Poop in the News

Man Arrested For Allegedly Hiding In Women's Toilet

Truth really was stranger than fiction in New Hampshire where a man was arrested for allegedly being inside a women's room toilet.

Summer vacationers were disgusted when a man was discovered hiding inside a toilet in the women's room at a rest stop along the Kancamagus Highway near Carroll City. Police said he was in the waste tank beneath a log cabin restroom.

Authorities said Gary Moody, 45, of Gardiner, Maine, somehow got inside a toilet in the women's restroom and stayed there undetected as women used the restroom until a young girl detected him. The teen apparently walked into the restroom and looked down into the toilet and saw Moody looking back up at her.

Police were called in to flush him out.

"It's a very filthy environment and before we put anybody in contact with him we wanted to decontaminate him. We treated him exactly like he was hazardous material," Capt. John Hebert of the Carroll City Sheriff's Department said. "I started in this business in 1980 and I have never in my career encountered anybody in this type of a situation."

Moody was charged with criminal trespassing in and was freed on bail. A court date of July 19 was scheduled in North Conway.

How to Deal with Pushy Security Vendors

Columnist Demetrios Lazarikos is losing patience with security vendors that are all hype and no substance. He offers a few tips on finding the right vendor for your company.

What if Operating Systems Were Airlines?

Kind of an airline theme of late... What traveling would be like if compared to using an operating system.

Interview with Marcus Ranum

There's some good stuff in this interview.

There's enough blame for everyone.

Blame the users who don't secure their systems and applications.

Blame the vendors who write and distribute insecure shovel-ware.

Blame the sleazebags who make their living infecting innocent people with spyware, or sending spam.

Blame Microsoft for producing an operating system that is bloated and has an ineffective permissions model and poor default configurations.

Blame the IT managers who overrule their security practitioners' advice and put their systems at risk in the interest of convenience. Etc.

Truly, the only people who deserve a complete helping of blame are the hackers. Let's not forget that they're the ones doing this to us. They're the ones who are annoying an entire planet. They're the ones who are costing us billions of dollars a year to secure our systems against them. They're the ones who place their desire for fun ahead of everyone on earth's desire for peace and [the] right to privacy.

Inside or Outside? Or How Many Warren Lunches Would it Take...

Internal security breaches at the world's banks are growing faster than external attacks, as institutions invest in technology, instead of employee training.

According to the 2005 Global Security Survey, published by Deloitte Touche Tohmatsu, 35 per cent of respondents said that they had encountered attacks from inside their organization within the last 12 months, up from 14 per cent in 2004. In contrast, only 26 per cent confirmed external attacks, compared to 23 per cent in 2004.

The report, which surveyed senior security officers from the world's top 100 financial institutions, found that incidences of phishing and pharming, two online scams which exploit human behavior, are growing rapidly. These scams use bogus e-mails and websites to persuade people to reveal confidential information to hackers and fraudsters. "Completely malicious internal security threats are less likely than those caused through lack of training," said Gerry Fitzpatrick, enterprise risk services partner at Deloitte in Dublin, speaking to ElectricNews.net. "People need to understand how to classify data and treat it in a secure way."

Who Ordered the Curry on Wheat?
An undercover reporter was able to buy the details thousands of UK banking accounts, password particulars and credit cards numbers from crooked call centre workers in India, The Sun reports.

Airport Security

Note: If you want to pass through airport security faster - select a one-way ticket... Then, you get to go through the "very special" screening. BTW I don't think he was using just the back of his hand...

"Here is a story from Slate on how the current flavor of airport security is pointless, and if anything, actually increases risks - check it out."

Patriotic Ashes

Click here for the PODCAST (2mb MP3) of this post.

A constitutional amendment to ban the desecration of the U.S. flag moved closer to reality Wednesday 6/22 when the House of Representatives passed it 286-130. While this isn’t the first time this has happened, I’m still concerned by the notion of such a bill making it out of the Senate.

Here’s a quick blurb from the USA Today article:

The amendment reads, "The Congress shall have power to prohibit the physical desecration of the flag of the United States." Supporters say the flag should be protected because it symbolizes the freedoms many have died to defend. Flag burning "is a challenge to the institution that defends liberty," Rep. Phil Gingrey, R-Ga., said. "Our flag deserves to be respected and protected because it is more than just star-studded fabric."

Source: kevin pereira dot com

The Adaptability of Iraqi Insurgents

This Newsweek article on the insurgents in Iraq includes an interesting paragraph on how they adapt to American military defenses.

