Thursday, May 31, 2007


Security is a myth. it simply does not exist in the sense most people want it to. People want to feel that even if someone wanted to hurt them, this hypothetical attacker would not be able to. yeah right.

this article( describes how hackers can cover their tracks in such a way as to be pretty much invulnerable to prosecution, at least through electronic evidence. It's an interesting read, and the techniques described are interesting (to me at least), but it raises some higher-level question about what we should be trying to do when it comes to security anyway.
can you possibly hope to protect your credit card number? well, no. you can make good starts (never give it to a place that will save it is a good one), you can hope vendors are smart and dont store the thing (which you shouldn't do), or you can just deal with some fraudulent charges when they show up. credit card companies seem to be pretty on top of that these days, which is good, since they'd go out of business if they weren't.

But if you can't trust your file system to tell the truth, who can you trust? Security in any sense, informational, personal. national, is utter crap. its a complete chimera. it will not and can not exist. If some wants very very badly (and i mean more than you've wanted, anything or ever) to do X, whether X is break into your house, steel your "identity", slice you open with a power saw, or fly a plane into your building, they're going to find a way to do it. if, god forbid (ha, god) a group of people decided they wanted to do one of those things to you, its just a matter of when. As a nation we need to accept our vulnerability, give up our infantile obsession with security, and move on. you want to play the numbers game here. you want to stop most of the attacks, most of the time, for most of the people. You want to stop big attacks. If you're smart you can usually do that without giving up much if any freedom (or time, or cpu cycles, or whatever). If, better yet, you can remove the benefit of the attack all together, now you're really winning.; why break into someone's house if you can't sell the stuff you steal? Of course to do that you've got to convince some people to keep vigilant eyes on their bank accounts, and others that there may, in fact, be no afterlife, so they should stick to this one. In the meantime, computer forensics go out the window; it's kinda like trying to ask a suicide bomber where he got his bomb. he's, you know, dead.

ps: oh yeah, slashdotters annoy me some time. here we have an interesting article on security, and theres no debate on the real topic. nothing about the schools of thought behind the guys writing these antiforensic apps, nothing about.. well, anything. other than "zomg you need an app to mess with timestamps? n00b you can just use touch!". My guess is TimeStomper is a windows app, boys. and even so, completely not the point.... but everyone wants to show off their knowledge (hey me too).

Wednesday, May 16, 2007

Rudi Guilliani is a bad person

Whatever you think about republican presidential candidate Ron Paul, admit that he sticks to his guns. When he expressed the opinion that the US should stay out of foreign affairs, and that our meddling can result in things like 9/11, Rudi took it upon himself to say that the US was in no way responsible for 9/11, and i think demanded that Ron Paul take his comment back. He didn't, and went on to talk about the CIA's understanding of blowback and gave several examples.

What sort of evil bullshit is that? Rudi's words communicate the following things to me about his ideas:

1) We should continue to do whatever we want abroad, without worrying about the consequences.
2) Instead of analyzing what went wrong to bring about 9/11, we should all just stop thinking about it because it wasn't all fault.

and presumably:
3) Rudi will think about it for us and decide what's best.

he's an authoritarian fuckhead and i very sincerely hope he doesn't get elected.

US media sucks balls

from /. (

Hylas sends us to Democracy Now for a newscast on the missing emails, an interview with investigative journalist Greg Palast. Here's Palast talking about the fired US attorney from New Mexico, David Iglesias:
"Iglesias believes the real reasons for the firings are in what are called the missing emails, emails sent by the [White House political advisor Karl] Rove team using Republican Party campaign computers, which Rove claims can't be retrieved. But not all the missing emails are missing. We have 500 of them. Apparently the Rove team misaddressed their emails, and late one night they all ended up in our inboxes in our offices in New York City."
This story has had zero play in the US media; it's been being carried on the BBC.

why isn't this all over the news? i want to know whats in those emails.

Tuesday, May 15, 2007

jon stewart rocks

he called the fact that politicians refuse interviews and duck questions and etc "open contempt for ... democracy". he couldn't be more right, and it sucks that this goes on so much.

