a photo of a usps contracted truck. the words "US Mail" appear in large letters on the back of the truck. In smaller letters above it lies the name of the trucking company, called "Trojan Horse LTD" from Jessup, MD.
Photo Credit: Moi. Click Through for a larger (but still lo-res) pic.
This is an amazing video. Sadly, it was sent to me as part of a forwarded chainmail by someone who apparently actually believed these sensationalist charalatans.
“Malware systems and tracking cookies”. Bwhaaahahahahah. Yes, The fricking Department of Transporation is developing zero-day to launch against your computer, using the “but it’s in the shrinkwrap disclaimer so we don’t need a warrant or any other legal instrument” approach. Television like this is borderline criminally negligent.
http://www.youtube.com/watch?v=pM30nqfasyU
PS. I subscribe to the “any publicity is good as long they spell your name right” concept; you may have noticed that i didn’t mention the names of these morons in my posting; I ask that you don’t either in your comments … no sense lending them any further recognition.
PPS. This against outlines the need for a comprehensive web app review program 
Yeah, this is a super-late post, and if you’re into Jay-Z or activelly follow festivals it’s likely old news …
So recently I was digging into some Jay-Z background and came across the latest controversy; he had been invited to play at the Glastonbury Festival last year. The traditionally rock-based sell-out festival is held on a farm in quite a large one, and dates back to 1970; it appears to essentially be a UK version of Woodstock but repeatedly successful (to over simplify it). 2008 brought about a good bit of contr0versy with the addition of Jay-Z as a headliner for this gigantic festival that also included the likes of Joan Armatrading and Joan Baez. Noel Gallagher led the charge in the press, making snide statements about how he “won’t have it” to which Jay-Z responded with surprising grace and maturity.
When the time came, however, Jay-Z showed Gallagher what’s what in the most irrefutably valid way possible by putting on one hell of a show. Of course, there was salt for Gallagher’s wounds – a video of Gallagher’s statements played on the grand stage, and then, just to make sure Gallagher stayed down for good this time, Jay-Z actually opened with one of GALLAGHER’S SONGS ! That’s right, Jay-Z opened his set by performing “Wonderwall”, singing in a loonish offkey manner that I can only interpret as mockery. He then kicked into 99 problems, even rocking it up a bit by adding some AC/DC licks (verse lick from “Back in Black”). In the end, regardless of once-releveant Noel Gallagher thinks, Jay-Z is a very valid musican and a remarkably popular one at that, and once again validated hip-hop by giving a hell of a great show that had the crowd cheering his name by the end. Seems like Gallagher could learn a thing or two about PR from Jay-Z’s folks too …
Great vid here: http://www.youtube.com/watch?v=mrDIOVXx-y8
Jay-Z performing “Wonderwall” by Oasis into 99 Problems.
I spent last Sunday hanging out in a dive … well, a barrel dive to be more precise.
You see, in much debt to my wife’s amazing ability to find the novel and interesting, we spent last Sunday at the at the Flying Circus in Bealeton, VA. Despite the distinct lack of well heeled englishman dressed in woman’s clothing, this was a fantastic time as the show has gone on since the 70’s (although it’s been handed down a few generations since). The best thing about this show; it’s all World War Two era open-cockpit bi-planes. Think Snoopy. Think evil Baron’s and guys with long handle-bar mustaches tying damsels to railroad ties … now you get it.
It’s doubtful that anyone has ever seen as single WWII aircraft, much less 10 of them all in a line, and yes, the Flying Circus boasts many, many WWII planes which was actually a surprise to me; for these were open cockpit biplanes. Yes, I too thought they were distinctly WW I aircraft, but apparently they played a very prominent role in WW II as well. This is unsurprising, as WWII saw many military innovations, and more advanced aircraft was likely one of them. This I don’t know for fact, as I’m not the aviation history buff other’s are, but I do recall that the Enola Gay uses propellers .
The show consists of first some freefall parachutists, then lots of insance aerobatics. These guys fly simple aircraft, the maximum of which I believe was a 7 cylinder, 14 valve rotary engine with hand controls and cables – and do loops, barrel dives, hammer stalls, the whole nine yards. The original pilots of these crafts did all of these evade and catch their enemies.
The best part – or worst depending on your perspective – is that you can buy a ride. My 11 year old unfortunately was deemed to young for the responsibility of donning and possibly having to deploy a parachute, but I was not. Yes, you know it’s going to be a good ride when they give you a PARACHUTE ( Not that, however , at 2,500 feet you’re going to have a rat’s chance of actually deploying it : )
My pilot was awesome, as they all are (most are current or former AirForce, Navy, or Commercial Pilots, or multiples of those at the same time ), and he kept me pretty calm as he made the airplane do things no airplane should ever do. The infrantyman in me of course didn’t like being in the air at all, but I was surprisingly calm during the whole affair, and even egged him on some (stones of steel !) . We did multiple loops – literally flying upside down where the only thing holding me in were the shoulder and lap straps – barrel rolls, dives, and my favourite – or least favourite : a manuever in which he takes the plane straight up until it wing stalls – meaning that there literally isn’t enough thrust to move it forward anymore. It slows to a crawl and then gently starts SLIDING BACKWARDS as the pilot starts to tip the nose to the ground and go into another maneuver.