Counterinsurgency experts are alarmed by how fast the other side's tactics can evolve. A particularly worrisome case is the ongoing arms race over improvised explosive devices. The first IEDs were triggered by wires and batteries; insurgents waited on the roadside and detonated the primitive devices when Americans drove past. After a while, U.S. troops got good at spotting and killing the triggermen when bombs went off. That led the insurgents to replace their wires with radio signals. The Pentagon, at frantic speed and high cost, equipped its forces with jammers to block those signals, accomplishing the task this spring. The insurgents adapted swiftly by sending a continuous radio signal to the IED; when the signal stops or is jammed, the bomb explodes. The solution? Track the signal and make sure it continues. Problem: the signal is encrypted. Now the Americans are grappling with the task of cracking the encryption on the fly and mimicking it—so far, without success. Still, IED casualties have dropped, since U.S. troops can break the signal and trigger the device before a convoy passes. That's the good news. The bad news is what the new triggering system says about the insurgents' technical abilities.

The CIA is worried that Iraq is becoming a far more effective breeding ground for terrorists than Afghanistan ever was, because they get real-world experience with urban terrorist-style combat.

Deleting Stubborn Files

Do you have stubborn malware infecting your machine? This article offers advice on how to manually delete it without taking the reformatting route.

Airport Xrays Render You Naked!

After spending lots of time at the airport lately... Is an invasive pat-down a bad thing?

President Bush's proposed $2.57 trillion federal budget for Fiscal Year 2006 greatly increases the amount of money spent on surveillance technology and programs while cutting about 150 programs?most of them from the Department of Education. EPIC's "Spotlight on Surveillance" project scrutinized these surveillance programs.

Airport security has undergone significant changes since the terrorist attacks of Sept. 11, 2001. Recently, the Transportation Security Administration (TSA) announced a proposal to purchase and deploy "backscatter" X-ray machines to search air travelers at select airports. TSA said it believes that use of the machines is less invasive than pat-down searches. However, these machines, which show detailed images of a person's naked body, are equivalent to a "virtual strip search" for all air travelers. This proposal, along with the agency's controversial plan to profile air travelers, shows extraordinary disregard for the privacy rights of air travelers. The Department of Homeland Security is requesting $72 million to invest in detection systems, which includes funding for the backscatter machines, which cost between $100,00 and $200,000 each.

Read the rest at http://www.epic.org/privacy/surveillance/spotlight/0605.html, including pictures this technology produces....

Happy Fathers Day

Words of Wisdom:

Never Say Never...

Another G-Map Hack

Yet another Google Maps hack has been unleashed upon the unwashed masses. gCensus offers United States Census information merged with Google's powerful mapping tool. The result? Population density and other data sets accurate to a city block!

This is an impressive little hack built with XML, XSLT, CSS, AJAX and the kitchen sink (for good measure).

(IN)SECURE Magazine Issue 2 is out - free download

Source: Insecure Magazine

(IN)SECURE Magazine is a freely available, freely distributable digital security magazine in PDF format. Issue 2 brings topics such as: "Information security in campus and open environments", "Advanced PHP security - vulnerability containment" and "Clear cut cryptography". Get your copy today!

Picking Physicists' Locks

From Scientific American:

Measured to be equal to 1/137.03599976, or approximately 1/137, [the fine-structure constant] has endowed the number 137 with a legendary status among physicists (it usually opens the combination locks on their briefcases).

So now you know, too.

Take this Job and...

Stress what stress?

According to the 2005 Stress of Security Survey, 25% of IT decision-makers surveyed reported that protecting their company against malicious Internet security threats, such as viruses or spyware, is more stressful than a minor car accident. 13% stated that it is more stressful than starting a new job.

Furthermore, when asked about security breaches and the effects on their employment status, 45% of IT decision-makers surveyed believed that lost or stolen intellectual property as a result of an Internet security breach could put their job on the line.

Sysadmins Urged to Stop Child Abuse Downloaders

Karen should be so happy...

Sysadmins are urged to stop staff who download child pornography at work under a campaign due to host a free half-day conference in London on Wednesday (15 June). The 'Wipe it Out' event, backed by the Home Office and organised by the Internet Watch Foundation, aims to address the "practical, legal, ethical and corporate social responsibility" issues around the subject. Junior Home Office Minister Paul Goggins and various net security experts and lawyers are due to speak at the event.

The Sexual Offences Act 2003, which became law in May last year, changes the responsibilities and conditions for dealing with indecent images of children which might be found on corporate networks. The Act introduces a limited defence for making copies of child abuse images in order to stop offences, such as the distribution of these images, taking place.

