Archive for category Politics
DigiNotar
Here is a summary of the DigiNotar hack that has been in the news.
DigiNotar is a Dutch Certificate Authority (CA). They provide a root certificate installed in your IE, Firefox, Safari or Chrome web browser. They are one of several hundred Certificate Authorities.
First of all, someone noticed someone was able to create an unauthorized Google certificate. The certificate was for “*.google.com” and allowed anyone using it to perform a Man-in-the-Middle (MITM) attack. Essentially, someone could intercept any secure traffic to and from Google (Gmail, etc.) It was spotted by someone in Iran Someone in Iran noticed this. The Google certificate was signed by DigiNotar, which was unusual, as Google uses a different CA. This sort of activity would be notices if you had installed a browser add-on like Firefox’s Certificate Patrol.
This created quite a bit of news, similar to the Comodo Hack. According to the Associated Press, “DigiNotar acknowledged it had been hacked in July, though it didn’t disclose it at the time. It insisted as late as Tuesday that its certificates for government sites had not been compromised.” And “But Donner said a review by an external security company had found DigiNotar’s government certificates were in fact compromised, and the government is now taking control of the company’s operations. The government also is trying to shift over to other companies that act as digital notaries, he said.”
It is then revealed that there were 531 forged certificates created, targeting CIA, Yahoo, Twitter, Facebook, WordPress, Microsoft Live, torproject, Mozilla, Skype, and others.
The root certificate to DigiNotar was revoked by Microsoft, Google (Chrome), and Mozilla (Firefox). Firefox was updated to 6.0.2 to address this.
It turns out that someone who calls themselves the ComodoHacker claims to have hacked Comodo and DigiNotar. The hacker has bragged about his intentions in his Pastebin account. Some of his comments
- He is an independent hacker, and not part of an Iranian Cyber Army
- He is a hactivist – he hacks for his own reasons
- He hacked DigiNotar because of their involvement in the Srebrenica genocide 16 years ago.
- He’s protesting “US and Israel’s involvement in Stuxnet”
- He’s protesting HBGary’s CEO for spreading malware in the Middle East, and that the FBI did not “see/find/detect/catch” this.
- He has hacked 4 other CA’s and names one: GlobalSign. In response GlobalSign stopped issuing certificates
- He claims he has hacked Microsoft’s update process. For proof, he has created a modified version of calc.exe that is “signed by Microsoft.”
There is a discussion if this person is really him. We shall see.
Expect more news. Many security experts have stated that the entire Certificate Structure infrastructure is broken. Having 100+ Certificate Authorities – all trusted equally, is just a bad idea. This is the opposite of Defense in Depth, where you need multiple failures to compromise a system. If any CA fails, the entire system fails. Let’s compare the two approaches mathematically.
Suppose you had a system where each certificate was signed by two certificate authorities. For the sake of simplification, let’s assign a probability of a certificate compromise to be 1%. Perhaps it should be 0.1%, but we can look at that later.
In the case of two CA’s signing each certificate, the probability of a certificate compromise is -(CA1)*(CA2), or in this case (1%*1%) or 0.01%.
Compare this to the case where you have ten CA’s, and if ANY are compromised, any certificate may be suspect.
To calculate the probability of a certificate compromise with multiple equivalent CA’s, you need the formula
1-(1-CA1)*(1-CA2)*(1-CA3)*(1-CA4)*(1-CA5)*(1-CA6)*(1-CA7)*(1-CA8)…*(1-CAN)
If there are 10 CA’s, and each has a probability of 1% failure, then the probability of a failure if any are compromised is
1-(99%*99%*99%*99%*99%*99%*99%*99%*99%*99%),
which is
1-0.9910 => 1-0.90438 or about 10%
If you had a hundred CA’s, then the chance of a failure is 1-0.99100 or 1-0.3660 or 73%!
Suppose you change the percentage to 0.1% per CA. 0.999100 is 90.4%, so the change of any single certificate being compromised is 10%.
If you assume is 0.01% per individual CA, the probability becomes 1%.
In any case, the proliferation of CA’s in the browser has seriously broken Internet Security. This is why people and teams like CMU and Moxie Marlinspike to offer suggestions.
