From jericho at attrition.org Mon May 1 04:15:23 2006 From: jericho at attrition.org (security curmudgeon) Date: Mon, 1 May 2006 04:15:23 -0400 (EDT) Subject: [attrition] Colbert at the Whitehouse Correspondents' Association Dinner Message-ID: ---------- Forwarded message ---------- Colbert stands within feet of Bush and delivers one of the most devastating stand-up routines I've ever seen: Part I Part II Wow, just wow. From lyger at attrition.org Tue May 2 22:48:01 2006 From: lyger at attrition.org (lyger) Date: Tue, 2 May 2006 22:48:01 -0400 (EDT) Subject: [attrition] Errata: 65 events since 06.01.01 Message-ID: http://attrition.org/errata/dataloss.html In what has become a regular occurance, large companies are collecting your personal information (sometimes without your knowledge or consent), and subsequently letting it fall into the hands of the bad guys. This is your personal information; name, address, social security number, credit card number, and more. Unfortunately, this page is updated quite frequently. Ten Most Recent: Ohio University - [2006-05-02] (Records breached for 300,000 people/organizations including 137,000 Social Security numbers) United States Department of Defense - [2006-04-28] (Personal information for over 14,000 military employees compromised by hack) State of Ohio - [2006-04-28] (Social Security numbers of potentially millions of registered voters in Ohio leaked) Iron Mountain / Long Island Railroad - [2006-04-27] (Lost tapes include Social Security numbers for about 17,000 current and former employees) Aetna Inc. - [2006-04-26] (Stolen laptop contains personal information on about 38,000 members) Purdue University School of Electrical and Computer Engineering - [2006-04-26] (1,351 notified following breach involving Social Security numbers) MasterCard / Clydesdale Bank (U.K.) / Morgan Stanley - [2006-04-26] (Stolen credit card details affects 2,000) University of Texas McCombs School of Business - [2006-04-23] (Records including Social Security numbers breached for 197,000 people) University of Alaska Fairbanks - [2006-04-21] (Personal information of 38,941 possibly stolen by hacker) Fraser Health Authority - [2006-04-16] (Missing computer and disk contains names, birth dates, contact information and referral reasons for thousands) From lyger at attrition.org Tue May 2 23:53:48 2006 From: lyger at attrition.org (lyger) Date: Tue, 2 May 2006 23:53:48 -0400 (EDT) Subject: [attrition] Review: WarGames - 1983 Message-ID: http://attrition.org/~lyger/works/reviews/wargames.html http://attrition.org/news/ WarGames was one of those movies that you probably haven't forgotten if you were a pre-teen or teenager in the early 80's. Even though WarGames is usually available somewhere on American cable TV, watching the original cut on DVD is definitely preferred. The opening sequence with Michael Madsen and the recently departed John Spencer sets the tone for a technological thriller set during the nuclear era of the Cold War. "Sir, we are at launch. Turn your key!" David Lightman (Matthew Broderick) is a teenager with an interest in computers, specifically changing his school grades and playing games. While war-dialing, he stumbles upon a system he assumes to be hosted by a software company. Unknown to David as he runs a "game" called "Global Thermonuclear War", the system actually belongs to the United States Department of Defense and he has just launched a simulation that threatens to launch an actual nuclear attack. Along with his friend Jennifer (Ally Sheedy), David seeks out and finds the simulator's creator, Professor Falken (John Wood) in an attempt to stop what would be the beginning of World War III. [...] From jericho at attrition.org Wed May 3 00:23:56 2006 From: jericho at attrition.org (security curmudgeon) Date: Wed, 3 May 2006 00:23:56 -0400 (EDT) Subject: [attrition] Dangers of L33t 5p3ak Message-ID: From: Small Grey Beware, parents: Online Language Leaves Parents in the Dark Reported by Heather Pick Leet Speak is part of a complicated and potentially dangerous code designed to keep parents in the dark when children are chatting on the Internet. [...] "It gives criminals, kids, whomever, another way to communicate covertly with one another without maybe parents catching on to what the kids are saying," Westerville Police Department Scott Dollison explained. [...] =-=-= Wh4t dumb5h|t5. m~ -- M|cr0s0f+ W0rd h4s |n5p|r3d m3 +o r4g3 f4r