Remember, while all this is happening, you are *free* in your chair, held in by a few canvas straps and a cheeky buckle (the same kind of cheeky buckle mechanism they use in the lapbelts of a UH-1H, that looks like they came out of a 1967 volkwagen or something). You can’t even brace yourself in the cockpit, for while they did take out the stick, the throttle and richness mixture to the left, controls to the right, and rudders right below you are very real. Please resist to the temptation to brace your legs while the pilot is using the rudders to take you through a tail spin
It was sick, and I was immediately in awe of the men who demonstrated such physical courage as to get into these relatively simple devices at all 50+ years ago, much less fly them over enemy lands, dodging ack-ack, and going into these insanely acrobatic maneuvers to evade their enemy while trying to shoot a plane doing the same. It gives you great respect for the men who fought then, long before ECM’s and missiles, when warfare was simpler and by all rights harder, dirtier, and a hell of lot more personal.
All in all, it was a great time. Nothing real glossy or fancy, just good honest folks on some farmland down in VA doing their thing, but 100% amazing. I highly recommend it to anyone, and remember; the planes cost over a hundred grand each these days, and maintenance on them is around 30k, so buy a t-shirt, get some food (unless you plan on taking an aerobatic trip !) and relax; this isn’t giant corporate network chain trying to rob you blind.
And no, I never needed the ‘motion sickness bag’ clipped to the side (remember, it’s an open cockpit and he’s behind you) but I didn’t need it. I did, however, have a little trouble walking when we hit the ground; my inner ear was mush at that point.
Unfortunately, they don’t have cameras rigged in the plane and there’s no way you’re capturing it from the ground, but here’s a stock video they have on their website. This link is to the medium res; you can go to the site for higher or lower res.
http://www.flyingcircusairshow.com/movies/aerobatic_ride.md.wmv
Flying Cirus Aerodrome http://www.flyingcircusairshow.com/index.htm . Great time for kids, opportunity of a lifetime for adults.
And that’s how I spent last Sunday hanging out in a dive …
I’m blogging this because it took too long for me to figure out and want to save some other poor shmuck the effort. When adding response headers to an ASP.net page, it seems a bit obvious and tempting to use the method provided as part of the Headers collection, as in Response.Headers.Add(“MyHeaderName”,”MyHeaderValue”);.
This will, unfortunately almost never work out; at least it didn’t for me, giving the error “This Operation Requires IIS Integrated Pipeline Mode” , and oy the chase down the resulting rabbit hole that leads to !
So here’s the huge time save: DON’T USE Response.Headers.Add, but rather use Response.AddHeader(“Header”,”Value”);
Works like a breeze the first time out, and there’s no need to reconfigure your daemon, mess around with the HTTPApplication current context, or anything else … just you and one line of response header goodness.
This is a great vid showing early dance styles and how they probably gave inspiration to the Moonwalk. It’s actually a really fun and interesting video to watch, and was well done …. so in other words, expects a DMCA take-down soon !!
Republican Rep Mary Bono Back, widow of an entertainer-turned politician, recently proposed legistlation requiring certain notification practices in P2P software, presumably to help prevent future debacles such as the government contractor whom leaked the technical blueprints to the President’s helicopters.
Whenever politicians try to legistlate things they don’t understand, it rarely goes well and has deeply troubling undertones. HR 1319 IH appears to be a political response to the incident that redirects attention away from root cause and serves as a general reminder of why politician’s should be dreaming up whilly nilly tech legislation.
The first obvious errors in Miss Back’s bill is the ridiculously broad definition of P2P software, defined in the bill as “computer software that allows the computer on which such software is installed–
(A) to designate files available for transmission to another computer;
(B) to transmit files directly to another computer; and
(C) to request the transmission of files from another computer.”
While these are traits of P2P software, they aren’t defining traits and this remarkably obtuse definition affects sweeping genres of technologies including the browser your using to view this page, and this website itself. The rest of the bill is generally benign, notification that by installling file-sharing software you may end up – yes, sharing files. The real travesty of this misguided bill however isn’t the poor definitions, the ever-increasing authoritarian government presence in the commercial sector. The real problem I have with this bill, no matter how worded it may eventually become, is that completely misses the mark: the cause of the blueprint leaks had nothing to do with P2P software.
If the leaks did indeed occur because of misconfigured P2P software, this could only be the manifestation of a systemic lack of effective security controls and practices by the contractor who leaked the information, and likely inadequate government oversight of this clearly government funded contract. For information like this to have been leaked via P2P, multiple actions would have had to occur:
1. The user of the system would have had to have elevated privileges to install the P2P software in the first place.
It’s standard practice not to let users manage their own systems. Not only are self-administrated machines glaring security holes, they run support costs through the roof. I’m not aware of any large organization that lets users manage their own machines, and certainly no government or well managed contractor environment does.
