From jericho at attrition.org Fri May 4 19:15:42 2007 From: jericho at attrition.org (security curmudgeon) Date: Fri, 4 May 2007 19:15:42 +0000 (UTC) Subject: [attrition] AACS vows to fight people who publish the key Message-ID: Courtesy of Infowarrior. As a responsible net citizen, I sincerely encourage all of our readers to respect the AACS and do not further distribute the magic numbers / key. It is only up on 802,000 web sites so far, if we stop pasting this around, they have a real shot at keeping the number quiet! ---------- Forwarded message ---------- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 AACS vows to fight people who publish the key 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 Michael Ayers, the chairman of the AACS-LA (the organization that sent hundreds of legal threats to websites that published the random 16-byte number that represented one of the keys for cracking the copy-prevention on HD-DVDs) has given an interview to the BBC in which he vows to use technical and legal means to shut down the 802,000+ websites that have reproduced the key. 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 Michael says that this doesn't impact free speech -- that it's possible to discuss the crack and DRM in general without reproducing the key. I think he's wrong. I just taught a class at USC where we talked about this crack as part of our coursework, and part of my lesson was talking about the ease with which this information can be retrieved and spread -- and how that makes anti-copying systems futile. For my students, seeing just how little information was needed to undo the AACS scheme was critical to understanding its fragility. Indeed, one of my students posted this key to the class blog to show his fellow students how trivial this was, prompting AACS to threaten me with legal action as well. < - > http://www.boingboing.net/2007/05/04/aacs_vows_to_fight_p.html 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 From lyger at attrition.org Sat May 5 03:48:51 2007 From: lyger at attrition.org (lyger) Date: Sat, 5 May 2007 03:48:51 +0000 (UTC) Subject: [attrition] review: Movie: The Pianist Message-ID: http://attrition.org/movies/pianist.html The Pianist 2002 Martums Brace yourself. >From Yahoo! Movies: An adaptation based on the autobiography of the acclaimed Polish composer, Wladyslaw Szpilman, who detailed his survival during World War II, and narrowly escaped a roundup that sent his family to a death camp. A composer and pianist, Szpilman played the last live music heard over Polish radio airwaves before Nazi artillery hit. There, in Poland, Szpilman struggled to stay alive--even when cast away from those he loved. He spent the duration of the war hiding in the ruins of Warsaw and scavenging for food and shelter. Szpilman eventually reclaimed his artistic gifts, and confronted his fears--with aid from the unlikeliest of sources. I remember all of the hype surrounding the release of this film, but never saw it in theaters. Anything with a musical instrument remotely associated with it just doesn't appeal to me. I don't remember how this ended up in my Netflix queue, and to think that I nearly didn't watch it and almost returned it, sight unseen, with all the other rented-but-unwatched award-winning flicks that somehow fail to capture one's attention.... Forget everything. The Pianist is one of the most powerful, emotionally-stirring movies I can remember seeing in recent years. Szpilman's struggle to survive under the most unimaginable conditions is nothing short of extraordinary. The story unfolds and quickly comes to a ferocious boil right before your eyes: bombs slamming down around people in Warsaw, the occupation by Nazi Germany, the segregation of the Jewish community and the subsequent persecution, deportation, execution...there are no words for this. [...] From lyger at attrition.org Sun May 6 09:20:00 2007 From: lyger at attrition.org (lyger) Date: Sun, 6 May 2007 09:20:00 +0000 (UTC) Subject: [attrition] news: The Life of Brian (on the road again) Message-ID: http://attrition.org/~lyger/coke/road.html It started about a month ago. I woke up at 6am, grabbed a Pepsi, and started checking email. After making the morning rounds of work email and attrition email, I turned to my fancy-shmancy work-issued Crackberry to clear out the inbox. On the tiny little monitor, there was a name in the "From:" field: Jericho. Timestamp was about 5am local. I thought to myself, "self, this cannot be a good thing because the only Jericho I know is on a business trip in Las Vegas." I clicked on "open" and saw the following: You have new Picture Mail! Click Go/View to see now. http://attrition.org/~lyger/coke/001-vegas.jpg So I check out the picture, right? And I think to myself, "self, what the hell is he doing? is this s00p3r-s3kr3t code? what's the frequency, kenneth?" And I sat... and I looked... and I pondered. Two hours of mental masturbation later, the short glass, blue lights, and one dollar bills finally sent a signal to my brain. I sent him an email with one question: "strip club?" His reply: "you win =)" [...] From