http://www.janes.com/security/international_security/news/jdw/jdw061009_2_n.shtml
North Korea claims nuclear test
By Joseph Bermudez Jr JDW Correspondent Colorado 09 October 2006
Initial South Korean Ministry of Defence and National Intelligence Service reports indicated that a 3.58-3.7-magnitude blast was detected emanating from a North Korean nuclear test at 10.36 am local time (01:36 GMT). Subsequent reports from the US Geological Survey (USGS) place the magnitude of the tremor at 4.2 on the Richter scale. The difference in the reports is due to the fact that the USGS assessment, being somewhat later, was able to incorporate a larger number of sensor reports in its preparation.
The USGS data identifies the time and location of the blast as 9 October at 01:35:27 (GMT) and centred at 41.311—N, 129.114—E at a depth 0-1 km. This places the site approximately 42 km northwest of Kilchu, in the province of North Hamgyong, on the remote slopes of Mant'ap-san Mountain. This coincides with reports that first appeared during 2005 of suspicious tunnelling and construction activities in the area. Subsequent reports during the past month indicate that the North Koreans had excavated a 700 m-long horizontal tunnel under Mant'ap-san.
Although details are tentative, initial and unconfirmed South Korean reports indicate that the test was a fission device with a yield of .55 kT. By comparison the nuclear bomb that was dropped on Hiroshima yielded approximately 12.5 kT. The figure of .55 kT, however, seems too low given the 4.2 register on the Richter scale. This could suggest - depending upon the geological make-up of the test site - a yield of 2-12 kT. If, however, the lower yield is correct, it would suggest that the test had been a "pre- or post-detonation" event (ie a failure), as it had been anticipated that North Korea's first nuclear test would have a significantly higher yield.
286 of 827 words [End of non-subscriber extract]
Japan must be very scared.
http://www.guardian.co.uk/korea/article/0,,1891976,00.html
Abe vows Japan will not go nuclear
Justin McCurry in Tokyo Tuesday October 10, 2006 The Guardian
Tools and Techniques
HP's e-mail tracer in widespread use
Web bug tech is widely used in e-mail newsletters, and in law enforcement in investigations, security experts say
By Robert McMillan, IDG News Service October 09, 2006
The tracer software that Hewlett-Packard investigators used to try to sniff out boardroom leaks sounded like it had been ripped from the pages of a bad science-fiction novel. That is, until the company began talking about it in detail at a congressional probe into the spying scandal.
The technology tool the company used, called a Web bug, is designed to allow e-mail senders to track the path a message takes, including whether a recipient opens the message and forwards it to another party. And it turns out the technology is widely used in e-mail newsletters to track readers and also by law enforcement in investigations, security experts say.
... Richard Smith, an information security expert who founded Boston Software Forensics, said that most people who use the Internet have been subject to Web bugs. "Any kind of commercial e-mail is probably going to have them in there," he said.
HP turned to a small Australian company called ReadNotify.com to help track the e-mail messages. ReadNotify tracks both e-mail and Microsoft Office documents. It will tell when the e-mail you sent was read, and will guess the location of the recipient, based on the reader's IP address.
... Here's how Web bugs work: The bug's author puts an image on a Web server with a unique website address, or URL, and then sends an e-mail that contains a link to this image. The image can be hidden from sight or within plain view--a corporate logo, for example.
When the e-mail is opened, the subject's computer looks up the image and in doing so sends the information to the Web server. Another way of doing this is for ReadNotify users to add ".readnotify.com" to the end of the recipient's e-mail address.
http://www.blogmaverick.com/2006/10/09/i-still-think-google-is-crazy/
I still think Google is crazy :)
Oct 9th 2006 3:25PM
Kudos to Youtube for getting them to say yes. My advice to you is to always protect your downside. Ignore all the scammers who want your money, and dont listen to all the tax scammers who want to save you money on taxes. Writing that check is painful, but its the right thing to do. That aside..
It will be interesting to see what happens next and what happens in the copyright world. I still think Google Lawyers will be a busy, busy bunch. I dont think you can sue Google into oblivion, but as others have mentioned, if Google gets nailed one single time for copyright violation, there are going to be more shareholder lawsuits than doans has pills to go with the pile on copyright suits that follow. Think maybe how Google discloses what they perceive the copyright risk to be in the SEC filings might be an interesting read ?
I think there will be supoenas to get the names of Youtube and Google Video users. Lots of them as those copyright owners not part of the gravy train go after both Google and their users for infringement.
It will be interesting to see how this impacts DRM.
... I think it was interesting how Google and YT both rushed to get deals done with the music labels.
http://it.slashdot.org/article.pl?sid=06/10/09/1644230&from=rss
The BBC's Honeypot PC
Posted by kdawson on Monday October 09, @12:48PM from the hijack-my-pc-please dept. Security Windows
Alex Pontin writes, "This article from the BBC shows how vulnerable XP Home really is. Using a highly protected XP Pro machine running VMWare, the BBC hosted an unprotected XP Home system to simulate what an 'average' home PC faces when connected to the internet." From the article: "Seven hours of attacks: 36 warnings that pop-up via Windows Messenger. 11 separate visits by Blaster worm. 3 separate attacks by Slammer worm. 1 attack aimed at Microsoft IIS Server. 2-3 "port scans" seeking weak spots in Windows software."
