what makes these guys tick and address that with compassion and respect. Until we do that, we will never win this fight.
Nine American Eagle airplanes were grounded Tuesday after a TSA inspector, conducting an overnight security check, used sensitive instrument probes to climb onto the parked aircraft at Chicago’s O’Hare Airport, aviation sources tell ABCNews.com.
[..]
The TSA agent, as part of spot inspection of aircraft security, climbed onto the parked aircraft using control sensors mounted on the fuselage as handholds, according to a TSA official in Chicago, Elio Montenegro.
“Our inspector was following routine procedure for securing the aircraft that were on the tarmac,” Montenegro told ABCNews.com.
Well, a plane that can’t fly is the most secure plane…
New microchipped passports designed to be foolproof against identity theft can be cloned and manipulated in minutes and accepted as genuine by the computer software recommended for use at international airports.
[..]
In the tests, a computer researcher cloned the chips on two British passports and implanted digital images of Osama bin Laden and a suicide bomber. The altered chips were then passed as genuine by passport reader software used by the UN agency that sets standards for e-passports.
The Air Force’s top leadership sought for three years to spend counterterrorism funds on “comfort capsules” to be installed on military planes that ferry senior officers and civilian leaders around the world, with at least four top generals involved in design details such as the color of the capsules’ carpet and leather chairs, according to internal e-mails and budget documents.
[..]
Air Force documents spell out how each of the capsules is to be “aesthetically pleasing and furnished to reflect the rank of the senior leaders using the capsule,” with beds, a couch, a table, a 37-inch flat-screen monitor with stereo speakers, and a full-length mirror.
The effort has been slowed, however, by congressional resistance to using counterterrorism funds for the project and by lengthy internal deliberations about a series of demands for modifications by Air Force generals. One request was that the color of the leather for the seats and seat belts in the mobile pallets be changed from brown to Air Force blue and that seat pockets be added; another was that the color of the table’s wood be darkened.
Changing the seat color and pockets alone was estimated in a March 12 internal document to cost at least $68,240.
Een rechter in Arnhem deed vrijdag middag uitspraak in het kortgeding dat chipleverancier NXP tegen de Radboud Universiteit had aangespannen. Het bedrijf wilde voorkomen dat wetenschappelijk onderzoek naar de cryptografie van zijn RFID-chip werd geopenbaard.
De rechtbank acht de vrijheid van meningsuiting belangrijker dan de belangen van NXP. Volgens de rechters is het burgerrecht ook van toepassing op wetenschappelijk onderzoek en mag de publicatie doorgaan.
“Daaraan kunnen slechts beperkingen worden gesteld indien daarvoor een dringende maatschappelijke noodzaak bestaat en alleen als die noodzaak overtuigend wordt aangetoond. Dat vergt een afweging van concrete belangen. Overwogen wordt dat er in een democratische samenleving grote belangen zijn gemoeid met het kunnen publiceren van de resultaten van wetenschappelijk onderzoek en het informeren van de samenleving over de ernstige manco’s die de chip blijkt te hebben zodat maatregelen kunnen worden genomen tegen de risico’s van het lek in de chip”, zegt de rechtbank in een persbericht.
“You ain’t takin’ this through,” she says. “No knives. You can’t bring a knife through here.”
It takes a moment for me to realize that she’s serious. “I’m … but … it’s …”
“Sorry.” She throws it into a bin and starts to walk away.
“Wait a minute,” I say. “That’s airline silverware.”
“Don’t matter what it is. You can’t bring knives through here.”
“Ma’am, that’s an airline knife. It’s the knife they give you on the plane.”
At least the pilot won’t cut any corners in his work in the cockpit…
Feel safer yet?
Speaking in a USA Today article, TSA spokeswoman Ellen Howe said, “Some of our officers aren’t respected.” It’s not often that I laugh out loud while reading the newspaper, but that one had me going. You don’t say.
In the same article, a screener at Boston’s Logan International said of the new badges and shirts, “It’ll go a long way to enhance the respect of this workforce.”
No, sorry, that’s not it. You don’t bully and fool people into respecting you.
Jayne Jones, of Aberfan near Merthyr Tydfil, used to travel with her son Alex, 14, in the council-provided taxi when she feared he may have a fit.
But Merthyr Tydfil council has told her this must stop until she has undergone a Criminal Records Bureau (CRB) check.
The council said this was a standard requirement for escorting children.
The article makes it perfectly clear why this rule exists. Emphasis mine:
A spokesperson for Merthyr council said: “We cannot comment on particular cases but can confirm that CRB checking is a requirement of our transport provisions in relation to adults travelling on home-to-school transport in the capacity of an escort.
“This is a standard requirement and has been for several years.
“Any adult acting as an escort will, in the public gaze, be viewed as acting with the full acquiescence of the council and hence with its implied authority.
“For the protection of the council and all vulnerable persons in its care it’s essential all those endowed with an authority, implicit or explicit, should meet the security requirements within the transport contract provisions.”
