Friday, October 30, 2009

Drunk Ewoks Wreck Today Show Segment

Via The Live Feed:

Al Roker, dressed as Han Solo, tries to keep the peace. But he couldn't prevent the dry humping.

"Down boy, down!"

"What's he doing behind me?!"

"You're not allowed to have vodka" ...

Jon Stewart Breaks Down Fox News

The Daily Show With Jon StewartMon - Thurs 11p / 10c
For Fox Sake!
Daily Show
Full Episodes
Political HumorHealth Care Crisis

We Are Douchebags - NSFW

Via The Daily Dish

Old Ladies and the 24 Hour News Cycle

Margaret & Helen take on the 24 hour news cycle and come up with some gems.

Give Rush Limbaugh a football team.  Who better than he understands the effects of massive head injuries?

Palin having an opinion about  Levi Johnson “selling his body”  is like Roman Polanski having an opinion about Woody Allen’s choice in girlfriends.  Pot meet Kettle.

The little boy didn’t get into the balloon.  End of story.  To report anything more is helping a means to an end that leads to a reality show none of us needs to see.

The Boston Tea Party was a key event in the growth of the American Revolution. The British Parliament responded in 1774 with the Coercive Acts and the Colonists in turn responded to the Coercive Acts by convening the First Continental Congress.  The crisis escalated, and the American Revolutionary War began near Boston in 1775.   The 9-12 Project, by comparison,  was proof positive that people who watch Glen Beck can’t spell.
Image via Wikimedia Commons

Is Cap'n Crunch Gay?

Via Dinosaur Comics

Thursday, October 29, 2009

United Breaks Hearts AND Guitars

In an earlier post, United Breaks Guitars, I shared singer Dave Carroll's music video lamenting his charge that United Airlines broke his guitar and then refused to take any responsibility.

United - we love to lie, and it shows.

Well, poor Dave finally flew United again. This time, they lost his luggage.

In an interview, Mr. Carroll said that for more than an hour on Sunday, he was told he could not leave the international baggage claim area at Denver International Airport, where he had flown from Saskatchewan. He said he had been told to stay because his bag was delayed, not lost, and he had to be there to claim it when it came down the conveyor belt.

“I’m the only person pacing around this room,” Mr. Carroll said, recalling how he was caught between an order from United staff members to stay and collect his bag, and a federal customs official telling him he had to leave the baggage claim area. The bag never showed.

According to Neatorama, his luggage finally showed up days later. Fly the friendly skies of United.

Image via Wikimedia Commons

Finally - A Republican Who Makes Sense

I admire both the wisdom and the humor of Arizona Rep. Jeff Flake, who explained his vote against House Resolution 784 honoring the birth and contribution of Confucius by releasing this statement:
“He who spends time passing trivial legislation may find himself out of time to read healthcare bill,” said Flake.

Well played, Congressman Flake.

Image via Wikimedia Commons

Confuse Rover with the Autofetch Ball

Dogs can be pretty stupid when it comes to fetching a thrown ball. We've all been there - the fake throw, followed by hilarity when the clever canine has no clue why the orb is nowhere to be found.

This would come in a close second - the Autofetch Motion Pet Ball.

Just jam some doggie treats in the little hole, turn it on, and toss it on the ground, and prepare to be amused as the internal gyroscope keeps the ball in constant motion, much to Rover's consternation.

I wonder if this would work on toddlers, too?

Via Dvice

Wednesday, October 28, 2009

ExtenZe Ad Circa 1929?

Via Gawker

Who Wants Their Penis To Look Like Dorothy The Dinosaur?

I've seen some strange condom designs in my time, but I've yet to meet a woman who believes she would squeal with delight if a dude whipped out some prehistoric prophylactic in preparation to demonstrating his skills as a formidable swordsman.

I could be completely off base here - I mean, some of the best selling sex toys for women are shaped like bunnies and dolphins, if you believe Adam & Eve. Still, you have to be pretty confident to ask your date if she wants to check out T-Rex.

I suppose the spines are textured for her pleasure, and not intended as a buzz saw to divide her clitoris into two parts.

Polly want a cracker? That's what she said.

Just Ordered Two Cases: Dinosaur Condoms, via Geekologie

Net Neutrality - We've Played This Game Before

Via Dvice, a look at what the Internet might look like if ISPs get their way. Sort of looks like television cable packages, and you know what a great deal those have been for consumers.

