Noise

This post was syndicated from: Блогът на Юруков and was written by: Боян Юруков. Original post: at Блогът на Юруков

Направиха ми забележка, че от две седмици не съм писал нищо. Ето – пиша. Какво да пиша? За мен ли? Уча и работя. Като срещна някой познат на улицата в Германия и ме пита „Как си?“, точно това казвам. Аз блога така го възприемам – пишеш това, което би си говорил с останалите на маса или в автобуса. Добре де, някои теми се започват чак след 4-тата чашка, но нищо. Примерно не бих седнал от първата приказка да говоря за ГМО и проблемите на бизнеса с ефикасността. Всъщност като се замисля – правя го понякога, но както и да е.

Затова ми е и странно когато ме питат дали пускам платени статии. Даже ме питаха за конкретните ми тарифи. Няма значение кой. Използване на стандартни рекламни техники, „модернизирани“ с новото им име PR, в нета просто не става. Не само не става – не кефи. Не знам дали сте чували за Мария Попова (@brainpicker). Може би не сте, защото пише предимно на английски. Тя беше сред организаторите на TEDxBG и е стряскащо популярен човек в Twitter. Онзи ден говори на арт-конференция в New York и от това, което каза разбрах всъщност какво прави тя и въобще каква е ролята на хора като нея в мрежата. Фактически формулира новия модел на разпръсване на информация. Надявам се да намеря запис, за да ви го покажа.

Та така – блогове, twitter, все по-малко facebook. Сега сякаш всеки има блог. Добре е това и се очакваше. Бербатов и той. Веднага обявиха първата му статия за грешка. Никой не говори обаче за tweet-овете на външния ни министър по време на кризата в Чили. Освен Бедров де. В същото време гледаме сейр на поредния „скандал“ в политиката. Кой ще попитате? Именно! На няколко пъти се възпирах последните седмици да пиша нещо по темите, защото просто нито една не заслужава внимание. Ето едно предложение – защо някоя медия не й хрумне да вземе да направи бойкот на тия глупости? Ще стане много забавно – пресконференция при премиера за това около президента и журналистите питат за АЕЦ-а или за нарушеното обещание за ГМО.

Да, знам – нали уж блоговете са за тази цел. Четем блоговете за да видим другата гледна точка и другите новини. Да, но фактически хората търсят и четат това, което им е пред очите. Тръби се за избори – всички за изборите търсят. Става скандал със секретарката на зам. министъра на отпаданите води (като нищо има и такъв) – веднага търсим кой е и какъв е. Тези, които си търсят и през останалото време истинските въпроси и проблеми са обикновено тези, които и пишат за тях. Всички които осъзнават истински какъв проблем в ГМО са активисти по въпроса. По-голямата част от хората обаче им е писнало от излишна информация и отбират смислените огризки измежду думите по новините.

Ааа, новините – този бастион на демокрацията. Не знам дали го четох някъде или го говорих с някой това, но стана дума, че параноята у българите за скрит смисъл и цели в думите/делата на другите идва от факта, че през комунизма всичко е било изкривявано. Затова сме се научили да се съмняваме и да подозираме. Теория на конспирацията в пълната си сила. Защо никой не предполага проста некадърност? Ето новините – смеем се като правят грешки и ги плюем като видимо пропускат новини. Някой замисля ли се, че е (и) от некадърност? Липсват пари в държавата – да някой явно ги е откраднал (каквото и да значи това вече), но това е един или двама. Останалите 100 по веригата са били достатъчно некадърни, за да го позволят.

Ето това е проблемът според мен – некадърност и липса на ефективност. С кърпене и наливане на пари не става. И реформа да се направи – пак трябва да се обучат всички тези чиновници и „специалисти“ на новото. Проблем било да затваряме болници. Преди това ги псувахме обаче като убият роднините ни. Буквално. Трябвало да затваряме болници, защото не са ефективни и само харчат пари. И какво като се хвърлят парите в другите болници? През 2002, когато бяха първите акредитации на болници, помагах на една пловдивска да си оформи документацията. Такова кривене и мамене не бях виждал. Може би, защото не съм помагал в по-късните години. А трябваше да е различно (Б).

На няколко пъти ми попадна да си говоря с хора от ГЕРБ. Надъхани хора са и им се работи. Гласувах за тях точно защото не са политици. Надявах се, че като си направят сам екипа, няма да се занимават с политика, а само с проблемите. И? Не искам да ми показват всичко, но какво стана с прозрачността. Някои законопроекти не се публикуват в нета с глупави извинения като счупени дискети. И после се приемат без никой да разбере. Като наистина един решава всичко в държавата, дайте да стане ясно и поне да не харчим пари за обаждания по депутати. Казвам само, защото при мен сметките са международни. Искахме да хванат престъпниците – погнаха ги. Искаме обаче основно реформи и най-вече друго поведение. Айде де!

Така – писах, оправихме държавата и е време да сядам на маса. И утре е ден, и утре ще има нов скандал, ще си говорим и за него.

PS: Впрочем честито на Капитал за новия дизайн на сайта им. Огромно подобрение е, но може и още.

This text is copyright Боян Юруков @ Блогът на Юруков

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

Really:

Since they are hard to conceal, the study says, noses would work well for identification in covert surveillance.

The researchers say noses have been overlooked in the growing field of biometrics, studies into ways of identifying distinguishing traits in people.

“Noses are prominent facial features and yet their use as a biometric has been largely unexplored,” said the University of Bath’s Dr Adrian Evans.

“Ears have been looked at in detail, eyes have been looked at in terms of iris recognition but the nose has been neglected.”

The researchers used a system called PhotoFace, developed by researchers at the University of the West of England, Bristol and Imperial College, London, for the 3D scans.

This text is copyright schneier @ Schneier on Security

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

The SCO case has long since dropped off the radar for most. It is worth
noting, though, that the Novell “slander of title” trial is now underway in
Utah. Groklaw has detailed
coverage of the testimony thus far. “Why did Novell slander
SCO’s title? Because of Linux. Linux started as a hobbyist tool. It’s open
source; ‘nobody can be completely sure where the code comes from’. Starting
around 2000, IBM inserted into Linux stuff that belonged to SCO. SCO sued,
and started their licensing program (SCOsource). Novell stated that SCO
doesn’t have the copyrights and can’t sue IBM.”

This text is copyright corbet @ LWN.net

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

Debian has updated tdiary
(cross-site scripting).

Fedora has updated samba (F11: filesystem
access privilege escalation).

Mandriva has updated php (two
safe_mode bypass vulnerabilities).

