Archive for July, 2011

Debt Ceiling, Dr. Who, Tigger … and more

Saturday, July 30th, 2011

Tim Harford, The Undercover Economist , has snide comments about our debt ceiling debate.

A handbag away from our debt ceiling

 “It’s not that easy. The percentage of household income spent on handbags has been considerably exaggerated by your weaselly father. Far more important is the mortgage. If we stop the payments, we lose the house.”

Doctor Who at Fawlty Towers

The Doctor and Rose decide to go undercover at Fawlty Tower’s after Mickey reports strange goings on there. But the real threat is yet to come, and only the unlikeliest of heroes can save the day.

Is Your Luggage Safe from airport security?

Think your luggage and personal items are safe? Think again! Here’s how anyone can get in your luggage without you even knowing.

Click through for the video. He also has lots of other interesting looking videos, like

 Ball of fire! Make fireballs you can hold with household items! They are fun to play with! Amaze your friends! Learn how magicians do it!

As my son put it, “What!!! handheld fireballs!?!  Let me see!”

Savage Chickens

Savage Chickens is one of several “cartoons on post-it notes” sites I’ve encountered recently.

Here’s a great visualization of the United States debt

You have to go see it.

Schneier on Security (my italics):

Hacking Apple Laptop Batteries

Interesting:

Security researcher Charlie Miller, widely known for his work on Mac OS X and Apple’s iOS, has discovered an interesting method that enables him to completely disable the batteries on Apple laptops, making them permanently unusable, and perform a number of other unintended actions. The method, which involves accessing and sending instructions to the chip housed on smart batteries could also be used for more malicious purposes down the road.[...]

What he found is that the batteries are shipped from the factory in a state called “sealed mode” and that there’s a four-byte password that’s required to change that. By analyzing a couple of updates that Apple had sent to fix problems in the batteries in the past, Miller found that password and was able to put the battery into “unsealed mode.”

From there, he could make a few small changes to the firmware, but not what he really wanted. So he poked around a bit more and found that a second password was required to move the battery into full access mode, which gave him the ability to make any changes he wished. That password is a default set at the factory and it’s not changed on laptops before they’re shipped. Once he had that, Miller found he could do a lot of interesting things with the battery.

“That lets you access it at the same level as the factory can,” he said. “You can read all the firmware, make changes to the code, do whatever you want. And those code changes will survive a reinstall of the OS, so you could imagine writing malware that could hide on the chip on the battery. You’d need a vulnerability in the OS or something that the battery could then attack, though.”

As components get smarter, they also get more vulnerable.

Schneier on Security (my italics):

Liabilities and Computer Security

Good article:

Halderman argued that secure software tends to come from companies that have a culture of taking security seriously. But it’s hard to mandate, or even to measure, “security consciousness” from outside a company. A regulatory agency can force a company to go through the motions of beefing up its security, but it’s not likely to be effective unless management’s heart is in it.This is a key advantage of using liability as the centerpiece of security policy. By making companies financially responsible for the actual harms caused by security failures, lawsuits give management a strong motivation to take security seriously without requiring the government to directly measure and penalize security problems. Sony allegedly laid off security personnel ahead of this year’s attacks. Presumably it thought this would be a cost-saving move; a big class action lawsuit could ensure that other companies don’t repeat that mistake in future.

I’ve been talking about liabilities for about a decade now. Here are essays I’ve written in 2002, 2003, 2004, and 2006.

Finally, this hits home.

New Netflix phishing scam

Friday, July 22nd, 2011

I just saw this warning on Terry Zink’s Cyber Security Blog. Click through for the details (short version – don’t click it).

I didn’t get one of these emails, but I know some readers who fall into the target audience for this one.


They are lying to you My Dear, from Steve

Monday, July 18th, 2011

How many ways can a non-American screw up a scam letter?  Let me count the ways…

Attn: My Dear,

I am Mr.Steve Morgan, I am a US citizen, 48 years Old. I reside here in New Braunfels Texas. My residential address is as follows. 108 Crockett Court. New Braunfels Texas, United States, I am one of those that took part in the Compensation in Nigeria many years ago and they refused to pay me, I had paid over $50,000 while in the US, trying to get my payment all to no avail.

So I decided to travel to WASHINGTON D.C with all my compensation documents, And I was directed by the ( F B I) Director to contact Mr.Kelvin Williams, who his a representative of the ( F B I ) and a member of the COMPENSATION AWARD COMMITTEE, currently in Nigeria.and I contacted him and he explained everything to me. He said whoever is contacting us through emails are fake.

He took me to the paying bank for the claim of my Compensation payment. Right now I am the most happiest man on earth because I have received my compensation funds of $15 Million Us Dollars Moreover, Mr.Kelvin Williams, showed me the full information of those that are yet to receive their payments and I saw your name as one of the beneficiaries, and your email address, that is why I decided to email you to stop dealing with those people, they are not with your fund, they are only making money out of you. I will advise you to contact Mr.Kelvin Williams.

You have to contact him directly on this information below.

COMPENSATION AWARD HOUSE

Name : Mr.Kelvin Williams

Email: fbiagnet.kelvin001@yahoo.cn

You really have to stop dealing with those people that are contacting you and telling you that your fund is with them, it is not in anyway with them, they are only taking advantage of you and they will dry you up until you have nothing.

The only money I paid after I met Mr.Kelvin Williams was just $290 for the paper works, take note of that.

Once again stop contacting those people, I will advise you to contact Mr.Kelvin Williams so that he can help you to Deliver your fund instead of dealing with those liars that will be turning you around asking for different kind of money to complete your transaction.

Thank You and Be Blessed.

Mr. Steve Morgan

108 Crockett Court.

Apt 303, New Braunfels Texas,

United States Of America

 I almost fell for this because of the “very convincing” non-US email address for “agnet” Kelvin.


Link Roundup – July

Tuesday, July 12th, 2011

Here’s to interesting stuff and not enough time:

First Follower

This is an educational voice-over on an old viral video (Leadership Lessons from Dancing Guy).
Follow the link for a transcript.

America’s Worst Mom

A lot of people say she’s America’s worst mom. What do you think? (I think a lot of people are pansies)

Some People Just Won’t Listen
.. or why you shouldn’t bank at Starbucks

If someone sent me a message from my own account, telling me what I’m drinking right now, I’d listen to his advice.

You’d think that with the name scratch, people wouldn’t expect it to be around for a long time

This is funny, because we have a “scratch” drive at work. Our IT guys (who are excellent, by the way) found it necessary to add folders named “___SCRATCH_IS_NOT_BACKED_UP” and “zzzSCRATCH_IS_NOT_BACKED_UP”. I’ll bet the target audience still didn’t get the message.

Some excellent answers to almost any post on any biking forum.

Including…
* No bike does everything perfectly. In fact, no bike does anything until someone gets on it to ride.
* The more you ride your bike, the less your *** will hurt.

and

Great advice in any context:
Maybe the person you waved at while you were out riding didn’t see you wave at them.

This was probably in response to people like this (warning: not polite)

Beethoven’s 5th – Salsa

Don’t need a computer? Finally, there’s a non-computer device for you.

PALO ALTO, CA—Hewlett-Packard announced Friday the release of the first-ever non-computer, a fully unusable device specially designed to address the demands of individuals who have absolutely no need to own a computer.