Words to leak by …

The Department of Homeland Security has been forced to release a list of keywords and phrases it uses to monitor social networking sites and online media.  (Like this one?)

This wasn’t “smart.”  Obviously some “pork” barrel project dreamed up by the DHS “authorities” “team” (“Hail” to them!) who are now “sick”ly sorry they looked into “cloud” computing “response.”  They are going to learn more than they ever wanted to know about “exercise” fanatics going through the “drill.”

Hopefully this message won’t “spillover” and “crash” their “collapse”d parsing app, possibly “strain”ing a data “leak.”  You can probably “plot” the failures at the NSA as the terms “flood” in.  They should have asked us for “help,” or at least “aid.”

Excuse, me, according to the time on my “watch,” I have to leave off working on this message, “wave” bye-bye, and get some “gas” in the car, and then get a “Subway” for the “nuclear” family’s dinner.  Afterwards, we’re playing “Twister”!

(“Dedicated denial of service”?  Really?)

Share

Phecal photo phorensics

I suppose I really can’t let this one … pass …

Last weekend a young woman fell to her death while on a tandem hang glider ride with an experienced pilot.  The pilot, owner of a company that takes people on hang gliding rides for kicks, promises video of the event: the hang glider is equipped with some kind of boom-mounted camera pointed at the riders.

Somehow the police investigating the incident suspected that the pilot had swallowed the memory card from the video camera.  (Presumably the video was running, and presumably the pilot knew it would show something unfortunate.)  This was later confirmed by x-rays.

So, this week we have all been on “memory card movement” watch.

And it has cr… I mean, come out all right.

Share

Flash! TSA bans bread!

Following the explosions in two BC sawmills, which experts are speculating may have been caused by fine sawdust caused by excessively dry wood, the TSA has banned any particulate materials, such as sawdust, flour, and icing sugar, to be banned from all flights.

Also included in the ban are any objects made from particulate materials, such as particleboard, bread, and icing sugar dusted donuts.  (The union representing TSA workers had argued, unsuccessfully, against this last item.)  The TSA’s Director Of Really Dangerous Stuff also noted that materials with larger particle sizes, such as table salt and sand, were also being included in the ban.

At press time, we were still awaiting word on whether computer equipment was to be included in the ban, since silicon chips are commonly said to be made of sand.

(Yeah, yeah, I know, don’t give the TSA ideas …)

Share

Paper safe

I first saw this, appropriately enough, on Improbable Research.  It’s appropriate, because, when you see it, first it makes you laugh.  Then it makes you think.

This guy has created a paper safe.  Yeah, you got that right.  A safe, made out of paper.  No, not special paper: plain, ordinary paper, the kind you have in your recycling bin.  He’s even posted a video on YouTube showing how it works.

Right, so everyone’s going to have a good laugh, yes?  Paper isn’t going to provide any protection, right?  It’s a useless oddity, of interest only to those with an interest in origami, and more free time on their hands than any security professional is likely to get.

Except, then you start thinking about it (if you are any kind of security pro.)  First off, it’s a nice illustration of at least one form of combination lock.  And then you realize that the lock is going to be useless unless it’s obscured.  So that brings up the topic of maybe security-by-obscurity does have a function sometimes.

Then you start thinking that maybe it isn’t great as a preventive control, but it sure works as a detective control.  Yeah, it’s easy to smash and get out whatever was in there.  But it’ll sure be obvious if you do.

So that brings up different types of controls, and the reasons you might want different controls in different situations, and whether some perfectly adequate controls may be a) overkill, or b) useless under certain conditions.

It’s not just a cute toy.  It’s pretty educational, too.  No, I’m not going to keep my money in it.  But it makes you think …

Share

Happy Merry.

It seems to be getting harder to give … greetings at this time of the year.  There’s a bit of risk involved.  Lots of people think we are exclusive to be simply wishing everyone to enjoy our holiday.  (Of course, if you think that, you have no right to use the word “holiday,” now, do you?  :-)

I had thought I’d made a decent attempt with “Merry Mid-Winter Party Period.”  Until some in the southern hemisphere took exception to the seasonal-centredness of that phrase.

Recently one of our local columnists came up with “non-denominational-culturally-palatable-holiday-seasonal-politically-correct-racially-inoffensive-ritual-drained-of-all-religious-meaning-so-as-to-be-acceptable-to-every-creed-festival.”

So, never mind.  Merry Christmas.  Whether you like it or not.  (If not, you can have a Happy New Year anyway  :-)

In keeping with Christmas itself, I wanted to give you a Christmas present.  Maybe before some of you disappear into family time and last minute tasks for the Exmas Rush.  You don’t have to wait until December 25th if you don’t want to.

Very cute, but possibly not completely original.  A great many people have apparently done a “Silent Monks” version.  Still, this seems the most involved and active.  The earliest versions I could find were from 2008Slight variation.

Slightly more seriously.  And, in response to the commercialization of it all.

For those who want lighter fare.  Or, slightly geekier.  Or, for those trying to keep warm.  Or, for those deeply into their devices.

Share

REVIEW: “Good Night Old Man”, George Campbell

BKGNOM.RVW   20111128

“Good Night Old Man”, George Campbell, 2011, 978-9878319-0-3, C$19.95
%A   George Campbell georgeca@telus.net http://is.gd/x28QRz
%C   PO Box 57083 RPO Eastgate, Sherwood Park, AB Canada T8A 5L7
%D   2011
%G   978-9878319-0-3
%I   Dream Write Publishing dreamwrite10@hotmail.com
%O   C$19.95 http://www.dreamwritepublishing.ca  780-445-0991
%O http://www.dreamwritepublishing.ca/retail/books/good-night-old-man
%O   Audience i+ Tech 2 Writing 3 (see revfaq.htm for explanation)
%P   342 p.
%T   “Good Night Old Man”

On page 114 the author asserts that even learning to use Morse code “bestowed on us instant acceptance into a society whose members regularly performed tasks too difficult for most others to even attempt.”  This statement will be instantly recognizable by anyone in any technical field.  This is because in the beginning was the telegraph.  And the telegraph begat teletype (and baudot code) and the telephone.  And telephone company research labs (in large measure) begat computers.  And teletype begat the Internet.  And wireless telegraphy begat radio.  And radio and the telephone and the Internet and computers begat 4G.  (Or, at least, it will begat it once they get it right.)  But it all started with the telegraph.

