dc0de’s & friends notes…

If the US Government, Department of Homeland Security (our KGB), has their way, Airports are going to be one day fitted with Future Attribute Screening Technology (FAST) systems, that will be a “walk through” polygraph system.  This system will supposedly tell a screener that you’re hiding something, not on your persons, but in your mind… and that’ll give them reason to take you aside for questioning.  The technology is based on today’s polygraph systems, and will not require you to wear any devices to pick up your heart rate, or other vital signs, but will instead use “touchless” technology to watch your facial expressions, blink rate, LIDAR to read your heart rate, and thermal cameras to detect temperature changes inside and outside your body…

“In the laboratory now, we have a success detection rate [percentage] of malintent or not malintent, in the mid-70s,” says Robert Burns, the DHS programme manager for FAST. “That’s significantly better than chance or what the trained people can do.”

Sorry, but just because I may be hiding something, or keeping secrets, and being nervous about my travel situation, isn’t quite enough for anyone to take me aside for questioning.
These systems would strip our 4th amendment rights, when traveling.   Of course, it’s all for our own good, so what’s the harm?

“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

On what grounds does the government have to go into my mind, body, and make decisions based on how my body reacts to the stresses of what I know, and cannot disclose?

We all have secrets, we all have anxiousness to some level… what is “normal”?  The sad part is, it’s our tax money being frittered away to the tune of $10,000,000 per year on this project, according to the article in Nature News.

Could we spend that money more wisely? I think so…

Airport security: Intent to deceive? : Nature News.

Lieberman Bill Gives Feds ‘Emergency’ Powers to Secure Civilian Nets | Danger Room | Wired.com.

I wonder if this is going to effect his already abysmal approval rating?

Lieberman’s approval rating in a poll taken January 4–5, 2010, was 25% approve versus 67% who disapprove, making him one of the least popular Senators currently in office.^[8]

http://en.wikipedia.org/wiki/Joe_Lieberman

Really, this isn’t new, it’s just another reach into the civil world.   The government doesn’t pay for the critical infrastructure, it just wants to control it.  Something here stinks…

This is why I'm not getting one...

The iPad may be “cool” but I fail to see the point.  It’s not going to be the “next big thing”, tablets have been out for YEARS people, and they are relegated to minimalistic roles in the computing industry.  Would I use a tablet? Sure, if I had a way to input information as fast as I can type, which at last test was in the 55/wpm range.  Voice recognition isn’t there, handwriting analysis isn’t there, so what is the purpose of a “tablet” based computer?  Here’s what I can see as a viable use for such a product:

• reading documentation (similar to a kindle & other ebook readers)
• drawing and sketching
• surfing the web with a mouse only, as typing is cripplingly slow on any tablet interface
• performing tasks that currently have specialized equipment, such as retail inventory systems and bar code scanning
• a new pretty interface for McDonalds(tm) POS terminals

Aside from those, this is just another pretty toy.  When you couple it’s fixed configuration and limited battery life, you’re going to be sending it to the scrap pile in 3 years, adding to the pile of trash that we as Americans produce.  I’m still not giving up my laptop or my netbook, as they are both upgradeable (to a point), and provide all of the same functionality that I could get with the iPad.  Until there is a fully upgradeable tablet computer with a full keyboard that has the battery life of my netbook, I really don’t need this toy.

Way to go Apple, another non-green product for our future.

After the recent Pwn2Own contest, the Microsoft product manager Peter LePage spoke out about the two “features” that were completely sidestepped to hack a Windows 7 system. He stated, ”

Just days after a pair of researchers outwitted major Windows 7 defenses to exploit Internet Explorer (IE) and Firefox, Microsoft said the measures AREN’T MEANT to “prevent every attack forever.”…

Pete LePage, a product manager with IE’s developer division, stood up for DEP (data execution) and ASLR (address space layout randomization), the security features that two hackers sidestepped to win $10,000 each at the high-profile Pwn2Own hacking contest last Wednesday

via Microsoft defends Windows 7 security after Pwn2Own hacks.

I find these comments from Mr. LePage a bit misguided, and very suspect.  How can a security “feature” so easily be sidestepped?  Two minutes?  I can’t wait until we get the details of the attack/exploit so that we can really see how this was done.

