Who Will Stand On Either Hand And Retake the GOP With Me? The Battle Plan . . .
We will target their in-district donors. We will target in-district reporters. We will spread Ken Calvert's dossier. And if they will not change, we will wipe them and replace them. We cannot afford to yield on this. There have been some over these last few days who have objected to this war of mine. Some think it needed, but object to ... (Read on Source)
Webcasters Sing the Internet Radio Blues…Again
Is Internet radio still a fledgling enterprise in need of subsidized royalty rates?
Wiffiti - A Live Test
Just read about Wiffiti from TechCrunch... considering trying a live demo during the 360i Summit, though cellphone access isn't great here. If you want to try it, write 25622 and start your message with "@summit". (Read on Source)
The State Of The Linux Help File Nation
InformationWeek: "A few years ago, my biggest complaint about Linux applied to many things in the computer world: The documentation was uniformly lousy and scattershot..."
USD 100 Laptop To Sell to Public
Computer enthusiasts in the developed world will soon be able to get their hands on the so-called 'USD 100 laptop'. The organisation behind the project has launched the 'give one, get one' scheme that will allow US residents to purchase two laptops for USD 399 (GBP 198). One laptop will be sent to the buyer whilst a child in the developing world will receive the second machine The G1G1 scheme, as it is known, will offer the laptops for just two weeks, starting on the 12 November.
Kazakhstan shuts down opposition Web sites (Reuters)
Reuters - Kazakhstan has blocked access to a number of opposition Web sites in a move Internet users condemned on Wednesday as a crackdown on freedom of speech.
Blogger Challenge 2007 sprog thank-you art + poem: reptiles.
Jennifer is another reader who made a generous donation to one of the projects in my challenge . She wrote: I felt like I definitely needed a piece of art work from your very talented crew. ... I'd like something in the style of Dr. Seuss about reptiles with some accompanying artwork. I've done my best to get my Seuss on. (This is one of those ... (Read on Source)
How a Classic Man-in-the-Middle Attack Saved Colombian Hostages
Last week's dramatic rescue of 15 hostages held by the guerrilla organization FARC was the result of months of intricate deception on the part of the Colombian government. At the center was a classic man-in-the-middle attack.
In a man-in-the-middle attack, the attacker inserts himself between two communicating parties. Both believe they're talking to each other, and the attacker can delete or modify the communications at will. The Wall Street Journal reported how this gambit played out in Colombia.
This ploy worked because Cesar and his guerrilla bosses didn't know each other well. They didn't recognize each others' voices, and didn't have a friendship or shared history that could have tipped them off about the ruse. Man-in-the-middle is defeated by context, and the FARC guerillas didn't have any.
And that's why man-in-the-middle, abbreviated MITM in the computer security community, is such a problem online: Internet communication is often stripped of any context. There's no way to recognize someone's face. There's no way to recognize someone's voice. When you receive an e-mail purporting to come from a person or organization, you have no idea who actually sent it. When you visit a website, you have no idea if you're really visiting that website. We all like to pretend that we know who we're communicating with -- and for the most part, of course, there isn't any attacker inserting himself into our communications -- but in reality, we don't. And there are lots of hacker tools that exploit this unjustified trust, and implement MITM attacks.
Even with context, it's still possible for MITM to fool both sides -- because electronic communications are often intermittent. Imagine that one of the FARC guerillas became suspicious about who he was talking to. So he asks a question about their shared history as a test: "What did we have for dinner that time last year?" or something like that. On the telephone, the attacker wouldn't be able to answer quickly, so his ruse would be discovered. But e-mail conversation isn't synchronous. The attacker could simply pass that question through to the other end of the communications, and when he got the answer back, he would be able to reply.
This is the way MITM attacks work against web-based financial systems. A bank demands authentication from the user: a password, a one-time code from a token or whatever. The attacker sitting in the middle receives the request from the bank and passes it to the user. The user responds to the attacker, who passes that response to the bank. Now the bank assumes it is talking to the legitimate user, and the attacker is free to send transactions directly to the bank. This kind of attack completely bypasses any two-factor authentication mechanisms, and is becoming a more popular identity theft tactic.