2. There would have to be a lack of system inventory management, for the installed software to go undetected.
Many – if not all – mature IT environment I’m aware of uses technologies to inventory and manage the locally installed software. This allows them to do things such as apply patches and upgrades and ensure that only approved, supported software is in use.
3. The system (which is presumably a laptop) would have had to have been available on the public internet.
This would reflect a complete lack of basic data loss prevention practices, that dictate that you handle different types of data differently. For this type of data to be on a system that was able to have direct internet access would be a shame
4. Or … The system would have had to be on a network that was classified for this data, but with completely inadequate network segregation from the internet.
Even if this data were indeed sitting on a system appropriate for that information, and on a network appropriate for that system, *and* the user were able to install P2P software, the software would still have to have network access out of the approved network for the information to have leaked.
The bottom line is that there are multiple practices, controls, and technologies that would have prevented this leak, all of which are common place and in most cases mandated. Had this contractor been conscientiously attempting to protect the information, the incident would have never occured. Trying to address it by targeting the end-point software is a mistake that will only impact technological growth and misplace responsibility, while doing nothing to prevent future data losses.
If Miss Back is truly concerned that innocent downloaders are also sharing their entire drives without realizing it, this bill needs to move the notifications from installation to the actual usage areas. P2P user’s don’t need to be notified that their software shares files. They know that, that’s why they download and install the software. What they need is software that makes it more obvious when they’ve misconfigured it. If this bill really is a response to the data-leak (as presumed in the media) and Miss Back is truly concerned about government data loss she should push for stronger enforcement of the information security laws it already has, considerably stronger oversight of these defense contractors, and an increased culture of personal accountability.
As it stands now though, HR 1319 doesn’t address either. The full text of the bill is available at http://thomas.loc.gov/cgi-bin/query/z?c111:H.R.1319:
Wow, I don’t know how I missed Cadie’s presence all over Google – oh yeah, I have a job. So while at 5:45 this m0rning there wasn’t much on the Cadie blog, turns out the Google pranksters were hard at work (?) letting Cadie put her touch on all things google, including: Maps, Images, Books, Knowledge, Earth, Mail, Code, Docs, and then some. My personal favourite is still blogspot, although really it represents more of a MySpace or Facebook but still sums up my whole attitude towards the social networking sites. There’s a couple nods to 419′ers in Maps and Mail. Cadie did a great job with Google code, returning all questions with references to INTERCAL ( a spoof language. Yes, people spoof programming languages. It’s a geek nerd thing). If you query her GCode too often, she pushes you back to work. Seriously.
I don’t have time to link all the images back to their origin sites, sorry, but a little googling will quickly yield the way. Gbots, great job on April Fools Day. I wish I had more time during the day to enjoy it all, but at least I got to enjoy it towards the end of April Fools.
What a remarkable non-event the entire Conficker saga became. With MONTHS of reseach, and loads and loads of the usual media hype complete with industry pundants and “experts”, Conficker failed to deliver the goods, leaving tons of patching teams exhausted, incident response folks waiting in vain, and for those of who predicted a non-event, smuggly saying “I Told You So” and then writing sad little blog posts to further remind everyone that, well, I told you so.
Frankly, I’m a little disappointed. With that much alledged effort going into the worm, you’d hope that at the least it would rickroll everyone by proxying http, or just poisoning the local DNS cache. But nope, nothing.
I can’t bring myself to watch mainstream news on internet worms because, well, it’s like watching a really bad war movie where everyone in the theater thinks it’s great but as the one guy who was actually Infantry I can’t help laughing at it . I heard that 60 minutes did this huge hype up on Conficker though, including showing of keystroke loggers, so I googled them up. Sure ’nuff, they’ve got their “Internet Expert.” Sorry what ? Internet Expert ? What the fuck is that ? Oh wait AND he’s a lawyer. Great. This link is NOT clicking through; they deserve no more hits.
So, after RickRolling the local CapSec through the auspices of a “follow the sun” conficker analysis, I received a reply back to this great article from Brian Krebs. Brian writes for the Washington Post online, and I think he does a really good job. Unlike some other outlets (such as Wired, which I’m becoming increasingly unfond of) he write about security *for* security folks, and he seems to really GET it. He doesn’t even complain when he writes about XSS on his blog, and I XSS his comments 
He’s a good guy to hang out with too. Of course, you still have to be careful what you say in front of the media – on or off the record – and I’ve had to play it mum on a lot of stuff while hanging out with him. Too bad too, he probably would have loved to scoop some of the stuff I (‘ve worked | am working) . Well Brian, if you read this, maybe next time I’ll tell you some of the older stories that are now safe to tell
Anyhow, here’s a thumb of Brian’s article. Click through to the full Washing Post Security Fix article for a nice April Fools’ Read. [ Note: The editor's note prefacing it as a prank is new. This morning the only indiciation for those whom hadn't already figured it out was at the very bottom of the article].
Brian Krebs April Fools' Conficker Worm article for the Washington Post Online
Anyhow, Brian posted this great blog update on Conficker. Click through the image to get to the full Post article.