This text is copyright corbet @ LWN.net

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

Yesterday Microsoft re-released KB973811 ==http://www.microsoft.com/technet/security/advisory/973811.mspx
This relates back to the original KB973917 == http://support.microsoft.com/kb/973917
and advisory MS09-071 ==http://www.microsoft.com/technet/security/bulletin/ms09-071.mspx
This affects the Extended Protection for Authentication functions within XP, Vista and Server 2003 ==http://support.microsoft.com/kb/968389
It didn’t show up in yesterday’s Patch Tuesday review because Microsoft is classifying it as a non-security upgrade. This is confusing to me, because the update actually includes mitigation against a credential forwarding attack, which you might see on an unencrypted, unsigned connection (yes, there’s still a lot of that going around ! )
This update affects XP, Vista and Server 2003. Windows 7 and Server 2008 are not affected.
Thanks to our readers on letting us know about this one. I’m still puzzled as to why this wasn’t on Microsoft’s list of security updates …
=============== Rob VandenBrink Metafore ===============

This text is copyright SANS Internet Storm Center, InfoCON: green @ SANS Internet Storm Center, InfoCON: green

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

Theres been a lot of discussion about the recent stories on parsing firewall logs – Marks story at http://isc.sans.org/diary.html?storyid=8293 , Daniels story at http://isc.sans.org/diary.html?storyid=8347 , and Kyles at http://isc.sans.org/diary.html?storyid=8362 have covered a number of methods and tools for plumbing the depths of your firewall logs.

In these stories, its been stressed that theres gold in them there logs! Reviewing your logs is legally required under several regulatory frameworks, and just plain makes sense reviewing inbound and outbound traffic is an excellent way to find stuff being sent or received that shouldnt be happening, finding malware or finding violations of corporate policies.

But, you say, thats all great, but many firewall logs are over 500MB per day, and if you’re not a command line guru with grep, uniq, sort, awk or perl, what do you do? Or what if the firewall log output is just so much scrambled eggs to you? How are you supposed to plow through all that text and data for the few pearls that you can expect to find that might indicate a problem? For me, the answer is easy, use tools that summarize Netflow data. Netflow is a facility that is available on many network devices that examines all the traffic through the device interfaces, and summarizes it by source and destination IP address, as well as source and destination port and how much data was sent or received.. It then sends this summarized data to a server application called a Netflow Collector. Netflow is generally associated with Cisco gear, but there is an RFC equivalent in sFlow (RFC 3176) that is implemented by many other vendors, or a Juniper specific version in jFlow.

Continuing on, the Netflow collector then stashes this data into a database, and then gives you a nice web front-end to the data, allowing you to slice and dice the addresses and associated values in prepackaged reports, or do ad-hoc queries. So if you want to see why internet bandwidth was maxed out last Tuesday over lunch, who the culprit was and what they were doing, its a piece of easy!

It sounds complicated, but in practice its generally about 4-5 lines of config on the device (router, switch or firewall – check your documentation for specifics), and a GUI setup on the server. There are lots of Netflow Collector apps out there, I wont start the religious war of stating that one is better than another I use any one of 7 or 8 different ones, depending on which client Im working with that day.

Lets take a look at a typical lets review the firewall activity session that you might have as part of your daily routine. This data is from a client site where I set Netflow up last week, I was going through an orientation session with the client IT Team (which is also the Incident Handling team at this organization), as well as using the tool in response to widespread user complaints about internet performance issues.

Lets start at the TCP applications (aka sort data by TCP destination port)screen in this example were just looking at the data from the last hour, for the inside interface of the firewall.

On the face of it, all looks well, all the usual suspects are there, but lets dig a bit deeper lets take a closer look at SMTP.

The SMTP traffic looks pretty much as we expected lots and lots of mail being sent from the mail server ( 10.0.0.73 ). But hey whats that station 10.0.0.233? – should there be another SMTPsender? After some digging, it turns out we had a workstation using a personal POP/SMTP email client from work this was a clear violation of the Acceptable Use Policy at this organization.

Lets go back to the main screen, and dig into the TCP_App section, which is the bit bucket that this particular Netflow application puts things into when it doesnt recognize what the target tcp port is.

Jackpot! What we have here is a number of stations, all running peer-to-peer applications (each line is a different target ip address). This was no surprise two days after the Oscars, but this is another clear violation of this Organizations Acceptable Use Policy, and one of the best ways to introduce malware into the Organization as well. Not only that, it takes LOTS of bandwidth and LOTS of address translation resources (aka memory)at the firewall sessions like this can easily affect Internet performance for the entire corporation. Depending on the country, this might be a great way to get sued under copyright infringement as well !

Now lets look at the data a bit differently lets look at session totals over the last hour by IPaddress, sorted by volume.

Take a look at that first line thats a station on the inside, using an anonymizer proxy out on the internet (tcp/8080). OUCH thats someone who is not only violating policy, theyre knowingly trying to cloak their actions. Theyre also the heaviest user in the last hour. Again, were 2 days after the Oscars, so its no mystery what that 200mb session is all about. But on any other week, there would be a real chance of finding some call the cops type illegal activity going on with proxy sessions like this.
Needless to say, after this short exploration, we’re working on a egress filter for this firewall. The we trust our usersposition not only ignores the fact that even if you trust your users, trusting your users’ malware should be part of your business model, but as you can see from this, you can’t trust (all of)your users either.
You can see from this that using a good Netflow Collector application will give you a great window into the traffic transiting your firewall or router, pretty much as granular as you want to be. We collected all this data in about 10 minutes, running a tutorial for the IT group at the same time. I still use grep, awk and the rest more than I use Netflow, but a good Netflow app can give you nice management style reports, historical queries into your router or firewall data and really granular analysis with almost no time investment. If you’re not a CLIperson, Netflow can go a long way towards getting you really deep into your firewall activity.

=============== Rob VandenBrink, Metafore ==============

This text is copyright SANS Internet Storm Center, InfoCON: green @ SANS Internet Storm Center, InfoCON: green

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

The Mozilla Foundation has launched a
process to update the Mozilla Public License. The project is described
this way:

While the update process is inspired by the GPLv3 update, the objectives
are far less ambitious: Mozilla would like to smooth various rough edges
without making major changes to the license. They hope to have the process
complete – after releasing three drafts for comments – by November of this
year.

This text is copyright corbet @ LWN.net

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

Jonathan Schwartz writes about patent attacks, and Apple’s attack on Android in particular. “Having watched this movie play out many times, suing a competitor typically makes them more relevant, not less. Developers I know aren’t getting less interested in Google’s Android platform, they’re getting more interested – Apple’s actions are enhancing that interest.” He also says that Microsoft tried to shake down Sun with patent claims on OpenOffice.org.

This text is copyright corbet @ LWN.net

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

Swedish MEP Christian Engström reports
that the European Parliament has passed a
resolution coming out against the secretive ACTA copyright treaty
negotiations and demanding transparency in the process. The vote was
rather definitive: 633 for, 13 against. “At last, the elected
representatives in the parliament have sent a strong message. We have shown
that we do not accept secrecy. We have shown that we are prepared to stand
up for a free internet open to everybody.”

This text is copyright corbet @ LWN.net

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

width=125 height=88 alt="[Ivan design]"/>

Konstatin Dmitriev’s Morevna
Project is to 2-D animation what the Blender Foundation’s Open
movie projects have been for 3-D. The goal is to produce a
production-quality, full-length animated feature, using only open source
software, and license the source content and final product under free,
re-use-friendly terms. Along the way, the work provides stress-testing,
feedback, and development help to the open source software used, while
raising awareness of the quality of the code. Subscribers can click below
for a look at the project from this week’s edition.