The machine was attacked within seconds of being connected to the Internet, and at no time did more than 15 minutes elapse between attacks.
I would love to have the skill to make comics... It seems to be the level many of my students need!
http://www.kk.org/cooltools/archives/001441.php
Making Comics
How to communicate visually
Making Comics: Storytelling Secrets of Comics, Manga and Graphic Novels
Scott McCloud 2006, 272 pages $16 Available from Amazon
Simple!
http://hardware.slashdot.org/article.pl?sid=06/10/10/0110227&from=rss
Linux Appliance Brings Podcasts to the People
Posted by ScuttleMonkey on Tuesday October 10, @04:28AM from the still-doesn't-come-with-personality-in-a-box dept. Hardware News
writes "Linux has been used to create a podcast capture appliance that aims to make podcasting as dead-simple as possible, in order to give everyone a 'voice in public discourse, not just those who own TV towers. [...] Aimed at corporations, schools, radio stations, and churches, the "Podcast in a Box" appliance starts recording when a USB key is inserted, and uploads the podcast to a server when the key is removed. The product is also available for free as a live/installer ISO image based on Ubuntu.'"
A high-tech way to get out of jury duty?
http://www.abanet.org/journal/ereport/oc6juror.html
BLOGGER’S POSTS DON’T EQUAL JUROR MISCONDUCT
‘Riffraff’ Comment Concerned State High Court, but Criminal Conviction Stands
BY MOLLY McDONOUGH
The New Hampshire Supreme Court has upheld the conviction of a rapist, rejecting his claims that he was denied a fair trial because his jury foreman turned out to be a blogger who complained about having to show up for jury duty to deal with the local "riffraff."
The case may serve as a cautionary tale for trial lawyers in New Hampshire and elsewhere as grumbling about jury service from local barbershops and coffeehouses moves to the Internet.
Indeed, prospective jurors and active jurors are already blogging about their past experiences, and at least on one occasion, directly from the courthouse during service.
At the center of the New Hampshire appeal is small-town blogger Scott Vachon of Laconia.
In the days before he was to report for jury duty, Vachon posted this on his blog: "Lucky me, I have jury duty!" and, "Now I get to listen to the local riffraff try and convince me of their innocence." [No preconceptions here! Bob] Later, he also posted on the now-defunct blog that he was surprised that after two days of jury selection, he hadn’t been "booted due to any strong beliefs I had about police, God, etc." Vachon could not be reached for comment.
... The timing left Goupil at an appellate disadvantage. Had he been aware of Vachon’s blogging during voir dire, Sisti says, he would have stricken him for cause.
"It’s very hard, once there’s a verdict, to go back and show juror misconduct," says Richard Guerriero, the New Hampshire Public Defender litigation director. "The defense has to show actual prejudice."
The events that followed Goupil’s trial illustrate the timing hurdles. Vachon was called to serve on another trial. By then, his blog was known, and he was struck for cause.
Sisti used that strike to bolster his post-trial motions and subsequent appeal. The trial judge also took the matter seriously, calling all the jurors back to conduct a post-trial review. But after questioning each of the jurors, the judge declined to throw out the verdict. And on Sept. 28, the New Hampshire Supreme Court upheld the conviction. New Hampshire v. Goupil, No. 2005-444.
... Guerriero sees bloggers having an impact. "Instead of making the comments to a friend at the barbershop, [comments are] being published on a blog for anywhere from 10 to 10 million people to view," [Does that make a real difference? Bob] Guerriero says.
The sheer number of potential viewers of the posts enhances the potential for prejudice, he adds. "If someone is active on a jury and has written on a blog about it, it’s not just friends who may know. It’s reporters and the general public," Guerriero says. "There is potential for an adverse effect on a trial."
This may slow things down a bit. Technology to scan online “text” is more common than technology to scan audio or video. Might be interesting to see if nuances in speech or facial expressions come into play...
http://www.bespacific.com/mt/archives/012722.html
October 09, 2006
CEO Seeks SEC Approval to Satisfy Fair Disclosure Requirement Using Websites and Blogs
Excerpt of letter sent by Sun Microystems, Inc. CEO Jonathan Schwartz to SEC Chairman Christopher Cox, on October 2, 2006:
"As adopted, Regulation Fair Disclosure's requirement of widespread dissemination can be met through the filing of a Form 8-K or "through another method (or combination of methods) of disclosure that is reasonably designed to provide broad, non-exclusionary distribution of the information to the public." (17 C.F.R Sec. 243.101(e)(2)) To date, the SEC has not taken the position that the Regulation's "widespread dissemination" requirement can be satisfied through disclosure through the web-postings alone. While that may have been a pragmatic approach in 2000, we believe that the proliferation of the Internet supports a new policy that online communications fully satisfy Regulation FD's broad distribution requirement." [The full text of this letter was posted on Jonathan Schwartz's blog, along with a preface in support of disseminating financial disclosure data via a company's website or blog.]