Ice Cream Lock

Security isn't always about criminals and terrorists. Sometimes it's about your roommates or your co-workers. Here's a lock you can fit over your pint of ice cream so no one else eats it. Of course they can cut a hole through the packaging, but that's not the kind of criminal we're worried about here.

Now if we could just get one to fit Matt's soup cans...

A Computer Geek's History of the Internet

In case you didn't know and/or a couple of things Al Gore forgot to tell you...

WHAT THE HACK

Still time to get your tickets!

Every campsite should have this - Will there be network connectivity?

Yes. RJ-45 jacks are at least every 100 meters at the edges of most fields. You may want to bring that nice Ethernet switch you have lying around, as well as some larges lengths of CAT5 cable. Hookups will be 100 MBps, our DHCP server will pass out world-reachable IP-addresses, and there will be enough Internet bandwidth for all to share.

What The Hack is an outdoor hacker conference/event taking place on a large event-campground in the south of The Netherlands from 28 until 31 July 2005.

Events like What The Hack take place every four years, and originate from a group of people that was originally centered around a small hacker magazine called Hack-Tic. The magazine's last issue was published in 1993, but for reasons unknown the events have so far refused to die. 1989 Featured the Galactic Hacker Party, then in 1993 we saw Hacking at the End of the Universe, followed in 1997 by Hacking In Progress, and in 2001 there was Hackers At Large.

Pornography blamed for 52% of fraud cases between 2001 and 2004

Downloading porn from the internet is behind most cases of IT fraud and abuse by public sector workers, according to a just published survey.

Watchdog the Audit Commission discovered that 52% of identified cases of fraud or abuse between 2001 and last year were due to staff accessing pornography or other "inappropriate material" while at work. This was a 13% increase since the commission's last IT fraud and abuse survey four years ago. The increased need for internet access for public sector workers and the increase in access to website pornography made it difficult for organisations to control staff logging on to inappropriate sites, said the report, An Update on ICT Fraud and Abuse 2004.

5 Most Over-hyped Security Threats

Gartner, Inc. analysts identified five of the most over-hyped security threats during the three-day Gartner IT Security Summit taking place here in Washington DC this week.

While I can agree with the overspending related to SOX, I don't necessarily agree with the complete list. While many technologies on the list can be implemented securely that doesn't mean that they are secure by default (most are not). If over-hyped = heightened awareness, then lets all get hyper...

Gartner's five most over-hyped security threats are:

• Internet Protocol (IP) telephony is unsafe
• Mobile malware will cause widespread damage
• "Warhol Worms" will make the Internet unreliable for business traffic and virtual private networks (VPNs)
• Regulatory compliance equals security
• Wireless hot spots are unsafe
  

WEP Crack Part III – Securing your WLAN

WEP Crack Part 1 and Part 2 demonstrated that WEP cracking is easier than you may have thought. Switching gears, this last part of the WEP Crack How To will show you how to take a common sense approach to protecting your wireless networks.

Has it become cool to report a compromise?

It is not clear to me anymore that corporations are concerned at all about being in the news for security compromises (name the last five compromised companies that hit the news - how did it affect your impression of them? how did it affect their stock price? how did it affect the potential for future earnings?).

So I ask... Has it become cool to report a compromise?

Citigroup said Monday that personal information on 3.9 million consumer lending customers of its CitiFinancial subsidiary was lost by UPS while in transit to a credit bureau -- the biggest breach of customer or employee data reported so far.

Citigroup, the nation's biggest financial services company, said that UPS lost the tapes while shipping them to a credit bureau in Texas.

The tapes covered CitiFinancial customers and about 50,000 customers with closed accounts from CitiFinancial Retail Services. Customers of CitiFinancial's auto and mortgage businesses were not affected.

On the Police Beat...

Missouri Police: Officer Got Burger Laced With Meth

An you were worried about the doughnuts... An Officer's Christmas Quarter Pounder with Cheese tasted a little funny, and for good reason: It was laced with methamphetamine.

The incident happened in December in Desloge, Mo., about 50 miles southwest of St. Louis, but was not made public until this past Friday.

''He thought it tasted kind of funny so he looked at the burger,'' Bullock said. ''It looked like it had a foreign substance on it.''

The burger was sent to the Missouri Highway Patrol crime lab for testing and tested positive for meth.

Who knew? - Missouri is among the nation's hardest-hit states in terms of meth production and arrests. Police in Desloge and the surrounding counties make hundreds of meth arrests every year.

