From jericho at attrition.org Fri Dec 1 16:29:02 2006 From: jericho at attrition.org (security curmudgeon) Date: Fri, 1 Dec 2006 16:29:02 -0500 (EST) Subject: [attrition] MPAA engages in piracy of Kirby Dick film Message-ID: ---------- Forwarded message ---------- From: Richard Forno To: Infowarrior List Date: Fri, 01 Dec 2006 13:25:20 -0500 Subject: [Infowarrior] - MPAA engages in piracy of Kirby Dick film MPAA engages in piracy of Kirby Dick film http://www.slumdance.com/blogs/brian_flemming/archives/001953.html MPAA: Manufacturing, selling, distributing or making copies of motion pictures without the consent of the copyright owners is illegal. Movie pirates are thieves, plain and simple. ALL forms of piracy are illegal and carry serious legal consequences. Except when we do it: The Motion Picture Assn. of America, the leader in the global fight against movie piracy, is being accused of unlawfully making a bootleg copy of a documentary that takes a critical look at the MPAA's film ratings system. The MPAA admitted Monday that it had duplicated "This Film Is Not Yet Rated" without the filmmaker's permission after director Kirby Dick submitted his movie in November for an MPAA rating. The Hollywood trade organization said that it did not break copyright law, insisting that the dispute is part of a Dick-orchestrated "publicity stunt" to boost the film's profile. Yes, it's a publicity stunt. But the MPAA did copy a movie without authorization. One fact doesn't negate the other. The MPAA puts on publicity stunts all the time as part of its anti-piracy efforts. But that doesn't mean there aren't movie pirates out there. The MPAA needs to explain how an act they consider a great moral crime under any circumstances is not a great moral crime when they do it: Anyone who sells, acquires, copies or distributes copyrighted materials without permission is called a pirate. From lyger at attrition.org Sun Dec 3 22:02:52 2006 From: lyger at attrition.org (lyger) Date: Sun, 3 Dec 2006 22:02:52 -0500 (EST) Subject: [attrition] Review: Movie: Casino Royale Message-ID: http://attrition.org/movies/casino.html Casino Royale 2006 Martums M: This may be too much for a blunt instrument to understand. Any thug can kill. I need you to take your ego out of the equation. James: So you want me to be half-monk, half-hitman. M: I knew it was too early to promote you. James: Well, I understand double-ohs have a very short life expectancy. So your mistake will be short-lived. Ian Fleming would be pleased. From the onset, this film does every bit of justice to the Bond franchise. Take the locations for example: Venice, Montenegro, Miami, Nassau, Madagascar, Mbale and Prague. All excellent locales in their own right, but string them together and you trace the path of one of the most glue-your-asses-to-your-seats-and-your-eyes-to-the-screen adventures to visit box offices in recent years. Don't let the locations alone justify my grading of this motion picture. Look at the performers: Eva Green, who is stunning and capable beyond description; Giancarlo Gianini who, for the first time since 2001's Hannibal, makes you grin and grimace nearly simultaneously; Judy Dench, who is second only to Kevin Spacey in Se7en in her ability to transform from icy to warm in less time than it takes you to blink. Then there's the new guy, playing our old favorite, in an old story where we see him again for the first time, which makes him the new guy. My head hurts. Regardless, Daniel Craig is excellent in his performance as Bond. He displays virtually every quality flawlessly, which is equally true of Green. Green and Craig are an excellent pair, both playing strong and confident, then injured and vulnerable, in a combined performance that makes you wonder, what the hell are they up to? [...] From lyger at attrition.org Fri Dec 8 19:47:54 2006 From: lyger at attrition.org (lyger) Date: Fri, 8 Dec 2006 19:47:54 -0500 (EST) Subject: [attrition] postal: ass-first down the chimney Message-ID: http://attrition.org/postal/p0013.html For only the second time ever, the staff and volunteers at attrition.org reveal our "uber-intellect" and "inner workings" to you, the reader. We sometimes discuss information security, vulnerabilities, and world politics. Most of the time, we talk about gaming, ass sex, poor grammar, and chugging cock. Before we proceed, a few words of holiday cheer from us: [...] dumb chicks can be fun strategic positioning the force feels too p1ng... p0ng must have been good shit what a guess bend over and touch your toes first date pwn3d we wish you a merry xmas From lyger at attrition.org Fri Dec 15 08:24:42 2006 From: lyger at attrition.org (lyger) Date: Fri, 15 Dec 2006 08:24:42 -0500 (EST) Subject: [attrition] 100 million... the gloves come off. Message-ID: http://attrition.org/dataloss/rant/100million.html Thu Dec 14 20:31:40 EDT 2006 Lyger I'm going to preface this entire rant with one caveat: I have respect for Beth Givens and Privacy Rights Clearinghouse for their efforts to promote awareness regarding data breaches that involve personally identifying information. I have respect for other groups and