Iran's Web Spying Aided By Western Technology - WSJ.com
11:17 am EDT, Jun 22, 2009
The Iranian regime has developed, with the assistance of European telecommunications companies, one of the world's most sophisticated mechanisms for controlling and censoring the Internet, allowing it to examine the content of individual online communications on a massive scale.
Interviews with technology experts in Iran and outside the country say Iranian efforts at monitoring Internet information go well beyond blocking access to Web sites or severing Internet connections.
Instead, in confronting the political turmoil that has consumed the country this past week, the Iranian government appears to be engaging in a practice often called deep packet inspection, which enables authorities to not only block communication but to monitor it to gather information about individuals, as well as alter it for disinformation purposes, according to these experts.
Against my objections, Nick proceeded. At the time he believed, for some reason, that we were going to make more money than we were going to make. We concluded that we would not book the revenue until we actually received money from Google. In some respects it was an experiment - how much would this bring in? As I predicted, it brought in next to nothing. After several years we have not generated enough revenue to reach the minimum amount that prompts Google to cut you a check.
This is a lie. We current have $784.78 owed to us by Google. We have the adsense account configured not to send us payments and hold the money. There is currently no legitimate way to take the revenue since Industrial Memetics isn't setup properly.
It is true that the current level of ad revenue is not enough to fully cover the current operational costs of the site. However, we current have enough money sitting there to cover over a year of the site's operation. We are over-paying for the server and bandwidth that the site is currently running (slowly) on.
This morning I've been working on getting a copy of MemeStreams running on a $38/mo slicehost VM. It's running faster than this one at a third the operational costs.
It's currently available for testing on the memestreams.org domain. Poke at it if you like.. It still needs some work before being ready to move the site to it.
Tom is refusing to legitimize operations of this site and the organization that claims to own it. The Industrial Memetics C Corp is basically a shell corporation that has never been setup or managed properly. All efforts I have made to correct this have been met with resistance or refusal. Everything related to MemeStreams is in Tom Cross's personal name. Tom has been paying all expenses out of his own pocket. I have been insisting for several years now that we legitimize Industrial Memetics, create a bank account to pay expenses out of, and keep records of expenses.
Basically, the house has been run improperly... Whenever the topic of "why don't you pay expenses?" has come up, the answer has been the same.. Legitimize operations and I (share expense|inject capital).
After an argument on the street in downtown Bethesda, where I presented Tom with several options for handling this issue, it came down to "take it all over or I'm shutting it down". I refuse to let this site die.
As per our shouted agreement, I'm going to take over the site's operations starting Monday. I don't expect this to be a problem, assuming that Decius doesn't create one. Domain ownership transfer and database sync'ing, etc..
I intend to form a new organization to care for the site as a 501.(c)3 and open source the code.
I know I have not been posting often recently. There are multiple reasons for this. I assure you none of them involve a lack of care for this community and what we've created together. Tom and I have our differences, but he is and always will be central to the soul of this community.... Unless he intends to run away from it.
We have discovered remotely-exploitable vulnerabilities in Green Dam, the censorship software reportedly mandated by the Chinese government. Any web site a Green Dam user visits can take control of the PC.
According to press reports, China will soon require all PCs sold in the country to include Green Dam. This software monitors web sites visited and other activity on the computer and blocks adult content as well as politically sensitive material.
We examined the Green Dam software and found that it contains serious security vulnerabilities due to programming errors. Once Green Dam is installed, any web site the user visits can exploit these problems to take control of the computer. This could allow malicious sites to steal private data, send spam, or enlist the computer in a botnet. In addition, we found vulnerabilities in the way Green Dam processes blacklist updates that could allow the software makers or others to install malicious code during the update process.
We found these problems with less than 12 hours of testing, and we believe they may be only the tip of the iceberg. Green Dam makes frequent use of unsafe and outdated programming practices that likely introduce numerous other vulnerabilities. Correcting these problems will require extensive changes to the software and careful retesting. In the meantime, we recommend that users protect themselves by uninstalling Green Dam immediately.
Our brief testing proves that Green Dam contains very serious security vulnerabilities. Unfortunately, these problems seem to reflect systemic flaws in the code. The software makes extensive use of programming techniques that are known to be unsafe, such as deprecated C string processing functions including sprintf and fscanf. These problems are compounded by the design of the program, which creates a large attack surface: since Green Dam filters and processes all Internet traffic, large parts of its code are exposed to attack.
If Green Dam is deployed in its current form, it will significantly weaken China's computer security. While the flaws we discovered can be quickly patched, correcting all the problems in the Green Dam software will likely require extensive rewriting and thorough testing. This will be difficult to achieve before China's July 1 deadline for deploying Green Dam nationwide.
Company makes hosting software. Hosting software has 0day SQL Injection. Hackers exploit an entire hosting provider running the software and destroys 100,000 websites, 1/2 of which have no backups (shit!). Software CEO commits suicide.
Over the past few months, improving their web presence has become a hot topic for conservatives. At a debate earlier this year, candidates for the chairmanship of the RNC boasted about the number of followers they had on Twitter and friends on Facebook. Yesterday, in an interview at the Conservative Heartland Leadership Council in St. Paul, former Minnesota Republican senator Norm Coleman inadvertently highlighted the “tech gap” between conservatives and progressives when he encouraged conservatives to compete with progressives on the “ethernet“:
“In the end, we need to compete, as I’ve said before, we need to compete in each and every kind of forum,” said Coleman. “And whether it’s on the ground traditionally, or today it’s in — it’s in the ethernet. It’s in the — you know, it’s online. It’s in the blogs, it’s Twitter, it’s Facebook, and the next iteration.”
I will be at SummerCon this weekend to discuss this and other issues of grand importance to the information security community.
Sotomayor's Bad 1st Amendment Decision Should Disqualify Her - Paul Levinson - Open Salon
Topic: Civil Liberties
10:05 am EDT, May 28, 2009
The decision came from Sotomayor's Second Circuit Court last May, regarding Lewis Mills High School student Avery Doninger. While running for Senior Class Secretary, Ms. Doninger found reason to object to the school's cancellation of a "jamfest" event, and characterized those who scotched the event as "douchebags" on her off-campus LiveJournal blog (she also characterized a school official in that same blog posting as getting "pissed off"). The school officials, in turn, took umbrage, prohibited Avery from running for Class Secretary, and disregarded the plurality of votes she received, anyway, as a write-in candidate. Avery sued the school officials, and the Federal District Court supported the school. Avery appealed to Sotomayor's Second Circuit Court.
After acknowledging the Supreme Court's 1969 Tinker decision, which held that students do not "shed their constitutional rights to freedom of speech or expression at the schoolhouse gate," Sotomayor's Court proceeded to affirm the District Court's ruling - that is, Sonia Sotomayor and her colleague justices upheld the high school's right to punish Doninger for her off-campus speech. Their reasoning was that schools have an obligation to impart to their students "shared values," which include not only the importance of free expression but a "proper respect for authority".
"Proper respect for authority" ... is this what our democratic society and freedom is based upon? Last time I checked, I thought our democracy and freedom were predicated on the principle that all people have a right to express their opinions, which must certainly include disrespect for authority, if actions by the authority - such as canceling a school event such as "jamfest" - are at issue.
It appears the 1953 armistice might be toast. According to Stratfor, the DPRK is increasing naval exercises in the Yellow Sea and South Korea is responding by deploying destroyers along areas claimed by North Korea. Odds are that NKorea is going to try to send out a naval shipment. They have been sending messages out stating that any efforts to board it's vessels will be met with a military attack.