Have you called your members of Congress yet? Don't complain if you do nothing and this is the result.

Tuesday, October 27, 2009

Pregnant Woman's Halloween Costume

Now that takes a sense of humor. Via Digg

Catching a Virus On the Web

If you want to avoid catching the flu, stay out of public buildings and airplanes. If you want to keep your computer from catching malware, avoid web sites.

Seems drastic, right? But a recent report by Dasient identifies 640,000 web sites and 5.8 million web pages as being infected by malware.

If that's not frightening enough, how about this handy information?

Meanwhile, the Google blacklist of malware infected sites has more than doubled in the last year, registering as many as 40,000 new sites in one week.

Most of the malware is delivered via JavaScript or iFrames injected into otherwise legitimate sites, which means two things - first, that web developers are still doing a crappy job of securing their code, and second, you can't even trust mainstream sites.

That means it's time for me to again rant about using a browser other than Internet Explorer, advise you to keep your Windows OS (if you insist on sticking with Microsoft) and any applications fully patched at all times (Secunia PSI is a good choice, especially for peripheral apps), and run a recognized antivirus product that's updated at least daily.

Oh, and if you're using your computer for online banking, financial transactions, or shopping, you may want to check out my posting here on using a Live CD to keep malware from stealing your information.

Via cnet Insecurity Complex

Image via Wikimedia Commons

Worst. Political. Ad. Ever.

Via the Daily Dish, this has to be one of the most insipid political ads ever designed. Does this type of thing actually work on people in Georgia?

SANS - Social Engineering Computer Attacks

SANS has a timely diary entry on their Internet Storm Center page entitled Social Engineering in Real-World Computer Attacks in which they posit the following:

Why bother breaking down the door if you can simply ask to be let in? Social engineering works, both during penetration testing and as part of real-world attacks. This note explores how attackers are using social engineering to compromise computer defenses.

For all the millions spent on hardening systems and networks, there's always someone volunteering to open the door to allow attackers inside. Defense-in-depth as a strategy only works if the control mechanisms are left in place and not circumvented.

Would you install an alarm system in your house and write the passcode on the outside wall? Or would you give the code to someone who called or emailed you, claiming to be from the alarm company demanding that you validate your code for them or they would cut off your access?

Most people would answer "no" to those two questions, but history has shown that there's a real problem with people responding to phishing and vishing schemes and giving out their credentials willy-nilly. Look at some of the examples pointed out by SANS:
  • Bogus parking violation notices on cars directing people to visit a web site to resolve that turns out to be a malicious site
  • Voicemails left for customers to "call back" and verify their banking information
  • People plugging in USB drives or CDs left in public places or sent via the mail or post
Firms that have your credentials should never be asking you to validate your credentials. Your bank doesn't need your account number, PIN, mother's maiden name, or answer to your secret question, because your bank already has that information.

Remember how your mom told you not to pick things up off of the ground and eat them because she didn't know where it came from? Yes? Then why would you pick up a USB drive or CD and stick it in your computer?

Never, ever give out information or data based on a phone call, message, or email you've received. Always contact firms and companies, such as banks, credit card companies, retailers, etc., using the contact information in your statements or using the "Contact Us" information that's posted on their official web site, which does not include following links that come via email or text messages.

There's an popular adage that you can't cure stupid. When it comes to computer attacks, the level of sophistication is increasing exponentially, so it's no longer a question of being smart. Attackers are targeting human nature, and that's a difficult challenge to overcome.

Image via Wikimedia Commons

KFC's Colonel Sanders Breaches UN Security

KFC's quest to make us all buy their damned Kentucky grilled chicken may eventually lead to civil unrest and thermonuclear war. You heard it here first.

It all started with the Oprah free chicken fiasco, where coupons offered for a grilled chicken lunch led to a run on the chicken bank and scores of disgruntled breast-and-thigh aficionados.

Oh, the humanity!

Apparently not content with stirring up the population one restaurant at a time, KFC sent an actor portraying venerable marketing object Harland "Colonel" Sanders to the United Nations headquarters in New York, where a sympathetic (and hungry?) UN security guard violated protocol by escorting the fake colonel through sensitive areas within the UN complex, culminating in a handshake photo-op with UN General Assembly president, Dr. Ali A. Treki of Libya.