Security News May 2011
Posted by grymoire in Hacking, Politics, Security, Technology on May 5, 2011
Advanced Persistent Tweets: Zero-Day in 140 Characters
http://krebsonsecurity.com/2011/05/advanced-persistent-tweets-zero-day-in-140-characters/
Interesting report on “a Chinese hacker” bragging about zero-day attacks.
Sony Online loses 12,700 credit card account numbers, 24.6 million accounts compromised [update]
http://www.joystiq.com/2011/05/02/sony-hit-with-second-attack-loses-12-700-credit-card-nu/
A second hack has occurred.
Bruce Schneier’s TED talk on security trade-offs
http://www.ted.com/talks/bruce_schneier.html?awesm=on.ted.com_Schneier
Bruce always has an interesting view on security. This one discusses how we react and evaluate security.
Crimeware Kit Emerges for Mac OS X
http://threatpost.com/en_us/blogs/crimeware-kit-emerges-mac-os-x-050211
“Crimeware kits have become a ubiquitous part of the malware scene in the last few years, but they have mainly been confined to the Windows platform. Now, reports are surfacing that the first such kit targeting Apple’s Mac OS X operating system has appeared.”
Best Buy Suffers Second Email Breach
Epsilon hack victim’s customer emails exposed yet again — via a different vendor
“The Best Buy spokesman noted that the second breach was similar to that of Epsilon’s”
The X Factor hit by database breach, leading to quarter of a million personal details being stolen
“The personal details of 250,000 The X Factor hopefuls may have been compromised following a database hack. A Fox network spokesperson confirmed that no financial information was accessed”
Bin Laden Death Triggers Cyber Scams
http://www.techweb.com/news/229402787/bin-laden-death-triggers-cyber-scams.html
As expected. There are many other links as well.
Five Biggest Recipients Of Corporate Tax Breaks Spent $8 Million In 2010 Elections (UPDATED)
http://www.huffingtonpost.com/2011/05/03/recipients-corporate-tax-breaks-elections_n_856630.html
GE is listed as one of the top 5 companies that received a tax break.
Other references regarding lobbying include
http://www.opensecrets.org/orgs/list.php?order=A
http://www.opensecrets.org/orgs/totals.php?cycle=2010&id=D000000125
Sony notes deception in their attack
“Hirai went on to claim that the breach occurred at the same time as the DoS attack, which was not immediately detected because of its ‘sheer sophistication’ and because a ‘system software vulnerability’ was exploited.”
An example of deceptive hacking – Bruce
North Korea hackers blamed for bank crash in South
Michael Stores reports PIN pad attack in Chicago, according to email I just received.
Lastpass forces everyone to change their master password after a hack.
http://www.pcworld.com/article/227268/exclusive_lastpass_ceo_explains_possible_hack.html#tk.twt_pcw
This may not be necessary, but the CEO felt it is best to be conservative regarding security. - Bruce
Scammers Swap Google Images for Malware
http://krebsonsecurity.com/2011/05/scammers-swap-google-images-for-malware/
Homeland Security Demands Mozilla Remove Firefox Extension That Redirects Seized Domains
Latvian energy grid hacked? Chinese hacking group claims responsibility all details; keys, rules.
http://seclists.org/fulldisclosure/2011/May/85
This is the URL to the bragging
The third Sony hack
http://mobile.reuters.com/article/idUSL3E7G701T20110507?irpc=932
http://www.thehackernews.com/2011/05/thn-hacker-news-exclusive-report-on.html
Vulnerability in Skype exposes MacOS to worm
http://www.networkworld.com/news/2011/050611-skype-to-fix-wormable-bug.html?source=nww_rss
Congress Bans Scientific Collaboration with China, Cites High Espionage Risks
“The clause prohibits the White House Office of Science and Technology Policy (OSTP) and the National Aeronautics and Space Administration (NASA) from coordinating any joint scientific activity with China.”