entities who care enough to report these breaches, analyze them, and provide meaningful and insightful commentary and analysis. However: I really have a hard time respecting journalists who fail to do basic background research regarding this topic, especially when their writings openly praise the "popular kids at school" and fully ignore the hard work of others who make those "kids" so popular. [...] From lyger at attrition.org Sat Dec 16 14:02:34 2006 From: lyger at attrition.org (lyger) Date: Sat, 16 Dec 2006 14:02:34 -0500 (EST) Subject: [attrition] review: Book: Fedora Linux Message-ID: http://attrition.org/~lyger/works/reviews/fedora.html Chris Tyler - Amazon.com ISBN: 0-596-52682-2 O'Reilly Media Inc., Copyright 2007 About fifty percent of the way into this book, I quit taking notes and just kept reading. Even though the front cover labels this book as "a concise task-based approach", a more accurate description would be "a completely-thorough-to-the-point-of-being-scary approach." Chris Tyler clearly knows his stuff; after 600 pages of technical detail about Fedora and Linux in general, all I can say is "dot... dot... dot...". The book starts off with a chapter titled "Installing Fedora". Good choice. From there, other chapters include desktop usage, notebook usage, system management, storage administration, networking, and security. One middle chapter about "package management" will mean little to those with no interest in Fedora or Red Hat, but the chapter itself, as well as the book in general, is fairly well detailed about RPM and 'yum' technologies. In my opinion, chapter 5 (Package Management) wasn't particularly useful for me, but Fedora and RH junkies will probably find more than a few tidbits of information that should be useful, especially the installation, roll-backs, and creation of RPM packages. [...] From lyger at attrition.org Sun Dec 17 14:43:57 2006 From: lyger at attrition.org (lyger) Date: Sun, 17 Dec 2006 14:43:57 -0500 (EST) Subject: [attrition] review: Movie: The Illusionist Message-ID: http://attrition.org/movies/illusionist.html The Illusionist 2006 Czarina Movies at their core are illustrated illusions, celluloid chimeras, and digital deceptions. We go to the theaters to watch what we already know is not real; even if it is "based on a true story or actual events," we know that someone else is in control of both the vertical and horizontal. People happily pay good money to be lied to, which is about the only time that people will do so without filing a complaint with the local BBB or news channel consumer action reporter. So, keeping this in mind, I will look at The Illusionist, a film that proves to be quite enjoyable; although it doesn't look like much at the beginning, it slowly turns into an enchanting and magical film. With solid performances from the entire cast, this tale encases a story of forbidden love and one man's attempt to reclaim it. In turn-of-the century Vienna, an extraordinary magician, known only as Eisenheim (Edward Norton), has enraptured the city with his wondrous talent at sleight of hand. Eisenheim is no stranger to the town, as he spent his formative years there but hastily quit the city when his forbidden love with the aristocratic Sophie (Jessica Biel) was discovered by the girl's mother, who did not want her to consort with someone below her station. Eisenheim, not of blue blood, loses the one thing in life that he treasures most, and with nothing left to tie him to Vienna, he treks the globe and learns the art of legerdemain. [...] From jericho at attrition.org Thu Dec 21 19:54:48 2006 From: jericho at attrition.org (security curmudgeon) Date: Thu, 21 Dec 2006 19:54:48 -0500 (EST) Subject: [attrition] Postal makes the news.. Message-ID: http://www.networkworld.com/community/?q=node/9999 Congressional aide admits trying to hire hackers -- to boost his college GPA By Paul McNamara on Thu, 12/21/2006 - 6:59pm The communications director for Montana's lone congressman solicited the services of two men he falsely believed to be criminally minded hackers-for-hire -- with the expressed goal of jacking up his college GPA -- during an exchange that spanned 22 e-mails over two weeks this past summer. Todd Shriber, 28-year-old press aide to U.S. Rep. Denny Rehberg, R-Mont., e-mailed the security Web site attrition.org on Aug. 9, writing: "I need to urgently make contact with a hacker that would be interested in doing a one-time job for me. The pay would be good. I'm not sure what exactly the job would entail with respect to computer jargon, but I can go into rough detail upon making contact with a candidate." After initially denying knowledge of the exchange, Shriber told me this afternoon in the final of our three phone conversations: "I did something that's greatly out of character for me and it's a mistake that I regret." Two members of attrition.org, "Lyger" and "Jericho" (a.k.a. "security curmudgeon") corresponded with Shriber and fooled him into believing that they would carry out his wishes, with Jericho warning him at one point: "You are soliciting me to break the law and hack into a computer across state