UN representatives are downplaying the significance of the security breach, noting that since there was no official meeting with Treki scheduled, the UN isn't to blame. It's all the work of a single rogue security guard.

And the photo-op? Well, it's not really a photo-op, because the visit wasn't official, and besides, Dr. Treki is a polite man. What sort of world diplomat refuses a handshake from a kindly Kentucky gentleman?

World peace has never been closer.

Image via

Sunday, October 25, 2009

Football Quote of the Day

As far as I can see American football is a marathon of budweiser adverts occasionally interrupted by some “talented bloke” chucking a rugby-like ball to some Billy Whizz halfway up the pitch, intent on scoring points for catching it while a couple of beefcakes try to put him in a wheelchair for the rest of his life.

Via The League of Ordinary Gentlemen

Saturday, October 24, 2009

IKEA Dishes Rule

Since we're in Pittsburgh for the Steelers - Vikings game, we decided to swing by the local IKEA to pick up some odds and ends.

As the scent of Swedish meatballs wafted around us, we dutifully followed the painted arrows on the floor past all manner of home furnishings. The obligatory yellow shoulder bag slowly gained girth as we plucked small items from abundantly-stocked shelves.

The real score took place just past the kitchen section where we needed to find a cart to load up two sets of dinnerware for six, plus one for our daughter, at $29.99 each.

We've had IKEA plates and bowls before, and we've had excellent results with them. It's hard to argue with the blend of quality and price.

The $60 worth of dinnerware is replacing several hundred dollars worth of Crate & Barrel service that was as disappointing as it was stylish. More than half of the large plates, and a third of the smaller saucers chipped around the edges in the first year.

Nothing kills hip and trendy dinnerware more than gleaming white divots staring you in the face. And forget about entertaining with chipped plates. Martha Stewart would take away our club cards, Buffy.

So thanks, IKEA, for stocking quality dishes at reasonable prices. And nerts to you, Crate & Barrel.

-- Mobile post

Friday, October 23, 2009

The Public Option Singers

Sniffing VoIP in Real Time - iPhone Users Beware

It's been technically possible to plug a laptop into a network and sniff Voice Over Internet Protocol transmissions for quite awhile, thanks to the UCSniff tool. The only caveat was that the attacker needed to wait until the transmission was finished to reassemble the conversation.

Security researchers plan to present a demo this weekend at the Toor hacker conference showing that they can now intercept and playback VoIP conversations in real-time.

As The Register reports:

With a few clicks of a mouse, they will eavesdrop on a call between two audience members using popular iPhone applications that route the calls over the conference network.


Not only is it possible to intercept conversations, but video conferencing transmissions can also be captured and played back as they happen.

If you're using public Wifi to save money by avoiding usage charges on your carrier's data plan, you should start thinking twice about the possibilities of real-time breaches of confidentiality that could occur through what is essentially a man-in-the-middle (MITM) attack. Unless you're implementing an encrypted transmission or secure tunnel that would foil sniffing tools, you're at a perilously high risk of being compromised.

Tools like this aren't particularly new, but what is changing is how user-friendly they are becoming, which allows fairly unsophisticated hackers with only moderate technical skills to perform tasks previously the domain of hardcore hackers.

You've been warned.

Image via Wikimedia Commons

Tearing Up Contracts - A Tale of Two Groups

Atrios, via digby:

Atrios points out that "if the government was tearing up union contracts and slashing wages, the equivalent story would be told from a different perspective." In fact, it was. Explicitly:

Atlanta-based talk show host Neal Boortz told viewers on the Nov. 11 “CNN Newsroom” if the government were to bail out General Motors (NYSE:GM), then it should void the labor agreements some blame for getting the automakers in trouble in the first place.

“I did not say don’t bail them out,” Boortz said. “I did say, ‘Look – if you’re going to bail them out, void these union contracts. These union contracts are totally absurd and the benefits that they pay people that aren’t even working anymore, salaries that they pay people who aren’t working.”

Friggin' Computer Updates - Dinosaur Comics


FOX News - Why is the White House Attacking Us?

Back in school, did you ever know a bully that would punch you when you weren't looking, and then when you went after them, they ran over to where the teacher was and complained that you started it?

Thursday, October 22, 2009

I Love xkcd

The Hotel Maid Can Defeat Your Full Disk Encryption

Corporate America is beginning to finally get their act together when it comes to full-disk encryption of laptop hard drives, nearly a decade after an avalanche of thefts and data breaches made CIOs and CTOs take notice.