As the author states, any communications textbook will mention the telegraph.  Most will tell you Morse code began on May 24th, 1844.  Some might mention that it isn’t in use anymore.  A few crypto books might let you know that commercial nomenklators were used not just for confidentiality, but to reduce word counts (and thus costs) when sending telegrams.  (The odd data representation text might relay the trivium that Morse code is not a binary code of dots and dashes, but a trinary code of dots, dashes, and silence.)

But they won’t tell you anything about what it was like to be a telegrapher, to actually communicate, and help other people communicate with Morse code.  How you got started, what the work was, and what your career might be like.  This book does.

I am not going to pretend to be objective with this review.  George Campbell is my wife’s (favourite) uncle.  He’s always liked telling stories, has a fund of stories to tell, and tells them well.  For example, he was the first person in North America to know about the German surrender in Europe, since he was the (Royal Canadian Naval Volunteer Reserve) telegrapher who received the message from Europe and passed it on.  Of course, the message was in code.  But everyone knew it was coming, and he knew who the message was from, and who it was going to.  You can learn a lot with simple traffic analysis.

There are lots of good stories in the book.  There are lots of funny stories in the book.  If you know technology, it is intriguing to see the beginnings of all kinds of things we use today.  Standard protocols, flow control, error correction, and data compression.  Oh, and script kiddies, too.  (Well, I don’t know what else you would call people who don’t understand what they are working with, but do know that if you follow *this* script, then *that* will happen.)  It is fascinating to see all of this being developed in an informal fashion by people who are just trying to get on with their jobs.

The title, “Good Night Old Man,” comes from a code the telegraphers themselves used.  “GN” (and a “call sign”) was sent when the telegrapher signed off his station for the night.  Morse code is no longer used commercially.  Within a few years, the last of the “native” speakers will have died off.  Morse will become a dead language, possibly studied by some hobbyists and academics, who can tease legibility out of a sample, or laboriously create a message in that form, but without anything like the facility achieved by those who had to use it day in and day out.

This is a last chance to learn a part of history.

copyright, Robert M. Slade   2011     BKGNOM.RVW   20111128

Share

Aurasma: Graffiti meets YouTube

A company called Autonomy, which has been selling image search technology, has launched an apparently freely available (open?) project called Aurasma.  At the moment only available on iPhone 4, this allows you to “augment” the reality (that the mobile device sees) by adding video to overlay it.

In this article, a BBC reporter/commentator opines that this is a cute trick, but only that.  I’m going to go out on a limb and predict that this assessment is short-sighted (albeit only if the technology expands to other platforms).  Given that YouTube users are uploading 48 hours of video to the site every minute of the day, I suspect that the ability to create video graffiti, and “tag” it to any vista, location, or object, will be irresistable.

Apparently the company thinks this will be a platform that companies will use to create ads, to promote their products or shops at related locations.  They probably will.  However, myriad users will be creating other content, for the same images, and we will have SEO (Search Engine Optimization) battles that will make the malware and phishing sites we see now pale in comparison.  The Tokyo Chamber of Commerce or tourism board may wish to overlay video over certain landscapes or landmarks, but how will they stand up against thousands of geeks who’ve all seen Godzilla?

Share

WARNING: Word Processor Keeps Keyboard Data

This is totally serious.  You should be aware that, for years now, just about every commercial word processing program on the market [1], and a number of the open source ones as well, have been intercepting your keystrokes, storing them, and even displaying them *on the screen*!

Email programs are even worse, since a number of them will actually send your keystrokes to someone else, *over the Internet*! [2]

[3]!!!!!

[1] Except for Word, which simply collates random data.
[2] Except for Outlook, which regularly deletes all stored data.
[3] Yes, I am, of course, poking fun at the furor over the iPhone location data file.

Share

Dumb computer virus story

I really don’t know who is more ignorant here, the city authorities “protecting” the computers, or the journalist writing up the story

If you know anything about the technology, this is howlingly funny (or, it would be, if it weren’t so sadly representative …)

“Officials at Nanaimo city hall are desperately working to find out how a virus attacked their computer system Wednesday afternoon.”

(Oh, oh!  Pick me!  I can tell you!  You didn’t tell people NOT TO CLICK ON RANDOM ATTACHMENTS THEY GET IN STRANGE EMAIL MESSAGES AND SUPPOSED E-CARDS!!!)

“Per Kristensen, director of information and technology, said he was shocked by how quickly the virus infected the system.

“The first time anyone anywhere in the world noticed this new virus was on [March 15] and then it hit us on the 16th,” he said Thursday.”

(How many new viruses are “created” every day, these days?)

“People can be assured that all their information is secure. Protection of their personal information is a priority. The city’s system won’t be turned on until we are confident we have this solved,” he said.

(Ummm, how are you going to clean up the computers if they are turned off?)

“Kristensen said the virus is so new, it has no signature that security devices can recognize.”

(Let me guess: a certain antivirus in a yellow box couldn’t recognize it, so you figure that nobody can, right?)

“We’ve got multiple levels of protection and firewalls, but nothing recognizes this.”

(Yeah, firewalls do a GREAT job against viruses …)

“We may have to shut down throughout the weekend and we won’t put the system back up until we know we have this under control. And right now, we don’t know how long that will be.”

