BradSpangler.com

09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

Here is why it’s important.

More: HD-DVD key fiasco is an example of 21st century digital revolt

See also: http://www.hddvdkey.com/

â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘
â–‘09â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–’â–’â–’â–’â–’â–’â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–’â–’â–’â–’â–’â–’â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘
â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–’â–’â–’â–’â–’â–’â–’â–’â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–’â–’â–’â–’â–’â–’â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘
â–‘â–‘â–‘â–‘â–‘â–‘â–‘F9â–‘â–‘â–‘â–‘â–‘â–‘â–’â–’â–’â–’â–’â–’â–’â–’â–‘â–‘â–‘11â–‘â–‘â–‘â–’â–’â–’â–’â–’â–’â–‘â–‘â–‘â–‘â–‘02â–‘â–‘â–‘â–‘â–‘
â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–’â–’â–’â–’â–’â–’â–’â–’â–‘â–‘â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘
â–‘â–‘9Dâ–‘â–‘â–‘â–‘â–‘â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–‘74â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘
░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░░░░░▐▌░░
░░E3░░░░░▒▒▒▒▒▒▒▒▒▒██▒▒▒▒▒▒▒██▒▒▒▒▒▒▒░░░5B░░░▐▌░░
░░░░░░░░░▒▒▒▒▒▒▒▒██▒▒▒▒▒▒▒▒▒▒▒██▒▒▒▒▒░░░░░░░████░
░░░D8░░░░░▒▒▒▒▒██▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒██▒▒▒░░░41░░░██░░
░░░░░░░░░░▒▒▒██▒▒▒████▒▒▒▒▒████▒▒▒██▒░░░░░░░░██░░
░░░56░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░░░░░██░░
░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒████████░░
░░░░░░██▒▒▒▒▒▒▒▒▒▒▒██████████▒▒▒▒▒▒▒▒▒▒░░░C5░░░░░
░░░░██░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░░░░░░░
░░██░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░░░░░░░
░░██░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░░░░░░░
â–‘â–‘â–‘â–‘â–‘63â–‘â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–‘â–‘â–‘â–‘56â–‘â–‘â–‘â–‘
â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–’â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘
░░░░░░░░░░░░░░░░░░░░██░░░░██░░░░░░░░░░░░░░░░░░░░░
░░░░░88░░░░░░░░░██████░░░░██████░░░░░░░░░░C0░░░░░
â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘

“…zero nine foxtrot nine one one zero two nine delta seven four echo three five bravo delta eight four one five six charlie five six three five six eight eight charlie zero…”

UPDATE: Kevin Rose: Digg This: 09-f9-11-02-9d-74-e3-5b-d8-41-56-c5-63-56-88-c0

“But now, after seeing hundreds of stories and reading thousands of comments, you ’ve made it clear. You’d rather see Digg go down fighting than bow down to a bigger company. We hear you, and effective immediately we won’t delete stories or comments containing the code and will deal with whatever the consequences might be.”

From an agorist perspective, Digg.com has just tentatively been leveraged into the quasi-insurrectionary grey market from the state-dominated white market.

People continue to speculate about the phrase “Ismail Ax” that Seung Hui Cho, the Virginia Tech killer, had written on his arm. Several go through various contortions of logic, which would otherwise be comical if not for the subject matter, in their aching hope to find a connection to Islam to feed their hungry lust for more pro-war hysteria.

What all of these Dick Tracy wannabes forget is that psychotic people are usually quite “rational” within the bounds of the premises set by their delusions. The most likely meaning of the phrase is a very simple and mundane one, in my opinion.

Mentally roleplay this…

You’re all set to “make them all pay” and go out in what you yourself perceive as a blaze of glory.

You’ve sent your public manifesto to the media.

You’re mentally prepared to die, after having convinced yourself it is right and necessary.

But what about tying up all of the loose ends of your life? What about those you leave behind? What about helping them with the various details of the MUNDANE but private things you’ve left undone? You’re going to die — so how can your next of kin or whoever settle up on your dry-cleaning bill or whatever?

They need to get into your personal, off-campus email account, of course, to see your saved messages and sent replies. And since you’re paranoid, you don’t want to email the password to them. Instead, you hide the password in plain sight with no context, so that it’s just gibberish to everyone except the people who might have a use for it.

I predict that if it ever becomes public knowledge why Cho wrote “Ismail Ax” on his arm, we’ll find that it was just the password for his stupid Hotmail (or whatever) account — put there for the benefit of a relative or friend. And like all decent passwords, it means nothing.

The U.S. Department of Homeland Security (DHS) is demanding the master key for the DNS root zone.