This text is copyright jake @ LWN.net

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

Good legal paper on the limits of identity cards: Stephen Mason and Nick Bohm, “Identity and its Verification,” in Computer Law & Security Review, Volume 26, Number 1, Jan 2010.

Those faced with the problem of how to verify a person’s identity would be well advised to ask themselves the question, ‘Identity with what?’ An enquirer equipped with the answer to this question is in a position to tackle, on a rational basis, the task of deciding what evidence will be useful for the purpose. Without the answer to the question, the verification of identity becomes a sadly familiar exercise in blind compliance with arbitrary rules.

This text is copyright schneier @ Schneier on Security

This post was syndicated from: Darknet - The Darkside and was written by: Darknet. Original post: at Darknet - The Darkside

WebRaider is a plugin based automated web application exploitation tool which focuses to get a shell from multiple targets or injection point.

Idea of this attack is very simple. Getting a reverse shell from an SQL Injection with one request without using an extra channel such as TFTP, FTP to upload the initial payload.

It’s only one…

Read the full post at darknet.org.uk

This text is copyright Darknet @ Darknet - The Darkside

This post was syndicated from: Grigor Gatchev - A Weblog and was written by: Григор. Original post: at Grigor Gatchev - A Weblog

Наскоро ми попадна едно обяснение защо жените били редки сред компютърджиите.

Колкото повече го четях, толкова повече се усмихвах. Точката на избухването в смях на глас се падна в частта, в която се обясняваше как компютърджиите често се държали зле към жените, без да се усещат. Цитирам по памет:

“Много мъже например с удоволствие разказват вицове за блондинки. Те дори не се замислят, че това всъщност са вицове, които изкарват жените глупави, и така обиждат всяка жена. Елементарната коректност би трябвало да спре един разумен мъж, но уви, това се случва доста рядко…”

Няма да коментирам кой и какъв е писал това обяснение. Не е трудно да се сети човек. Напротив – смятам да го допълня с още в същия дух. Дано това успокои този вид хора:

- Мъжете не бива да разказват вицове за тъщи. Това са вицове, които изкарват жените злобни.
- Мъжете не бива да разказват вицове за готини мацки. Те представят жените единствено като сексуални обекти.
- Мъжете не бива да разказват вицове за мъже под чехъл. Те изкарват жените тиранични.
- Мъжете не бива да разказват вицове за компютърно неграмотни. Често такива вицове описват жени в тази роля.
- Мъжете не бива да разправят вицове за шофьори – в много от тях интригата също се върти около жени, представени в не най-добра светлина.
- Мъжете не бива да разправят вицове за политици – много политици са жени, а и за други често се обсъждат жените им, често в негативна светлина
- Мъжете не бива да разказват вицове за мъже в командировка – твърде често такива вицове представят в негативна светлина съпругите им.
- По същата причина, мъжете не бива да разправят вицове за затворници, футболисти, пилоти, моряци, свещеници, военни на дежурство и т.н.
- Мъжете не бива да разказавт вицове за военни изобщо – те представят в негативна светлина майките на военните. (Същото и за вицовете за полицаи, мутри и т.н.)
- Всъщност, мъжете не бива да разказват каквито и да било вицове, които биха могли да намекват за жени по какъвто и да било начин – обидно е жени да се поставят във вицови контексти, ако нямате акъл да се сетите.

А, и щях да забравя:

- Мъжете не бива да разказват вицове за гейове. В такива вицове няма жени, а това е дискриминация.

… Шегата настрана, но само аз ли имам чувството, че напоследък някои малцинства започват да се качват на главите на останалите хора? В САЩ вече е популярен изразът, че там има точно едно дискриминирано малцинство – хетеросексуалните бели мъже. Дали и ние не вървим към същото? Да, още сме далече от него. Но какво утешение е това? И с какво точно е страшна тази перспектива?

Много мои познати жени биха нарекли себе си феминистки. Представата на почти всички тях за феминизма е, че не са съгласни мъжът им да ги бие в къщи. Огромният процент мъже биха ги подкрепили без колебание. Дали тези феминистки са като онази, написала указанието, с което започнах? Съмнявам се. Подозирам, че повечето биха я сметнали за попрекалила, дори ако от женска солидарност не го кажат… Всяко малцинство е така – повечето негови членове смятат, че водачите му попрекаляват, но не го казват. От солидарност.

А трябва.

Като начало, “малцинство” може да означава всяка група хора, която не е повече от половината хора. Пчеларите. Компютърните програмисти. Любителите на бифтек алангле. Пациентите на хемодиализа. Жителите на град еди-кой си. Хората на коя да е точно определена възраст… Това е първата пречка в изясняването на нещата. Нека я отстраним.

Различните малцинства възприемат себе си по различен начин. Повечето се самоопределят по някакъв признак, който ги отличава от околните, и толкова. (Реално всеки човек спада към огромен брой малцинства.) Някои обаче прибавят към описанието на признака “… и затова околните ни дискриминират”. Това е първият белег, който ме кара да гледам едно малцинство по-внимателно. Защото всички без изключение малцинства, които се качват на главите на околните, спадат към тази група.

Понякога тези малцинства са наистина дискриминирани. Факт е, че към хора, които са били в затвора, отношението е друго, дори ако са били осъдени по погрешка. Факт е, особено в по-нискокултурни среди, че отношението към другите раси е друго. В много случаи обаче едно малцинство се смята за дискриминирано, но реално е дискриминирано сравнително рядко. Резултатът е, че то дискриминира другите повече, отколкото те него.

Колко дискриминиран е примерно хомосексуалният Пешо, за когото обаче никой друг не знае, че е хомосексуален? Има ли как да е реално дискриминиран? Да му е отказвана работа, да е уволняван, да не е допускан тук или там поради сексуалността му…? Очевидно не. Така че тази част от претенцията отпада.

Нека продължим същия пример. Според мен Пешо има пълното право да може спокойно да каже, че е хомосексуален, и да не бъде дискриминиран въпреки това. Ако обаче го направи в по-нискокултурна и по-нетърпима среда, е вероятно наистина да бъде дискриминиран. В такъв случай е вероятно Пешо да не го казва. А тъй като и той иска да се прегърне с когото обича, и т.н., може би ще си направи някъде клуб, където нетърпимите хора няма да бъдат допускани. И ще е прав, защото проблемът е в тях, а не в него.

Тук обаче идва финото “но”. Когато хомосексуалният Пешо си прави клуб само за хомосексуални, той най-често не допуска в него никакви хетеросексуални, включително търпимите хора. А това премества източника на проблема. Да кажем, хетеросексуалният Гошо има търпимост към различните, и не би дискриминирал Пешо заради сексуалността му. Но Пешо не допуска Гошо в клуба си, и с това го дискриминира – тоест, подлага го на точно същото, на което не иска да бъде подлаган той. (Дали Гошо е приритал да ходи в клуба на Пешо е без значение. Пешо обикновено иска не да избягва не-търпимите хора, а да го зачитат и те, и с право. Точно същото право сега обаче се оказва на страната на Гошо.)