(Based on this, I’m not holding my breath …)

Share

Non-Functional Email (or Blog) System Disclaimer

Herewith, forthwith, and thereunto, all my postings and email messages, past, present, and future, shall be subject to the following disclaimer.  (Some parts of this disclaimer may be familiar to you, but then, some of the best of human literature is familiar.)

Confidentiality, Integrity, and Availability Notice (or Disregard):
The information, misinformation, or vacuity in this document and attachments (including viruses) is, are, were, or have been confidential and may also be legally privileged or illegally handicapped.  It is intended only for the use or misuse of the named recipient, such as “To Whom It May Concern.”  Internet communications are not secure (unless you consider availability part of security) and therefore does not accept legal responsibility for the contents of this message, including tar and nicotine levels.  If you are not the intended recipient, please notify us immediately so that we can add you to the distribution list.  Violation of this notice may be unlawful, immoral, or fattening.  This email is fully disclaimed, but may still be dangerous.  It is not legal, medical or engineering advice.  It is not even questionable advice.  (If used as legal, medical, computer security or engineering advice please pay additional moneys to the sender.  LOTS of moneys.)  It is under-privileged.  It is made from 85.4% post harangue opinions, green ideas, and not less than 15% recycled electrons.  It should be taken with a large pinch of salt (but remember, this is not medical advice).  Union written.  (By committee.)  Shade grown concepts.  Fair trade characters.  Low sodium (but high silicon).  25% lower (than our regular humour).  Trans-fat free.  Environmentally friendly.  Lite.  New.  Improved.  Low calorie.  High energy.  Self-starter.  High fibre optic.  Reduced.  Please consider the environment before printing this out, unless you are American or Chinese in which case what the heck it’s all baloney that greenhouse gas stuff.  (If non-American or -Chinese, then remember that paper is a renewable resource made from trees, and that working forests not only provide habitat for wildlife, but actually help with carbon sequestration as long as you recycle the stuff and don’t burn it.)  THIS DISCLAIMER IS ALL IN CAPITALS TO AVOID LOWERCASE TAXES.  AND TO MAKE YOU THINK THIS BIT IS REALLY IMPORTANT.  If you aren’t the person to whom this was intended, we beseech you not to hold the entire corporation liable for the dim bulb responsible.  Please delete and pretend you never saw it.  Thank you and have a nice day.  Delete it now.  NOW!  If you don’t something bad will happen to you involving geese.  Just imagine there is this absolutely humongous and meaningless disclaimer here about how if you aren’t the intended recipient, you shouldn’t read it, inform the sender, seek mind erasing/excess facial hair treatment, destroy this email, the computer it was on and any computers that it might have looked at funny, cut down on the caffiene, move to Nepal where they don’t have all that many computers in search of self-actualization, and so on.  With the occasional really really long line full of legalese twaddle that we won’t try to reproduce here as we don’t have any stunted lawyer training to protect us from injury, malice, dismal speeling, incorrect use of epiphanies or US election rhetoric or idiocy.  Just in case it might be spam, we also include a reference to a little known law from 1736 about artichokes outlawing their use in combat unless they are explicitly declared royal leafed vegetative maces weighing no more than 6,000 grains and have an unsubscribe address printed on them in the widely derided Comic Sans, with a pitch size of at least 3 point, and the views of the cracker dip expressed here is totally fallacious.  This message is intended only for the use of the intended recipients, who may, in  fact, be legion, given that this is an autoresponse.  It may contain information  that is privileged and confidential, but, given the mindless nature of the mailing, that isn’t very likely, is it?  If the reader of this message is not the intended  recipient, or someone else on the mailing list, or someone else on another mailing list that mirrors some of the traffic on this mailing list, or an employee or  agent responsible for delivering this message to the intended recipient, or a mail user agent, or a mail transfer agent authorized to handle such message, or a spam filter  authorized to examine the content of such message, or a casual browser looking over the shoulder of someone who is reading this message on their screen, then the statistical odds of you seeing the message are really wild, but anyway, such reader is hereby notified that any review, retransmission, conversion to hard copy, copying, circulation, restriction, bundling into small balls of paper for the purpose of firing over at your friend three cubicles away to tell him (or, preferably, her) that it is break time, or other use of this message is strictly prohibited and may be illegal.  If you have received this communication in error,  please immediately notify us by replying to the message and deleting it from your  computer, but don’t read it first to see if it was truly in error.  This email is confidential and privileged.  That’s right, confidential.  Even though I sent it to a mailing list, it’s still confidential.  Not only is *it* privileged, but so are you, you lucky user, since you’ve gotten a message from *me*!  This email and any, all, or no attachments are confidential (as long as you don’t read them) and may also be privileged.  (They’re an elitist bunch …)  If you are not the addressee, addressor, writer, or reader, do not disclose, copy, circulate, bend, fold, make into paper cranes (not the small ones that any Japanese kid can make, the really elaborate ones that even have feathers on), mutilate or in any other way use or rely on the information contained in this email or any attachments.  (Using or relying on the information contained in this email may, in any event, be hazardous to your health, particularly mental.)  If received in error (the message, not you), notify the sender immediately, if not sooner, and delete this email and any, all, or viral attachments from your system.  Failure to delete this email and any attachments from your system may result in … in … well, gosh, darn it, just do it, OK?  If you are not the intended recipient please accept our apologies.  On second thought, why are we apologizing?  You’ve accepted the message.  If you aren’t the intended recipient, or a person responsible for delivering it to the intended recipient, or the intended recipient’s lawyer, or someone with power of attorney for the intended recipient, or a police officer with a duly authorized warrant, then you are likely someone who is far too nosy to mind their own business and stay out of other people’s email-shame on you! what are you, some kind of spy?!?  Please do not disclose, copy or distribute information in this e-mail.  [Sigh.]  You’ve already copied it, haven’t you?  