Slashdot | Cryptome | DKos | Heise [Germany]

It seems that the recent government wargame dubbed “Cyber Storm” was not just a network security exercise for sharpening responses to hostile hackers. It also included plans for countering the political messages of bloggers.

Excerpt:

The government concluded its “Cyber Storm” wargame Friday, its biggest-ever exercise to test how it would respond to devastating attacks over the Internet from anti-globalization activists, underground hackers and bloggers.

Bloggers?

Participants confirmed parts of the worldwide simulation challenged government officials and industry executives to respond to deliberate misinformation campaigns and activist calls by Internet bloggers, online diarists whose “Web logs” include political rantings and musings about current events.

So much for the First Amendment.

Hat tip to Patriot Daily News Clearinghouse on DailyKos.

Windows users, please note that there’s some particularly nasty malware going around out there called Blackworm that you’ll want to protect yourself against — and you’ve only got a couple of days.

From the summary linked above:

Over the last week, “Blackworm” infected about 300,000 systems based on analysis of logs from the counter web site used by the worm to track itself. This worm is different and more serious than other worms for a number of reasons. In particular, it will overwrite a user’s files on February 3rd.

At this point, the worm will be detected by up to date anti virus signatures. In order to protect yourself from data loss on February 3rd, you should use current (Jan 23rd or later) anti virus signatures. Note, however, that the malware attempts to disable/remove any anti-virus software on the system (and does this every hour while the system is up), so if the machine was infected before [updated anti-virus] signatures were deployed, obviously, that anti-virus software can’t be expected to clean up the infection for you.

The following was posted to the BuqTraq mailing list a short while ago. Looks interesting. I’ll be curious to see how this company does.

On 01 February 2006 Frame4 Security Systems will launch their Malware Distribution Project (MD:Pro) service, which will offer developers of security systems and anti-malware products a vast collection of downloadable malware from a secure and reliable source, exclusively for the purposes of analysis, testing, research and development. For a preview of MD:Pro, visit http://www.frame4.net/mdpro.

Bringing together for the first time a large back-catalogue of malware, computer underground related information and IT security resources under one project, this major new system also contains a large selection of undetected malware, along with an open, collaborative platform, where malware samples can be shared among its members. The database is constantly being updated with new files, and maintained to keep it running at an optimum. MD:Pro will contain around 120.000 downloadable malware samples by the end of 2006. There are currently 6500+ files in the system (and counting).

A product of many years’ research, cataloging and compilation of hard to find information, this subscription based service will be extremely attractive to anti-virus/anti-spyware manufacturers, developers of IDS/IPS systems, etc., along with large corporations and ISPs. Registrations will be limited to corporate customers only.

Key benefits are:

- A single, secure, and reliable download resource
- Vast amounts of historical data, along with the very latest malware sources
- Custom system, designed to provide maximum benefit to anti-malware research staff
- Contents updated and maintained continuously by skilled security engineers
- Systems monitored 24 x 7 for maximum possible uptime and availability
- A non-public list, made available for the purposes of analysis, testing, research & development

PLEASE NOTE - The system is currently under heavy development; we are due to go live 01 February 2006, and as such, are not accepting any registrations for now (we are keeping applications pending until then however, and will allow access after go-live). As mentioned above, registrations will be limited to corporate customers only.

Best regards,

Anthony Aykut
Frame4 Security Systems
http://www.frame4.com/
http://www.frame4.net/mdpro
Tel : +31(0)172-515901

Respected computer security guru Bruce Schneier briefly weighs in on Titan Rain, the US governments code name for an ongoing series of highly skilled and organized hacking attacks carried out against US military networks and apparently originating in China.

The expert consensus, which I’m not sure I entirely agree with, is that Titan Rain is a Chinese military effort. While I’m not in a position to know who is behind the attacks, I know enough about the general topic of IT security to also know that few, if any, can really know that either.

The publicly stated reasoning behind that expert consensus is that, in the eyes of the experts, the attacks are so well skilled and organized that they simply have to have been carried out by a foreign military. I believe that reasoning reflects a certain statist chauvinism that, in defiance of almost all evidence, government organizations are bastions of competence. Chauvinists of this stripe have failed to learn the fourth generation warfare lessons of 9/11 — that states are not the only potential players on the battlefield. The attacks could be a Chinese military effort, or they could be something else. As a matter of fact, it’s entirely possible that a Chinese military hacking effort is going on AND something else is going on.

I believe we’ll hear more about this as time goes on and, as is typical with regard to wars and governments, that some of it will be accurate and some will be misinformation. One thing you can be sure of, though, is that as networks become just another arena for warfare to be conducted in, they will become a dangerous place for innocent civilians — just like any battlefield.