There are cryptographic solutions to MITM attacks, and there are secure web protocols that implement them. Many of them require shared secrets, though, making them only useful in situations where people already know and trust each other.
The NSA-designed STU-III and STE secure telephones solve the MITM problem by embedding the identity of each phone together with its key. (The NSA creates all keys and is trusted by everyone, so this works.) When two phones talk to each other securely, they exchange keys and display the other phone's identity on a screen. Because the phone is in a secure location, the user now knows who he is talking to, and if the phone displays another organization -- as it would if there were a MITM attack in progress -- he should hang up.
Zfone, a secure VoIP system, protects against MITM attacks with a short authentication string. After two Zfone terminals exchange keys, both computers display a four-character string. The users are supposed to manually verify that both strings are the same -- "my screen says 5C19; what does yours say?" -- to ensure that the phones are communicating directly with each other and not with an MITM. The AT&T TSD-3600 worked similarly.
This sort of protection is embedded in SSL, although no one uses it. As it is normally used, SSL provides an encrypted communications link to whoever is at the other end: bank and phishing site, alike. And the better phishing sites create valid SSL connections, so as to more effectively fool users. But if the user wanted to, he could manually check the SSL certificate to see if it was issued to "National Bank of Trustworthiness" or "Two Guys With a Computer in Nigeria."
No one does, though, because you both have to remember and be willing to do the work. (The browsers could make this easier if they wanted to, but they don?t seem to want to.) In the real world, you can easily tell a branch of your bank from a money changer on a streetcorner. But on the internet, a phishing site can be easily made to look like your bank's legitimate website. Any method of telling the two apart takes work. And that's the first step to fooling you with a MITM attack.
Man-in-the-middle isn't new, and it doesn't have to be technological. But the internet makes the attacks easier and more powerful, and that's not going to change anytime soon.
---
Bruce Schneier is chief security technology officer of BT, and author of Beyond Fear: Thinking Sensibly About Security in an Uncertain World.
Indian to be first CEO of Booz & Co.
It's been a long time since Rajat Gupta left his role as Managing Partner of McKinsey & Co.
Now Indians in the high-brow world of strategy consulting have cause to celebrate - another Indian Shumeet Banerji is set to become the first ever CEO of new strategy consulting firm Booz & Company.
The Consulting Magazine reports:
Other Indian's in the list of Top 25 Consultants are Raj Joshi of Infosys Consulting, Raju Lal of Ernst & Young's India practice (this has to be a first too!). Too cool!
Chivas 1, Dynamo 0: Game over
A second-half goal by Omar Arellano lifted Mexican powerhouse Chivas Guadalajara to a 1-0 victory over the Dynamo in SuperLiga group action Tuesday night at Robertson Stadium. The victory, which came before a near-sellout crowd of 28,723, propelled the 11-time... (Read on Source)
How to Make Money Off Free iPhone Games
Can developing free software for mobile phones be a business? It can if you're Illusion Labs, a fledgling company in the Swedish port city of Malm. Illusion Labs was started a year ago by Carl Loodberg and Andreas Alptun, who had worked together at another Swedish company called "TAT," designing software for companies including Samsung and Nvidia.
Fortinet Announces 10 Gigabit Ethernet Multi-Threat Security Solution for Enterprises and Telcos
... or all of a broad array of security applications firewall, antivirus, intrusion prevention, VPN, spyware prevention and antispam. When deployed as a consolidated solution, FortiGate systems bring together ...
SEW Experts: The Future Of Online Ads: Location, Location, Location
Location awareness -- the concept that a device knows exactly where it is -- is changing the way mobile search works. Search applications are being developed to tap into this capability and serve more locally relevant content. In today's vertical search c olumn, ' The Future of Online Ads: Location, Location, Location ,' local search expert ... (Read on Source)
O&O Defrag 11.1 Build 3362 Server Edition
... version NEW: handles data amounts in the Terabyte bracket trouble-free Optimized for Windows Vista and Windows XP Operating systems: Windows 2000, 2003, XP, Vista, 2008 (from Windows XP respectively 32- bit/64-bit) ...
