My Letter to Ed Markey
Topic: Miscellaneous 2:18 am EST, Oct 29, 2006

Congressman Markey,

While I'm not one of your constituents, your statements and actions often have an impact that reaches beyond your district. Yesterday you were quoted in several news media outlets as having called for the arrest of Christopher Soghoian, a PHD candidate at the University of Indiana Bloomington, because he created a web page that generates phoney airline boarding passes. As you are likely aware, your call was answered by the FBI who reportedly broke into Soghoian's house last night and seized all of his computer equipment.

I am a professional computer security researcher. I work for one of the worlds largest IT companies. My job involves finding vulnerabilities in software systems and getting them fixed. Responsible vendors are usually very responsive and willing to work with my team when we contact them with information about problems with their products. Through this process we are able to locate and repair vulnerabilities in IT infrastructure before the bad guys can find them and exploit them. However, there are always a few unsophisticated people who seek to shoot the messenger instead of dealing with the flaw.

Christopher Soghoian is one of the good guys. He is not a criminal and he is not enabling criminals. He did not create the vulnerability in the boarding pass screening process. This problem has existed for years, and it has been noted in other quarters, most recently by Sen. Chuck Schumer. However, the problem hasn't been fixed. Soghoian's website was intended to demonstrate how simple this is, and he has clearly and repeatedly stated that his intent in creating the site was to raise awareness about the problem so that it will be fixed. His website does not make this much easier than standard desktop publishing software available on anyone's personal computer.

Your call for his arrest, and the subsiquent events that have unfolded over the past 24 hours, have done serious harm to the national security of the United States. You could have simply contacted him, informed him of the legal problems that one could face for operating such a website, and discussed shutting it down. By choosing instead to prosecute him you are sending a message to security professionals in this country that if you observe a problem with national security policies or practices and make people aware of those problems in good faith so that they might be fixed, the government will treat you as an enemy and will prosecute you if possible. The inevitable result will be that people will hold their tongues, and problems will persist until they are discovered by someone who has malicious intent.

I strongly urge you to reconsider your position on this matter. The current course of action is not in the best interests of this country.

Tom Cross

My Letter to Ed Markey

Ed Markey advocates shooting the messenger
Topic: Politics and Law 9:56 pm EDT, Oct 27, 2006

"The Bush Administration must immediately act to investigate, apprehend those responsible, shut down the website, and warn airlines and aviation security officials to be on the look-out for fraudsters or terrorists trying to use fake boarding passes in an attempt to cheat their way through security and onto a plane."

yep, they like to shoot the me i know...

Ed Markey advocates shooting the messenger

The Northwest Airlines Boarding Pass Generator
Topic: Miscellaneous 1:42 am EDT, Oct 27, 2006

This webpage will produce a boarding pass good enough to get anyone past TSA, and thus, into the "secure" gate areas of the airport terminal.

I have a big "i told you so" (tm) to say about this one...

btw, i can just see the headlines now "Juniper Researcher Michael Lynn helps terrorists board planes illegally" for posting this link...heres hoping that ellen messmer doesn't read my blog...

The Northwest Airlines Boarding Pass Generator

Why I believe in God
Topic: Miscellaneous 8:18 pm EDT, Oct 26, 2006

start heavy whiny drama blah blah:

ok, not a normal topic of discussion for me, most people that know me probably think I'm an atheist, and in fact i used to be...

I bring this up, because when I'm feeling really really depressed (as you might have noticed), I have to remind myself that this is not rock bottom...I've seen rock bottom, and while it might be close, I'm not there yet...

two things have happened to me in my life that I can't explain...the first is minor compared to the second, and thats when I was forced to re-evaluate my beliefs...

6 years ago I was homeless, I had almost no friends (or at least almost no friends in town), the company I was working for evaporated (as did lots of companies 6 years ago)...I had dropped out of school, for reasons that were not entirely under my control, I stayed out largly for reasons I could have controlled, but I felt very lost with my life...

