Archive for April, 2008

Not again

April 30, 2008

Another terrifying link from Bruce Schneier

Tourist or Terrorist? :: The Memphis Flyer :: City Reporter :: The Fly-By

A man walking through Tom Lee Park pauses to snap a photo of the iconic Hernando DeSoto Bridge. Another man shoots pictures of numerous downtown buildings.

Many would assume the men are tourists taking in the city’s sights, but law enforcement officials say they could be terrorists staking out possible targets.

The scenarios were described at an anti-terrorism town hall meeting last week hosted by the Shelby County Sheriff’s Office. The meeting, held at Cordova’s First Assembly of God Church, was one of four public meetings that occurred in conjunction with Operation Sudden Impact, a new local anti-terrorism initiative.

If you read the rest of the article, it gets even worse — as one of the commenters points out, the whole purpose of the exercise is to update the old communists-under-every-bed canard.

In the next few weeks, Operation Sudden Impact will bring representatives from all 54 agencies to Memphis for a one-day saturation exercise. Officers will perform traffic stops and gang interdictions and serve arrest warrants.

“Every arrest ticket written in 24 hours by each of those agencies will be reviewed to see if any of those people, even those with minor traffic charges, might have any connection to any possible terrorist activity lurking in the region,” Shular said.

That’s so full of crap I’m surprised he was able to say it with a straight face. But one of the things it shows is how cities in need of money for regular policing can slap an anti-terrorism label on their work and get funding through Homeland Security.


How to compare companies to countries

April 30, 2008

The Reality-Based Community

A much simpler measure would be employment. Multiply a firm’s headcount by some sort of population-to-employment ratio (about 2 for the U.S.) and you have the size of the population that the firm supports. Wal-Mart has 1.8 million employees; McDonald’s is second with 450,000. (Both of those numbers may be exaggerated by high ratios of part-time to full-time employees.) That makes Wal-Mart about the size of a smallish state or a tiny country: Oklahoma or Connecticut, Namibia or Moldova.

Nah, this doesn’t work either. The number of people companies employ doesn’t correspond very well at all to the amount of economic activity they’re responsible for. And, like profits, it’s wildy variable at the stroke of a pen. If Walmart outsourced 70% of its employees to a bunch of captive local subcontractors (as they already do with their cleaning staff to avoid certain liabilities) that wouldn’t make any difference whatsoever to their economic impact. You could probably do some kind of deep analysis of supplier chains to figure out what proportion of employees there should be credited to the top-level company (just as you can look at ecosystems to see what proportion of prey animals goes to feed a particular top predator), but the number isn’t at all easy to derive.

In addition, even once you’ve done that kind of accounting, it doesn’t account for the differences in revenue generated per person depending on the kind of work a firm does. So a multi-office law firm might generate as much money as a much larger (headcount) retail chain, rather like looking at the difference in GDP per capita between Liechtenstein and Togo…


April 18, 2008

Matasano Chargen » This New Vulnerability: Dowd’s Inhuman Flash Exploit

When the Flash runtime reads in scene data from a SWF file, there’s a numeric field that, when bounds-checked, is interpreted as a signed number, but when used is treated as unsigned. So there are values the field can take that are treated as tiny and innocuous at time-of-check, but actually evaluate as huge numbers at time-of-use.

A by-the-numbers integer overflow normally knocks the bounds checking off a strncpy or memcpy call, turning code that carefully copies, say, 1k of memory into code that will copy 2 megs of data, splattering it all over process memory. Not here. Instead, Flash uses the malicious number as a count of bytes to allocate.

When you ask Flash to allocate several gigs of memory all at once, the allocation fails, returning NULL. Attempt to use that NULL address and you will crash the program. This happens all the time in real code. Many crashes are traceable to NULL pointers. And, since nothing (usually) lives at NULL, NULL pointer crashes are usually code for “not exploitable”.

Not this time. Flash forgets to check that allocation failed, a ludicrously common error. It then uses that pointer with an offset controlled by the attacker. NULL isn’t valid. NULL plus 1024 isn’t valud. But NULL + 0x8f71ba90 is, as is NULL + N for any N that addresses valid memory.

And so forth. Also interesting in a sad way to see how many separate holes in Adobe’s code this requires.

And so it continues

April 18, 2008

Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm

the first botnets that use peer-to-peer (P2P) networks for remote control of the compromised machines appeared in the wild recently. In this paper, we introduce a methodology to analyze and mitigate P2P botnets. In a case study, we examine in detail the Storm Worm botnet, the most wide-spread P2P botnet currently propagating in the wild. We were able to infiltrate and analyze in-depth the botnet, which allows us to estimate the total number of compromised machines. Furthermore, we present two different ways to disrupt the communication channel between controller and compromised machines in order to mitigate the botnet and evaluate the effectiveness of these mechanisms.

When your malware is doing things like synchronizing infected machines with NTP, it’s time to mount a scratch universe….

Times have changed

April 18, 2008

How children lost the right to roam in four generations | the Daily Mail

When George Thomas was eight he walked everywhere.

