Unintelligent filtering – Internet filtering is stupid, bad, dangerous, and worthless

Yesterday at work, I saw an article over at Ars Technica that I wanted to read. It was a news update on the substitute teacher who was convicted of showing porn to students after the spyware infected class PC started showing porn pop-up images. If you aren’t already familiar with the story, there are a large number of articles on the story’s beginning and evolution over at boingboing. I had already read some about the latest in the story – Ms. Amero has been granted a new trial in place of the sentencing she was supposed to receive today – but wanted to read the Ars Technica take on this simply because I respect the authors at Ars and value their views.

Rather than getting to read the full Ars story, however, I get the following block page (Click ‘More’ for image – click the image for a larger view).

Continue reading Unintelligent filtering – Internet filtering is stupid, bad, dangerous, and worthless

Microsoft security engineer shows simple wireless network break-in tools

I love security. I really need to get a good job back in the computer security industry. If I could track down a decent job in security, I’d get to play with cool software like the wireless security breaking tools demonstrated by Microsoft’s Marcus Murray (more information on this session on Murray’s blog).

ORLANDO – During an updated version of one of the more popular sessions at TechEd each year, senior security engineer and Microsoft MVP Marcus Murray did attendees a major service by demonstrating that hacking into a network is not really an art, and in some ways, not even much of a science.

His “Why I Can Hack Your Network in a Day” session is actually something of a misnomer, as many of the tools he uses (including one written by SysInternals guru-turned-Microsoft fellow Mark Russinovich) can enable individuals to work their way to revealing the passwords of domain administrators in closer to 15 minutes.

Of course, this is just a case of technology allowing transfer of skill – one security expert figures out the vulnerability, encases it in a point-and-click tool, and shares with the world. But it is still interesting to see what is going on in the back-and-forth of improved security/improved breaking of security fight. As always, security experts will look at the exploited vulnerabilities, come up with ways to reduce or eliminate them, improve protocols, and release equipment with the improved protocols. This will be followed by the break-in experts analyzing the new protocols, looking for direct and secondary/side-channel attacks, determining weaknesses, exploiting those weaknesses, and releasing simple tools that allow less skilled attackers break the security. Around and around it goes, until the eventual heat death of the universe or until we all start communicating via telepathy (which will probably get hacked somehow, in which case evolution will create better telepaths, and so on).

[tags]Microsoft security engineer demonstrates wireless hacking tools[/tags]

The JFK plot

I know there has been plenty of news lately about the plot to blow up JFK airport, but I haven’t bothered writing anything about it. I have had someone contact me to ask me why, since I’ve covered a number of other terrorist plots or physical security issues in the past. The main reason is that this planned attack just wasn’t very feasible, nor was the attack likely to have had any success.

Safeguards in the fuel delivery grid greatly limit the amount of damage that can be done by intentional or accidental explosion/destruction/burning of any section of the fuel system. Additionally, jet fuel contains additives specifically designed to reduce the chance of explosion, increase the difficulty of catastrophic fire, and minimize spread of flames in general. Yes, the stuff burns, but it actually does not burn well enough to have very much of a chance of the spectacular destruction it seems the attackers had in mind.

Though Mr. Defreitas had lived in Brooklyn and Queens, he told the informant that his resentment of the United States hardened into hatred during his years as a cargo worker at the airport.

“He saw military parts being shipped to Israel, including missiles, that would be used to kill Muslims,” the complaint read. Mr. Defreitas, who was secretly recorded by the informant, complained bitterly that he “wanted to do something” and that “Muslims always incur the wrath of the world while Jews get a pass.”

Mr. Defreitas envisioned “the destruction of the whole of Kennedy” and theorized that because of underground pipes, “part of Queens would explode.” He boasted that in addition to a huge of loss of life – “even the twin towers can’t touch it,” he said – the attack would devastate the United States economy and strike a deep symbolic blow against a national icon, President John F. Kennedy, officials said.

Sure, it sounds scary and stuff, but the explosion he dreamed of just wasn’t going to happen. And given how much I’ve written about improbable attacks and the over-reaction of Americans to these things, I was planning on giving this incident a pass. I’m tired of wasting my time detailing the weaknesses of bad, weak, improbable and infeasible threats. You’ll note that I’ve not even taken the time to provide links backing up my claims on infeasibility and difficulty of any success. That’s because the whole plot was so ludicrously bad that I don’t want to waste more of my time pointing out specifics. You can spend a few minutes online and easily find reputable sources supporting what I’ve stated above. If you disagree, please post it in the comments and I’ll be glad to expand on the topic. But unless someone really thinks this attack was worth worrying about, I’m not going to waste more time on it. That is, unless the government does something else stupid to strip away our freedoms as a result. Then, you can be sure I’ll come back to bitch about the poor job our government is doing.

[tags]JFK explosion plot too infeasible to even waste time debunking it[/tags]