Нерядко Пешо се е парил доста заради сексуалността си, а парен каша духа. Склонен съм да го разбера, но това не променя нещата. Още повече, че в доста случаи Пешо не се е парил особено, но духа кашата, та се къса. Казармата отпреди двайсет и пет години беше добър пример – най-много тормозеха младите войници точно тези стари, които като млади не бяха тормозени. Видял съм го с очите си повече пъти, отколкото ми е приятно да си спомням.

С това Пешо прави първата стъпка – започва да върши на другите това, което иска те да не вършат на него. Може да не го осъзнава, но подсъзнателно това му причинява морален дискомфорт. Преодолее ли този дискомфорт, той по същество преодолява неговия източник – съвестта си… Някои Пешовци осъзнават какво биха направили, или не успяват да заглушат съвестта си, и се отказват да правят тази стъпка. Което понякога ги лишава от известен комфорт, а нерядко ги подлага и на жестока дискриминация. Не толкова от нетърпимите около тях, колкото от другите Пешовци, направилите стъпката. Думата ми по-нататък е именно за последните.

Когато устата на съвестта бъде запушена, тя започва да драска с нокти. Раздира човека отвътре, и оставя в него болка и празнота. За да заглуши болката и да запълни празнотата, той е принуден да направи нещо. А за тръгналия веднъж по такъв път едно от най-лесните за правене е просто да продължи да върви. Да направи следващата крачка. Да опищява света как бил дискриминиран, и да иска компенсации от околните. Точно както едновремешните цигани, които просеха защото децата им нямали какво да ядат. Наистина нямаха. Защото родителите всяка вечер изпиваха изпросеното до стотинка…

Хората, които биха дискриминирали Пешо, обикновено посрещат тези му претенции с “я върви на…”. Културните хора, които не искат да дискриминират никого, обаче се поддават. Въпреки че не са виновни с нищо за дискриминацията, ако тя е реална, и дори ако подсъзнателно разбират, че нещо тук не е наред, те проявяват състрадание и компенсират по някакъв начин Пешо. За сметка на цялото общество, а нерядко и за лично своя сметка. За което, естествено, получават благодарност от Пешо само когато той се кани да им поиска още.

(Този ефект е интересен и важен. Допреди Пешо да направи първата стъпка по описвания път, да започне да прави на другите каквото иска те да не му правят, отношението на тези, които го дискриминират, е неадекватно. Адекватно към него е отношението на тези, които не го дискриминират. Направи ли крачката обаче, нещата се обръщат. Неадекватно към него става отношението на тези, които не го дискриминират, и най-вече на тези, които го компенсират за дискриминацията. Адекватно става отношението на тези, които го дискриминират – тяхната несправедлива по начало дискриминация сега се превръща в естествен “мяра според мяра” отговор на дискриминирането на Пешо, дори ако не е мислена като такъв. И причината за това обръщане на адекватността, и на положението на Пешо, си е открай докрай у него. Да вини околните означава да отива още по-нататък по този път, и да утежнява проблема си.)

Веднъж станал участник в придобиването на някакви компенсации от околните към малцинството си, Пешо се оказва в него източник на блага, материални или (по-често) морални. Това го поставя в положението на човек, който има власт над другите чрез това, че носи (и разпределя) блага. Част от Пешовците – като правило наивни идеалисти, които не разбират какво вършат, понеже личностите им са изкривени от тормоз или поради лични проблеми – спират дотук. Други обаче продължават, обикновено с ясното съзнание, че това е борба за власт. По-нататък говоря за тях.

В тази ситуация малцинството се е превърнало в класическо общество – по горните му етажи тече битка за власт. Почти всички участващи в нея са или властомани, или психопати (в медицинския смисъл на думата). Тонът обикновено се определя от психопатите – те са хората, които си вярват, и това заразява и другите да им вярват, а властоманите-”политици” са принудени да ги следват. В някои случаи психопатията е лека, просто несвързаност с реалния свят и залитване – такава е според мен авторката на редовете, които цитирах в началото.

Понякога обаче може да бъде много по-тежка и страшна. По мои наблюдения, към 20% (понякога и повече) от върхушките на най-гласовитите и оплакващи се от дискриминация малцинства са жертви на това, което наричам “синдром на Джейми Гъмб”. Хора с тежък личностов дефект, които се опитват да избягат от него, като приемат роля, която според тях ще ги спаси. Преценката им за проблема обикновено обаче е грешна, и вместо да коригират личността си, те я доизкривяват. И всеки ден наново преоткриват “дълбочината на дискриминацията, извършвана към тяхното малцинство, и върху тях лично”… Сами по себе си те предизвикват в мен огромно съчувствие. Но ефектите, които оказват върху “техните” малцинства (в значителен процент от случаите те всъщност не спадат към това малцинство – не са истински хомосексуални, роми и пр.) са социално разрушителни в степен, много по-голяма от съчувствието.

На тези хора могат да помогнат почти само членове на техните малцинства. Като начало, нужно е да осъзнаеш, че “солидарността” с Напористия Лидер всъщност е от вреда и за теб, и за него, и за околните, и най-вече за малцинството ти. (Кой иска малцинството му да бъде асоциирано с войнстващи откачалки?) Че е необходимо много внимателно на този Напорист Лидер, под подходящ предлог, да му се намери подходящ психотерапевт (а често и психиатър), който да му помогне да се социализира реално, да открие къде всъщност му е проблемът и да се бори с него, и т.н. Наистина много внимателно, защото усети ли към какво го водиш, ще е безмилостно отмъстителен. Никой не обича да открие, че цял живот е работил върху себе си в грешната насока, и че под маската на лидерството е пропаднал загубеняк. А най-малко тези, които подсъзнателно (или тайно съзнателно) отдавна са го разбрали.

Може това да доведе до по-малко героизъм и велики дела в ежедневието на съответното малцинство. Но с гаранция ще направи това ежедневие по-обикновено, по-безпроблемно и с много по-малко дискриминация.

Защото най-сигурният начин да докараш до избухване нетърпимия, и да направиш търпимия нетърпим, е да ги дискриминираш, докато в същото време опищяваш света, че си дискриминиран. А най-сигурният начин да не бъдеш дискриминиран е да не дискриминираш сам. Да покажеш, че си ценност и достоен човек какъвто си.