Renren (China’s equivalent to Facebook) Changes Key User Figure Before IPO
http://online.wsj.com/article/SB10001424052748704729304576286903217555660.html?KEYWORDS=renren
“Chinese social-networking company Renren Inc., which is hoping to raise $584 million in a public listing on the New York Stock Exchange, revised a key user number in its prospectus, highlighting the murkiness of data in China’s high-flying Internet sector.”
Phishing Becomes More Sophisticated
http://www.networkworld.com/news/2011/050911-phishing-becomes-more.html?source=nww_rss
“Organized cybercrime groups are using convincingly crafted emails to target high-level executives and employees within the organizations they want to attack. In many cases, the phishing emails are personalized, localized and designed to appear as though they originated from a trusted source. ”
Some pen test experts say they are 70% successful for each individual email. – Bruce
The hackers hacked: main Anonymous IRC servers invaded
OpenID warns of ‘psychic paper’ authentication attack
http://www.theregister.co.uk/2011/05/09/openid_security_bug/
Baddies can modify cross-site personal data … though no one has yet
Vulnerabilities in Online Payment Systems
http://www.schneier.com/blog/archives/2011/05/vulnerabilities_2.html
Paypal –based authentication flaw with third party
CS2: A Semantic Cryptographic Cloud Storage System
http://research.microsoft.com/apps/pubs/default.aspx?id=148632
“This paper presents CS2, a cryptographic cloud storage system that provides provable guarantees of confidentiality, integrity, and verifiability without sacrificing utility. In particular, while CS2 provides security against the cloud provider, clients are still able to efficiently access their data through a search interface and to add and delete files. ”
Metasploit 3.7 Takes Aim at Apple iOS
http://www.esecurityplanet.com/news/article.php/3932861/Metasploit-37-Takes-Aim-at-Apple-iOS.htm
“The Metasploit 3.7 release provides an enhanced session tracking backend that is intended to improve performance. Metasploit 3.7 also provides over 35 new exploit modules for security researchers to test, including new ones designed to test Apple’s iOS mobile operating system security”
Backtrack 5 released
http://www.backtrack-linux.org/
Backtrack is an exploitation distribution. The maintainers said on Twitter that they DoS on server the night before. Bruce
Google’s South Korea Office Raided over Location Privacy
“Google’s South Korean office was raided by police in that country over the use of location data in its AdMob mobile ad platform, which delivers ads on Android handsets and tablets.”
Breach at Michaels Stores extends nationwide. 70 hacked PIN pads found in stores from DC to West Coast
http://krebsonsecurity.com/2011/05/breach-at-michaels-stores-extends-nationwide/
Facebook Applications Accidentally Leaking Access to Third Parties
Unpatched DLL bugs let hackers exploit Windows 7 and IE9, says researcher
Problematic Certificates
http://www.f-secure.com/weblog/archives/00002155.html
Nothing new – just a discussion of the problem with certificates
Two Zero-Day Flaws Used To Bypass Google Chrome Security
French researchers say they hacked their way out of browser’s sandbox, bypassed DES and ASLR
Google responds
NASA, Stanford Hacked by Software Scammers
http://www.foxnews.com/scitech/2011/05/10/nasa-stanford-hit-software-scammers/
Shady online salesmen offering cheap Adobe software have hacked into several Web pages belonging to NASA and Stanford University.
Database of Fox Employees’ Passwords and Emails Leaked
http://gawker.com/5800366/database-of-fox-employees-passwords-and-emails-leaked
Finally Source code of ZeuS Botnet Version: 2.0.8.9 available for Download !
http://www.thehackernews.com/2011/05/finally-source-code-of-zeus-crimeware.html
Security Fixes for Microsoft Windows, Office
http://krebsonsecurity.com/2011/05/security-fixes-for-microsoft-windows-office/
“Microsoft issued just two updates today to fix at least three security flaws in its Windows and Microsoft Office products, a merciful respite following last month’s record-setting patch push. One of the patches issued today earned a critical rating, the company’s most serious.”