Consumer borrowing declines for 10th straight month | Business | Chron.com – Houston Chronicle.

Is it any wonder? How about reporting on the OTHER side, BANKS AREN’T LOANING MONEY unless you have a near perfect credit score, and everyone related or friends with you co-signs.

WASHINGTON — Americans borrowed less for a 10th consecutive month in November, with total credit and borrowing on credit cards falling by the largest amounts on records going back nearly seven decades.

Could it be that Americans are finally learning NOT to live in debt?  I hope so… Moreover, if it hurts the banks, great.  They’ve long forgotten who their customer was with all of the spurious charges they dream up.  Add to that the increased transaction fees, long check clearing hold times, and general apathy by the bank employees to your needs, and *poof*, they’ve lost another customer.

I’ve moved all of my financial management to Credit Unions, where they actually care that you exist.  Find a small one in your area, and join it today.  You’ll be amazed at the customer service, rates, and “YES” attitude.

That is all.

A Delta Airlines pilot threatened to throw a passenger off of an aircraft today, 30 minutes prior to it’s departure.

Delta Airlines flight 1047 from Atlanta to San Diego was originally scheduled to depart ATL at 6:55pm Eastern on 1/3/2009, on a 767 aircraft.  When passengers got to the gate, they were not informed of any delays or changes.  However, when boarding the aircraft, the Delta gate agent informed the waiting passengers that their seats had all been re-assigned, as there had been an equipment change.  The gate agent did not call this a “last minute” change, as the 757-200 had arrived from San Diego and had unloaded it’s passengers while most of the departing passengers were waiting to board. It is apparent that Delta had planned to use the 757-200 for several hours prior to the aircraft’s arrival, and simply did not care enough about it’s passengers to notify them ahead of their scheduled departure.

Many of the passengers were surprised as they boarded that their seat assignments had been changed, and one gentleman was almost removed from the plane for asking why they hadn’t been informed earlier of the equipment change.  One flight attendant was heard saying, “You are going to have to speak with the Captain about this”, and when the Captain and the passenger spoke, the Captain told the passenger, “We’re one step from throwing you off this flight”.  At no time did the passenger become unruly or violent, he was simply frustrated by Delta’s apparent lack of courtesy to it’s paying customers.

Also overheard from the Captain’s discussion, were the following:

“Are you going to be calm for this flight?” (the passenger was calm)

“We will not stand for passengers raising their voice or cursing” (the passenger didn’t raise his voice)

“With the recent events, we have to be extra careful” (the passenger went through security, didn’t have any incendiary sewn in his underwear, and was not exhibiting any violent actions)

So, now it seems that freedom of speech is also forbidden, on these, “Friendly Skies”.

The passenger in question first had an exit row seat, then was moved to a middle seat on the 757-200 replacement aircraft, and finally, after being threatened, was given an aisle seat near the rear of the aircraft.

Delta Airlines has not yet commented on our story.

ATM Fraud: New Skimming Scheme Spreads.

Here we are again, coming up on the Holiday Season.  Hanukkah starts this Friday, December 11th, Christmas, and a few fake holidays are in December as well.  (See Festivus, and others… )

Of course, we want to go out and Spend!, Spend!, Spend! to stimulate the “bad economy”.  Well, there are a large group of people who want to stimulate their own pockets as well.  No, I don’t mean the Retail Giants, they’re getting theirs… I’m talking about criminals, who really don’t want to work too hard to get your money.

If you are out, and need some quick cash, you’re better off going to a drug store, or other retail chain, where you can use your Check Card/Debit Card to purchase a pack of gum and get a quick $20.  Using an ATM is getting increasingly more dangerous.  ATM Card Skimmers are getting harder and harder to spot. (Link to Google images of skimmers)

The main message? If you are not using the same ATM every time you pull money out of your account, look closely at the ATM.  Are there any new moldings or trim around it? Does anything look out of place?  Touch every surface of the ATM, and wiggle pieces, if they’re loose, report it to the Telephone number ON THE BACK OF YOUR CARD!  Don’t believe that the telephone number on the ATM is correct.  You may be calling the thieves to tell them you spotted their device.  Here’s my prevention tip of the year… Don’t use an ATM or ATM Card.  They’ll save you money in the long run.  Move back to Cash.  It works.