So are you safe leaving your laptop or notebook in your hotel room when you travel? Even if you chain it to the desk, the answer is, "Not so much."

Over at InvisibleThings, founder Joanna Rutkowska details how she and Alex Tereshkin were able to successfully launch an Evil Maid attack using a bootable USB stick against TrueCrypt system disk encryption. The results were frightening, and not altogether surprising.

Here's the process they followed, reduced for clarity to a couple of small, easy steps: Somebody leaves a laptop unsupervised somewhere, like a hotel room or coffee shop. In a matter of minutes, an attacker posing as a maid, room service, or maintenance can enter, insert the USB drive, and boot the laptop using an Evil Maid tool, compromising the TrueCrypt loader while loading what's essentially a keylogger before they take their USB drive and depart.

When the user returns and boots the laptop again, TrueCrypt prompts for the password as normal, and the unsuspecting user enters the code or phrase. The Evil Maid attack has now captured this credential. The next time the user leaves their laptop unsupervised, the attacker returns, again boots the laptop with the USB drive, and now has possession of the TrueCrypt login credentials.

No more encryption. No more protection. Say goodbye to your data.

Now, the TrueCrypt folks mount the defense that if you can't ensure the security of the hardware, then that's your problem. If you can't know for certain that your device has been compromised, you shouldn't use it for sensitive data, they posit.

While technically true, it's something that encryption vendors don't typically highlight in their product literature. As Rutkowska points out when speaking to TrueCrypt reps, if she's locking her laptop in a safe or strongbox when it's not in use, why does she need full disk encryption?

It's easy for consumers and corporations to lapse into complacency once they implement full disk encryption. Physical security becomes less of a priority because of the mistaken belief that they only existing threat is device theft, and since theoretically the entire hard disk is protected by strong encryption, no data loss can occur.

As we've seen in the above scenario, device theft is just one attack vector. I'd be more worried about the attacker booting into the OS and loading a rootkit or other malware that would avoid detection and allow for remote data retrieval or monitoring. Why steal the device when you can access the contents whenever you'd like?

Further, what if the installed malware allows penetration of your network, perhaps spreading similar malicious code to other workstations, servers, and network devices? A lack of physical security focus on a single laptop could conceivably compromise your enterprise.

There's no easy answer here. You could implement two-factor authentication which would render capturing keystrokes ineffective, since a second component would be needed in addition to the passphrase or password. Another solution would be to utilize a secure boot loader process, but none of the current vendor solutions are configured to implement any sort of "root of trust" technologies.

The best solution is to continue a defense-in-depth strategy with hardware security as a key component. Don't leave your laptop unsecured in areas without controlled access that you trust - including hotel rooms, checked baggage, and your local Starbucks. Assuming you're not concerned with an NSA-level attack, the combination of full disk encryption and robust physical security should protect you against most threats, although nothing prevents 100% of attacks.

Rutkowska's article is an excellent expose' of this particular weakness in the security chain, and she even walks us through how to download and use Evil Maid.

Remember - it's for lab use only. We've sworn to use our powers only for good.

Image via Wikimedia Commons

LED Eyelashes

I don't think your eyes are supposed to have a carbon footprint.

I really don't.

Via Dvice

Wednesday, October 21, 2009

Marriage Equality: The 86 Year Old Gets It

The marriage equality debate is often dominated by the fringe on both sides.

Sometimes it takes a member of the greatest generation to remind us of the human cost of hate.

Via BoingBoing

Drunk Guy in a Convenience Store

Who among us hasn't been drunk inside a Quickie Mart at least once in our life? Let those without sin cast the first stone.

There's been a rather lengthy video making the rounds that shows Larry in his drunken glory inside some 24-hour shop. Of course, being surveillance video, it was rather boring and failed to satisfy the auditory crowd.

Mustache and Monocle have spruced it up a bit, giving it the silent movie treatment. And I have to be honest - it works!

Via Neatorama

Sen. Al Franken Knows His Health Care Stuff

One of the best things about Al Franken being a U.S. Senator is that he comes to the party with the questions AND the answers.

If only his counterparts were able to engage is discourse of similar depth.

Via Think Progress

Monday, October 19, 2009

XKCD - Bag Check

Having just flown to Atlanta and back this weekend, I'm particularly sensitive to this.