lines. That is a federal offense and multiple felonies." Shriber wanted Lyger and Jericho to break into the computer system at Texas Christian University, from which he graduated in 2000. In the final e-mail on Sunday, Aug. 27, Lyger tells Shriber that his hacking attempts had been detected and "we are SO busted." He urges him to "duck and run if you can" in an exaggerated, obscenity-filled -- and completely fictional -- missive that put an end to their working relationship. While the name Todd Shriber and a Yahoo address appear on the e-mail string that has been posted at attrition.org since September -- the site posts many of the oddball requests it gets, including some seeking illegal services -- it was only today and after a bit of search-engine work here that the person involved was identified as a congressional aide. (Shriber did send Lyger a note in September asking that the e-mails be removed from the site.) Asked why he launched the scheme, Shriber told me, "I would rather not get into that at all. I just got a little too far ahead of myself thinking about things down the road." His college grades "weren't that great," he acknowledged. Shriber contends now that he "got cold feet" toward the culmination of the hack that never happened and wanted out, although there is no indication of second thoughts in any of the e-mail. "A solicitation was made but no action was performed," he told me. "These are people misrepresenting themselves for a laugh." Lyger expresses little sympathy for a man who, after all, was willing to pay others to commit a crime. "You'll notice that we even intentionally redacted his Social Security number and date of birth in one of the e-mails (on the site)," Lyger told me in an e-mail this afternoon. "Pretty ironic that he even sent them since we maintain a data-loss database, Web page, and mailing list." From lyger at attrition.org Tue Dec 26 15:35:08 2006 From: lyger at attrition.org (lyger) Date: Tue, 26 Dec 2006 15:35:08 -0500 (EST) Subject: [attrition] image: Microsoft Vista: ready for a new 0day Message-ID: http://attrition.org/news/content/06-12-26.001.html Sent from an anonymous visitor, we now see how Microsoft should have packaged Vista: http://attrition.org/images/vista2.jpg If Vista isn't even secured against malware from 2004, can you imagine what 2007 will bring? From lyger at attrition.org Wed Dec 27 17:01:30 2006 From: lyger at attrition.org (lyger) Date: Wed, 27 Dec 2006 17:01:30 -0500 (EST) Subject: [attrition] Movie: Perfume: The Story of Murderer Message-ID: http://attrition.org/movies/perfume.html Perfume: The Story of Murderer 2006 Czarina I remember seeing the trailer for this film with a friend of mine. When it was over, we both turned to each other and said "that looks stupid". So, when the DC Film Society offered an advanced screening of this film, I took full advantage to see this picture... even though I knew it would be stupid... but I wouldn't have to pay to have that conclusion confirmed. I have to admit that I was a bit curious about the movie, so I waited an hour in line for my free pass, and sat in the theater next to women who took the title literally and marinated in cologne, and an obnoxious 12 year old who complained throughout the whole movie that there were no black people in it. The film opens with grisly and graphic images of the streets of 18th Century Paris -- eviscerated fish, a new-born fresh from the womb, and general filth all around (makes one grateful "smell-a-vision" isn't mainstream). Anyway, our narrator, John Hurt, compliments the visuals with poetic verbiage that provides insight into the thoughts and motivations of our protagonist Jean-Baptiste Grenouille (Ben Wishaw: Layer Cake), a boy of few words -- but what he lacks in verbal expression, he makes up in olfactory reception. In fact, his ability to smell far surpasses any ability of any human on this earth. Like a blood-hound, Grenouille soaks up smells like a sponge, trying to sate his hunger to capture every odor in the world, but his hunger begins to devour him and Grenouille becomes obsessed with possessing every aroma that exists -- or yet to exist. [...] From lyger at attrition.org Thu Dec 28 17:55:27 2006 From: lyger at attrition.org (lyger) Date: Thu, 28 Dec 2006 17:55:27 -0500 (EST) Subject: [attrition] Going Postal: "Best Of" submissions? Message-ID: In the last week, the "Going Postal" section of attrition.org has been receiving quite a bit of media attention due to the story originally broken here: http://www.networkworld.com/community/?q=node/9999 Attrition was "slashdotted" last Friday, we've done a few phone and email interviews for the media, and have received dozens of emails about the topic. So we started to wonder: what do you, the loyal attrition followers, consider to be the "best of the best" of the Going Postal section? So far, we have the thread listed above and one other up for consideration. Let us know what you think. What would round out a "Best Of" list? Shoot us an email to staff at attrition.org and let us know. We'll work on getting the list compiled for a future release. http://attrition.org/postal/