That is, if you actually need more reasons for distrusting Verisign...

VeriSign ConfigChk ActiveX Control Buffer Overflow Vulnerability

iDefense Security Advisory 02.22.07
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 22, 2007

I. BACKGROUND

The ConfigChk ActiveX Control is part of VeriSign Inc.'s MPKI, Secure
Messaging for Microsoft Exchange and Go Secure! products. It looks for the
Microsoft Enhanced Cryptographic Provider in order to support 1024-bit
cryptography.

II. DESCRIPTION

Remote exploitation of a buffer overflow vulnerability in VeriSign Inc.'s
ConfigChk ActiveX Control could allow an attacker to execute arbitrary
code within the security context of the victim.

The ActiveX control in question, identified by CLSID
08F04139-8DFC-11D2-80E9-006008B066EE, is marked as being safe for
scripting.

The vulnerability specifically exists when processing lengthy parameters
passed to the VerCompare() method. If either of the two parameters passed
to this method are longer than 28 bytes, stack memory corruption will
occur. This amounts to a trivially exploitable stack-based buffer
overflow.

Original advisory here

In the onion's words:

"After months of aggressive campaigning and with nearly 99 percent of ballots counted, politicians were the big winners in Tuesday's midterm election, ..."

While not exactly anticipating this, it was always clear that this idea needs some Tender Loving Care in form of a swift kick in the ass.

Some British researchers have found out how to defeat (some of) the Chinese Internet-censoring infrastructure: The keyword blocking system doesn't block packets. Instead it sends RST packets. Which you needn't heed. Nice.

"Think of it as the Harry Potter approach to the Great Firewall - just shut your eyes and walk onto Platform 9 3/4."

You want plussed addresses, as in yourbox+anything@yourdomain, reach you so that you can presort the junk?

Easy - if you have a Real Mail System. Like sendmail, postfix, exim, qmail or anything else that has come into contact with reality and the relevant rfcs. At worst it's one config entry for the server, at best it works out of the box.

If however you're stuck with MS Excrement Sewer, then you're either totally fucked (older versions) or you need this gem of hideously horrible bloated vbscript "event sink" thingie that sort-of-retrofits the capability. Because the Redmondian Loonieware Doesn't Do Wildcards or anything else that's even remotely useful.

I hate the corporate idiots who made the decision to dump our fully functional email system here @ work to bring in the MS dreck. I HATE YOU!

The Australian Copyright Agency (an extortionist gang with official backing who fleeces schools for "photocopying fees") now claims to own the web. All of the web. And they want some MONEY!

Eh? Now what copyright do they have to my ramblings, for example?

Link to the story

This is from the Houston police chief, who wants surveillance cameras in apartment blocks and private homes:

"I know a lot of people are concerned about Big Brother, but my response to that is, if you are not doing anything wrong, why should you worry about it?"

Hellooooo? Any brains left? Apparently not.

Westpac, one of the big banks here down under, recently added some "features" to their online banking to "provide added password protection". As both their IT and security people are brainless monkeys on crack, the "added protection" is reducing both security as well as usability in a major way. Quite an achievement to fuck up that grandly, I'd say.
click here for the rest of the story...

This planet is going down the drain big-time, and 2006 does not really show any hope of change for the better. Where's that plague that takes out all the politicians in one big die-off? We need that NOW, dear geneticists! Or maybe there's a genetic predisposition towards public office and cronyism, with a prenatal test so that these bastards can be aborted before even taking their first lying breath? Ah, sweet fantasies...

An example of why I'm pessimistic: on one hand, voting machines in Wisconsin will now have to be open-source by law, but on the other hand merely annoying somebody online without disclosing your full identity can land you for two years in prison in Bush's kingdom. Sweet. It's good I'm not living there as I'm vocal about them all being fuckwits. That of course includes Mr. Howard and his cronies.

I did mention the need for a diy zapper for rfid chips some time ago, and the CCC people deliver: it seems to be super-trivial to make single-use cameras into zappers: the flash capacitor is massive enough to drive a simple coil which blows the chip permanently.

This is from Eliot Weinberger's brilliant essay titled "What I Heard about Iraq" which he recently updated with 2005's lies.

This world is such an obscenely fucked up place it hurts to even start thinking about it...

It's not an Aussie politician saying that - it needs to be said here as well - it's Russ Feingold whose fellows in the US senate have voted not to extend the Patriot Act. Good on them, I say!

Mr. Feingold seems to have an unexpected amount of real spine for a politician, and his statement reads very nicely:

"Trust of government cannot be demanded, or asserted, or assumed, it must be earned," the senator said. "And this government has not earned our trust. It has fought reasonable safeguards for constitutional freedoms every step of the way. It has resisted congressional oversight and often misled the public about its use of the Patriot Act. And now the Attorney General is arguing that the conference report is adequate 'protection for civil liberties for all Americans.' It isn't."

Somewhere I've heard the quip that these are signs of "sanity breaking out" - if only that was true!

So the new Austrian Passport Law allows for biometric crap and contact-less reading; the Ministry of Truth is already planning to use this to create a central database of fingerprints of everybody. Bastards; and not with me (at least not until 2015 when my current passport runs out).

Link to the standard article

Ah, the joys of Scottish anarchopunk by Oi Polloi; comes quite handy when you read the mags on what the bastards in Redmond and Hollywood are cooking up again.

Ed Felten has an interesting (if you want to puke) piece on the unholy alliance at work: your Vista PC would be their PC. (Of course, if you're foolish enough to run their hole-riddled pieces of bloat you might very much deserve it.)

This recent Boingboing article outlines another goodie: your monitor will show fuzzy crap unless you pay the Hollywood Hoodlums.