You downloaded it from the server, so you copied it onto your machine.  Then your mailer made another copy in memory, just to display it to you. Don’t do it anymore, alright?  Don’t take any action in reliance of on its contents: to do so is strictly prohibited and may be unlawful.  It’s also ungrammatical: if anyone ever figures out what that previous sentence meant, please let us know.  Please inform us that this message has gone astray before deleting it.  What can you do?  You try to bring email up right, and the next thing you know they’re hanging out on IRC and trying out NetBEUI.  Thank you for your co-operation.  Actually we just added that last bit to pad out the message and keep you reading for the few more seconds it will take our crack anti-cracker team (get it?  Never mind.) to get to your location and terminate your machine with extreme prejudice.  You have been warned.  The content of this message is distributed on an ‘as is’ basis, without surety, warranty, guarantee, pledge, Endust, or assurance of any kind, express, implied, or insinuated, as to accuracy of content, quality of writing, punctuation, spelling, grammar, usefulness of the ideas presented (if any), merchantability, liability, correctness or readability of concepts, or correspondence of (a) the ‘To:’ line with the actual distribution, (ii) time stamp references in the header (if any) with the time of sending, (4) any subject line with any associated thread, (V) the definitions with the actual terms used, (dubya) domain name references in the URL (if any) with the actual site used, and (whatever) any reference link with where the link ends up.  Illustrations may have been originally necessary to understand this material: neither the author, the ISP, nor any MTA en route accept any responsibility for the fact that ASCII doesn’t support them.  Any resemblance of the author or his or her likeness or name to any person, living or dead, or their heirs or assigns (even if grandchildren), is coincidental; all references to people, places, or events have been or should have been fictionalized or at least randomly chosen from the Quesnel phone directory and may or may not have any factual basis, even if reported as authentic.  Similarities to existing works of fact, reference, art, literature, song, dance, puppetry, reality television program, radio talk show, random conversation, or movie scripts is pure fluke.  References have been chosen at random from the author’s own written works (for purposes of self-promotion) or fertile imagination.  Neither the author(s) nor the publisher (if the Supreme Court so deems ISPs to be) shall have any liability whatever to any person, corporation, animal (whether feral or domesticated), mineral, vegetable, or other corporeal, incorporeal, or supracorporeal entity with respect to any loss, damage, misunderstanding, puzzlement, or death from choking with laughter (I wish) or apoplexy (more likely) at or due to, respectively, the contents; that is caused or is alleged to be caused by any party, whether directly or indirectly due to the information or lack of information that may or may not be found in this alleged work.  No representation is made as to the correctness of the IP address or date of publication as our Pentium isn’t good with numbers and errors of spelling and usage are attributable solely to bugs in the spelling and grammar checker in Microsoft Word even though the author does not use it.  If sold without a header, this message will be shorter than those sold with a header.  Slightly higher west of the Rockies.  (The elevation, dummy, not the number of characters.)  You do not own this page or message, but have acquired only a revocable non-exclusive license to read the material contained herein.  You may not read it aloud to any third party, regardless of any ability or inability of that third party to read it for themselves.  This disclaimer is held to be valid under the laws of wherever I can best make it stick.  This disclaimer is a copyrighted work of Robert M. Slade, first published in 2004, bulked up and renewed in 2011, and is distributed ‘as was’, without guarantee, warranty, or attestation as to quality of humour, trenchancy of critique, sharpness of scorn, or aptness of jape.  Any similarity to any email disclaimer by any corporation or actual lawyer is purest accident.  By accepting this message you are accepting the following terms: 1) This message is subject to clarification or withdrawal.  ii) It is freely transferable with no alteration to the original message.  fore) It implies no promise by the author/poster/forwarder to actually implement any of the wishes or information for her/himself or others and is void where prohibited by law, and is revocable at the sole discretion of the author/poster/forwarder.  f) It has been virus-scanned by up-to-date commercial antivirus software and therefore no absolute guarantee can be given that it is free of all malware, virus, worm, Trojan (or other prophylactic), keylogger or rootkit.  By sending any email to any of MY addresses you are agreeing that  1. I am by definition, “the
intended recipient,”  2. All information in the email is mine to do with as I see fit and make such financial profit, political mileage, or good (or bad) joke as it lends itself to.  In particular, I may quote it on Usenet or post it to any wall on Facebook.  3. I may take the contents as representing the views of your company.  4. This overrides any disclaimer or statement of confidentiality that may be included on your message.  5.  I may charge you, at the rate of $350 (or the value of an old college beater, whichever is the greater) per hour for reading your disclaimers.  DISCLAIMER is better than datclaimer, and contains privileged and confidential information in heavily steganographic form and is intended only for an individual named rather than groups of named.  If you are not the named recipient (for example, if you are a numbered, or an ordinaled), you should not disseminate, distribute, store, print, copy or deliver this message.  Therefore, any routers or MTAs that have passed this message along should be taken out and shot.  Please notify the sender immediately by email.  Of course, in order to do that you’d have to read it, and therefore any messages that the sender receives will be held and used as evidence against you before you are taken out and shot.  If you have received this email by mistake, please delete this e-mail from your system.  Which would mean delivering it to the bit-bucket, and is therefore illegal.  Email transmission cannot be guaranteed to be secure, error-free, or even sane as information and any attachments or non-attachments could be intercepted, corrupted, lost, destroyed, modified, found, delayed, flushed away, incomplete, added to, or amended, arrive late or incomplete, contain viruses or be extremely silly.  This message contains information.  It is provided for informational purposes only.  It may contain virtual information.  This message may be confidential, or it may only make sense to the person(s) to whom it is addressed.  It may not make sense at all.  