South Carolina Police Officer Pulls Over His Stolen Car

An off-duty Charleston, SC police officer on a Sunday drive in his police cruiser saw something awfully familiar - his recently stolen Volkswagen Jetta.

After passing his car on Limehouse Bridge shortly after 1 p.m. Sunday 6/5, North Charleston patrolman Ethan Bernardi whipped his cruiser around and pulled over the stolen vehicle. He called other deputies, who took possession of the car and arrested three suspects, Charleston County Sheriff's Capt. Dana Valentine said.

Robot can hit 300-km pitch, theoretically

Once it can run... We are getting one for the softball team!

A Hiroshima University researcher has developed a robot theoretically capable of hitting a baseball traveling as fast as 300 kilometers per hour by instantly analyzing its path using images captured with precision cameras.

Idaku Ishii, 35, an associate professor at the university's Graduate School of Engineering, said he plans to exhibit the robot at the Prototype Robot Exhibition opening next Thursday as part of the ongoing 2005 World Exposition in Aichi Prefecture.

Morpheus Is Dead

Monolith Productions, keeping it promise to make it worthwhile to play The Matrix Online, has gone and done the unthinkable. They went and killed off Morpheus, the main sage in the Matrix and the captain of the human hovership Nebuchadnezzar. Not only is Morpheus dead in The Matrix Online, but he is also now dead in all the future works set in the Matrix Universe after the trilogy. This is because anything that happens in Matrix Online is canon and automatically becomes part of the Matrix universe.

Has Ransomware Learned from Cryptovirology?

The next malware attack that involves holding data for ransom might not be a Trojan that affects a small number of users. The next attack might be a real cryptovirus or cryptoworm that holds the data of tens or even hundreds of thousands of users for ransom. What will people do then?

cryptome eyeball series

Not new, but if you have never made a visit and/or haven't been back for a bit this can be an interesting site...

The Eyeballing project was developed by activist John Young and uses publicly available maps to give a view into some of these secret and sensitive sites across America.

The project consists of series of individual 'eyeballing' web pages, each of which focuses on a particular military base, intelligence facility or other sensitive site, like nuclear power plants and dams. Eyeballing exploits the potential of hypertext to author a cartographic collage, piecing together a diverse range of aerial photographs, topographic maps at different scales, photographs, along with expert commentary by Young, annotated with corrections and clarifications emailed in from (anonymous) readers. There are also hyperlinks to supplementary documents and other relevant websites, while individual eyeballs pages are themselves cross referenced by hyperlinks. To produce the eyeballs Young only utilises public sources of maps and imagery, typically topographic mapping from MapQuest and aerial photography from Terraserver [1]. Even though the 'eyeballs' have an unpolished, almost amateurish look to them, the series represents a novel and valuable atlas of hidden places.

Is That a Puppy in Your Pocket?

A retired university lecturer in Australia has come up with the latest twist on Linux, fielding a distribution of the operating system that takes little memory and can boot directly off of a USB thumb drive.

Although Puppy Linux began life more as a demonstration than a full Linux distribution, it has rapidly evolved into a real workhorse distribution whose completeness is astonishing. Yet despite that evolution, Puppy Linux's focus on ease-of-use remains one of its major strengths -- to the point where it provides more hand-holding than some experienced Linux users might like.

No Need Privacy in Your Cube? Try an Electronic Silencer

Maxwell Smart's "cone of silence" is finally a reality.

Two people in an office here were having a tête-à-tête, but it was impossible for a listener standing nearby to understand what they were saying. The conversation sounded like a waterfall of voices, both tantalizingly familiar and yet incomprehensible.

The cone of silence, called Babble, is actually a device composed of a sound processor and several speakers that multiply and scramble voices that come within its range. About the size of a clock radio, the first model is designed for a person using a phone, but other models will work in open office space.

The voice scrambling technology used in Babble was developed by Applied Minds, a research and consulting firm founded by Danny Hillis, a distinguished computer architect, and Bran Ferren, an industrial designer and Hollywood special effects wizard.

Babble, which is intended to function as a substitute for walls and acoustic tiling, is an example of a new class of product that uses computing technology to shape sound. Already on the market are headphones that can cancel extraneous noises and stereo systems that can direct sound to a particular location.

The system will be introduced in June by Sonare Technologies, a new subsidiary of Herman Miller, the maker of the Aeron chair, as part of an effort to move beyond office furniture. The company plans to sell the device for less than $400 through consumer electronics and office supply stores.

Top 50 Security Tools

What is your favorite tool? Is it on the list?