Well, to that I say 'fuck them all!'. The MS Weenies and the Hollywood Hoodlums will certainly be the first against the wall when the revolution comes...

Well, not just yet. But the data retention plans of the EU mean that all the things you do online would have to be stored and available to the uniformed fuckers unconditionally.

It would be a good idea to sign the petition against said lousy plan.

(However, realising that this world is currently in a very Kafkaeske downward spiral, signing won't help; we need something more like a plague that kills 99% of all politicians to improve matters. Gene tech wizards, that would be a good project for you fellows!)

Kudos to Michael Lynn. Full Disclosure at its best and the corporate scumbags at Cisco and ISS deserve what they get.

So let's share this gem of corporate hushing up.
Links to Cryptome's comments and mirror, Bruce Schneier's comments and the latest Boingboing article on the topic

Boss-speak for beginners:

He/she/it says:

"...strategy..."

"...commitment..."

means: "We've got a short memory and we lie whenever we open our mouthes and of course we've never said anything like that."

"...focus..."

means: "We've got no plan, no clue, no skills BUT we've got a fumes-addled vision."

Do you really want to know more?

"Wiens Erzbischof Christoph Schönborn setzte sich in der New York Times vom 7. Juli in einem Kommentar an die Spitze einer Bewegung, die die Evolutionstheorie nicht nur anzweifelt, sondern als unwissenschaftlich ablehnt."

Link zum artikel im standard

The murkins are one truly fucked-up society, with an even worse legal system. One of the recent bad moves of said legal system was to allow seizure of private land if giving it to another sucker would generate more revenue for the city/state/gvmt.

Now a private developer is using this decision to get a hotel built on one of the responsible judges' private land. How very sweet! I would so very much love to see that actually happening. (Yeah, as if there was any chance of the corrupt bastards bending over. But one can dream.)

says R.S. McNamara in The Fog of War. His fellow citizens in the U.S. of Jesusistan don't believe in proportionality anywhere: 3-10 years of jail for making a copy of a movie. The act which has just been passed (with a big majority...) is called FECA -for "Family Entertainment and Copyright Act"- and the title is a perfect example of doublethink. They've all got FECAl matter for brains.

Link to the Heise article (german, can't be bothered looking for an english source)

Just read this at BoingBoing: A high-school student writes zombie story for english class. About an unnamed high-school being run over by zombies.
click here for the rest of the story...

The murkin legal system is utterly fubar'd: having an ad-blocker setup for your browser is illegal according to the letter of the law as it's "contributory copyright infringement" not to watch all the blinking lies.
click here for the rest of the story...

Googling for "Abu Ghraib" images returns only whitewashed crap, whereas Yahoo has the evidence in full gory beauty.

Adding "abuse" or "torture" as keywords brings forth more precise stuff at Yahoo, but zip improvement at Google.

No way Google mislaid these images accidentally. "The most comprehensive image search on the web" my ass...
Source: cursor

...says Terry Jones, ex-Python, in this commentary in The Guardian about why the tsunami got a lot of donations and (crappy) publicity while the Iraqis suffering a fate of similar dimensions get nothing (except more opression).

Cynic that I am, I find this not baffling at all: Drowned corpses caused by mother nature look better on screen than showing the results of American hubris. Dead soldiers can be done away by statistics, dead civilians aren't counted so they don't count, and for the veneer of a conscience let's quietly publish some acknowledgement of having no clue.

After three years of imprisonment, (quite likely) torture and certainly lots of illegal shenanigans perpetrated by the governments involved, Mr Habib is finally coming home to Oz. (Where he will be under further surveillance and subject to official harassment, despite none of the scum at the top having enough evidence for any kind of real trial...)

And all the bonsai shrub had to say is:

Mr Howard said yesterday he would not apologise or offer compensation to Mr Habib, who has spent the last three years in Guantanamo Bay for suspected terrorism and will be released within two weeks. Nor had he questioned the right of the Americans to apprehend Mr Habib in the first place.

...

Asked whether it was appropriate for an Australian prime minister to allow an Australian to be locked up for three years in a foreign country without proper legal rights, Mr Howard said: "I think the process took too long and we have made that known in very plain terms to the United States."

(cartoon by Peter Nicholson)

Amazing. An aviation security guy who actually has reasonable ideas about security and how not to approach the issue. I don't find it surprising that the country in question is NZ.

Source: Bruce Scheier's blog

This is all very depressing, disturbing, disgusting, rotten and Wrong. I hate oppression and totalitarianism, and the news (except the mainstream bootlicker media of course) is full of stupid assholes in power - it's so depressing.

So, do I have to burn off my fingerprints now or can that wait a couple of months? Is the RF-safe wallet the next thing I'll have to buy? Or an RF-safe overall, to be worn like a decon suit over all your RFID-infested clothes? Is ThoughtCrime next on the WIPO agenda?

What a bloody lousy outlook.

It was trivial (quel surprise).

Some Indymedia servers had been confiscated in October, with no reason given. EFF and Indymedia filed for disclosure of the reasoning behind that, and all they got was:

• it's your gear but you lack standing to contest the seizure,
• an unnamed foreign government made us do it,
• the unnamed foreign government's rights trump the bill of rights,
• and we're waving the ever-useful "it's because of terrrrorrrism" card, so get lost.

So the US finally have joined the ranks of dictatorial banana republics. Well, I wasn't planning to go there ever again anyway.

Indymedia articles
EFF articles

Well, he's gone now. The next fashist bastard is certainly already waiting to undermine what's left of the 'murkin democracy.

"The danger I see here is that intrusive judicial oversight and second-guessing of presidential determinations in these critical areas can put at risk the very security of our nation in a time of war," Ashcroft said... "Courts are not equipped to execute the law. They are not accountable to the people," Ashcroft said.

Link to the boingboing article