It was 1926 and his parents were unable to afford the fare for a tram, let alone the cost of a bike and he regularly walked six miles to his favourite fishing haunt without adult supervision.

Fast forward to 2007 and Mr Thomas’s eight-year-old great-grandson Edward enjoys none of that freedom.

He is driven the few minutes to school, is taken by car to a safe place to ride his bike and can roam no more than 300 yards from home.

Rule of law

April 18, 2008

FBI Caused Delay in Terror Case Ahead of Senate Testimony | Threat Level from

The university, which had readily turned over the records in response to a subpoena, rejected the illegal NSL. Two weeks later, Mueller, testifying before the Senate Judiciary Committee, portrayed the university as intransigent and said the incident showed the FBI needed the power to force the turnover of all sorts of records without having to involve the court system.

“Now in my mind, we should not, in that circumstance have to show somebody that this was an emergency,” Mueller testified on July 27, 2005. “We should’ve been able to have a document, an administrative subpoena that we took to the university and got those records immediately.”

Some of the declassified documents suggest that Mueller was himself misled by underlings, and wasn’t told that the records had already been turned over in response to a subpoena.

And I’m sure his underlings will be thoroughly investigated for a criminal conspiracy to provide materially misleading information to congress.

Lest we forget

April 16, 2008

Maverick academic Philip Zimbardo says we are all capable of evil. Is he right? – People, News – The Independent

What took place on a peaceful Californian university campus nearly four decades ago still has the power to disturb. Eager to explore the way that “situation” can impact on behaviour, the young psychologist enrolled students to spend two weeks in a simulated jail environment, where they would randomly be assigned roles as either prisoners or guards.

There are always some of us who refuse to go along, but precious few. It’s not just following orders and following the crowd, it’s not letting your buddies down. It’s a million rationalizations. And if you go down the slope one day at a time, you can always tell yourself that you’re already damned, you might as well keep going. Or that what you did yesterday wasn’t that bad, and today isn’t that much worse, so really deep down you’re not a bad person….

And it’s all true.

Mmmm, aircraft.

April 16, 2008

X-48B mini flying-wing drone prototype resumes testing | The Register

Boeing and NASA reckon that BWB airframes could be quieter and more economical than ordinary jets. The X-48B prototypes, built by Blighty’s Cranfield Aerospace, are intended to gather details on the performance that could be expected from full-size jobs. They are scaled down from a conceptual 450-passenger airliner design, though in reality Boeing would expect any initial production orders to be for US Air Force transports or tankers.

See the article for a very pretty picture.

I’ve always loved flying-wing style planes (who wouldn’t?), but now that I look at the model and read that it was scaled from a concept for a 450-passenger airliner, I have to ask “Where the bleep are they going to put the windows?” With all the body width, and control surfaces on the wings, there are going to be a few dozen window seats, some aisles, and then middle-seat accomodation without end. Or maybe they’ll put in a bunch of fake standard cabins with flat-screen displays where the windows would go, or maybe the thing will have a roller rink and a food court in the middle. Or beds…

(I also like the fact that it’s powered by model-aircraft engines, which have gotten almost good enough to build a jetbelt….)

You keep using that word

April 16, 2008

Fittest Males Don’t Always Get The Girl

The fittest males don’t always get the girl, USC biologists report. Study tackles a paradox in species from fruit flies to humans: If warriors win the spoils, why don’t males evolve towards super-aggressiveness?

There is more to mating than beating up the competition, according to a new study. Female fruit flies sometimes choose males who win fights, sometimes choose males who do not fight, and sometimes choose males for no obvious reason, say biologists from the University of Southern California; Cal State University, Sacramento; and the University of California, Davis.

This isn’t really the fault of the researchers, more of the headline writer. But another way of saying this is “fruit flies and other species employ a different method for judging reproductive fitness than the simplistic one we decided they should use after looking for our keys under the lamp post.”

Ever since Darwin wrote “survival of the fittest” more than 100 years ago, idiots have beem ignoring the pretty clear tautology, coming up with their own fantasies of what fitness might be, and then complaining when the world doesn’t match up to their expectations.

Retail fraud, simplified

April 15, 2008

Price Change In Aisle 5, At The Push Of A Button: New System Simplifies Retail Price Tagging

“To make this possible, we have integrated a receiver in each screen. Each display can be separately controlled via a transmitter in the central computer.” If strawberries are on special offer, for instance, the store manager only needs to copy the file containing the new price into the main directory – and the price displayed on the strawberry shelf is instantly updated. To ensure that the price is changed on the correct display screen, the name of this file is the numerical code of the appropriate display.

And if the store manager changes the price on the strawberries between when you read the sign and when you get to the cash register, that’s just too bad for you, isn’t it? With a few strategically placed cameras and some image-recognition software, you could even automate the process: low price when a customer goes to read the sign, higher price at the register and when a clerk goes to do a price check.

In New York City (and probably other places) there’s a law against raising the price of an item once it hits the shelf, for exactly this kind of reason. But I see that these signs were developed in germany, where no doubt retailers are more law-abiding.