This text is copyright Григор @ Grigor Gatchev - A Weblog

This post was syndicated from: Burning Blog and was written by: Affinity. Original post: at Burning Blog

ScrapEden SF: Request for Proposals
Composting Contraption $10,000-$15,000

Timeframe:
Proposal Due to BRAF 3/15/10,
Grant Award Announced 4/1/10
Project Completed by 6/1/10

This text is copyright Affinity @ Burning Blog

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

Texas Linux Fest has announced the initial list of speakers and
presentations for its inaugural event. Keynote speakers include Joe
“Zonker” Brockmeier and Randal L. Schwartz, with additional presentations by
Linux, free software, and open source experts such as Jon “maddog” Hall,
Amber Graner, Bradley Kuhn, and Max Spevack. The event will take place on
Saturday, April 10th, in Austin Texas. Registration is available online. The complete list of talks is
available as well.

This text is copyright jake @ LWN.net

This post was syndicated from: Како Сийке, не съм от тях! and was written by: Longanlon. Original post: at Како Сийке, не съм от тях!

От Първа инвестиционна се подмазват на блогърите. Така и трябва – фалшивото ни самочувствие има нужда да се помпа постоянно

A говорейки за фалшивото си блогърско самочувствие, няма как да пропусна да ви приканя да се запишете за участие в P2P конференцията, където ще изнасям лекция на тема “Коментиращите в блоговете – породи полезен и вреден дивеч. Сезони и методи за отстрел“.

CC Петър Стойков

This text is copyright Longanlon @ Како Сийке, не съм от тях!

This post was syndicated from: Fergie's Tech Blog and was written by: Fergie. Original post: at Fergie's Tech Blog

Kim Zetter writes on Threat Level:

The CEO of Lifelock, Todd Davis, became famous for advertising his Social Security number on television ads and billboards promising his $10 monthly service would protect consumers from identity theft.

The company also offered a $1 million guarantee to compensate customers for losses incurred if they became a victim of identity theft after signing up for the service.

But the Federal Trade Commission said Tuesday that the claims were bogus [.pdf] and accused Lifelock, based in Arizona, of operating a scam and con operation. The commission announced, along with 35 state attorneys general, that it had levied a fine of $12 million against the company for deceptive business practices and for failing to secure sensitive customer data. Of that amount, $11 million will go to refund customers who subscribed to the service. Consumers will receive a letter from the FTC and their attorney general explaining how to take part in the settlement.

The FTC said that Lifelock, which advertises itself as “#1 In Identity Theft Protection,” engaged in false advertising by promising customers that if they signed up with its service their personal information would become useless to thieves.

“In truth, the protection they provided left such a large hole … that you could drive that truck through it,” said FTC Chairman Jon Leibowitz, referring to a Lifelock TV ad showing a truck painted with the CEO’s Social Security number driving around city streets.

More here.

This text is copyright Fergie @ Fergie's Tech Blog

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

Several readers have pointed us towards this advisory. This Microsoft advisory outlines a vulnerability in Internet Explorer 6 and 7, which could allow remote code execution. While there are some mitigations available for IE7 (the Enhanced Security Mode) in Server 2003 and Server 2008, the best advice is to upgrade to Internet Explorer 8, which is not vulnerable.

Find the advisory here == http://www.microsoft.com/technet/security/advisory/981374.mspx
=============== Rob VandenBrink, Metafore ==============

This text is copyright SANS Internet Storm Center, InfoCON: green @ SANS Internet Storm Center, InfoCON: green

This post was syndicated from: Backblaze Blog and was written by: Nilay Patel. Original post: at Backblaze Blog

Backblaze has made a new release available and all users are scheduled to be automatically upgraded over the next two weeks. Below are the enhancements in this release:

Release Date: 3/1/10
Version: 1.0.6
Auto-Update: All Users

Performance Improvements
* Reduces network traffic between client and Backblaze data center.

Improved install & error checking robustness (Mac)
* Clearer messaging during installation if Backblaze data center cannot be reached.
* Clear notification when two Backblaze computers are running with the same ID.
* Many miscellaneous small fixes.

This text is copyright Nilay Patel @ Backblaze Blog

This post was syndicated from: Marian Marinov/HackMan and was written by: HackMan. Original post: at Marian Marinov/HackMan

Today I finally found the will in me to gather all of my books from all places I have left them and reorder my library. I thought that I had much more books but they fitted in only 4 shelves.

I keep most of my books at home but I have usually at least one shelf at the office and rotate them, depending on the projects we are working on. Currently almost all of my Perl books are at the office.

One of the biggest problems I have is when I give some book to someone and I don’t remember… I have to find a good software which will keep track of that…

Here are some pictures of the books:

It was very interesting for me, to find that most(3/4) of the books I have already read. Currently I find it harder to buy new books since I already have most of the books I’m interested in.

However, the sad thing is that for the past 10 years I have only bought 6 books that were not IT related and currently I have only one of those

This text is copyright HackMan @ Marian Marinov/HackMan

This post was syndicated from: xkcd.com and was written by: xkcd.com. Original post: at xkcd.com

This text is copyright xkcd.com @ xkcd.com

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

Almost exactly one year ago, LWN examined the problem of 4K-sector
drives and the reasons for their existence. In short, going to 4KB
physical sectors allows drive manufacturers to increase storage density,
always welcome in that competitive market. Recently, there have been a
number of reports that Linux is not ready to work with these drives; kernel
developer Tejun Heo even posted an extensive,
worth-reading
summary stating that “4 KiB logical sector support is broken in
both the kernel and partitioners.” As the subsequent discussion
revealed, though, the truth of the matter is that
we’re not quite that badly prepared; click below (subscribers only) for details.

This text is copyright corbet @ LWN.net

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

The LibrePlanet conference, being held March 19-21 in Cambridge, Massachusetts, will be featuring a day-long Women’s Caucus on Sunday March 21st. That track will be
focusing on finding concrete ways to increase women’s participation in
free software, including a panel on recruiting and retaining women, a
presentation on mentoring, and a workshop on how non-coders can take up
critical roles in free software projects. In addition, LibrePlanet has keynotes from FSF founder Richard Stallman and EFF founder John Gilmore. More information can be found on the web sites or in the schedule.

This text is copyright jake @ LWN.net

This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net

Bruce Byfield takes
a look at innovations in GNOME and KDE. “Of course, GNOME and KDE have long had features that Windows lacked, such as multiple desktops and finer controls for customizing the user experience. However, in the last few years, both major free desktops have added features that show not only an interest in usability, but, at times, an effort to anticipate what users might actually want. The focus is by no means consistent, yet scattered here and there are features that can make any user glad that they’re using a open source desktop.”

This text is copyright ris @ LWN.net

This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net

The H covers
the CeBIT Open Source Forum. “The CeBIT Open Source Forum, a prominent feature in the Open Source area of Hall 2, featured several lectures, demonstrations and keynote speeches on several topics, from Open Source in data centres and security, to web browsers, mobility and multimedia. The H attended several of the Open Source Forum sessions, including the introduction of the latest 6.3 release of the popular Knoppix Live Linux distribution by Knoppix creator Klaus Knopper.”

This text is copyright ris @ LWN.net

This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net

Simon Phipps, Chief Open Source Officer at Sun, reminisces about some
achievements during his tenure. “Got some of the most important software in the computer industry released under Free licenses that guarantee software freedom for people who rely on them, regardless of who owns the copyrights. Unix, Java, key elements of Linux, the SPARC chip and much more have been liberated.”