Mini laptops in India are best for basic computing
Now the popularity of laptops has been increased so much amongst the people of India because it has great ability to solve too many problems in just a single click. Also the ability of multi-tasking i...
SIGHTINGS
VIACOM chief Sumner Redstone at Dan Tana's in LA having dinner with his ex, Christine Peters, and telling her, "I'm finally rid of her [soon to be ex-wife Paula Fortunato]" . . . BELEAGUERED tabloid king David Pecker and his wife, Karen, with her...
Windows Users Shrug Off Patches
Too many Windows users ignore Microsoft's bug-fixes, including an emergency patch issued six weeks ago, a researcher reports.
Google snatches search share from rivals (CNET)
CNET - Google grabbed a chunk of market share from rival search engines in the United States in November, new figures from ComScore show.
The 2008 Medical Weblog Awards Finalists
After a careful analysis and consideration, we are pleased to present the finalists of the 2008 Medical Weblog Awards. But first, a few notes. Voting will begin tomorrow. We will have instructions, voting booths, and further details here at Medgadget.com. (Read on Source)
Saints' Brees named AP Offensive Player of the Year - Philadelphia Daily News
 TSN.ca | Saints' Brees named AP Offensive Player of the Year Philadelphia Daily News - New Orleans quarterback Drew Brees was named the Associated Press 2008 NFL Offensive Player of the Year yesterday. Brees threw for 5069 yards, 15 fewer than Dan Marino's 1984 mark and only the second time someone has eclipsed 5000 yards passing in a ... Drew Brees wins Offensive Player of the Year award Brees NFL Offensive Player Of Year |
EA cutting 1,100 jobs
In its Q3 earnings, the video game giant gave more information about layoffs it first announced in October. But instead of 10 percent, it's 11 percent.
ITunes U Proves Better than Going to Class
Skip the lecture, download the podcast. That's probably not what university professors tell their students, but perhaps they should. New psychological research conducted by Dani McKinney , a psychologist at the State University of New York in Fredonia, shows that students who only listened to podcasts of lectures achieved substantially higher ... (Read on Source)
ASUS Eee Top Fails With Linux
Phoronix: "Their recently introduced Eee Top series, however, is not Linux friendly at all with the current generation of Linux distributions. The ASUS Eee Top ET1602 is a mighty fine piece of hardware at an exceptional value, but it does not know how to play with Linux without taking some advanced step."
Streaking lights, explosions reported all along coast
People from Maryland to Hampton Roads heard loud explosions and saw brilliant, streaking lights in the sky Sunday night. There was no immediate explanation, the National Weather Service office in Wakefield said. The Virginia Beach 911 center had numerous calls waiting just before 10 p.m., a supervisor said. (Read on Source)
CBS NEWS: Murtha’s Defense Earmarks Draw Questions. The contractor was set to receive $1 mil
CBS NEWS: Murtha’s Defense Earmarks Draw Questions. The contractor was set to receive $1 million tax dollars. He said the military told him the money would come through a company called Commonwealth Research Institute, whose parent company, Concurrent Technologies, ranked among the largest earmark recipients. Both were set up with Murtha&# ... (Read on Source)
Firefox 3.0.9 Fixes Bugs So You Don't Have to
It's true: Mozilla has released a new maintenance and security update for Firefox.
Journal Club -- Geometric Infinity-Function Theory -- Week 1
In our Journal Club on geometric ? -function theory this first official week starts with Alex Hoffnung talking about section 1 of ?Integral Transforms?. This is to get us going and hopefully also reduce the intimidation level. If it looks interesting, have a look at our schedule . We are still looking for volunteers who would like to have a look ... (Read on Source)
Extending The Shelf Life Of Antibody Drugs
A new computer model can help solve a problem that has plagued drug companies trying to develop promising new treatments made of antibodies: Such drugs have a relatively short shelf life because they tend to clump together, rendering them ineffective.
Name: SyroBro