Preventive and protective measures against insider threats in nuclear facility
http://www-pub.iaea.org/MTCD/publications/PDF/Pub1359_web.pdf
Facebook worm w/cut&paste javascript
http://blog.trendmicro.com/dubious-javascript-code-found-in-facebook-application/
Businesses Need to Look at Security as a Military Operation
“Businesses need to look at security as a military exercise and can benefit from strategies that have proved useful in battle, a former military security expert told an Interop audience this week”
Exposing the Lack of Privacy in File Hosting Services
http://www.usenix.org/event/leet11/tech/full_papers/Nikiforakis.pdf
File hosting services like Rapidshare provide an apparently obscure and secret way to exchange files. Not so. The URL’s are guessable, and being actively examined by third parties.
ActiveX Flaw Affecting SCADA systems
http://isc.sans.edu/diary/ActiveX+Flaw+Affecting+SCADA+systems/10873
“If you are running a power plant, a refinery or any other system using ICONICS’ GENESIS32 and BizViz software[[...]please patch your plant.”
Amazon.com Server Said to Have Been Used in Sony Network Attack
Not surprising, as a stolen credit card can be used to create untraceable accounts.
Critical Flash Player Update Plugs 11 Holes
http://krebsonsecurity.com/2011/05/critical-flash-player-update-plugs-11-holes/
Final Fantasy maker Square Enix hacked
http://www.bbc.co.uk/news/technology-13394968
Hackers have broken into two websites belonging to Japanese video games maker Square Enix.
Pentesting Vulnerable Study Frameworks Complete List
http://www.felipemartins.info/2011/05/pentesting-vulnerable-study-frameworks-complete-list/
Useful list of tools and links for pentesters – Bruce
More details and theories on the Sony PSN hack
http://www.theregister.co.uk/2011/05/13/veracode_playstaion_hack_analysis/
And then it came up, and went down again.
Review of various password managers
http://blog.danielfischer.com/2011/05/12/its-time-to-start-using-a-password-manager/
Killerbee is an exploitation for 802.15.4/ZigBee sensor networks
http://code.google.com/p/killerbee/
Stuxnet: How It Happened
The paper recommendations:
* prevent unauthorized media
* Use host-based firewalls to disable P2P protocols
* Use tripwire, etc. to detect unauthorized changes
Qakbot Virus Causes Possible Data Breach at Mass. Agencies
http://threatpost.com/en_us/blogs/qakbot-virus-causes-possible-data-breach-mass-agencies-051811
“An untold number of computers at the Massachusetts Department of Unemployment Assistance and Department of Career Services were compromised in April, leading state officials to warn hundreds of thousands of people that their personal information may have been stolen as part of the attack.”
Code wars
http://www.cnbc.com/id/42210831/
CNBC’s “Code Wars”, hosted by Melissa Lee, takes you onto the frontlines of the war on cyber. Cyber attacks are almost impossible to trace, making cyber crime and acts of cyber warfare the ultimate anonymous crime. So how do we protect our systems whose components are largely manufactured abroad? Can our nation’s infrastructure be protected from cyber attacks? And how can the U.S. win a war in which conventional rules of combat do not apply? CNBC tackles the tough questions in “Code Wars: America’s Cyber Threat.”
TV show is Thursday May 26th
Hack Targets NASA’s Earth Observation System
http://threatpost.com/en_us/blogs/hack-targets-nasas-earth-observation-system-051711
A hacker is claiming that a security hole in a server at NASA’s Goddard Space Flight Center has exposed data related to a satellite-based Earth observation system used to aid in disaster relief.
Executives underestimate cybercrime danger
http://www.dw-world.de/dw/article/0,,15083403,00.html?maca=en-rss-en-top-1022-xml-atom
“However, Ernst & Young found a remarkable contradiction in its poll. While 94 percent of those leaders surveyed talked about the growing danger of cybercrime, 38 percent said they thought the threat to their own firm was rather small.”
SCADA hack talk canceled after U.S., Siemens request
http://news.cnet.com/8301-27080_3-20064112-245.html
A security research cancelled his talk by request of DHS and Siemens.