This text is copyright ris @ LWN.net

This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net

Debian has updated typo3-src
(multiple vulnerabilities).

Fedora has updated bournal (F13, F12, F11: multiple vulnerabilities), F12: curl (arbitrary code execution), and F11: sudo (unintended privilege escalation).

Pardus has updated sudo (unintended
privilege escalation) and firefox (multiple
vulnerabilities).

Slackware has updated httpd
(multiple vulnerabilities).

This text is copyright ris @ LWN.net

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

Interesting commentary:

I don’t think this is really a case about ISP liability at all. It is a case about the use of a person’s image, without their consent, that generates commercial value for someone else. That is the essence of the Italian law at issue in this case. It is also how the right of privacy was first established in the United States.

The video at the center of this case was very popular in Italy and drove lots of users to the Google Video site. This boosted advertising and support for other Google services. As a consequence, Google actually had an incentive not to respond to the many requests it received before it actually took down the video.

Back in the U.S., here is the relevant history: after Brandeis and Warren published their famous article on the right to privacy in 1890, state courts struggled with its application. In a New York state case in 1902, a court rejected the newly proposed right. In a second case, a Georgia state court in 1905 endorsed it.

What is striking is that both cases involved the use of a person’s image without their consent. In New York, it was a young girl, whose image was drawn and placed on an oatmeal box for advertising purposes. In Georgia, a man’s image was placed in a newspaper, without his consent, to sell insurance.

Also important is the fact that the New York judge who rejected the privacy claim, suggested that the state assembly could simple pass a law to create the right. The New York legislature did exactly that and in 1903 New York enacted the first privacy law in the United States to protect a person’s “name or likeness” for commercial use.

The whole thing is worth reading.

This text is copyright schneier @ Schneier on Security

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

Overview of theMarch 2010 MicrosoftPatchesand their status.

#
Affected
Contra Indications
Known Exploits
Microsoft rating
ISC rating(*)

clients
servers

MS10-016
Vulnerability in Windows Movie Maker Could Allow Remote Code Execution

Moviemaker:

CVE-2010-0265

KB 975561
no known exploits.
Severity: Important

Exploitability: 1
Important
Important

MS10-017
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution

Excel:

CVE-2010-0257

CVE-2010-0258

CVE-2010-0260

CVE-2010-0261

CVE-2010-0262

CVE-2010-0263

CVE-2010-0264
KB 980150
no known exploits.
Severity: Important

Exploitability: 1,2,1,1,2,1,1
Critical
Important

We will update issues on this page for about a week or so as they evolve.

We appreciate updates

US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY

(*): ISC rating

We use 4 levels:

PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
Critical: Anything that needs little to become interesting for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
Important: Things where more testing and other measures can help.
Less Urgent: Typically we expect the impact if left unpatched to be not that big a deal in the short term. Do not forget them however.

The difference between the client and server rating is based on how you use the affected machine. We take into account the typical client and server deployment in the usage of the machine and the common measures people typically have in place already. Measures we presume are simple best practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threat for affected systems. The rating does not account for the number of affected systems there are. It is for an affected system in a typical worst-case role.
Only the organization itself is in a position to do a full risk analysis involving the presence (or lack of) affected systems, the actually implemented measures, the impact on their operation and the value of the assets involved.
All patches released by a vendor are important enough to have a close look if you use the affected systems. There is little incentive for vendors to publicize patches that do not have some form of risk to them

–

John Bambenek

bambenek at gmail /dot/ com

This text is copyright SANS Internet Storm Center, InfoCON: green @ SANS Internet Storm Center, InfoCON: green

This post was syndicated from: Кътчето на Селин and was written by: Selene. Original post: at Кътчето на Селин

Преди малко един приятел ми обясни, че съм безотговорна към страданията на хората щом си позволявам да обичам снега. Аз пък съм старомодна и продължавам да смятам, че вдигнатите нагоре лопати на уж чистещите снегорини са по-виновни за проблемите с транспорта от климата. Но в нашата реалност човек като плюва зимата чувства повече полза и изпитва повече надежда да бъде чут, отколкото ако обвини кметството.
Месец март е, а вижте навън – толкова много сняг не е натрупвал цяла зима. Трябва да признаете, че е красиво:

Как да не му се приходи на човек на лекции…


Тъ-дъм.

This text is copyright Selene @ Кътчето на Селин

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

A new version of the Samurai WTF (Web Testing Framework) distribution, version 0.8, has been released this weekend. As a member of the main development team, I’m proud to see that Samurai WTF is becoming the preferred environment for web application security testing.

This new version includes multiple new features, apart from being the first Live DVD version (1.7GB), versus previous Live CD versions (700MB in size), plus:

- The Samurai WTF Firefox add-ons collection: https://addons.mozilla.org/en-US/firefox/collection/samurai.

- An extensive layout clean-up.

- New SVN capabilities to update the most actively developed web testing tools.

- Metasploit (what allows its integration with other tools, like sqlmap or sqlninja).

- The addition of two well known vulnerable web apps for training and testing purposes, DVWAand Mutillidae.

- Plus new tools and tools updates (see the Changelog within the Live DVD).

Definitely, I recommend you to try it and get the most of this open-source project when evaluating the security of your web applications and sites.

You can gather more details about the Samurai WTF from its main web page, http://samurai.inguardians.com, an OWASP presentation I did on December (available at http://www.radajo.com/2009/12/assessing-and-exploiting-web.html), and download the new version from Sourceforge: http://sourceforge.net/projects/samurai/.

Please, if you are a common user or want to try it, share your comments and improvements through the project mailing list (http://sourceforge.net/mail/?group_id=235785).
UPDATE:In order to get an overview of the list of tools available on Samurai WTF, check the RaDaJo presentation referred above, and the distro changelog file.
BTW, Iwill be teaching the SANSSEC542 class, Web App Penetration Testing and Ethical Hacking on Dubai, April 17-22, 2010.

–

Raul Siles (www.raulsiles.com)

Taddong is comming soon…

This text is copyright SANS Internet Storm Center, InfoCON: green @ SANS Internet Storm Center, InfoCON: green

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

The first alpha release of Fedora 13 is out. “We need your help to make Fedora 13 the best release yet, so please take
a moment of your time to download and try out the Alpha and make sure
the things that are important to you are working. If you find a bug,
please report it — every bug you uncover is a chance to improve the
experience for millions of Fedora users worldwide.” There is a
lot of new stuff in this release; see the announcement for a
summary.

