Viet-Justice

In a surprise move Boston Logan Airport has ordered airlines to pull the plug on WiFi services offered in the airport. Now if you want WiFi you will have to purchase an $8/day plan from the airport. Massport is afraid of congestion interfering with TSA, State Police, and other WiFi networks. The cheapest solution would be to move all official government functions off to 802.11a since very few people and businesses run 802.11a in the US. The other solution would be to move essential functions over to a frequency band that is regulated. Just another revenue raising tactic in Tax-a-chusits. So much for that New England kindness, but I guess if you’re in an airport you’re filthy rich so you should have to pay to get WiFi.

Common sense has evaded the middle east again. Apparently sending text messages with your phone can be immoral depending on what you do with your text messages. For some reason the religious nutjobs have issued a fatwa that a Lebanese reality show is immoral and using your phone to vote on the show happenings is unislamic.  I never realized it was possible to do something that would make you hellbound with your phone.  But in order to save the souls of immoral muslims everywhere Mobily along with Saudi Telecom have decided to block text messages from reaching the show’s producers.  I guess that will teach those young people!  Now they’ll have to sit down at a computer and vote.  Think of all the money that these telecoms are losing because of a few Wahhabi fundamentalists who think everything is evil.

Flash News report. Iran is planning to unveil their latest marvel in cloning technology. Yes, that’s right Iran will be ready to show the world that they can clone sheep.

In less than two months, Iran is hoping to celebrate the birth of a cloned sheep, the first such cloning attempt in the Middle East and part of Iran’s ambitions – along with its nuclear and space programs – to become a regional high-tech powerhouse.

if you read closely this is somewhat disturbing. Iran has already ventured into nuclear technology and rockets. With the ability to clone sheep at their disposal the ability to work with biological weapons would not be that difficult. We can assume this must be the end game that the leadership in Iran is hoping for. Vehicles capable of space travel can also deliver nuclear and biological weapons to any part of the world enabling the jihaddist’s to imprint their brand of militant Islam throughout the world. The ultimate act of sabotage would be to incorporate a little pig DNA into their cloning experiment. The end result could be quite comical.

Here’s a new way of rocking the vote. It looks like a group of people are planning to post the information of people who sign an anti-gay marriage petition. That’s a creative use of public information. Some may consider it harassment, but it’s merely using what has always been there. I wonder how long it will be until ChoicePoint starts mining petition information.

The famous actions of Cisco ripping pages from Michael Lynn’s presentation have now been immortalized on the internet for your viewing pleasure. Mirror1, Mirror2, P2P Mirror via eMule

Boing Boing has a list of mirrors that have Lynn’s Cisco presentation for download. Special thanks to all the mirrors out there for taking the time and resources to keep this presentation in the hands of the public.

Link
Link
Link
Link
Link
Link
Link
Link
Link
Link

ISS and Cisco have demonstrated to the world that they are untrustworthy. After hanging researcher Michael Lynn out to dry for doing what he felt was right at the time. During the late 1990s ISS’ slogan was “your trusted security advisor”. There was lots of cheerleading and fanfare that security was job one and the customer always came first. After seeing this latest demonstration of security being job one I’m certainly glad to see other companies take the lead in the security market space. It is very difficult to be a trusted security advisor if you are selling your own employees down the river and becoming very cozy with giants like Cisco and Microsoft. There was a time when ISS would not have held back on disclosing a newly discovered vulnerability. As time has gone on they have become, shall we say big corporate. Making sure that money from Cisco continues to roll in is apparently more important than backing your own research let alone your own researcher.

In several news articles Cisco had accused Lynn of illegally reverse engineering their IOS. One thing that nobody has pointed out yet from reading between the lines is the that Cisco went to ISS and asked their researchers to attempt to find vulnerabilities in IOS through reverse engineering. In my opinion it is kind of difficult to accuse someone of illegally reverse engineering your product whenever you asked them to. In my view and was acting as an agent of ISS and fully had Cisco’s permission to reverse engineer their router software. The Cisco PR machine is cranking out victim propaganda faster than Osama bin Laden can crank out terror propaganda. As the old saying goes, be careful what you wish for because it might come true. Cisco should have been more careful.

Bruce Schneier has a wonderful editorial on the topic at his blog. I would have to agree that full disclosure is a necessary evil in the security world. In this particular case my blanket answer for the problem of letting the bad guys know about your vulnerabilities doesn’t really apply, but for the record here it is. If you are either a manager or an engineer in operations is your responsibility to make sure that all of your employer’s information systems are up and running with no excuses for downtime or security breaches. With traditional operating system vulnerabilities it is not necessary to wait for a vendor to produce a patch. There are many IPS solutions available that allow you to create custom signatures. Astaro Security Linux is one that comes to mind that uses snort. If there is a zero day vulnerability that is revealed then it is up to operations staff to download the exploit code and craft their own IPS signature to protect against said attack. Nobody is going to look out for you except for yourself and any person working in IT who believes that the vendor is going to take care of all their security problems with a magic patch is being naïve.