Jerry Falwell dies

just google him for confirmation that i'm not making this up.

and really, i don't care. i mean, i'm not happy anyone's dieing, but i am happy that this guy is shut up. check wikipedia on him, he was agaisnt the civil rights movement, supported apartheid, made up bad stuff about Clinton, etc etc. all that's really par for the course for these far right-wingers.

i'm about half-way through Richard Dawkin's The God Delusion and have been listening to what some of Christopher Hitchins has to say on the issue, and i have to agree with them. Religion is very bad. Falwell is an example. I'm an anti-theist.

That he died suddenly, and that he lived in a city in the south with the word "Lynch" in it, are ironic, but that's all.

IP copywrite laws chock full of utter stupidity.

full article: (

Apparently everyones favorite utterly inept (or completely corrupt, take your pick), attorney general wants congress to enact some new IP copywrite laws. lets take a look at some of the real beauties here.

" * Criminalize "attempting" to infringe copyright. Federal law currently punishes not-for-profit copyright infringement with between 1 and 10 years in prison, but there has to be actual infringement that takes place. The IPPA would eliminate that requirement. (The Justice Department's summary of the legislation says: "It is a general tenet of the criminal law that those who attempt to commit a crime but do not complete it are as morally culpable as those who succeed in doing so.") "

Why is this one so bad? well, what constitutes "attempting" to infringe on IP copywrites? clicking a link to download a movie? clinking a link you thought was to a review of a movie? this is one step away from thought crime. "you were thinking about clinking that link, therefore you go to jail". rubbish.

" * Permit more wiretaps for piracy investigations. Wiretaps would be authorized for investigations of Americans who are "attempting" to infringe copyrights. "

combine this with the "anyone using any real amount of bandwidth must be downloading movies illegally" argument and you get the feds listening in on every interent connection in the states. if they aren't already. i should write a packet filter that looks for "terror-related" material, then sell it to the feds. meh they probably have one already.

"* Add penalties for "intended" copyright crimes. Certain copyright crimes currently require someone to commit the "distribution, including by electronic means, during any 180-day period of at least 10 copies" valued at more than $2,500. The IPPA would insert a new prohibition: actions that were "intended to consist of" distribution. "

oh here we go, actual thought crime. cool.

"* Require Homeland Security to alert the Recording Industry Association of America. That would happen when CDs with "unauthorized fixations of the sounds, or sounds and images, of a live musical performance" are attempted to be imported. Neither the Motion Picture Association of America nor the Business Software Alliance (nor any other copyright holder, such as photographers, playwrights or news organizations, for that matter) would qualify for this kind of special treatment. "

what? why the hell should the department of homeland security report anything to any commerical orginization? don't these guys have better shit to do??

and finally my favorite:
"* Create a new crime of life imprisonment for using pirated software. Anyone using counterfeit products who "recklessly causes or attempts to cause death" can be imprisoned for life. During a conference call, Justice Department officials gave the example of a hospital using pirated software instead of paying for it. "

thats life in prison for using pirated software. but don't worry, in order for you to wind up in jail for your stolen version of windows, you have to kill someone with it. or "recklessly cause or attempt to cause death". here's a couple ways this could happen to you:

1) because you didnt pay for your windows, your outlook is broken. you don't get an alert to go perform brain surgery on your patient, who dies.

2) a pirated version of photoshop running on your machine produces pictures so horrendous, onlooker's heads explode.

3) a stolen video game is so realistic, you die in real life too. of course, thats more of a suicide.

i mean in all seriousness, how the hell can you kill someone with a piece of software? and if you manage to do that, why in gods name does it matter that the software was pirated?? if through some brilliance you can kill someone with a version of windows, does it really make any damn difference how you got your hands on that version of windows? People who shoot people don't get life cause they stole the gun. The only way i can think to kill someone with acrobat is to lodge the cd in their throat, which is death by cd, not software. this whole thing is completely absurd.

so why's it happenin?

movie and record labels apparently have a lot of lobbying power. big surprise there.

in any case, its kinda like prohibition. you can try to make this stuff illegal, it will just mean that most americans are breaking the law.