If you find minor spelling or grammatical errors in this message, please do not bother the sender.  Report the problems to someone who cares.  Some pedantic member of the Internet Grammar Police maybe.  The sender, therefore,  does not accept liability for any errors or omissions in the contents of this message which arise as a result of email transmission.  Or for the fact that you tried to do what we actually did want you to do, and lost money as a result.  Or, indeed, for anything at all.  If verification is required, please request a hard-copy version.  So that we can gain more evidence before you are taken out and shot.  If you don’t recognize this message, please commit suicide in order to prevent improper disclosure.  Please note that all incoming e-mails will be automatically scanned to eliminate unsolicited promotional emails about SPAM.  This could result in deletion of a legitimate email before it is read by its intended recipient.  In other words, we can ignore this as long as we want, and blame it on the spam filter.  Warning: email is not 100% reliable, if you are sending time sensitive, critical information please use a read receipt request and also follow up with a phone call.  Otherwise we can ignore this as long as we want, and blame it on gremlins.  If you bothered to read this disclaimer, you *are* a goose.  We may monitor email traffic.  Purely for kicks, you understand.  Our mail server admins get bored easily.  No part of this message, including this, or any other, disclaimer, is to be taken to represent the knowledge, beliefs, thoughts, or opinions of the author, company, Internet access provider, or anyone else involved in the creation or transmission of this message.  In fact, this message was really written in the language of a civilization originating on a planet orbiting the third star to the left (if you don’t go past it and straight on til morning), transmitted in a trinary vector encoding, from the rough vicinity of where the tail of the Horsehead Nebula would be, with the subsequent line noise detected and interpretted as ASCII characters.  The fact that it appears to be in English is only a random artifact.  The original message concerned the quality of lint in the Sacred Belly Button, and this disclaimer was originally line noise from the carrier dropping.  It’s sad that the signal/noise ratio of the Internet is now asymptotically approaching zero because 90% of traffic is SPAM and the remaining 10% is stupid and offensive email disclaimers.  It will
actually go negative as soon as spammers decide that they need long and discursive disclaimers in order to make their stuff look authentic.  All clauses of this disclaimer apply to the disclaimer itself, except for this first sentence.  This disclaimer is provided for informational, misinformational and metainformational purposes only and should not be construed as a solicitation or offer for anything whatsoever.  This disclaimer may contain forward-looking statements, and probably will contain backward-looking statements, too.  Beginning to read this disclaimer constitutes immediate, implicit, explicit and retroactive acceptance of all clauses past, present and future.  All metainformation, HTML tags, photographs, artwork, script, text, opinions, ideas, facts or factoids contained in this email are either my own, and therefore are copyright (c)1954-2011 by the author, or duly licensed from and/or attributed to the writers, owners or copyright holders, or in good faith presumed to be in the public domain, or quotable under some sort of “fair use” clause, or frankly stolen, or the official opinion of the voices in my head.  You’re free to copy, reproduce, expand, excerpt or adapt this disclaimer to your own purposes, at your own risk, as long as you assume all responsibility for doing so, particularly in terms of being called an idiot for enlarging a disclaimer that was already ridiculous in the first place.  Should you agree to all provisions put forth herein, you’re implicitly agreeing with the agreement about the meaning of the words “agree”, “agreement”, “agreeing” and all variations or conjugations thereof, as well as the word “thereof.”  Should you disagree with any one or several disagreements expressed thereunto, your worldline may be caught in a strange recursive loop and spontaneously self-combust.  Again.  All comments published in public forums are the exclusive responsibility of the respective posters and may be subject to separate copyright provisions and disclaimers (please collate and include them here); however, this poster reserves the right to edit, delete, curate or eliminate all replies on personal whim.  All posters to any such forums must implicitly accept the full provisions of this disclaimer; you may assume that I will ignore any claims of ignorance, surprise or indignation.  Text, tags, metatags, scripts, pings, trackbacks or links on my site may have been totally or partially generated by distributed software and/or information gathering and diffusion mechanisms of uncertain location, provenance, jurisdiction or intentions.  All products, brands and company names mentioned will probably be trademarks or trade names of the respective companies and you should mentally insert the appropriate TM, c, r or whatever wherever or whenever appropriate.  Failure to do so leaves you liable, not me.  All rites reversed.  Any links to external sites and any comments about the contents thereof should not be construed as endorsement, tolerance, approval or disapproval of such contents, even if such comments overtly purport to do so.  85.4% of all cited statistics may have been made up on the spot.  In case of error, reinstall universe and reboot.  Sense of humor must be provided by third parties.  Caveat Browsor.  If you do not understand, or cannot read, all these directions, cautions and warnings, do not access this content.  Use, duplication, disclosure or ritual exorcism of this information by the Government (any Government) is subject to the restrictions of physical laws.  It’s also subject to logical laws, but Governments wouldn’t understand those.  There is no conscious attempt made nor desire extant to libel or otherwise cause malicious damage, loss, public contempt, defamation, slander, blasphemy, treason, sedition, or ridicule to persons of any gender or even none, cabals, corporations, governments, matrioshka brains, institutions, corporations, or assemblies of inanimate objects, alien lifeforms, microorganisms, clergy, vegetables, animals, or any collections thereof, unless we find it really, really funny.  No representation whatsoever is made as to the accuracy, political correctness, spelling, syntax, semantics, content or meaning of the graphics, text or downloadable files on this site, or of suitability for use or merchantability or fitness for a particular porpoise.  