b3y0nd 4ny+h|ng +h3s3 r0b0t5 3ng3nd3r. --R0g3r 3b3r+, r3v|ew|ng "|, R0b0t" From lyger at attrition.org Wed May 3 23:40:31 2006 From: lyger at attrition.org (lyger) Date: Wed, 3 May 2006 23:40:31 -0400 (EDT) Subject: [attrition] postal: why can't the TILFs mail us? Message-ID: http://attrition.org/postal/p0011.html (why can't the TILFs mail us?) ------------------------------ roo's and abo's and aussies.. oh my! "lost" or "the biggest loser"? lucid haiku ass+u+me dead man walking you got him cranky spooks should have signed a pre-nup he's a maniac 'nuff said From lyger at attrition.org Thu May 4 22:48:03 2006 From: lyger at attrition.org (lyger) Date: Thu, 4 May 2006 22:48:03 -0400 (EDT) Subject: [attrition] Review: Hackers - 1995 Message-ID: http://attrition.org/~lyger/works/reviews/hackers.html Where to start, where to start. Hackers isn't really an enigma; it was done for glitz, glamour, Angelina Jolie in PVC, and sensationalism. Flashy lights, pulsating music, the whole nine yards. Usually, a movie review gives a synopsis early and concluding statements at the end. This review says it all up front: Hackers was a T&A movie that "sexified" hacking and made teenage boys think that they could have a crack (pun intended) at Angelina Jolie if they got skillz. So now, on with the rest of the review.. "Zero Cool" is a child hacker who created a virus, caused economic chaos, and was forbidden to touch a computer until he turned 18. Then... he turned 18. POW! Most of the plot is set in the first sixty seconds of the movie. Dade Murphy (Jonny Lee Miller) returns to his roots (well, he really has none since he was about 9 or 10 when he was busted), and enters the "underground world of hacking". [...] From lyger at attrition.org Sat May 6 00:41:34 2006 From: lyger at attrition.org (lyger) Date: Sat, 6 May 2006 00:41:34 -0400 (EDT) Subject: [attrition] review: Movie: Antitrust - 2001 Message-ID: http://attrition.org/~lyger/works/reviews/antitrust.html >From the opening pre-credit scene, Antitrust sets out to display a rivalry between "corporate ideology" and "independent thinking" (let's face it... it's Microsoft versus open source). Gary Winston (Tim Robbins), is obviously set up to be the Bill Gates of the story (even though Gates is referred to as "Bill Who?" early in the movie), while Milo Hoffman (Ryan Phillippe) is the hard-working programmer trying his best to advance his career by getting a spot with a world-leading software producer, NURV. In the first three minutes, a Gates/Ballmer-like presentation and congressional hearings are shown. Then, when Milo receives "that call" from Winston, the plot thickens. You don't have to wait... you're not even five minutes into the movie yet. Milo disappoints his friends by joining Winston's team. Early on, Winston actually seems to want to take his new protege under his wing, but also exploits Milo's inexperience and willingness for his own corporate needs. One of Milo's "open source" friends is murdered, and Milo eventually learns of Winston's unethical and illegal actions. Off Milo goes to investigate his friend's death and how Milo "got into this mess". [...] From jericho at attrition.org Thu May 11 06:15:07 2006 From: jericho at attrition.org (security curmudgeon) Date: Thu, 11 May 2006 06:15:07 -0400 (EDT) Subject: [attrition] Fuck Message-ID: http://law.bepress.com/expresso/eps/1087/ Fuck Christopher M. Fairman, Ohio State Moritz College of Law (PDF format) - March 7, 2006 ABSTRACT: This Article is as simple and provocative as its title suggests: it explores the legal implications of the word fuck. The intersection of the word fuck and the law is examined in four major areas: First Amendment, broadcast regulation, sexual harassment, and education. The legal implications from the use of fuck vary greatly with the context. To fully understand the legal power of fuck, the nonlegal sources of its power are tapped. Drawing upon the research of etymologists, linguists, lexicographers, psychoanalysts, and other social scientists, the visceral reaction to fuck can be explained by cultural taboo. Fuck is a taboo word. The taboo is so strong that it compels many to engage in self-censorship. This process of silence then enables small segments of the population to manipulate our rights under the guise of reflecting a greater community. Taboo is then institutionalized through law, yet at the same time is in tension with other identifiable