And the related post:
Siemens working on vulnerability that threatens critical infrastructure
http://www.gsnmagazine.com/article/23386/siemens_working_vulnerability_threatens_critical_i
Hackers attack Norwegian Defense
http://www.norwaypost.no/news/hackers-attack-norwegian-defence-25222.html
U.S. Infrastructure Is Vulnerable to Cyber Attack, but No One Will Do Anything
Protecting Your Industrial Control System from Zero-Day Attacks
http://scadahacker.com/factorylink-video.html
NIST publishes BIOS recommendations
http://csrc.nist.gov/publications/nistpubs/800-147/NIST-SP800-147-April2011.pdf
Sony hacked again/Phishing
Hackers Infiltrate Sony So-net Subsidiary, Steal $1,125 in Points
http://www.pcmag.com/article2/0,2817,2385715,00.asp
“To So-net’s credit, whatever security system the company employs for its point system did manage to hold for quite a bit of time. That, or the hackers really had no other strategies other than what appears to be a brute-force attack on accounts. It allegedly took the attackers more than 10,000 different attempts before they were finally successful in accessing So-net’s system. “
Sony BMG Greece the latest hacked Sony site
http://nakedsecurity.sophos.com/2011/05/22/sony-bmg-greece-the-latest-hacked-sony-site/
This makes the 7th attack on Sony. -Bruce
Common Vulnerability Reporting Framework
http://isc.sans.edu/diary/Common+Vulnerability+Reporting+Framework+CVRF+/10900
Cyber-security legislation sent to Congress by President
http://www.gsnmagazine.com/article/23319/cyber_security_legislation_sent_congress_president
and another view:
Congress Just Sold You Out: Leadership Plans To Extend Patriot Act For Four Years With NO Concessions
Credit processors targeted in fight against spam
http://www.theregister.co.uk/2011/05/23/spam_economics/
“The researchers have discovered that the vast majority (95 per cent) of the credit card payments to unlicensed pharmaceutical sites are handled by just three payment processing firms – based in Azerbaijan, Denmark and Nevis, in the West Indies, respectively.”
There is also a 16-page paper “Click Trajectories: End-to-End Analysis of the Spam Value Chain” referenced
Researchers find irreparable flaw in popular CAPTCHAs
Decaptcha pierces Live.com, Yahoo!, Digg
http://www.theregister.co.uk/2011/05/23/microsoft_yahoo_captchas_busted/
“Decaptcha is a two-phase audio-CAPTCHA solver that correctly breaks the puzzles with a 41-percent to 89-percent success rate on sites including eBay, Yahoo, Digg, Authorize.net, and Microsoft’s Live.com. The program works by removing background noise from the audio files, allowing only the spoken characters needed to complete the test to remain.”
The creator of the “Great Firewall of China” was pelted with shoes
http://packetstormsecurity.org/news/view/19192/Chinas-Great-Firewall-Creator-Pelted-With-Shoes.html
“While many of China’s estimated 477 million internet users appear largely indifferent to the firewall because they use almost solely domestic sites and services, a growing number of young people are frustrated by curbs that not only prevent them accessing foreign news and social media sites, but increasingly make it hard or even impossible to use apparently uncontroversial sites, such as the Internet Movie Database (IMDb).”
Google notes that SSL False Start negotiation increases https connect time by 30%
http://blog.chromium.org/2011/05/ssl-falsestart-performance-results.html
Google has been verifying this in their Chrome browser.
9th attack on Sony
http://www.thehackernews.com/2011/05/lulzsec-leak-sonys-japanese-websites.html
False Positives – The Dirty Secret of the Web Security Scanning Industry
When using automated tools to test a web application for security, there are large number of false positives which must be manually and tediously examined. If the skill of the white hat pen tester is limited, they may overlook real vulnerabilities by assuming it’s a false positive.
Alienvault announces a SCADA SIEM (Security and Information Event Management)
http://alienvault.com/products/industrial-control-system-siem
A demo is coming soon. Alienvault had a VM image of their original SIEM that was impressive.
Senate debates president’s power during cyber-attack
http://www.washingtontimes.com/news/2011/may/23/senate-debates-presidents-power-during-cyber-attac/
“The Senate Homeland Security and Governmental Affairs Committee held a hearing on the administration’s legislative proposal, announced two weeks ago, that would rely on a pre-World War II radio emergency law to provide the president with authority to protect key computer and communication networks — like those mainly in private hands that run power grids, phone systems and banking services — from a cyber-attack.”
