"The future masters of technology will have to be lighthearted and intelligent. The machine easily masters the grim and the dumb." -- Marshall McLuhan, 1969
California finally fixing voting machines (maybe)
Topic: Elections
5:02 pm EDT, Mar 29, 2007
California's elections chief is proposing the toughest standards for voting systems in the country, so tough that they could banish ATM-like touch-screen voting machines from the state.
Two other standards require voting machines to be "effectively" or "reasonably secured against untraceable vote tampering" and cruder "denial of service" attacks intended to make a machine inoperable on Election Day.
For the first time, California is demanding the right to try hacking every voting machine with "red teams" of computer experts and to study the software inside the machines, line-by-line, for security holes.
"An army of computer scientists will come forward to testify that computer programs cannot be verified to be secure against 'undetectable vote tampering' and therefore they all will have to be decertified."
Great news. California is the right place for an initiative to solve the voting machine problem. Silicon Valley should be able to come up with a solution to this.
TJX: Hackers Stole 46 Million Card Numbers (General Dynamics Corp. (GD), International Business Machines Corp. (IBM), TJX Cos. (TJX), (US459200)) | SmartMoney.com
Topic: Computer Security
4:58 pm EDT, Mar 29, 2007
via Dow Jones wire:
Discount retailer TJX Cos. outlined a massive customer data theft in a regulatory filing late Wednesday, with stolen information covering transactions dating back as far as December 2002.
Media reports said at least 45.7 million credit and debit card numbers were stolen. The company (TJX) , whose stores include TJ Maxx, Home Goods and Marshall's, said it learned of the suspicious software on its computer system on Dec. 18, 2006.
The following day it immediately initiated a probe and hired General Dynamics Corp. (GD) and International Business Machines (IBM) to help in the investigation. TJX first disclosed the breach on Jan. 13.
TJX said information was stolen from a portion of its computer systems in Framingham that process and store information related to payment card, check and unreceipted merchandise return transactions for customers in T.J. Maxx, Marshalls, HomeGoods and A.J. Wright stores in the U.S. and Puerto Rico and the Winners and HomeSense stores in Canada.
Justice gets wrong statute, pays $100M price - CNN.com
Topic: Politics and Law
1:48 pm EDT, Mar 28, 2007
Poorly written Justice Department documents cost the federal government more than $100 million in what was supposed to have been the crowning moment of the biggest tax prosecution ever.
Walter Anderson, the telecommunications entrepreneur who admitted hiding hundreds of millions of dollars from the IRS and District of Columbia tax collectors, was sentenced Tuesday to nine years in prison and ordered to repay about $23 million to the city.
But U.S. District Judge Paul Friedman said he couldn't order Anderson to repay the federal government $100 million to $175 million because the Justice Department's binding plea agreement with Anderson listed the wrong statute.
Friedman said he could have worked around that problem by ordering Anderson to repay the money as part of his probation. But prosecutors omitted any discussion of probation -- a common element of plea deals -- from Anderson's paperwork.
"I've come to the conclusion, very reluctantly, that I have no authority to order restitution," Friedman said. "I hope the government will appeal me."
JoD appears to be firing the wrong people these days...
The Forehead Retina System (FRS) uses a special headband to selectively stimulate different mechanoreceptors in forehead skin to allow visually impaired people to "see" a picture of what lies in front of them. The Forehead Retina System is the result of collaborative research by Tachi laboratory at the University of Tokyo and EyePlusPlus, Inc.
The Forehead Retina System uses tactile sensations in the forehead to present a "picture" of the outline of objects; this enables visually impaired people to "see" what is in front of them.
Yes, you could have eyes in the back if your head. Bald men could have 360 degree vision. There might be military uses for this.
A push to legalize the Sunday sale of alcohol topped a list of bills that likely died in the Georgia Legislature on Monday.
The bills including a proposed hate crimes law, plans for Confederate History Month and Gov. Sonny Perdue's effort to clarify that church groups may receive state money were not among the ones that made it onto the Senate calendar for Tuesday.
WSB's Capitol Reporter Sandra Parrish reports Tuesday is the so-called Crossover Day in the Legislature. That's the 30th day of the 40-day session and the last on which a bill may pass in one chamber to be considered by the other.
This means that both SB 59 and HB 504 are dead for the year. MemeStreamers may rejoice..
However, you still can't buy booze on Sunday. I guess we can't have everything.
I'm considering removing the built in support for embedding iFilm videos that I added to MemeStreams yesterday. It seems very few things I want to embed actually allow embedding.
John Perry Barlow was on the Colbert Report last night. Here is the video.
MemeStreams now automatically embeds linked videos from iFilm the same way as it does for YouTube, Google Video, and Revver.
However, it is quite annoying that iFilm does not support embedding for all of it's videos. I wanted to post Kaki King, because she is amazing.. But I just get this:
Instead, you are getting Iggy Pop.. And you will be happy about it.
Billy Hoffman: 'Would you like a destoyed Internet with your JavaScript?'
Topic: Computer Security
12:10 pm EDT, Mar 25, 2007
A security researcher at ShmooCon on Saturday demonstrated, but did not release, a tool that turns the PCs of unknowing Web surfers into hacker help.
As expected, SPI Dynamics researcher Billy Hoffman demonstrated a Web application vulnerability scanner written in JavaScript. The tool, called Jikto, can make an unsuspecting Web user's PC silently crawl and audit public Web sites, and send the results to a third party, Hoffman said.
"The whole point was to show how scary cross-site scripting has become."
"Once one person has talked about the ability to do it, it doesn't take that long for somebody else to come up with it," said one ShmooCon attendee who asked to remain anonymous. "It will come out."
This week on Reflection we have a very young guy from the webappsec field.
Billy’s knowledge on Ajax is tremendous ... his ability to think differently has helped him achieve so much in such a short time.
I got a chance to meet with him in the WASC meetup at RSA. He is a very lively character. Let me put it this way, if billy is a part of a conversation, you won’t get bored even if you just stand there and listen.
Anyone who has worked with Billy knows, he is one of the best security researchers in the world. Billy is among the first people I contact when I need to bounce an idea off someone, and the insight he brings to the table is always impressive. Based on my firsthand experience, it is incomplete to the degree of inaccuracy to simply say "he thinks outside the box". Billy destroys the box before your eyes while telling you what you need to keep in mind when building your next box.
We can say with confidence, that when what comes after "Web 2.0"/AJAX is created, Billy's work will be one of the factors driving design decisions.
I enjoy watching him repeatedly pop up in the press. I feel proud to have known him back when he was just an unknown college student getting sued for the first time.. :)
Oh, btw.. Billy is also a member of the Industrial Memetics Team, and actively contributes to MemeStreams development. We consider ourselves lucky.
