funsec mailing list archives
We have immigration prob but Isreal has laptop hate
From: Randall M <randallm () fidmail com>
Date: Thu, 17 Dec 2009 09:08:09 -0600
http://mobile.slashdot.org/story/09/12/16/0159251/Israeli-Border-Police-Shoot-US-Students-Laptop From: Randy It's an iPhone Thang! Was learning cursive neccessary? On Dec 17, 2009, at 12:39 AM, funsec-request () linuxbox org wrote:
Send funsec mailing list submissions to funsec () linuxbox org To subscribe or unsubscribe via the World Wide Web, visit https://linuxbox.org/cgi-bin/mailman/listinfo/funsec or, via email, send a message with subject or body 'help' to funsec-request () linuxbox org You can reach the person managing the list at funsec-owner () linuxbox org When replying, please edit your Subject line so it is more specific than "Re: Contents of funsec digest..." Today's Topics: 1. US and Russia in Cyber Warfare Talks (Gadi Evron) 2. Re: US and Russia in Cyber Warfare Talks (Charles Miller) 3. Re: Resources on political thinking (Gadi Evron) 4. Adobe 0-day vulnerability CVE-2009-4324 - what this means? (Juha-Matti Laurio) 5. New Zealand: Conficker Cripples Waikato District Health Board (Paul Ferguson) 6. Re: New Zealand: Conficker Cripples Waikato District Health Board (Alex Lanstein) 7. Iraqi Insurgents Hack U.S. Drones (Paul Ferguson) 8. The Legality of Publishing Hacked E-Mails (Gadi Evron) 9. Re: The Legality of Publishing Hacked E-Mails (Paul Ferguson) 10. Re: New Zealand: Conficker Cripples Waikato District Health Board (Peter Evans) ---------------------------------------------------------------------- Message: 1 Date: Wed, 16 Dec 2009 23:23:16 +0200 From: Gadi Evron <ge () linuxbox org> Subject: [funsec] US and Russia in Cyber Warfare Talks To: funsec <funsec () linuxbox org> Message-ID: <4B294FC4.40600 () linuxbox org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed http://www.telegraph.co.uk/technology/news/6808883/US-and-Russia-in-secret-cyber-warfare-talks.html -- Gadi Evron, ge () linuxbox org. Blog: http://gevron.livejournal.com/ ------------------------------ Message: 2 Date: Wed, 16 Dec 2009 15:51:44 -0600 From: Charles Miller <cmiller () securityevaluators com> Subject: Re: [funsec] US and Russia in Cyber Warfare Talks To: Gadi Evron <ge () linuxbox org> Cc: funsec <funsec () linuxbox org> Message-ID: <4B5BA3FE-1240-40DD-8290-2FB62FA4D1BA () securityevaluators com> Content-Type: text/plain; charset=us-ascii; format=flowed; delsp=yes That's going to work out great since all cyber attacks originate in either the US or Russia. Charlie On Dec 16, 2009, at 3:23 PM, Gadi Evron wrote:http://www.telegraph.co.uk/technology/news/6808883/US-and-Russia-in-secret-cyber-warfare-talks.html -- Gadi Evron, ge () linuxbox org. Blog: http://gevron.livejournal.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.------------------------------ Message: 3 Date: Wed, 16 Dec 2009 23:58:43 +0200 From: Gadi Evron <ge () linuxbox org> Subject: Re: [funsec] Resources on political thinking To: funsec () linuxbox org Message-ID: <4B295813.2020508 () linuxbox org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed On 12/4/09 8:57 AM, Drsolly wrote:On Fri, 4 Dec 2009, Peter Evans wrote:On Thu, Dec 03, 2009 at 06:07:51PM -0800, Robert Graham wrote:Look at "The thick of it".Never heard of it before. Just downloaded some episodes and watched them. I'm not sure what it has to do about political thinking BUT OMG THE SWEARING IS AWESOME.I think one of the major points of the series, is that there isn't any "political thinking".Great gift for your friend's teenage kids to educate them about British culture. Your friends will appreciate it.Your friends teenage kids probably already know the word "fuck". But it certainly isn't a good gift for anyone who has that in their list of taboo words. Maybe this is a Monty Python sort of thing - either you find "The thick of it" funny or you don't, and if you do, it's hard to explain why.It's funny, and I'm the last person to mind the swearing. However, After watching the whole of the 3rd season I reached the conclusion that watching it tenses me up, physicslly. Maybe it's the shouting, maybe the swearing and maybe it's the fast pace of nonsense. Heck, maybe it's the fast talking combined with the Scottish accent which makes it difficult for me to understand. Maybe all of the above or none. But it tenses me and I don't like that. Gadi. -- Gadi Evron, ge () linuxbox