More news about the SCADA/Siemens hack that was cancelled at the last minute
http://www.networkworld.com/news/2011/052311-a-botched-fix-not-legal.html
For the next two days speculation swirled as to whether DHS weighed in with a heavy hand to pull the talk, or if Siemens threatened legal action against the security firm. “That’s not what happened here,” says Vik Phatak, chief technology officer at NSS Labs. “Siemens found out, near the last minute, that the mitigation they had planned didn’t work. It could be bypassed,” Phatak says.
Related: http://threatpost.com/en_us/blogs/metasploit-holding-siemens-exploits-052311
The exploits are ready to be released into the Metaspolit framework.
Hotmail Exploit Has Been Silently Stealing E-mail
http://www.darknet.org.uk/2011/05/hotmail-exploit-has-been-silently-stealing-e-mail/
The latest news is there has been a nasty bug in Hotmail for a while that has been actively exploited allowing malicious senders to snoop on e-mail and even add forwarding rules to the victim account.
negative reaction to Siemens for their reaction to discovery of security flaws in their SCADA equipment.
http://www.securitycurve.com/wordpress/archives/4164
http://threatpost.com/en_us/blogs/researcher-says-siemens-downplaying-serious-scada-holes-052411
UPDATE 2-U.S. government warns about Siemens security flaw
http://www.reuters.com/article/2011/05/24/siemens-security-idUSN2428619720110524
“But a spokesman for Siemens denied any fault, saying company officials are in a better position to assess potential security risks than researchers from an outside firm.”
I think this is a grave error on Siemens part, because it erodes confidence in their company – especially their denial of any problem.
Bruce Schneier discusses this here
http://www.schneier.com/blog/archives/2011/05/new_siemens_sca.html
I believe each company should have a “dry run” exercise to see how they will handle such an event. All public statements regarding security should be carefully managed, to prevent a public relations disaster. There should be a policy, and everyone should know what that policy is.
Vulnerabilities on Cisco Device
http://www.isssource.com/vulnerabilities-on-cisco-devices/
Cisco network equipment is still vulnerable to a single security vulnerability flaw nearly two years after the company issued a patch, according to an analysis of network scans by Dimension Data for its 2011 Network Barometer Report.
MacOS
I haven’t been reporting this, but Apple malware has been in the news. First a IOS Malware generation package was released, along with MacOS plugins for Metasploit, which makes writing malware for IOS easier. Next, Mac users have been tricked to install malware, named “Mac Defender”, masquerading as an anti-virus package. , Apple, as their policy, refuses to tell infected users how to remove the malware. Now Apple is issuing an OS update, but the malware authors are modifying the malware to defeat Apple’s response.
http://blogs.pcmag.com/securitywatch/2011/05/mac_defender_20_released.php
http://www.us-cert.gov/current/index.html#apple_mac_defender_macprotector_and
And now a Russian company has released a toolkit to break Apple’s encryption.
http://www.h-online.com/security/news/item/ElcomSoft-cracks-iOS-encryption-system-1250526.html
And now we know more about the people behind the MacDefender malware: ChronoPay
http://krebsonsecurity.com/2011/05/chronopay-fueling-mac-scareware-scams/
Bank of America Breach
http://www.latimes.com/business/la-fi-lazarus-20110524,0,1687635.column
An inside employee leaked personal account information that cost $10 million in damages. They have arrested 95 suspects, and apparently it took a year before BofA told their customers that thieves have been siphoning money from the customers bank accounts.