jericho at attrition.org Sun May 6 17:44:15 2007 From: jericho at attrition.org (security curmudgeon) Date: Sun, 6 May 2007 17:44:15 +0000 (UTC) Subject: [attrition] as demonstrated by Lyger's last smear campaign... Message-ID: .. suggesting that i am more interested in diet coke than work, we are still after coke codez! for more information: Drink Coke, Support Attrition http://attrition.org/news/content/06-06-13.001.html The TV is long since gone and the level of prizes declined significantly, but we're still curious how many codez we can get since they extended the program. Mail your codes to cokerewards at attrition.org! From lyger at attrition.org Sun May 6 20:12:59 2007 From: lyger at attrition.org (lyger) Date: Sun, 6 May 2007 20:12:59 +0000 (UTC) Subject: [attrition] as demonstrated by Lyger's last smear campaign... In-Reply-To: References: Message-ID: On Sun, 6 May 2007, security curmudgeon wrote: ": " .. suggesting that i am more interested in diet coke than work, we are ": " still after coke codez! for more information: I never said that! Even though it's TRUE, I never said that. Your tantalizing teasing and torture has become too tenacious, sir! ": " Drink Coke, Support Attrition ": " http://attrition.org/news/content/06-06-13.001.html ": " ": " The TV is long since gone and the level of prizes declined significantly, ": " but we're still curious how many codez we can get since they extended the ": " program. Mail your codes to cokerewards at attrition.org! People of Earth, I even drank a Coke Zero in the last week to help support the cause. If even I can become a traitor to the Pepsi Nation, so can thou. Tasty fun for everyone! From lyger at attrition.org Tue May 8 23:28:40 2007 From: lyger at attrition.org (lyger) Date: Tue, 8 May 2007 23:28:40 +0000 (UTC) Subject: [attrition] Irony: Security Companies Updates Message-ID: http://attrition.org/errata/irony.html [07.05.08] - ISACA ISACA ISACA [07.04.16] - Microsoft's advisories giving clues to hackers [07.04.03] - FTC Approves Final Guidance Settlement [07.03.07] - Microsoft OneCare fails again [07.03.04] - It's official: Pirates crack Vista at last [...] From lyger at attrition.org Thu May 10 03:00:59 2007 From: lyger at attrition.org (lyger) Date: Thu, 10 May 2007 03:00:59 +0000 (UTC) Subject: [attrition] movie: Meet the Robinsons Message-ID: http://attrition.org/movies/Robinsons.html Meet the Robinsons 2007 Mr. Zodiac Some crazy but charming shit happens. >From Yahoo! Movies: ***** When Lewis meets a mysterious boy from the future named Wilbur Robinson, the two travel forward in time where Lewis discovers the amazing secret of the Robinson family. Lewis is a brilliant twelve-year-old with a surprising number of clever inventions to his credit. His latest and most ambitious project is the Memory Scanner, which he hopes will retrieve early memories of his mother and maybe even reveal why she put him up for adoption. But before he can get his answer, his invention is stolen by the dastardly Bowler Hat Guy and his diabolical hat - and constant companion - Doris. Lewis has all but given up hope in his future when a mysterious boy named Wilbur Robinson whisks our bewildered hero away in a time machine and the two travel forward in time to spend a day with Wilbur's eccentric family. In a world filled with flying cars and floating cities, they hunt down Bowler Hat Guy, save the future and uncover the amazing secret of Lewis' future family. ***** Like most sub-boomers, I grew up watching cartoons and can appreciate a good cartoon movie. Though ostensibly marketed towards kids, movies like the Shrek franchise, Ice Age, The Incredibles, and Flushed Away have "in jokes" or whole subplots that can be appreciated by adults as well. Meet the Robinsons is definitely more kid oriented than any of the above, but its execution can be appreciated by anyone. [...] From lyger at attrition.org Mon May 21 03:04:08 2007 From: lyger at attrition.org (lyger) Date: Mon, 21 May 2007 03:04:08 +0000 (UTC) Subject: [attrition] Jericho must die. Message-ID: http://attrition.org/~lyger/fjericho/ Sun May 20 11:18:37 EDT 2007 Lyger That asshole gives me a laundry list of tasks. Update this software, remove this account, check the meta keywords on the staff page. Then he goes out and enjoys a nice summer day or hits a restaurant with booze and boobs or grabs a "quick snack" of ahi tuna and wine AND THEN SENDS ME THE PICTURES ON MY PHONE TO SHOW HOW MUCH FUN HE'S HAVING, H0H0H0. What a dickhole. http://attrition.org/~lyger/fjericho/022-denver.jpg Some kind of rhino/elephant/mutant mammal from Mars. This is Jericho-ese for "herro, c0cksm0ker, i r at teh zew while j00 r inside on teh 'puter." I got a zoo for you, mister... right in my pants. http://attrition.org/~lyger/fjericho/023-denver.jpg And what's a zoo without pengies, right? Cute funny little birdies, right? WRONG. I fully understand what is implied here: "As long as you're sitting there on forced, dilhole, don't forget to nuke old accounts, update local.cf for the latest FDA-approval spam, reset the uptime cron for every 15 minutes instead of 30, and check