org. Blog: http://gevron.livejournal.com/ ------------------------------ Message: 4 Date: Thu, 17 Dec 2009 01:26:59 +0200 (EET) From: Juha-Matti Laurio <juha-matti.laurio () netti fi> Subject: [funsec] Adobe 0-day vulnerability CVE-2009-4324 - what this means? To: funsec () linuxbox org Message-ID: <24074586.8653771261006019627.JavaMail.juha-matti.laurio () netti fi> Content-Type: text/plain; Charset=iso-8859-1; Format=Flowed This document has answers to What this means type questions. i.e. What an organization can make to protect? Link: http://blogs.securiteam.com/index.php/archives/1339 Juha-Matti ------------------------------ Message: 5 Date: Wed, 16 Dec 2009 18:24:34 -0800 From: Paul Ferguson <fergdawgster () gmail com> Subject: [funsec] New Zealand: Conficker Cripples Waikato District Health Board To: funsec <funsec () linuxbox org> Message-ID: <6cd462c00912161824i65d91fa7re0fc5f4fcef23409 () mail gmail com> Content-Type: text/plain; charset=ISO-8859-1 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Conficker -- it's still out there. Via NZHerald.co.nz. [snip] Waikato District Health Board has been crippled by a computer worm which has seen every PC in the organisation shut down. While the main hospital in Hamilton and smaller outlying hospitals were continuing to function, spokeswoman Mary-Ann Gill said it was important people only came for treatment if it was absolutely necessary. Emergency care was still available but those arriving for routine appointments were being affected, as were GPs who often made referrals to hospitals via email. "We are asking GPs to only make urgent referrals," she said. "We need to keep as many people out of hospitals as we can." Ms Gill said DHB technicians were working on a computer upgrade overnight when things started to go awry. "About 2am they noticed there were some issues with the computers. By 4am they realised a computer virus had got into our whole system. [snip] More: http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10616 074 - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFLKZZcq1pz9mNUZTMRAlkKAJ9VnRU/KtyWRKnf4iASLRAdV7LAXQCeK5Gc 9oRMGFUL9YIELamc15okR0Y= =W3J2 -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ ------------------------------ Message: 6 Date: Wed, 16 Dec 2009 20:20:36 -0800 From: Alex Lanstein <ALanstein () FireEye com> Subject: Re: [funsec] New Zealand: Conficker Cripples Waikato District Health Board To: funsec <funsec () linuxbox org> Message-ID: <60B0F2124D07B942988329B5B7CA393D020BE87589 () mail2 FireEye com> Content-Type: text/plain; charset="us-ascii" What drives me up a wall is all those proprietary hospital machines (MRIs, prescription dispensers, etc) that are managed by outside vendors are rarely/never get even Windows patches. It would have taken about 3 words to change HIPPA to cover this long-standing gaping hole. Alex ________________________________________ From: funsec-bounces () linuxbox org [funsec-bounces () linuxbox org] On Behalf Of Paul Ferguson [fergdawgster () gmail com] Sent: Wednesday, December 16, 2009 9:24 PM To: funsec Subject: [funsec] New Zealand: Conficker Cripples Waikato District Health Board -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Conficker -- it's still out there. Via NZHerald.co.nz. [snip] Waikato District Health Board has been crippled by a computer worm which has seen every PC in the organisation shut down. While the main hospital in Hamilton and smaller outlying hospitals were continuing to function, spokeswoman Mary-Ann Gill said it was important people only came for treatment if it was absolutely necessary. Emergency care was still available but those arriving for routine appointments were being affected, as were GPs who often made referrals to hospitals via email. "We are asking GPs to only make urgent referrals," she said. "We need to keep as many people out of hospitals as we can." Ms Gill said DHB technicians were working on a computer upgrade overnight when things started to go awry. "About 2am they noticed there were some issues with the computers. By 4am they realised a computer virus had got into our whole system. [snip] More: http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10616 074 - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFLKZZcq1pz9mNUZTMRAlkKAJ9VnRU/KtyWRKnf4iASLRAdV7LAXQCeK5Gc 9oRMGFUL9YIELamc15okR0Y= =W3J2 -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------ Message: 7 Date: Wed, 16 Dec 2009 21:45:14 -0800 From: Paul Ferguson <fergdawgster () gmail com> Subject: [funsec] Iraqi Insurgents Hack U.S. Drones To: funsec <funsec () linuxbox org> Message-ID: <6cd462c00912162145j2cdda5a1s2ae26c58dc72c952 () mail gmail com> Content-Type: text/plain; charset=ISO-8859-1 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Via WSJ.com. [snip] Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations. Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes' systems. Shiite fighters in Iraq used software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, according to a person familiar with reports on the matter. U.S. officials say there is no evidence that militants were able to take control of the drones or otherwise interfere with their flights. Still, the intercepts could give America's enemies battlefield advantages by removing the element of surprise from certain missions and making it easier for insurgents to determine which roads and buildings are under U.S. surveillance. The drone intercepts mark the emergence of a shadow cyber war within the U.S.-led conflicts overseas. They also point to a potentially serious vulnerability in Washington's growing network of unmanned drones, which have become the American weapon of choice in both Afghanistan and Pakistan. [snip] More: http://online.wsj.com/article/SB126102247889095011.html - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFLKcVjq1pz9mNUZTMRAibtAJ4p9qfYHc2w0LEL2Hgw3TxRRYX9pACgmUS5 C8pikihY34k/UVSLw6tjKWk= =TxNt -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ ------------------------------ Message: 8 Date: Thu, 17 Dec 2009 07:59:28 +0200 From: Gadi Evron <ge () linuxbox org> Subject: [funsec] The Legality of Publishing Hacked E-Mails To: funsec <funsec () linuxbox org> Message-ID: <4B29C8C0.1030507 () linuxbox org> Content-Type: text/plain; charset=windows-1252; format=flowed http://www.cjr.org/the_observatory/the_legality_of_publishing_hac.php The publication of thousands of e-mails hacked from the University of East Anglia?s Climate Research Unit led to furious arguments about the science and politics of climate change. When the e-mails first leaked, however, reporters and bloggers on both sides of the debate expressed reservations about the legality and ethicality of publishing information acquired illegally. Large excerpts and quotes of the e-mail exchanges have since been published in a variety of media, including newspapers, television, and blogs. The Wall Street Journal posted a full downloadable file on its Web site. Most outlets, however, opted to refer readers to places like www.eastangliaemails.com for the complete listing ? a decision that drew many rebukes. The New York Times in particular has drawn harsh criticism for its handling of the e-mails. Public Editor Clark Hoyt wrote a convincing defense of the paper, arguing that it handled the situation ?appropriately.? Still, confusion over the legal and ethical implications of publishing hacked e-mails lingers. Some of the newspapers that have refused to publish the documents have general policies dictating that journalists not break any laws in the newsgathering process. Where these policies exist, however, they are a matter of journalistic ethics rather than an attempt to adhere to a well defined legal doctrine. Given the confusion, CJR decided to consult relevant case law and spoke with two publishing law experts about the hacked e-mails. The following is a primer providing some direction for journalists. It should not be taken as legal advice. There is no absolute rule here and the unique details of each individual case are paramount. -- Gadi Evron, ge () linuxbox org. Blog: http://gevron.livejournal.com/ ------------------------------ Message: 9 Date: Wed, 16 Dec 2009 22:20:10 -0800 From: Paul Ferguson <fergdawgster () gmail com> Subject: Re: [funsec] The Legality of Publishing Hacked E-Mails To: Gadi Evron <ge () linuxbox org> Cc: funsec <funsec () linuxbox org> Message-ID: <6cd462c00912162220q225d99c0ib2cbc277523e56c6 () mail gmail com> Content-Type: text/plain; charset=ISO-8859-1 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Dec 16, 2009 at 9:59 PM, Gadi Evron <ge () linuxbox org> wrote:http://www.cjr.org/the_observatory/the_legality_of_publishing_hac.phpOn a related note, here's something that is just wrong: "Minnesota Public Radio Reporter Faces Hacking Charges For Reporting On