As far as I’m concerned all information herein consists solely of sequences of zeroes and ones, being presented as either an educational explanation, satire or a parody of other sequences of zeroes and ones (or even of the ones and zeroes themselves) and neither I nor my service provider can be held responsible for any further interpretation, guesstimate, translation, transliteration, compression, decompression, exegesis, deconstruction, memetic emission or absorption, catalysis, curation, brand curation, transmogrification, alteration or forgery of such sequences made by either your hardware, software or wetware, or by any intervening data communications channel, even if previously advised of such a possibility.  Any actions you take based on whatever you saw, or think you saw, in this message or on any realted site are entirely your own responsibility.  So there!  This email is directed at reasonably mature people of any age and if you’re not among them, life will be tough.  Since all of the Internet’s pages are interlinked you will sooner than later come to what you may consider an ugly, silly, stupid, obscene or otherwise offensive site.  Don’t say I didn’t warn you!  Reading this email will not enable you to fly.  No electrons, protons, neutrons, quarks or other sub-atomic particles, or agglomerations thereof, have been knowingly harmed in preparing this massage.  Any use of this email, in any manner whatsoever, will increase the amount of disorder in the universe.  Although no liability is implied herein, you are hereby warned that this process will ultimately lead to the heat death of the universe.  All quantum fields and/or state vectors related to this email may spontaneously collapse, decohere, and/or go all higgedly-piggedly [sic] as soon as you look at them, and I can’t do anything about it.  You may have some rights not detailed in this disclaimer but don’t bet on it.  Although due diligence has been exerted towards ensuring that this note doesn’t make any sense, total incoherence can be approached only asymptotically and thus will never be attained.  Actual size smaller than shown if you use a smaller font.  Apply only to affected area.  Do not use while sleeping, unconscious, or insufficiently caffeinated or oxygenated.  For indoor or outdoor use only.  Not suitable as a personal flotation device.  All models are over 0.568 gigaseconds of age or the local equivalent.  Taking this disclaimer onto an aircraft or reading it aloud in or near any federal facility may be prohibited, and, if it isn’t, it should be.  Some areas may be restricted to members.  We do not define what type of members.  Avoid contact with mucous membranes.  They are really icky.  Do not insert body parts into moving components.  Keep out of children.  This disclaimer does not cover misuse, accident, extraterrestrial impact, war, alien abduction, hurricane, lightning, tornado, tsunami, volcanic eruption, earthquake, flood, and other Acts of God, gods, Godesses (religious or Supermodel type) and/or Flying Spaghetti Monsters, misuse, neglect, leaking batteries, unauthorized repair, authorized repair that we don’t like, damage from improper installation, broken antenna or marred cabinet, incorrect line voltage, missing or altered serial numbers, sonic boom vibrations, electromagnetic radiation from nuclear blasts, chemical reactions, electromagnetic radiation from nuclear blasts, sonic boom shock waves, duplication of terms because we weren’t paying attention, customer adjustments that are not covered in this list, genetic drift, continental drift, tectonic plates (collect the whole set!), random neuronal firing, and incidents owing to airplane crash, ship sinking, motor vehicle accidents, leaky roof, broken glass, falling rocks, mud slides, forest fire, flying projectiles, or dropping the item.  Many mail readers look alike.  Others don’t.  If you can’t tell the difference, I suppose it doesn’t matter, but I’d question your ability to use email.  Use only in a well-ventilated area.  Colours may fade.  May not work while immersed or submerged.  Do not bend, contort, flex, twist, fold, crease, crinkle, rumple, spindle, mutilate, lacerate, dismember, clone, inflate, bloat, distend, deflate, dishearten, imbibe, swill, sniff or chew.  Do not use while operating a motor vehicle, heavy equipment, airplane, hang glider, cellphone, or any powered device inserted into bodily orifices.  If a rash, redness, irritation, or swelling develops, discontinue use.  If condition persists, consult your physician.  If meta-condition persists, consult your philosopher.  No user-serviceable meaning inside.  Articles are ribbed for our pleasure in making fun of them.  Prepositions are barbed for making more vicious insults.  Possible penalties for early withdrawal.  Objects in browser may be closer than they appear, but don’t count on it.  Objects in mirror are probably behind you.  One size fits all.  Quantities are limited while supplies last: after that, they aren’t.  Not intended for highway use.  To be used as a supplementary restraint system only.  Contains a substantial amount of non-tobacco ingredients.  Keep cool, process promptly.  Refridgerate remaining text.  Remove child before folding.  Lost ticket pays maximum rate.  Employees and their families and friends are not eligible.  If any defects are discovered, do not attempt to fix them yourself, but return to an authorized service center.  Not responsible for advice not taken.  Disclaimer subject to change, amendment, modification, obsolescence or stagnation without notice.   May cause temporary dizziness, flatulence, cirrhosis of the liver, inflammation of the brain, heart damage, pancreatic damage, kidney damage, spleen implosion or explosion, thyroid combustion, severe nasal hair growth, blindness, eruptia, pregnancy, infertility, fecal incontinence, feelings of financial inadequacy, impotence, allergies, solipsism, loss of genitalia and/or hermaphroditism, hair loss, skin blemishes, bone deformity, throat cancer, warts, ulcers, hangnails, bladder leakage, Darwinian selection, sores, scabs, ozone holes, panspermia, dystopia, elephantiasis, hepatitis, conjunctivitis, gingivitis, appendicitis, bronchitis, athlete’s foot, and/or the misery of psoriasis.  Your mileage may vary.  All your disclaimer are belong to us.  This supersedes all previous disclaimers.  NOTWITHSTANDING ALL PREVIOUS CLAIMS TO THE CONTRARY THIS DISCLAIMER MAY CONTAIN INFORMATION THAT IS THE CONFIDENTIAL AND PROPRIETARY PROPERTY OF SOMEBODY AND SUCH INFORMATION MAY NOT BE COPIED, PUBLISHED, OR DISCLOSED TO OTHERS, OR USED FOR ANY PURPOSE OTHER THAN REVIEW BY AUTHORIZED INDIVIDUALS, WITHOUT THE EXPRESS WRITTEN NOTARIZED AUTHORIZED AUTHORIZATION OF AN AUTHORIZED OFFICER OF WHOEVER-IT-IS.  Always check your caps lock key before posting.  Reading a disclaimer like this all the way to the end may have caused irreversible but not necessarily malign changes to your neural whatchamacallits.  Your eyes are weary from staring at the CRT.  You feel sleepy.  Notice how restful it is to watch the cursor blink.  Close your eyes.  The opinions stated above are yours.  You cannot imagine why you ever felt otherwise.  To have the secret second part of this disclaimer transmitted to you over a telepathic tight-beam channel (at 300 baud nominal, odd parity), bury a signed non-disclosure agreement and exactly $1000 in consecutively numbered three-dollar bills in our backyard and stand by for further instructions.

