Exploit found in Microsoft Activesync RNDIS
As of ActiveSync 4.0, Microsoft has incorporated the Remote Network Driver Interface Specification (RNDIS) into creation of a syncing session between a Windows Mobile device and its host PC. While the implementation of this technology has numerous advantages, it also creates an exploitable situation by which a host PC can be attacked.
Feingold Fights Search And Seizure Of Our Laptops
Imagine you’re on your way home from a family vacation or business trip and some border agent or Transportation Security Administration (TSA) screener stops you or a family member at airport security and insists that you turn on your laptop. They then demand your password so they can browse around and they follow that by confiscating your computer until a later date — with no charges filed and no reasonable suspicion.
Cloud computing is a trap, warns GNU founder Richard Stallman
Web-based programs like Google’s Gmail will force people to buy into locked, proprietary systems that will cost more and more over time, according to the free software campaigner
The concept of using web-based programs like Google’s Gmail is “worse than stupidity”, according to a leading advocate of free software.
Cloud computing – where IT power is delivered over the internet as you need it, rather than drawn from a desktop computer – has gained currency in recent years. Large internet and technology companies including Google, Microsoft and Amazon are pushing forward their plans to deliver information and software over the net.
But Richard Stallman, founder of the Free Software Foundation and creator of the computer operating system GNU, said that cloud computing was simply a trap aimed at forcing more people to buy into locked, proprietary systems that would cost them more and more over time.
“It’s stupidity. It’s worse than stupidity: it’s a marketing hype campaign,” he told The Guardian.
Cybersecurity holes exposed in Los Alamos nuke lab
Network on shaky ground zero
Posted in Security, 29th September 2008 18:11 GMT
The Los Alamos National Laboratory - easily the world’s most sensitive and sophisticated research institution - is marred by cybersecurity weaknesses that compromise the way information on its unclassified network is protected.
According to an audit by the US Government Accountability Office (GAO), the New Mexico-based LANL recently began implementing measures to shore up information security. But vulnerabilities remain on its unclassified network, which contains sensitive information involving controlled nukes, export control, and personal details of lab employees. Physical security was also found to be lacking at the facility, one of only three US National Nuclear Security Administration (NNSA) labs.
SECTION 8 of the $700 Billion or More “Draft” Bailout Proposal
Here a nice little clause under Section 8 of the $700 Billion or more Investment Bank bailout proposal:
Sec. 8. Review.
Decisions by the Secretary pursuant to the authority of this Act are non-reviewable and committed to agency discretion, and may not be reviewed by any court of law or any administrative agency.
Would you be stupid enough to sign any agreement with that type of language in it? I’m sorry, they MUST remove this clause.
You know, I don’t care your party affiliation, whether you are from a red or blue state or the most partisan voter in the U.S., if Section 8 doesn’t stop your heart then God Bless You and welcome to planet Earth.
Enjoy your stay.
$700 Billion Plus Wall Street Bailout…um…NO.
You know, I typically stay on the fence and try to stay as neutral as possible when it comes to political issues and postings on my website. On occasion, an issue that will unfathomable consequences WILL finally entice me to comment.
Well the issue of the century is at hand and I say ” Hell NO!” Why on this green earth am I going to have to pay for the stupidity of others? And then be asked, “oh and by the way, we really have no clue, really really screwed up things but have decided that YOU will have to clean up our mess and um, can you give the money to us in a week?”
Oh yeah, sure thing, we are always in the habit of handing over $700 Billion off of a 3 page financial bailout plan request with a clause in section 8 of said plan stating “Decisions by the Secretary pursuant to the authority of this Act are non-reviewable and committed to agency discretion, and may not be reviewed by any court of law or any administrative agency”.
ARE YOU FRIGGIN’ NUTS?!?!?
The best quote I’ve seen so far on this:
Rep. Jim McDermott, D-Washington, also asked why Congress should trust the administration to administer the bailout plan properly when, in his view, it has lost its credibility with the American people.
“Trust is something that is already bankrupt. The bank of trust in this administration is absolutely bankrupt,” McDermott said. “They have misled, lied, misrepresented, whatever word you want to use, on issue after issue. And now they give us seven days to come back, take out your wallet and give them everything that’s in it.”
I still can’t believe this is happeing.
Hackers infiltrate Large Hadron Collider systems and mock IT security
Commentary: Just another day in the jungle…
Hackers have mounted an attack on the Large Hadron Collider, raising concerns about the security of the biggest experiment in the world. By Roger Highfield.
As the first particles were circulating in the machine near Geneva where the world wide web was born, a Greek group hacked into the facility, posting a warning about weaknesses in its infrastructure.
Calling themselves the Greek Security Team, the interlopers mocked the IT used on the project, describing the technicians responsible for security as “a bunch of schoolkids.”
However, despite an ominous warning “don’t mess with us,” the hackers said they had no intention of disrupting the work of the atom smasher.
“We’re pulling your pants down because we don’t want to see you running around naked looking to hide yourselves when the panic comes,” they wrote in Greek in a rambling note posted on the LHC’s network.
iPhone 3G Patch, v2.1…Apple gets it.
Note: After downloading and installing the patch with no issues, it looks like the security vulnerability initiated from the home screen/emergency number dial has been fixed in this release. Now, that being said, Apple should have addressed this flaw quicker instead of waiting to address it in a “.1″ release. Adoption in corporate environments will require a much faster response to security vulnerabilities.
Patch Update
Apple today released their latest patch, version 2.1, for the iPhone 3G. I am still trying to determine from the release notes if they have fixed the security flaw in the home screen lock that was mentioned a few weeks back. Regardless, I am going to download it now and apply.
As I have stated before, I am a Windows Mobile/CE guy. I have been in that camp for at least 9 years, owning numerous Windows mobile devices dating back to the Casseopeia E105 that ran Windows CE. In all those years, the one thing I can say that was consistent about my Windows Mobile/CE experience was slow patch/os upgrade release and delivery. Read more
How RFID Tags Could Be Used to Track Unsuspecting People
Key Concepts
- Radio-frequency identification (RFID) tags are embedded in a growing number of personal items and identity documents.
- Because the tags were designed to be powerful tracking devices and they typically incorporate little security, people wearing or carrying them are vulnerable to surreptitious surveillance and profiling.
- Worldwide, legislators have done little to address those risks to citizens
If you live in a state bordering Canada or Mexico, you may soon be given an opportunity to carry a very high tech item: a remotely readable driver’s license. Designed to identify U.S. citizens as they approach the nation’s borders, the cards are being promoted by the Department of Homeland Security as a way to save time and simplify border crossings. But if you care about your safety and privacy as much as convenience, you might want to think twice before signing up.
iPhone Passcode Lock Security Flaw
Well that didn’t take long…
Enabling your passcode lock and setting up a certain home key shortcut could expose your iPhone if you’ve upgraded to version 2.0.2