legal rights. Understanding this relationship between law and taboo ultimately yields fuck jurisprudence. SUBJECT AREA: Communications Law; Constitutional Law; Education Law; Employment Practice; Psychology and Psychiatry; Sexuality and the Law SUGGESTED CITATION: Christopher M. Fairman, "Fuck" (March 7, 2006). ExpressO Preprint Series. Working Paper 1087. http://law.bepress.com/expresso/eps/1087 From lyger at attrition.org Thu May 18 17:26:01 2006 From: lyger at attrition.org (lyger) Date: Thu, 18 May 2006 17:26:01 -0400 (EDT) Subject: [attrition] Errata Update: Security Compamies Message-ID: http://attrition.org/errata/irony.html [06.05.17] - Blue Security DDoS'd after shutting down service [06.05.12] - Does Comodo's LaunchPad install adware? [06.05.12] - The dishonor of Blue Security [06.05.08] - Expert: McAfee Mac Security Report Is 'Scaremongering' [06.05.08] - Blue Security Inc. harrassed by spammers? From jericho at attrition.org Sun May 21 17:32:39 2006 From: jericho at attrition.org (security curmudgeon) Date: Sun, 21 May 2006 17:32:39 -0400 (EDT) Subject: [attrition] OT: "Original" unaltered Star Wars coming to DVD ! (fwd) Message-ID: ---------- Forwarded message ---------- From: security curmudgeon To: Infowarrior List Date: Sun, 21 May 2006 17:31:28 -0400 (EDT) Subject: Re: [Infowarrior] - OT: "Original" unaltered Star Wars coming to DVD ! : This September: Original Unaltered Trilogy on DVD : May 03, 2006 : http://www.starwars.com/episode-iv/release/video/news20060503.html : : [ doc_title ] Fans can look forward to a September filled with classic : Star Wars nostalgia, led by the premiere of LEGO Star Wars II: The : Original Trilogy video game and the long-awaited DVD release of the : original theatrical incarnations of the classic Star Wars trilogy. : : In response to overwhelming demand, Lucasfilm Ltd. and Twentieth Century : Fox Home Entertainment will release attractively priced individual : two-disc releases of Star Wars, The Empire Strikes Back and Return of : the Jedi. Each release includes the 2004 digitally remastered version of : the movie and, as bonus material, the theatrical edition of the film. : That means you'll be able to enjoy Star Wars as it first appeared in : 1977, Empire in 1980, and Jedi in 1983. Just a couple years back, didn't Lucas say that the original movies would not be released on DVD in their original format? Why the change of heart .. "overwhelming demand" or does he see how the movie industry takes advantage of customers and wants in on the action? Do you own Star Wars, the original trilogy? If so, which version? Star Wars Trilogy (Widescreen Edition with Bonus Disc) (DVD) Star Wars Trilogy (Widescreen Edition Without Bonus Disc) (DVD) Star Wars Trilogy (Full Screen Edition with Bonus Disc) (DVD) Star Wars Trilogy (Full Screen Edition Without Bonus Disc) (DVD) Star Wars Trilogy (VHS) Star Wars Trilogy Special Silver Edition (Widescreen) (VHS) Star Wars Trilogy (Special Edition) (VHS) I first noticed this a while back when I went to purchase The Usual Suspects. The original DVD came out and was sold for 15 - 20 bucks. Not even six months later, a newer version came out with deleted scenes or some other DVD bonus that lured fans in. Years later, the special editions. Searching Amazon I find three different versions, but not one of the ones that hit stores shortly after the initial release: The Usual Suspects (1995) [Release Date: June 24, 1997] # DVD Features: * Commentary by: director Bryan Singer & writer Christopher McQuarrieDolby Digital 1.0 The Usual Suspects (1995) [Release Date: December 7, 1999] # DVD Features: * Commentary by: director Bryan Singer and screenwriter Christopher McQuarrieDolby Digital 2.0 * Collectible Behind-the-Scenes Booklet The Usual Suspects (Special Edition) (1995) [Release Date: April 2, 2002] # DVD Features: ?? How many special versions with hastiliy added 'bonus' material will be added to your favorite movie, repacked, and sold at a new higher price? Early on in the DVD era, this could be somewhat expected as the industry was learning what they could do. Ten years later though? They should sell every movie with a second bonus disc, load it up with every possible thing they can such as commentary, interviews, deleted scenes, outtakes/bloopers and more. If the movie is re-released again, it better have a damn good reason or the industry is just gouging the fans they know will buy the new copy to see