This text is copyright corbet @ LWN.net

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

Panda Security has a post up on one of their employees buying a brand new Android phone from Vodafone and discovering it was spreadingMariposa. It didn’t infect the phone proper, but it did have autoexec.inf and autoexec.bat files designed to infect whatever Windows machine the phone was plugged into via USBcable. Unlike the Engergizer story from yesterday, this one is happening now. Standard USB defenses apply, don’t automatically execute autoexec.bat/inf files from USB devices. This Microsoft KB article discusses how to disable the Autoplay functionality that leads to this problem.
This leads to the interesting question, why not just infect the phones? The technology is certainly there to write malware that is phone specific. We won’t see mass infection of phones (or even better, a cell-phone botnet) likely until commerce is much more common on phones. Malware is driven by the desire of profit and once it becomes profitable, we’ll see exploitation. The problem is, that these slimmed down devices make it difficult to configure in security. Only a few cell phone types even have the option of cell phone antivirus software. The clock is ticking on that threat.
–

John Bambenek

bambenek at gmail /dot/ com

This text is copyright SANS Internet Storm Center, InfoCON: green @ SANS Internet Storm Center, InfoCON: green

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

The “Microsoft Online Services Global Criminal Compliance Handbook (U.S. Domestic Version)” (also can be found here, here, and here) outlines exactly what Microsoft will do upon police request. Here’s a good summary of what’s in it:

The Global Criminal Compliance Handbook is a quasi-comprehensive explanatory document meant for law enforcement officials seeking access to Microsoft’s stored user information. It also provides sample language for subpoenas and diagrams on how to understand server logs.

I call it “quasi-comprehensive” because, at a mere 22 pages, it doesn’t explore the nitty-gritty of Microsoft’s systems; it’s more like a data-hunting guide for dummies.

When it was first leaked, Microsoft tried to scrub it from the Internet. But they quickly realized that it was futile and relented.

Lots more information.

This text is copyright schneier @ Schneier on Security

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

We received several emails today about the US-CERTanalysis of Trojan horse software found in an application designed for a battery recharger. Our assessment is that due to the dates involved (2007 and 2008) this is likely related to the rash of malware we reported a couple of years ago that was found on digital photo frames, iPods, GPS devices, and other consumer products. If any of our readers have any additional technical information or observations to share about this case, please use the comment feature below.
Marcus H. Sachs

Director, SANSInternet Storm Center
UPDATE: Due to the high demand and number of notifications from our ISCreaders, be aware that yesterday new Nmap and Metasploit modules to detect and exploit this trojan were released.

This text is copyright SANS Internet Storm Center, InfoCON: green @ SANS Internet Storm Center, InfoCON: green

This post was syndicated from: Darknet - The Darkside and was written by: Darknet. Original post: at Darknet - The Darkside

There has been a number of interested stories lately especially related to hardware, the latest doing the rounds is this one where a seemingly innocuous USB battery charger has been installing some nasty remote control software onto users systems.
The charger at fault is the Energizer Duo USB Battery Charger, you’re only at risk if…

Read the full post at darknet.org.uk

This text is copyright Darknet @ Darknet - The Darkside

This post was syndicated from: Чорба от греховете на dzver and was written by: dzver. Original post: at Чорба от греховете на dzver

Стойте си вкъщи.

За да стигна до работата бутахме мерцедеси, камиони, всякакви неща, дето на баир се движат трудно.

This text is copyright dzver @ Чорба от греховете на dzver

This post was syndicated from: Како Сийке, не съм от тях! and was written by: Longanlon. Original post: at Како Сийке, не съм от тях!

По време на тираничното, робовладелско и съвсем гнусно турско робство, прочитаме в учебниците по родинознание още в 4 клас, алчните османски изедници са издевателствали всячески над нещастния български народ, включително с тежкия, несправедливо смазващ и ужасен данък – десятък. Всеки българин, представете си ужаса, трябвало да дава на империята като данък 1/10 от това, което произведе! Истинско робство!

Разбира се, фактът, че в момента толкова е само здравния ни данък, е само леко ироничен…

(Чети още…) (553 думи)

CC Петър Стойков

This text is copyright Longanlon @ Како Сийке, не съм от тях!

This post was syndicated from: Fergie's Tech Blog and was written by: Fergie. Original post: at Fergie's Tech Blog

Robert McMillan writes on ComputerWorld:

Ongoing computer scams targeting small businesses cost U.S. companies $25 million in the third quarter of 2009, according to the U.S. Federal Deposit Insurance Corporation.

Online banking fraud involving the electronic transfer of funds has been on the rise since 2007 and rose to over $120 million in the third quarter of 2009, according to estimates presented Friday at the RSA Conference in San Francisco, by David Nelson, an examination specialist with the FDIC.

The FDIC receives a variety of confidential reports from financial institutions, which allow it to generate the estimates, Nelson said.

Almost all of the incidents reported to the FDIC “related to malware on online banking customers’ PCs,” he said. Typically a victim is tricked into visiting a malicious Web site or downloading a Trojan horse program that gives hackers access to their banking passwords. Money is then transferred out of the account using the Automated Clearing House (ACH) system that banks use to process payments between institutions.

Even though banks now force customers to use several forms of authentication, hackers are still stealing money. “Online banking customers are getting too reliant on authentication and on practicing layers of controls,” Nelson said.

That’s bad news for businesses, which are increasingly on the hook for any losses.

More here.

This text is copyright Fergie @ Fergie's Tech Blog

This post was syndicated from: Fergie's Tech Blog and was written by: Fergie. Original post: at Fergie's Tech Blog

J. Nicholas Hoover writes on InformationWeek:

The federal government could do a better job defining and coordinating its recently partially declassified Comprehensive National Cybersecurity Initiative, according to a report [.pdf] from the government’s own auditors.

The new report, released by the Government Accountability Office last week, found that although the White House and federal agencies have made strides in planning and coordinating the 12-point program by creating interagency working groups like the Joint Interagency Cyber Task Force, the plan lacks definition in some places and doesn’t cover the full scope of federal cybersecurity needs.

Among the key challenges for the CNCI: defining roles and responsibilities. For example, then-acting White House cybersecurity policy advisor Melissa Hathaway, in an interview with the GAO, noted an ad hoc, uncoordinated response to July 2009 distributed denial of service attacks targeting government Web sites.

More here.

This text is copyright Fergie @ Fergie's Tech Blog

This post was syndicated from: Fergie's Tech Blog and was written by: Fergie. Original post: at Fergie's Tech Blog

Owen Fletcher writes on PC World:

A Thai court has approved the extradition to the U.S. of a Malaysian man allegedly involved in hacking credit card information, causing massive losses for victims in the U.S.

Gooi Kokseng will first be held in Thailand for 30 days in case he decides to appeal the court ruling, an employee at Thailand’s Office of the Attorney General said by phone Monday.

Kokseng, forty-four years old and also known by the alias Delpiero, is a suspected member of a crime ring that has caused more than 5 billion baht (US$150 million) in losses through hacking aimed at the U.S. and Southeast Asia, according to a report in the Bangkok Post.

More here.

This text is copyright Fergie @ Fergie's Tech Blog

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

Linus has kept his promise and released 2.6.34-rc1 a bit earlier than usual, even
though he reserves the right to pull in a few more trees yet. “So if you feel like you sent me a pull request bit might have been
over-looked, please point that out to me, but in general the merge window
is over. And as promised, if you left your pull request to the last day of
a two-week window, you’re now going to have to wait for the 2.6.35
window.” Nouveau users should note that they can’t upgrade to this
kernel without updating their user-space as well.