The team behind the popular torrent site The Pirate Bay has started to work on a new encryption technology that could potentially protect all Internet traffic from prying eyes. The project, which is still in its initial stages, goes by the name “Transparent end-to-end encryption for the Internets,” or IPETEE for short. It tackles encryption not on the application level, but on the network level, the aim being that all data exchanged on your PC would be encrypted, regardless of its nature — be it a web browser streaming video files or an instant messaging client. As Pirate Bay co-founder Fredrik Neij (a.k.a. Tiamo) told me, “Even applications that don’t supporting encryption will be encrypted where possible.”
Neij came up with the idea for IPETEE back when European politicians were starting to debate a Europe-wide move to DMCA-like copyright enforcement efforts, which were eventually authorized in the form of the Intellectual Property Rights Enforcement Directive in the spring of 2007. “I wanted to come up with something to make it harder for data retention,” said Neij. But he didn’t publish the initial draft proposal until early this month, when the discussion about privacy and surveillance online suddenly became urgent again. The Swedish parliament passed a new law in June that allows a local government agency to snoop on “the telephony, emails, and web traffic of millions of innocent individuals,” as the EFF’s Danny O’Brien put it. Neij promises that his new encryption scheme will be ready before the law takes effect next January.
“There’s virtually no branch of the U.S. government that isn’t in some way involved in monitoring or surveillance,” said Matthew Aid, an intelligence historian and fellow at the National Security Archives at The George Washington University. “We’re operating in a brave new world.”
Mudak on Minnesota Senate Recount: Challenged ballots: You be the judge Whatever else is true, Minnesota law would count this as a vote for Franken, even if they did it wrong.
One very important thing we shouldn't overlook is that the Republican Party tried all sorts of dirty tricks to convince potential Democratic voters either not to vote or to vote incorrectly, so it may not be purely voter stupidity. In Philadelphia, they were passing out brochures that said that, due to anticipated high turnout, Republicans should vote on Tuesday and Democrats should vote on Wednesday. *shrug*
John on Minnesota Senate Recount: Challenged ballots: You be the judge Well, three ways to look at this one I think:
1. It is pretty clear where the intention was since the machine's optical registration box was circled next to just one candidate.
2. This is a failure of the user interface. I read a similar discussion about web forms that are too strict about how user entered data is formatted. This form's interface, requiring the voter to fill in a small oval to cast their vote us clearly too strict.
3. This is being used as a mechanism to disqualify voters who are either too stupid to follow instructions, or too lazy to read them.
I'd say count the vote, and fix the user interface to be simpler and more tolerant of human impreciseness!
Roland Hesz on Yugo, 1953-2008 Yes, that's what I read too, so far Neelie Kroes holds out on it. I hope she can thwart the "oh, fuck capitalism, we are LOOSING!" movement.
Roland Hesz on Converting Dead Mormons into Homosexuals It is hilarious. What the Mormons declare is "Hey, God is Powerless!" and the Jews and Catholics who reacted with such a panic they did send the clear message "God is Powerless!".
How hilarious.
John Sinteur on Yugo, 1953-2008 you may want to time-stamp that comment, that zero may change to EUR 50b any second now.
News: 1, 2, 3.
Roland Hesz on Yugo, 1953-2008 So far the EU is sending 0EUR to help car manufacturers. It is still debated whether it's needed or not, however Germany stated that they will help Opel. But Germany is not the EU.
That's the current status of the car bailout in Europe.
John Sinteur on Yugo, 1953-2008 Have you seen how much money Europe is sending to struggling car manufacturers, including subsidiaries of GM?
Maarten on Yugo, 1953-2008 "We"? I didn't know you were going to help out! That's sweet of you.
Bill L. on Big Three CEOs Flew Private Jets to Plead for Public Funds I've never, n-e-v-e-r had to be at an airport 2 hours early. I've often wandered in with less than 40 minutes to my flight. Are we guessing that they have lots of luggage to check in and haven't bothered to check-in electronically?
Southwest, business select, one way, out one day and back the next, is $176 X 12 = 2,112. Not exactly 12 grand. 12k only pans out if you assume they "have" to travel first class.
The shortest flight listed is about 1 hour and 24 minutes. Ohh noes! How will they avoid spilling the corporate beans for nearly an eternity!
Are we to think that all the execs traveled on the same plane? Jet-pooling?
John Sinteur on Big Three CEOs Flew Private Jets to Plead for Public Funds You're forgetting one major cost factor: public image. This story is all over the news. At the cost of two or three extra hours, their image could have been one of real "cost-sensitve" CEO's.
Isn't that really worth it?
And any CEO not aware of public image is too stupid to be in that job.
Jason on Big Three CEOs Flew Private Jets to Plead for Public Funds How much time is lost by the GM representatives when they have to check in for a flight two hours early, or when the GM representatives are not to talk about business during the flight due to insider trading concerns?
The question is what is lost? When 12 people fly on a private jet it costs about $20,000. When 12 fly commercially to DC it costs about $12,000. Is a $8,000 savings worth the time lost?
Isn’t it really worth it in the long run?
http://nomedals.blogspot.com