This disclaimer will now be repeated in Babelfish versions of French, Spanish, German, Dutch, Latin, Japanese, Arabic, and Ebonic, and, if we can get the Dialectizer to work, Swedish Chef, !33t haXor and ValGal.
(Disclaimers should not exceed the size of the original message, per APP disclaimer dictum.)
Further information: http://www.goldmark.org/jeff/stupid-disclaimers/

http://attrition.org/security/rants/z/disclaimers.html

Share

Crowdsourced Christmas Cwestions

This has nothing to do with security.  But, since it’s the day ofter Epiphany, we are now officially out of the Christmas season, so one last hit before next year.

Then again, maybe it does have to do with security.  Integrity and all that.  The dangers of getting your answers from socnets and Wikipedia.

So, today I’m getting my hair cut.  Our hair stylist (yes, I’ve had to switch from a barber, that endangered species, to a hair stylist.  Who is really good) has become a good friend, and saves up questions to ask me while I’m in the chair.  Today it was why red is a Christmas colour.  (We discussed Clement Clark Moore, and persistent berries in northern climates, etc.)

I mentioned this to Gloria when I got home, and she said that the girls would have just googled “why is red a Christmas colour?”  So, I did that.

Oi, such nonsense I find!  There are lots of non-answers, such as the Christian significance of red and green, but there is Christian significance in other colours, too, so why those?  Answers.com was one of the sites that promulgated that one.

But then I hit yet another answer from Answers.com, and this one just blew me away!  So herewith the answer they gave to it, and my response to the various parts (by the way, I haven’t corrected any spelling, punctuation or grammer within the quotes):

“This has always been the case.”

Oh, thanks awfully!  So helpful!  (This is the “turtles all the way down” answer.)

“Possibly the holly and wreaths,”

OK, I can accept that …

“or contrasting stop and go images-Red and Green lights.”

Of course!  The famous sixteenth-century Tudor traffic lights!  It’s obvious!

“One interesting angle is the Running lights of ships”

Uh, you’ll have to explain that one to me a bit more …

“-and Christmas is transportation oriented,”

Ummmm, are we talking about the three kings, here?

“are , from port to starboard, Red, White(overhead masthead lights) and Green.”

Yes, yes, I see!  The Magi must have travelled on the Orient Cruise Line (the Pacific not having been discovered yet).

“it was said this may have been chosen tohonor Columbus as these are the colors of the Itallian Flag.”

Of course.  Columbus must have been the fourth wise man, and ended up as the Wondering … Wop?

“it is interesting to know the term Christmas tree for the control panel on a submarine”

Yes, clearly this came from early Judean submarines!

“refers directly to the red (hazard, no go) and Green (safe, clear) lights.”

And, clearly, Christmas is something to avoid, as hazardous.

“similar devices have other applications.”

And similar holidays have other colours?

“oddly phone switchboards are usually red and white-busy and clear.”

And this colour scheme has come down to us from the earliest Roman switchboards?

“I hope this is some help!”

No, not really.  (But it was somewhat amusing.)

Share

Sound good?

By the way, in non-Sonne-erous G8/20 news, our government(s) have spent a billions dollars on security for a couple of days of meetings.  Even given the degraded value of the American billion, that’s a lot of money.

Part of it was used to buy sound cannons.  (The police don’t like you saying that: they prefer the term “long range sonic control devices.”)  These sound cannons generate noise at 130 decibels, which the civil liberties folks are concerned will damage human hearing.

That’s the same level of noise a vuvuzela makes.

So, look, why didn’t we save the billion dollars, go down to Canadian Tire, and, for a hundred bucks (possibly in Canadian Tire money) equip the entire riot squad with vuvuzelas?

Share

He’s eight, OK?

So I’m in the store with my grandson, preparatory to taking him (and his sister) for ice cream.  We’re buying cheese.  One of the varieties of the cheese we want to buy is wasabi.

“We should get some of that for Grama,” he says.

(His father gave him a wasabi pea, once, and he has never forgotten it.)

“Ha!” says I, “Maybe we should forget this ice cream idea.  We shouldn’t get you ice cream, for you are an evil child!”

Most children of eight would object.  Both to the potential loss of ice cream, and to any insinuation that they are evil.  “I’m not bad!” they would whine.

But not my grandson.  He doesn’t batt an eye.  Without a second’s pause, he fires back with “Ah!  But you haven’t yet heard my plan for taking over the world!”

Maybe he takes after his grandfather too much …

Share

Sometimes it’s just Windows …

As well as the complexity issue I spoke about earlier, computers can do some weird things.

A couple of days ago, Gloria was doing some work that involved comparing two photographs.  She asked me to have a look at the first, then showed me the second, and then wanted to show me the first again.  Which, of course, wasn’t there any more.  Windows Picture and Fax (why fax, in this day and age?) Viewer, I explained, almost uniquely among Windows programs, doesn’t let you have more than one window open at a time.  Why not, she asked.  No reason I can think of.

In some frustration she closed the picture viewer window, preparatory to finding the other picture in the other directory.  She clicked the little red square with the white x in it, up in the top right hand corner.  The Viewer window disappeared.