Microsoft finds 427K email addresses on knocked-out Rustock server
US Cert has released Common Cybersecurity Vulnerabilities in Industrial Control Systems
http://www.us-cert.gov/control_systems/pdf/DHS_Common_Cybersecurity_Vulnerabilities_ICS_2010.pdf
Vendor backdoors in Siemens, HP, and Allied Telesis
https://threatpost.com/en_us/blogs/hardware-vendor-offers-backdoor-every-product-052611
Lockheed network hit by major disruption: sources
http://www.nw32.com/business/sns-rt-us-lockheed-networktre74p7u3-20110526,0,5678682.story
http://www.reuters.com/article/2011/05/26/lockheed-network-idUSN2613783420110526
Congress approves extension of USA Patriot Act provisions
China Admits Cyber Warfare Unit – “Blue Army”
http://www.infowar-monitor.net/2011/05/china-admits-cyber-warfare-unit/
Reuters report on compromise of RSA Secure ID tokens at Lockheed
Lockheed Strengthens Network Security After RSA-based Hacker Attack
http://www.nytimes.com/2011/05/30/business/30hack.html?_r=2
They are keeping their RSA token technology. But they are getting new tokens, and using an additional password.
http://www.schneier.com/blog/archives/2011/05/lockheed_martin.html
And more details.
More details on the Siemens vulnerability.
http://news.infracritical.com/pipermail/scadasec/2011-May/020005.html
This is an excellent comment that shows how the customers view Siemen’s response as a “head in the sand” attitude.
Hackers Post Phony Tupac Shakur Story on PBS Site
http://www.nytimes.com/2011/05/31/technology/31pbs.html
Hackers Deface PBS Site, Promise More Lulz
http://www.pcworld.com/article/228983/hackers_deface_pbs_site_promise_more_lulz.html
New GPU-accelerated password cracker
http://hashcat.net/oclhashcat-plus/
New technology making use of OpenGL and CUDA-based graphics accelerators
Aussie banks cancel 10,000 credit cards
http://www.theregister.co.uk/2011/05/29/aus_banks_cancel_credit/
“The Commonwealth Bank and the St George Bank initiated the alert via SMS to customers notifying them that their cards would be cancelled as part of precautionary measures”
Aggressive social engineers
http://www.schneier.com/blog/archives/2011/05/aggressive_soci.html
Hours after I posted this on FaceBook, my sister got a phone call from someone who claimed her computer was sending out error messages, and wanted her to buy some software to “fix the problem.” The web site was v2serve.com – registered March 10, in India. I reported this to the FBI – Bruce.
Is Obama a Socialist? Anatomy of an attack
Posted by grymoire in Politics, Technology on November 2, 2010
I’m not one to promote my political view. I tend to keep my opinions to myself. But I kept hearing people claim “Obama is a Socialist and wants a Utopian socialist society.” I really didn’t understand. But, heck, I have a brain. I have Google. Let’s check it out. What’s the real truth?
Here’s the critical moment, the video with Joe the plumber. Obama’s talking about increasing the taxes of those who earn more than $250K a year, to lower the taxes of those who earn less. Obama says it will “spread the wealth around.” We’ve always had a tax rate that changes based on income. And Obama wants the rich to pay 39% instead of 37%. Is this radical? Of course not. Heck, it’s as radical as Bush who granted the tax cut in the first place. All we are talking about is tweaking the numbers up or down.
Frankly, I’m for this. Those that earn greater than $250K a year are against this. Remember this when you see how this develops.
As far as I know, that was the one time Obama said “spread the wealth around”. So now do a Google search on Obama and “spread the wealth”. Look at what you get. Let’s take some of the highly ranked pages. There’s James Pethokoukis piece, where he accusing Obama of being a Marxist! WTF?! The Ace of Spades HQ calls this “welfare”. No. It’s has nothing to do with welfare. Rush Limbaugh response to this is his claim that “It’s right out of the communist manifesto.” Excuse me?! Since when has a graduated tax rate become communism? By that definition, we have been a communist society since 1862. Perhaps someone should let Rush Limbaugh know. Maybe he will move out.
Looking for more ammo, bloggers looked at Obama’s speech to the Military Academy. In particular Kevin O’Brien commented on one part of Obama’s speech:
“The international order we seek is one that can resolve the challenges of our times — countering violent extremism and insurgency; stopping the spread of nuclear weapons and securing nuclear materials; combating a changing climate and sustaining global growth; helping countries feed themselves and care for their sick; preventing conflict and healing wounds.”