Data Leak" Via techdirt.com. [snip] We were just noting how the Computer Fraud and Abuse Act is regularly abused to bring "hacking" charges where none are really warranted. And here we have yet another example. Alex Howard points out that a Minnesota Public Radio reporter, Sasha Aslanian, is potentially facing "hacking" charges from a Texas company called Lookout Services. Lookout creates employment/compliance software for large organizations, and Aslanian was reporting on a supposed data vulnerability in the software used to verify employment eligibility that could potentially reveal private info. Aslanian's report noted that she was able to see info from the state of Minnesota, and the state was now directing agencies to stop using Lookout. The details are not entirely clear, but from what's written at the MinnPost link above, it sounds like there were some vulnerabilities, poor security, and a bungled demonstration which revealed a vulnerability -- all of which Lookout admits -- and from those vulnerabilities (which Lookout claims it closed), someone was able to adjust the URL to find private data. So, basically, the company admits to a series of vulnerabilities, which exposed info that allowed the reporter to eventually see some private data... but still claims that the reporter was "hacking" and is now looking to sue under the same Computer Fraud and Abuse Act, which could lead to 5 years in prison. Because our federal government still hasn't passed a journalism shield law, the reporter is potentially liable, though, as the MinnPost reporter notes, Lookout seems particularly shortsighted in bringing this lawsuit in the first place. All it does is call more attention to its own vulnerabilities and failings. And the CEO of Lookout basically responds that she doesn't care [...] [snip] More: http://www.techdirt.com/articles/20091215/2340237379.shtml Key quote: "I would argue that the company's reaction to this gives many more reasons never to do business with Lookout -- more than any discovered vulnerabilities." - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFLKc2Uq1pz9mNUZTMRApKsAKDknSx3ODzO7FlXNzQBW8CHLWGWTwCfSHak JgbxBXpdWzE9rjdPk35/u5w= =RJTo -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ ------------------------------ Message: 10 Date: Thu, 17 Dec 2009 15:39:38 +0900 From: Peter Evans <peter () ixp jp> Subject: Re: [funsec] New Zealand: Conficker Cripples Waikato District Health Board To: funsec <funsec () linuxbox org> Message-ID: <20091217063938.GN4958 () ixp jp> Content-Type: text/plain; charset=iso-8859-1 On Wed, Dec 16, 2009 at 08:20:36PM -0800, Alex Lanstein wrote:What drives me up a wall is all those proprietary hospital machines (MRIs, prescription dispensers, etc) that are managed by outside vendors are rarely/never get even Windows patches. It would have taken about 3 words to change HIPPA to cover this long-standing gaping hole.Personally, I think gear that lives depend on shouldn't be networked, failing that, there should be no outide way into their playpen. Convenience will of course over-rule any security requirements everytime. (Except the TSA!) If they are windows embedded, it isn't that easy to update them. They don't run windows update. They do have something called DUA, which allows them to check for orders and obey them, eg, periodically, on startup, etc. They release monthly security patches on the XPE site. Its still not that easy because between the c05a image and d06b image, somehow 9000 files have changed and I really dont want to send out 190mb of diffs. (some might be me, most is windows though). I know because I have 400 or so out there on the end of HSDPA modems. I make no attempt to keep them current, and I can see why makers of machines in hospitals wouldnt either, its a hassle. What's more, with a09, b09, c04, c05, c05a, d06 and d06b revisions out there, some of those machines would never get over it! P You are, of course, encouraged to try and get your name on the big ribbon. Winner gets a beer or biscuit. http://www.ixp.jp/ribbon/ ------------------------------ _______________________________________________ funsec mailing list funsec () linuxbox org https://linuxbox.org/cgi-bin/mailman/listinfo/funsec End of funsec Digest, Vol 52, Issue 34 **************************************
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- We have immigration prob but Isreal has laptop hate Randall M (Dec 17)