“Sure we're responsible for Security, but that doesn't mean we know how to make things secure!” Among other things, they don't have an inventory of their laptops. How will they know when one if stolen?
http://www.bespacific.com/mt/archives/012724.html
October 09, 2006
DHS OIG Audit of Agency Laptop Security
(U) Office of Inspector General Laptop Computers are Susceptible to Compromise (Unclassified and Redacted) OIG-06-58 (PDF, 48 pages), released October 2, 2006.
http://www.f-secure.com/weblog/#00000991
Swiss Government Investigates VoIP Tapping
Posted by Stefan @ 08:10 GMT
The Swiss Department of the Environment, Transport, Energy and Communications (UVEK) has started an investigation to determine the possibility of using software to tap VoIP phone calls.
A software prototype to do this has been developed by ERA IT solutions. It doesn't seem that the software would decypt any of the VoIP traffic itself. The software is a client side application that would listen to the computer's microphone and speakers to record the VoIP calls. The recordings made would be passed back in small packages over the Internet to the police authority. Two solutions to install the software on a suspect's machine have been presented. The first - police covertly install it locally. The second - the suspect's Internet service provider installs it remotely over Internet. How the later solution would be implemented is unknown to us.
If you understand German you can read more at SonntagsZeitung otherwise bablefish can assist you.
F-Secure will most likely add detection for this software if we find it used in the wild. We have previously made a statement about government developed spying programs.
Just waiting to happen...
http://techdirt.com/articles/20061009/161627.shtml
Diebold Machine Didn't Count Votes, But Diebold Says Not To Worry: They Can Tell You The Actual Vote Totals
from the whoops dept
The situation in Maryland with Diebold voting machines already looked pretty bad with no real fix in sight. However, they're apparently even worse than we had assumed before. Tim Lee, over at The Technology Liberation Front points us to a story on Avi Rubin's blog, posting an email from a Chief Judge for the recent problematic election. Turns out that one of the Diebold machines at his site recorded zero votes on the memory card for the election, despite the fact that fifty-five people were logged voting at that machine. There was no warning or error message on the machine that would have, you know, let anyone know that the machine shouldn't be used or their votes wouldn't be recorded. While in the end, they were able to recover the votes by looking at the additional on-board memory (not the memory card) on the machine, Rubin points out all of the problems with this method, including the fact that they're reliant on Diebold to recover these votes and provide an accurate tally. Once again, this seems to highlight just how many problems there are with these voting machines and should make everyone question why we're rushing them into the voting booths so quickly, without adequate tests.
Funny! (I hope)
http://www.freesoftwaremagazine.com/node/1787
5 ways to save on your monthly software rental bill in the year 2056
By Scott Carpenter Online on: 09/10/2006
Tools for the frequently lost?
http://digg.com/gadgets/GPS_Google_Maps_Mash_up_in_42_lines_of_code
GPS + Google Maps Mash-up in 42 lines of code
chrisek submitted by chrisek 11 hours 40 minutes ago (via http://regexp.bjoern.org/archives/000186.html )
Here is a quick and dirty hack to perform mobile GPS-referenced Google Map searches on your laptop (e.g., where's the next coffee shop around here?). 42 lines, about half of them comments. I put this small demo together for last weekend's Silicon Valley Code Camp to show how easy it is to get up and running with GPS for your own projects.
Want people to think you have expertise?
http://webworkerdaily.com/2006/10/09/work/
Small Businesses go to Work.com
This entry was posted on Monday, October 9th 2006 (12:01am) by Liz Gannes.
Business.com is launching a user-contributed small-business manual today at Work.com. The site already hosts more than 1000 guides dealing with contracts, accounting, financing, et cetera. Most guides are super basic, but the provided templates generally render them well-organized. And offering all this information as a website is definitely more proximately useful than yet another paper how-to book.
The deal is: anyone and everyone can contribute a guide about some aspect of running a small business. Each new guide goes live unedited, and then an editorial staff swoops in to suggest changes and give an initial rating on a scale of 1 to 10. Jake Winebaum, CEO of Business.com, told us he expects contributors to be motivated by the promise of being considered an expert as well as the opportunity to feature a link to their own websites. For now, he has no plans to share advertising revenue with guide creators.
Though Winebaum likes to call the guides “workis,” they are not at all true wikis in that users can not freely collaborate on a page’s content. The best they can do is offer a comment and a rating. To avoid spam and unhelpful self-promotion, low-rated guides get pushed down out of search results.
For starters, we enjoyed the “Guide to Low-Cost Businesses You Can Start,” “Guide to Incorporating a Business,” and “Guide to Doing Business in Ghana.” Most guides aren’t more than a simple jumping-off point, but hey… sometimes that’ll do. Let us know in the comments if you find a certain guide helpful or create a guide yourself.
No comments:
Post a Comment