This went on for months, I got worse and worse, I found myself crashing on couches, with people I barely knew, anything to avoid sleeping at my fathers house (if you know me very well you will know why thats a bad option, if you don't, then use your imagination)...I had become, in almost all the ways that I defined it for myself, a failure...

so one night, the worst ever, 4Am, im sitting in my fathers living room, doing the depressed thing, being suicidal...I had been suicidal before, but this time i had all the really bad warning signs...i had a plan on how to do it, i was going to slit my wrists (minus 1d6 to my save against suicide)...I had the tools ready in hand to pull it off (minus another 1d6 to the saving throw)...

something that you don't hear about suicidal people often is that they rarely actually want to die...I didn't want to die, but it seemed like the only way to stop the pain, a better option than living if you will...I sat there preying to a god I didn't believe in to give me a reason, any reason not to do it...I pressed the blade to my wrist, I started to cut, and at 4AM the phone rings...its for me, at my fathers house of all places, a friend of mine that I've known all my life is on the other end and out of the blue he wants to know whats up and can he swing by to pick me up to just hang that point this was reason enough to postpone my demise, if only for a little while...I later asked him why he called me, out of the blue, at 4am in the middle of the week, and how he knew i was at my fathers house...he said he really didn't know, but at that moment he felt that he had to call me...for me, that was miracle one...

we hung out for several hours, but as the sun started to come up, he went to sleep and i started to walk home...the depression kicked back in, and i decided to finish the job when i got back to my fathers place...i once again picked up the blade and this time, as i grabbed the blade a storm came in faster than I've ever seen before and in a flash flood i was up to my knees in moving water...right there, in the living room, and as it happened a voice spoke to me inside my head telling me "no, not now, you don't have the right"...I was useful and needed again for several more hours as i tried to minimize the damage...when the dust settled i felt a little better, enough to bring me off that ledge, the next day a little better, until one day i felt good again...miracle two...

I know all this could be explained away, but it was more than a voice in my head, it was like being washed away with a warm feeling that i was loved and that i would be ok...that too could be explained, and doesn't prove anything...but thats the nature of faith, proof is not relevant, all that is relevant is that I felt the presence of something greater, and thats enough for me to believe...

anyways, why write about this remind myself, that I've been to rock bottom, and I came back from that...

:end heavy whiny drama blah blah

On its own
Topic: Miscellaneous 2:59 am EDT, Oct 26, 2006

next time I'm not saving the wasn't worth it...the internet is on its own...

random thought/book idea: Plan A
Topic: Miscellaneous 6:38 pm EDT, Oct 25, 2006

I was thinking the other day about the plan A's of some famous people that, had they suceeded the world would be a very different place...

for example, hitler wanted very much to be an artist but he just didnt have the talent required to make it, when that didnt work out he decided to become the biggest mass murderer since, well whoever was the biggest before him...

castro wanted to play major leage baseball in the states, he actually had a career in the minor leages but when he failed the yankees try outs he went with his plan B instead...

It makes you wonder what other great and terrible figures from history had failed plan A's like these...what about some possitive ones? did Churchhill have some other dream he failed at before he became the great man?

anyways, i just thought that would make a good book...

Jay Beale vs Dan Kaminsky
Topic: Miscellaneous 6:51 pm EDT, Oct 12, 2006

"DNS over DNS is way better than DNS alone"

this was taken from security opus...I can't much watch...

Jay Beale vs Dan Kaminsky

Topic: Miscellaneous 6:50 pm EDT, Oct 12, 2006

So this movie was great, its easily one of the best I've seen in a few years...its by the same guy who made Memento and I think it actually has a stronger story...check it out...


those random people on aim
Topic: Miscellaneous 4:39 pm EDT, Oct 10, 2006

don't you hate it when someone messages you on AIM, and sure enough, they're on your buddy list (but your list is so large having used AIM for years) and you have no idea who the guy is...but you don't want to be all "who are you again" cause they obviously know who you are, and you presumably at some point knew who they are, so you play this game for a little bit trying to tease out the details of how you know them without giving it away...

Delicious Library
Topic: Miscellaneous 7:50 am EDT, Oct  8, 2006

so I went to watch one of my movies today and I found it missing...I poll all the people who I know have borrowed movies from me, no-one seems to know where it is...that pisses me I finally got this program to archive all my books and dvds, it'll set due dates and shit and remind me to kill people for not bringing things back...

anyways, I know its been posted on memestreams before, but its pretty rad software...check it out...

Delicious Library