At the end of the day we’ll probably see Michael Lynn as a net legend and sales of Foundry and Juniper equipment begin to overtake Cisco.

Lynn’s Presentation can be found by reading this notice. It’s probably not going to be too long before this site has to take it down, but multiple copies are floating around on P2P networks.

Lynn’s Black Hat Presentation Via eMule P2P

I would assume that Mitch Wagner is speaking of himself in his post on Blue Security and their solution for dealing with the SPAM problem.

Denial-of-service attacks are illegal. They are, as a matter of fact, criminal acts. Of course, the company says it’s not launching a denial-of-service attack — it’s just complaining. It said so repeatedly, as a matter of fact. However, just saying you’re not doing something doesn’t count if you go ahead and do it — although life would sure be simpler if it worked that way.

It’s quite obvious that Mr. Wagner either didn’t read what Blue Security’s product does or he has never been part of an organized letter writing campaign. Using this logic, organizing a group of like minded individuals to write or fax your local politician would be a Denial-of-Service. Monopolizing the fax line for the purpose of speaking on a single issue sounds like it fits Mr. Wagner’s description of a DoS. Let us not forget that all those angry letters arriving in the mail end up wasting the staffer’s time since they have to read those letters and then deal with all the paper lying around the office. I suppose one solution is to make it illegal to talk to your elected representatives since that would be a Denial-of-Service.

It’s vigilante justice, and vigilante justice is wrong. If the law doesn’t suit you, fix the law. Vigilante justice leads to a breakdown of rule of law.

First you have to have a law and a law enforcement agency in order to have vigilante justice. There is no international law regarding SPAM and there are no international SPAM COPS. Vigilantism is commonly referred to as “Taking the law into your own hands” which if there is no law it makes that quite hard to do. Mr. Wagner also does not take into account situations where the law allows citizens to act. The justified homicide clause in many state laws is one such example. Texas being the most forgiving

§ 9.42. Deadly Force to Protect Property

A person is justified in using deadly force against another to protect land or tangible, movable property:

(1) if he would be justified in using force against the other under Section 9.41; and

(2) when and to the degree he reasonably believes the deadly force is immediately necessary:

(A) to prevent the other’s imminent commission of arson, burglary, robbery, aggravated robbery, theft during the nighttime, or criminal mischief during the nighttime; or

(B) to prevent the other who is fleeing immediately after committing burglary, robbery, aggravated robbery, or theft during the nighttime from escaping with the property; and

Now, I’m not advocating that we hunt down spammers and shoot them but the people of internet community are fed up with SPAM. There’s no telling how many states have laws where so called internet vigilante justice may be acceptable under some obscure clause pertaining to some other act. In addition I expect some city, county, or state legislators to begin legalizing some form of retaliation within reason, whatever within reason means to the local voters. Another issue with bringing people to trial for vigilante justice is getting a jury to convict. Even in states other than Texas where it is not legal to shoot someone for stealing or vandalizing your property, many potential jurors believe that you have the right to your property regardless of what state law says and will acquit. Since many people are fed up with SPAM it is not unreasonable to expect a jury to acquit Blue Security and any citizen subscribers to their service of any wrongdoing. Jury nullification is within the rule of law and some states such as Georgia allow jurors to determine fact AND law. . I fail to see how Mr. Wagner’s statement that vigilante justice leads to a breakdown of rule of law” is true in such cases where a jury believes that such action is socially acceptable.

In a statement, the Entertainment Software Rating Board’s chief, Patricia Vance, called on the industry to proactively protect games from illegal modifications by third parties, “particularly when they serve to undermine the accuracy of the rating.”

Great! What next, are we going to prohibit modding cars because of unexpected consequences? I believe the ESRB needs to get a clue. The rating is a “factory spec”. If somebody modifies the original how can you realistically expect it to be exactly the same? That would be like performing some engine and transmission modifications on a car and expecting the 0-60 time to be the same as it was from the factory. The whole point of mods is to change the original. Some people just don’t understand. I guess Patricia Vance isn’t Asian, otherwise she would have a tricked out Type-R Civic and a basic understanding of what modding is.

As I predicted security can be the undoing of some companies. CardSystems realizes that they are doomed without Visa and American Express’ business.

CardSystems CEO Perry said card issuers have adequate penalties for violations such as the one that happened at his company. He called outright network expulsion “unprecedented.”

It may be unprecedented, but it’s long over due in my opinion. If companies take chances with the financial lives of other people shouldn’t their business partners take equal chances with their financial lives?