This text is copyright corbet @ LWN.net

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

Funny:

MOUNTAIN VIEW, CA—Responding to recent public outcries over its handling of private data, search giant Google offered a wide-ranging and eerily well-informed apology to its millions of users Monday.

“We would like to extend our deepest apologies to each and every one of you,” announced CEO Eric Schmidt, speaking from the company’s Googleplex headquarters. “Clearly there have been some privacy concerns as of late, and judging by some of the search terms we’ve seen, along with the tens of thousands of personal e-mail exchanges and Google Chat conversations we’ve carefully examined, it looks as though it might be a while before we regain your trust.”

Google expressed regret to some of its third-generation Irish-American users on Smithwood between Barlow and Lake.

Added Schmidt, “Whether you’re Michael Paulson who lives at 3425 Longview Terrace and makes $86,400 a year, or Jessica Goldblatt from Lynnwood, WA, who already has well-established trust issues, we at Google would just like to say how very, truly sorry we are.”

This text is copyright schneier @ Schneier on Security

This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net

TuxRadar takes a
look at several desktops and applications. “For the tinkerers and testers, 2010 is shaping up to be a perfect year. Almost every desktop and application we can think of is going to have a major release, and while release dates and roadmaps always have to be taken with a pinch of salt, many of these projects have built technology and enhancements you can play with now. We’ve selected the few we think are worth keeping an eye on and that can be installed easily, but Linux is littered with applications that are evolving all the time, so we’ve also tried to guess what the next big things might be.”

This text is copyright ris @ LWN.net

This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net

Fedora has updated drupal (F12, F11:
multiple vulnerabilities), F12: fetchmail
(arbitrary code execution), and F12: sudo
(unintended privilege escalation).

Mandriva has updated openoffice.org
(multiple vulnerabilities) and apache
(information leak).

rPath has updated openssh
(information disclosure), postgresql
(multiple vulnerabilities), gzip (arbitrary
code execution), and mysql (multiple
vulnerabilities).

Slackware has updated firefox
(multiple vulnerabilities).

SUSE has updated kernel (multiple
vulnerabilities).

Ubuntu has updated gnome-screensaver
(lock bypass).

This text is copyright ris @ LWN.net

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

LWN first looked at LogFS, a
new filesystem aimed at solid-state storage devices, back in 2007. It has
taken a long time, but, as of 2.6.34, LogFS will be in the mainline kernel
and available for use; let the benchmarking begin.

This text is copyright corbet @ LWN.net

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

An ISCreader, thanks Paul, notified us about a new SEO(Search Engine Optimization)poisoning attack doing the rounds in the last 6-8 hours. We have talked about this kind of attacks in the past, although they were mainly focused on other hot technological topics, major tragedies, or events. This time, the topic to get on top of the search engines result page is a TV reality show. Specifically, there is a TVshow premiere in the US tonight called Billy the Exterminator. The wiki billy the exterminatorsearch term in Google (USEWITHCAUTION:http://www.google.com/search?q=wiki+billy+the+exterminator) shows the poisoning attack.
The compromised sites present the following URL format: /FILE.php?PARAM=billy%20the%20exterminator%20wiki, where FILEis most commonly a three letter file name, and PARAM is an input parameter (one or multiple characters). The affected sites are using a drive by attack, providing victims a fake AVwarning message that drives them to download a piece of malware: Warning! Your computer is vulnerable to malware attacks. We recommend you to check your system immediately. Press OK to start the process now..
If you manage, or know someone that manages any of the affected sites, we would like to get details about the compromise in order to confirm the vulnerability exploited to get into . Please, send details through our contact page.(PHPrelated)
UPDATE:A reader, thanks Jack, pointed us to a new SEOpoisoning report from Sophos regarding last night’s Oscar film awards:http://www.sophos.com/pressoffice/news/articles/2010/03/hackers-exploit-oscars.html.
–

Raul Siles (www.raulsiles.com)

Taddong is comming soon…

This text is copyright SANS Internet Storm Center, InfoCON: green @ SANS Internet Storm Center, InfoCON: green

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

How not to destroy evidence:

In a bold and bizarre attempt to destroy evidence seized during a federal raid, a New York City man grabbed a flash drive and swallowed the data storage device while in the custody of Secret Service agents, records show.

The article wasn’t explicit about this — odd, as it’s the main question any reader would have — but it seems that the man’s digestive tract did not destroy the evidence.

This text is copyright schneier @ Schneier on Security

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

Version 2.2.15 of the Apache HTTPD server is out. “Notably, this
release was updated to reflect the OpenSSL Project’s release 0.9.8m of the
openssl library, and addresses CVE-2009-3555 (cve.mitre.org), the TLS
renegotiation prefix injection attack. This release further addresses the
issues CVE-2010-0408, CVE-2010-0425 and CVE-2010-0434 within mod_proxy_ajp,
mod_isapi and mod_headers respectively.”

This text is copyright corbet @ LWN.net

This post was syndicated from: oggin.net SEO blog and was written by: oggin. Original post: at oggin.net SEO blog

Полезен списък от 71 LinkWheel сайта подредени по стойности на Google Page Rank и Alexa
Забележително е, че авторът на поста An Analysis of 71 LinkWheel Sites правилно е предположил, че списъкът му ще бъде копиран къде ли не ! Добра работа – заслужава си и копирането и линка :-)

Link
PR
Alexa
Share
Notes

http://www.wordpress.com/

9
18

Pure Blogs

http://www.bravenet.com/

8
2426

http://www.weebly.com/

8
828

Custom drag and drop platform

http://www.squidoo.com/

8
249
Y
Fast and [...]

Related posts:

1. Adsense Allowed Sites Преди малко открих нещо ново в Google Adsense – Allowed Sites Adsense Setup -> Competitive Ad Filter -> Allowed Sites Allowed Sites има 2 възможности : – Allow any site to show ads for my account – Only allow certain sites to show ads for my account …
2. Канали и тактики в онлайн маркетинга за 2008 Помните ли изследването на TopRankingBlog започнало преди седмица ? До момента са гласували 120 оптимизатори. Ето и резултатите за предпочитаните канали и тактики за онлайн маркетинг до този момент : Blogging (25%) Search engine optimization (13%) Email marketing (13%) Pay per click (8%) Social networks (Facebook, LinkedIn) (5%) Blogger relations (5%) Viral marketing (4%) Online public relations (4%) Corporate web site (3%) Affiliate marketing (3%) Free [...]…
3. Google Sites Днес стартираха Google Sites, като част от Google Apps. Засега я ползваме само тези дето си плащаме 50 евро на година за акаунт в Premier Edition, но вървят слухове че и някой Standart Edition били наградени и могат да включат апликацията от Add more services. Опитайте и се молете да сте част от избраните. След [...]…

This text is copyright oggin @ oggin.net SEO blog