what's been added. I'm a collector of sorts, I like having the best copy of a movie, seeing the bonus scenes and missing footage. Despite that, I finally had to give up trying to get the latest copy of my favorite movies because they just kept coming out. Don't give in, buy your one copy of the movie and no more. Don't feed the movie industry. From lyger at attrition.org Sun May 21 21:41:39 2006 From: lyger at attrition.org (lyger) Date: Sun, 21 May 2006 21:41:39 -0400 (EDT) Subject: [attrition] rant: Do people really care about their own personal information? Message-ID: http://attrition.org/news/content/06-05-21.001.html [...] For some reason, "Frances" emailed attrition her full name, Social Security number, and home address with an apparent request in the subject of the email of "personal information to be blocked". How ironic is that? In most cases, we would have disregarded and deleted her email as either spam or a crank. However, this particular situation bothers me for many reasons. One, judging from the content of the email, "Frances" was apparently looking for some type of assistance. While it definitely isn't the type of "help" attrition.org can provide, for some reason, she reached out to have her "personal information" blocked from someone or something. Two, she did so in a fashion that a) was absolutely not technologically secure, and b) sent to people who have no reason to have access to her personal information. Three, even though I redacted "Frances"'s personal information in the email above, what she sent allowed me to make a few deductions, however flawed they may be: 1. "Frances" is probably not in your 21-45 crowd. Judging from the city and state listed in her home address, coupled with her first name, "Frances" may very well be a retiree. (P.S. - happy birthday, Mom!) 2. From the (redacted) Social Security number listed, "Frances" received her Social Security card in the state of Maryland, not Florida, which also suggests that she is not a Florida native and may be a retiree. 3. In a not-so-large stretch of the imagination, "Frances" may be unaware of threats and risks surrounding personal data theft or data loss. [...] From jericho at attrition.org Tue May 23 01:53:24 2006 From: jericho at attrition.org (security curmudgeon) Date: Tue, 23 May 2006 01:53:24 -0400 (EDT) Subject: [attrition] Social Implications of Keysigning Message-ID: http://attrition.org/security/rant/z/keysigning.html Social Implications of Keysigning Raven & Jericho Tue May 23 01:41:20 EDT 2006 Intro The use of strong public encryption has always been popular among geeks. Perhaps the most commonly used and most beloved encryption for e-mail is Pretty Good Privacy (PGP); started as a free method for protecting emails or other sensitive information, later turned into a cornerstone for a large company. As PGP became more corporate, costly and used patented algorithms, another project, GnuPG, sprung up to continue to offer strong encryption to the masses. One foundation of reliable encryption is trust. The use of encryption between two or more people relies on you being sure that the message you sent is properly encrypted to and able to be decrypted solely by the intended recipient. When using a friend's GPG key, you must be sure that the key was created by and belongs solely to your friend. Otherwise, you may send mail that your friend cannot read (if they don't have the key you encrypted to), or worse, mail that some other party can read (if that party does have the key you encrypted to). [..] From lyger at attrition.org Mon May 29 19:09:02 2006 From: lyger at attrition.org (lyger) Date: Mon, 29 May 2006 19:09:02 -0400 (EDT) Subject: [attrition] Postal: our beer mugs runneth over Message-ID: http://attrition.org/postal/p0011.html oops.. we blurted shipley = m4d r4pp3r, y0 we get all the freaks (titties and beer!) don't talk to strangers people never learn once, twice, three times a lady I WISH TO BE SECRET we reply to all just doesn't get it he tries so hard From jericho at attrition.org Wed May 31 02:24:54 2006 From: jericho at attrition.org (security curmudgeon) Date: Wed, 31 May 2006 02:24:54 -0400 (EDT) Subject: [attrition] Simplicity Message-ID: http://www.codinghorror.com/blog/archives/000529.html March 02, 2006 In pursuit of simplicity John Maeda created quite a stir with his montage of the Yahoo and Google homepages from 1996 to 2006 in simple is about staying simple: [..]