Kevin’s blog post was titled While President Obama dreams of utopia, the world gets rougher. Essentially he said Obama was unrealistic. Okay. Obama was optimistic because he is seeking a solution. I’d like to know what is so wrong in being optomistic! Now Google “obama utopia” and see what you get. O’Brien is at the top of the search.
Bear in mind that Obama never used the word utopia or utopian in the speech. At least, I can’t find any reference to him using these words. So why are there 1,480,000 hits on Google? Look at the frigging unbelievable results. There’s Doug Ross’s post, which seems to be #1 on Google, and is based on Fear, Uncertainty and Doubt as far as I can tell. Let’s see the quotes to back up Doug’s claims. Forbes called Obama’s optimism a Doomed Utopia. I guess politicians should always be pessimists. Never promise an improved society! Apparently that would be Utopianistic.
So to summarize, Obama wants a graduated tax rate, and he’s optimistic. And how are the ultra-conservatives reacting? By calling him a communist, a Marxist, a socialist wacko who is promoting a utopian society where the rich give welfare to the unemployed. Are they frigging nuts? This is a case of adding 1+2 and getting 8 trillion dollars. It makes no sense!
This whole posting was prompted because I Googled “Obama socialist” And I looked as the best authority on the subject of socialism, the Socialist Party. Doesn’t this make sense, to ask an expert in the field? What do socialists say? Is Obama a socialist? Not according to any socialist, as far as I know. Socialists hate the new Healthcare reform. They wanted a national “single-payer” health insurance plan with a government option. The bill that Obama championed didn’t have any of those feature. Wharton, co-chair of the Socialist Party USA, said the new health care bill only strengthens private health insurance companies. They get 32 million new customers and no incentive to change — something a socialist wouldn’t accept.
We do have elements of socialism is the government. Social Security, Medicare, and unemployment benefits are socialist policies. If someone is really against socialism, then why aren’t they trying to get rid of these programs? Doesn’t it make sense? If socialism is bad, then get rid of anything that helps all equally. But do they do this? Of course not. That would cause a big uproar. People like these programs. It’s much easier to attack a modified graduated tax plan, and label it socialism. And then hope people never use Google to even look up the definition.
Llewellyn, the national director of the Democratic Socialists of America, says he was struck by one player in the 2008 presidential elections who displayed more socialistic leanings than Obama. This candidate raised taxes on the big oil companies, and sent the revenue to the people. If you want to learn something about spreading the wealth, Llewellyn says, don’t look to Obama. He said “To be honest, the most socialist candidate in the 2008 election was Sarah Palin.”
That’s right. Palin is more of a socialist than Obama, according to Llewellyn. Who would have thunk?
I just don’t get it. Don’t get me wrong. I understand why some people will blindly accept distortions and lies because they want to believe them. People cherish their belief systems. We all do. It’s difficult to challenge things you believe in.
But what I don’t understand is why so few who hear these distortions and find them hard to believe, just keep quiet about it. I hate these lies politicians throw out. And Democrats are as much to blame as Republicans. So why do so many people hear lies, and then just keep quiet. I want to know why more people don’t stand up and say “Bullshit!” when someone repeats a lie.
All it takes is a few seconds to Google the web, and look for real evidence. We have become a society of people that repeat what others say, without looking into the facts. If you see or hear something that doesn’t make sense, or seems controversial, look into it. Don’t just look for someone who agrees with you. Look into both sides. Think!
Google wants to be the third half of your brain. That’s won’t help if you refuse to use your brain at all. Frankly, when we have 4 million pages about Obama and Socialism, and only a handfull of people look into the facts, it just scares me. Google is not becoming a third half our our brain. Instead, Google is allowing us to perform a lobotomy on ourselves, so we can stop thinking all together. Let’s just see what the masses think, and go along with the “facts” the masses know to be true.
The only way to counter this mass-stupidity, is to have more people stand up and ask questions. Is this really the truth? Who knows more about socialism, Rush Limbaugh, or the head of the Socialist Party?
Just because we have Google doesn’t mean we have to stop thinking. Please, people. Google takes a few seconds. Do more than glance at the headlines. And don’t just blindly accept the party line. Ask questions.