Either way, Please have a safe and secure Holiday Season.  Oh, and a Very Merry Christmas!

–

dc0de

Climate Emails Stoke Debate – WSJ.com.

Scientists’ Leaked Correspondence Illustrates Bitter Feud over Global Warming

As I’ve been saying for many years, Global Warming hasn’t been proven and there hasn’t been an open discourse of scientific fact relating to the climate and “Global Warming”.

IMHO, the problem here isn’t one of Global Warming or not, it’s the loss of objectivity in the sciences.

Some emails also refer to efforts by scientists who believe man is causing global warming to exclude contrary views from important scientific publications.

…

The emails include discussions of apparent efforts to make sure that reports from the Intergovernmental Panel on Climate Change, a United Nations group that monitors climate science, include their own views and exclude others. In addition, emails show that climate scientists declined to make their data available to scientists whose views they disagreed with.

This is the same group of people that are pushing for Trillions of dollars of changes to every country’s infrastructure, without so much as equal time for scientific objectivity.  This truly sad.  Now, the majority of the populous of the United States, the UK, and many Asian and European countries believe for a FACT that Global Warming exists…

So now what?

In Congress, a call to review internal cybersecurity policies – washingtonpost.com.

It’s not so nice when it happens to “Them”!!!

“The ethics committee operates in secrecy and has its own policy governing the handling of materials involving investigations. Under committee protocols, material generated by the panel is supposed to be stored in secure areas that are not accessible to anyone other than committee staff members. That goes for computer files and printouts of committee documents.”

The article goes on to describe how the members of Congress who were under investigation responded, and how shocked everyone was that the data was “at large”.

The laughable part, is that it was disclosed by a P2P application that was installed on a “Junior Member” of the Ethics committee.  I guess the Government doesn’t follow the same guidelines that the Commercial world does…

In the breach, the report was disclosed inadvertently by a junior committee staff member, who had apparently stored the file on a home computer with “peer-to-peer” software, congressional sources said. The popular software allows computer users to share music or other files and is easily available online. But it also allows anyone with the software on a computer to access documents of another user without permission, as long as the users are on a file-sharing network at the same time.

Now I have to question, how much more data was released?  What else was on this member’s shared folders?

It’s time that people wake up and smell the coffee… we’ve been PREACHING about these types of weaknesses, there are hundreds of products that can prevent these types of breaches, and what is being done about it?

Apparently, nothing.  Thanks everyone… it’s been fun… I’m going to bake some biscuits.

The Internet is now like the Wild West: IBM consultant
500 per cent rise in malicious Web links: IBM report…

Really? This is new?  As if this wasn’t said before? Why is it now news? Slow news day?

Since as long as I can remember, we (the Infosec community) have been making this statement.

Here, see for yourself…http://tinyurl.com/msksqj and click on the “Timeline” feature…

Why is it now news? Slow news day?

I mean, come on, yes, there is a rise in malware, rise in attack vectors, rise in vulnerabilities… What are you going to do about it?

We’ve tried the DMCA, to keep people from reverse engineering software… that didn’t work….

We’ve tried to have products in place to be reactive to vulnerabilities, That doesn’t work either…

We’ve tried to educate our users… that works… somewhat… when they listen…

We’ve tried to put in firewalls, Intrusion Prevention, etc… that partially works…

We’ve tried to keep our operating systems patched, but the vendors don’t code with security in mind, so there are more and more vulnerabilities in our OS’s than we can shake a stick at… (all OS’s, not just windows, but Linux and Mac too…)

However, we haven’t had anything new n the information security industry in the past 5 years, no new technology, no new protections, no revolutions.

However, criminals are getting more organized, tools are getting easier to use, technology barriers to entry of data theft are lower, and the vulnerabilities are still coming.

Let’s get our collective heads out of our asses, and put them together and design something new, that can defend us from these threats…

By the way, the sky isn’t falling, it’s the same normal noise level we’ve had for the last 10 years… There’s just some show-boating going on.