So did some other stuff.

Windows chose to interpret this action as a command to delete the directory in which she had been working, and from whence came the image she had been showing me.

Why does closing a window get interpretted as a command to delete anything?

Which was rather important, since it was her email directory.  With all her email.  (No, not Outlook.  Of course not Outlook.  This is a security blog, after all.)  And various files that came as attachments.

Normally, when you ask to delete a file (from the Windows Explorer window), you get asked if you really want to delete that file.  Actually, usually you get asked if you want to send that file to the Recycle Bin, which is why I have learned to use Shift-Delete almost as a matter of course, but we’ll let that go for the moment.  In either case, you get asked something.  Not this time.  This time the first indication we got of anything happening was the dialogue box telling us that it couldn’t delete the directory, since the directory was in use.  Windows had, of course, deleted all the files already.  (Maybe Windows randomly deletes your email directory if you don’t use Outlook …)

Why, all of a sudden, no confirmation of intention to delete?

Well, regardless of the fact that we hadn’t asked Windows to delete anything, this is exactly the reason that the Recycle Bin was created in the first place.  So, I opened up the Recycle Bin, sorted the files by place of origin, and found the directory, and files, that had been deleted.  As well as other files, of course, since it had been a while since my wife last “emptied” the Recycle Bin.  No problem: retrieve them all, and then sort them out.  So, we retrieved them all, and Gloria went to work on getting rid of what she didn’t want.

When she finished, she opened a new Windows Explorer window to check and make sure that everything was OK.  It wasn’t.  The directory was still empty.  I got involved again, checking this and that.  Shut down program.  Click on the shortcut on the desktop to start up the email program.  Email comes up just fine, and all the messages are there.  How on earth did it do that, when the message files, and even the email program, didn’t exist, as far as Windows Explorer was concerned.

After a bit more checking, I even rebooted the computer, in case, for some weird Windows reason, it was still “remembering” that the files had been deleted.  Rebooted, and still nothing in the directory.  But the mail program, and mail, came up just fine.

So I started messing around with the shortcut properties.  And, lo and behold, come up with something weird.  It wasn’t looking at the email directory.  It was looking at a directory that didn’t exist.

Except, now it did, when we went to look at it.  And it contained all the files, and all the email.

When retrieving from the Recycle Bin, it had created a new and different directory.  And moved the files there, rather than where they had come from.  And had changed the properties on the desktop shortcut, so that they pointed to the new directory.  (And, we found later, had separately changed the properties on the shortcut calling the email program on startup.  But hadn’t, I confirmed today, changed the properties on the program listing under the Start button.)

Why, when you can’t retrieve to a location other than the original, does Windows randomly do that itself?  Why to a directory that doesn’t exist?  Why are (almost) all the properties changed?  Why aren’t all the properties changed?

Sometimes, when something very weird happens on the computer, and Gloria asks why, I shrug and says “It’s Windows.”  She says it makes me sound like a smart aleck when I say that.

Well, have you got a better explanation?

Share

Buy now! There is no “later”!

Somebody is selling places/reservations in/for a doomsday bunker.

Professional paranoid that I am, I immediately thought of what a great opportunity this is for a scam.  Take the deposits, sell the spaces.  Don’t spend anything on the bunker.  If there is no disaster, you’re golden.  If the world ends, what are they going to do, sue you?

(I like the “pets are free” mention.  Nice touch.  And, if you were going to build a shelter, it would extend the protein supply.)

Share

How not to handle a responsible XSS disclosure!

Okay, so a few days ago I found a ton of XSS vulnerabilities on various high profile web sites, and on the whole, after eventually managing to contact the relevant teams for the sites, everyone was very grateful.

When will web sites owners learn that it’s a good idea to have a security contact e-mail address on their sites!

However there was one, whose name I’m not going to mention here, that came back to me with the worst possible answer ever.

This is an online retailer, and my e-mail went to their help desk, but still!

Here’s the full e-mail trail (I’ve removed certain bits of info though so that the site or the attack vector cannot be identified.) Please also note that due the nature of what this company does they are required to be PCI DSS compliant.

===============================

—–Original Message—–
From: xyberpix [mailto:xyberpix@blahblah.com]
Sent: 05 January 2010 07:53
To: help@xxx.com
Subject: Website enquiry: General – www.xxx.com

Sent Date: 2010-01-05 07:52:58 (GMT/UTC)

Hi There,

I have discovered a security vulnerability on your web site, and would like to please disclose this to yourselves responsibly. Could you please either contact me with the name of someone who I should report this to, or could you please get someone to contact me at this e-mail address please. If this could please be treated as urgent.

Thank you
xyberpix

===================================
On 5 Jan 2010, at 16:40, XXX Support User2 wrote:

Hi Xyberpix,

Thank you for your email message.

Can I please ask you to supply the screenshot of the page so that we can look into this for you?

I look forward to your reply, upon which I will do my very best to assist you.

Kind Regards,
Alex | Customer Services Representative
Note: Please do not delete the previous correspondence if you are replying to this e-mail. This will help us to assist you better. www.xxx.com

===================================

—–Original Message—–
From: xyberpix [mailto:xyberpix@blahblah.com]
Sent: 05 January 2010 16:59
To: XXX Support User2
Subject: Re: XXX

Hi Alex,

No problem at all please find attached a screenshot.

Also the string that was used in the main search bar to prove this was the following:

‘;alert yadayadayada

Kind Regards,
xyberpix

==================================

Hi,

Thank you for contacting us and sorry for the inconvenience caused here.

May I kindly request you to clear the cache and cookies from your internet browser and then try placing your order opening a new browser.

If you have any further queries please do let us know.

Kind Regards,
Edwin | Customer Services Representative
XXX!

Note: Please do not delete the previous correspondence if you are replying to this e-mail. This will help us to assist you better.

Share