Because battlefields are dangerous places to be, it then becomes incumbent on every computer user to take personal initiative to educate themselves about computer security basics and attend to taking care of those computers and networks they are responsible for.
(more…)

Good info: A technical guide to anonymous blogging

Back in July of 2004, the US Navy’s network security people imposed a Navy-wide moratorium on the use of commercial wireless equipment of the sort likely to be found on your own home wireless network. A waiver process exists, but approval is contingent on confirmation that DoD requirements are met. Consumer-grade wireless equipment doesn’t meet those requirements, largely due to relying on relatively weak encryption schemes like WEP and WPA to secure the wireless connection.

We’re not even talking about the totally seperate networks for handling classified information. For ordinary naval IT needs, use of the wireless equipment you probably use is simply forbidden. As one article states:

Advances in the art of cracking WEP and WPA networks have made arguments for using these encryption schemes in Navy networks indefensible.

“Navy Wireless Networks - FIPS 140-2 or Bust” by Cmdr. John MacMichael, CHIPS - The Department of the Navy Information Technology Magazine

Even so, compliance with the moratorium has been an issue.

Popular small office, home office (SOHO) equipment, such as the Linksys WRT54G Netgear WGR614 and D-Link DI-24 have begun to appear on Navy networks as rogue access points (AP).

Navywide, relatively few wireless systems were reported to NNWC, so it is likely that not all wireless networks were reported.

The article reports that this lack of internal compliance has aroused so much concern that Navy information security honchos have directed their network security tiger team, operating out of the Fleet Information Warfare Center, to search for unauthorized wireless networks on certain naval installations — presumably to the detriment of more demanding security work that highly-skilled military hackers would be capable of. It doesn’t take a rocket scientist to just grab a laptop and do some wardriving — but since compliance with directives already issued to regular naval IT personnel is the problem…

Well, you can do the math.

So, why do they have their panties in such a bunch? Well, it’s like this…

The tools for defeating WEP/WPA wireless security have been vastly simplified. Some mentioned in the above article include:

• Kismet
• AirSnort
• aircrack

It is not just these free tools themselves, though, but their increasingly slick, easy, almost idiot-proof packaging and documentation — particularly their inclusion in security tester toolkits freely available as bootable Linux live CDs.

To use the aforementioned tools, average knowledge of Linux is required to patch and install unsupported wireless drivers, compile Unix-based tools, capture network traffic and execute WEP and WPA-PSK exploits. Even with the increase in documentation and ease of compiling drivers and tools, these tasks were hurdles that had to be overcome by a novice attacker. But these barriers have all but been removed with the advent of the live Linux distribution based on the Knoppix Linux distribution…

Knoppix variants such as Auditor, Knoppix-STD (Security Tools Distribution) and Whoppix [recently renamed WHAX] have precompiled drivers, software and cryptologic libraries that allow even a novice Linux user to launch sophisticated attacks against wired or wireless networks.

What that basically means is that a significant portion of the US military’s IT infrastructure is vulnerable to anyone who download a CD, burn it and then follow some simple directions. Really.

Now, you may think your secuity needs aren’t as demanding as those of the US military — even for their mundane, unclassified needs. You’d be right, to an extent; but you bear the brunt of the consequences if someone steals your credit card number or otherwise maliciously defeats your PC’s security.

Political activists and dissidents, in particular, should take note. Abuses of law enforcement powers for political purposes, as seen during the COINTELPRO era, are once more a legitimate concern in the US under the Patriot Act. Furthermore, as political discourse grows ever more shrill, the probability of politically motivated freelance mayhem from ordinary people who exceedingly disagree with you is, perhaps, more likely than ever.

Given the importance of computer and internet usage for political purposes in these times, then, the average freedom-loving political activist ought to seriously look into educating themselves on computer security topics, so they can take the steps they need to take to protect themselves.

A great example of one of those rarest of specimens — a good ruling coming out of the US federal court system…

Spyware can constitute illegal trespass on home computers [USAToday.com].

Hat tip to Slashdot.

Excerpt:

“A federal trial court in Chicago has ruled recently that the ancient legal doctrine of trespass to chattels (meaning trespass to personal property) applies to the interference caused to home computers by spyware.“

This is the way legal decisions on the forefront of technological advance are supposed to go. Apply existing principles of common law to arrive at justice, despite unfamiliar circumstances.

If only we could see the same thing in the realm of environmental law.

Actually, we can. We just need to abolish the biggest obstacle standing between society and a rational, ethical court system. That obstacle is the state and its monopoly of law.