my mail spool (grep for DEN) to let me know what time my flight leaves tomorrow. Oh, and try not to rm /etc again." Pengies = Linux. Photo = reminder. ALL TOO CLEAR. [...] From jericho at attrition.org Mon May 21 23:25:17 2007 From: jericho at attrition.org (security curmudgeon) Date: Mon, 21 May 2007 23:25:17 +0000 (UTC) Subject: [attrition] read this from work heathen Message-ID: for those of our loyal readers who haven't quit the daily grind.. please save this mail and read it from your place of employment as a reminder. http://www.attrition.org/ Visit the link above. Can you? Or do you see a "blocked" type message from some form of web content filtering? If the latter, please mail us any details you can regarding the brand of content filter or service used to manage it. Thanks! - jericho From lyger at attrition.org Sun May 27 07:16:48 2007 From: lyger at attrition.org (lyger) Date: Sun, 27 May 2007 07:16:48 +0000 (UTC) Subject: [attrition] postal: burlap itches at 3am Message-ID: http://attrition.org/postal/p0014.html too good to be true, the sequel google it, bitch the pain of a relationship legendary patience empathy ay oh hell OSVDB: "how can i should know" a serious question do your worst a move of desperation From jericho at attrition.org Wed May 30 03:08:33 2007 From: jericho at attrition.org (security curmudgeon) Date: Wed, 30 May 2007 03:08:33 +0000 (UTC) Subject: [attrition] Etiolated.org Updates Message-ID: For attrition fans that may have missed it, our Errata Dataloss project has been going strong for a while now. Under the direction and hard work of Lyger, we have a comprehensive set of 'data loss' incidents. You know, when you get those fun letters from a retailer or bank saying "omg we suck, someone got your credit info, just letting you know kthnx." A few weeks back, Dave Shettler created Etiolated.org as a site that used the Dataloss data set to give a user a way to really understand the history of these incidents. If you have any interest in this or consider yourself a consumer, it's worth a few minutes to check out. ---------- Forwarded message ---------- From: lyger To: dataloss at attrition.org Date: Wed, 30 May 2007 02:55:36 +0000 (UTC) Subject: [Dataloss] Etiolated.org Updates (I strongly encourage all list subscribers to check out this site. This is what we *hoped* could be done with attrition's data loss dataset. The initial site went live in nine days and is now less than three weeks old.) Courtesy Dave Shettler of Etiolated.org: Etiolated.org Changes/Enhancements == Search == Search functionality has been drastically expanded, utilizing a lucene-like backend. Searches can be as complicated as: org_type:Edu AND org_type:Med AND date:[20060401 TO 20070528] AND records:[1000 TO *] Which would get you a list of all breaches at educational institutions associated with medicine that occurred between march 1st, 2006 and may 28th, 2007 with lost records totaling over 1000. For a detailed list of options see http://www.etiolated.org/research == Custom RSS Feeds == Each search now produces a custom RSS feed. For example, for an RSS feed of all educational institution breaches, search for: org_type:Edu And in the header of the results table that follows, you'll see the feed icon that links to the custom RSS feed. == Custom Search-based Graphs == Any search you run can now have a dynamically generated graph produced based on the results. Run a search like those above, click on "Graph Results", choose a title for your graph, set a couple simple parameters, and you'll have your search results in a very visual way. Right click the graph, save as, and use the image as you please. Images won't persist, so if you intend to link to it you are better off saving it someplace where it won't vanish. == Coming Soon == See breaches pinpointed on a pretty map! Dave (dave at etiolated.org) _______________________________________________ Dataloss Mailing List (dataloss at attrition.org) http://attrition.org/dataloss Tracking more than 208 million compromised records in 675 incidents over 7 years. From lyger at attrition.org Thu May 31 02:46:26 2007 From: lyger at attrition.org (lyger) Date: Thu, 31 May 2007 02:46:26 +0000 (UTC) Subject: [attrition] review: Movie: Broken Bridges Message-ID: http://attrition.org/movies/broken.html Broken Bridges 2006 Audit Over the weekend, we rented Broken Bridges. Former high school sweethearts, Bo Price (Toby Keith), a fading country music singer, and Angela Denton (Kelly Preston), a television reporter, return to their small hometown after the deaths of their younger brothers in a military training exercise. Bo and Angela have to deal with the past and the future. Bo also meets his 16-year-old daughter for the first time played by Lindsey Haun. The movie is one of my favorites and I've already ordered a copy of it from Blockbuster when they sell used DVD's. Some of the music in the movie is just something that I can't explain. That's a good thing. Lindsey has such a great voice and sings a song called Broken at the end of the movie that had tears coming to everyone in the room watching the movie. [...]