Thursday, August 29, 2002

[Brown Eyed Girl] seems to be collecting horror stories from real life.  QUOTES Danielle Kousoulis, 29, worked on the 104th floor of the World Trade Center's north tower as a vice president for Cantor Fitzgerald. She signed a lease on a $2,500-a-month loft apartment 10 days before a hijacked plane crashed into her workplace. In a letter this month, landlord Denise M. Lyman claimed she was an unpaid creditor and threatened to take Kousoulis' family in Haddon Township, N.J., to court. The New York Daily News reported that one of the complaints against the dead woman was that she failed to give three-months notice that she was leaving." UNQUOTE [Brown Eyed Girl]   11:59:25 PM

[Boing Boing Blog] QUOTE Jediology big in Australia. "More than 70,000 Australians identified their religion as Jedi, Jedi Knight or Jedi-related in last year's national census." Link Discuss (Thanks, Howard!) QUOTE [Boing Boing Blog] There's a lot of this around the western world, partly in protest to the notion that a person's private beliefs should be a matter of public record. 11:02:28 AM

[Blogfish] QUOTE Uncover the real WINNT killer. Last Friday I got to work and was greeted by mr. blue screen. After rebooting a couple of times only to see the message "kernelos32.exe is either missing or corrupt" I asked our sysadmin for help. "Your Winnt directory is missing" he told me. What? "It's not there. What were you doing that caused this to happen?" That last inquiry has propelled me into a virus hunt that will uncover the real WINNT killer. Just jotting down one possility I saw on FuzzyBlog: Microsoft said Thursday that "critical" security lapses in its Office software and Internet Explorer Web browser put tens of millions of users at risk of having their files read and altered by online attackers. The world's leading software maker said that an attacker, using e-mail or a Web page, could use Internet related parts of Office to run programs, alter data and wipe out a hard drive, as well as view file and clipboard contents on a user's system. I never thought viruses actually wiped out hard drives. I never even knew someone who knew someone who had an aunt whose entire hard drive was wiped out. Does this really happen? QUOTE [Blogfish] Alison You need to Check the anti-virus hoax pages to find out what your exact situation is.  There are viruses that say you have some problem other than what you really have.  There are virus hoaxes that say there is this file that the anti-viruses can't detect & if you find it on your system you need to delete it, but it is really a file you need to run your system, so you follow the hoax instructions, delete the file, and now your system really is crashed.  Even though you may be too wise to fall for this, some co-worker might not.  Millions of dollars have been ssiphoned from American Businesses because the Nigerian Scam is sent out very much the same way as computer viruses are distributed.  Anyone who can fall for a hoax, can fall for a financial con game.  I have a lot more faith in the anti-hoax anti-virus vendors than I do in the outfits that supply the software, or the people in charge of computer systems in corporate America.  http://www.vmyths.com/ Truth About Computer Virus Myths & Hoaxes Check my guide to the basics of personal computer security posted Aug 15.  I can send you by e-mail attachment the Word document I am referring to.  I just do not want to put into general circulation a working document that has tons of links where I have not asked permission to quote people, and do in fact quote without attribution, because I figured out netiquette after I started on the document.  Ask me to send you my Computer Security Myths document.  I try to avoid sending people as e-mail attachments something I think would be of interest to them, because of the high risk of a virus in any attachment you were not expecting. I have a few other Security documents I can share.  Mac Policy doc is a barely begun outline that spells out the philosophy of what I want to accomplish with my Computer Security Essays.  There are some risks that I must not detail because the cyber terrorists have not yet figured out how to do those things.  I want to communicate at a level that anyone can understand, non-technical or technical, not talk down to people, avoid bashing any vendor, and avoid getting in an arguement.  I will let someone else's documents bash vendor practices that put us at this kind of risk.  Getting this work to the web was one of the reasons I started my Radio Weblog.  I wanted to learn what could be done, get good at it, then select presentation method.  I leaning towards a separate category on a separate host with Instant Outlining. There is one that I downloaded from Europe that explains Banking practices and why Identity Theft is so prevalent.  Ask for my e-fraud document.  I did a series of messages (#s 3258 3261 3293 3314 3341) at http://groups.yahoo.com/group/TYR basically spelling out that the situation with a lack of Internet Privacy has been permitted to deteriorate a lot worse than most people realize, but for each hazard there are things that people can do to mitigate the risks. I was planning to expand on these but then thought that my Computer Myths approach was a better way to hopefully contribute to customers of computer systems putting an end to this idiocy. I also plan to incorporate these TYR posts into my eventual FAQ on Computer Security Common Sense. An earlier effort was via http://www.TechRepublic.com/forumdiscuss/thread_detail.jhtml?thread_id=20600  go to the archives of http://www.year2000.com/ecommerce and search for the post I made called "Computer Myths" When you are past this crisis, go visit Internet Storm Watch http://www.incidents.org/isw/iswp.php  Basically they have software so that people's Firewalls can send copies of Intrusion Logs to this outfit.  They merge logs & sort by where the trouble is originating & notify the ISPs of the hackers & work with law enforcement to track the hackers down & put them out of business.  This is a beautiful concept & I betcha a lot of people are not aware that this is going on, such as the people making federal government pronouncements these days about computer security.  http://www.radium.ncsc.mil/tpep/epl/epl-by-vendor.html There is such a thing as a secure computer system. There is such a thing as a computer system that can be made secure. Various government agencies, such as the military, have some standards for security that computer systems that they buy & install need to meet.  Then a new bunch of people get elected and want nothing to do with the work that was done by their enemy in the political party that was in charge before, and they reinvent the wheel. Here is a directory of secure systems by vendor. Some vendors are conspicuous by their absense. Some vendors that are here, I would study the small print with great interest. There are technical documents here explaining ..if you get such & such a system that can be made secure ... how to go about doing so. If you reading this and you really in government, politics, law enforcement, and saying Oh Al, you too cynical, but this stuff is constructive, then prove to me you really are in a position to change policy or to go after the computer criminals (I not going to send some of my stuff to malware creators pretending to be cybercops), I could send you as an e-mail attachment collection of some posts I have made to Government sites soliciting Security Tips, such as what I think needs to be done about Terrorists and Airport Security.  My Air Security to FBI document is what I posted 10 days after 9/11 after I calmed down and checked phraseology and elegance of my writing. My Security Gov document has what I sent to the Gore commission back when there were all the arsons of Black Churches, the terrorist attack in Atlanta GA, and some suspicion that an American airliner had been brought down by a surface to air missile. My Cyber TV Word document has collection of places allegedly selling illegal consumer electronics, through spam, which I want to share with any law enforcement that really wants to crack down on such places.  When I see spam that seems obviously for some illegal enterprise and they stupid enough to give name of place to send money to, I think in terms of starting such a collection of places to share with law enforcement, if we can ever figure out how not to drown them in millions of spam forwards. Lobby inside your corporation to get a real computer security audit, or to have your annual financial auditors do a computer security audit.  It does not matter if you run your biz on Microsoft Operating System, one of IBM's, Unix, Linux, etc.  You can get a competent audit.  There are audits designed for major ERP packages.   Check out  http://www.pentasafe.com ... basically IS security management lets them load this thing that rattles your computer door knobs and gives a report on how many insecure entrances you have, and makes computer security policy reccommendations based on where your biz is most at risk.  It does not provide any info that would help the bad guys, and it communicates at a level understandable to non-technical management. Here is a place for computer security technical professionals http://groups.yahoo.com/group/e-com-sec/  http://www.ifccfbi.gov There is a depth to this computer fraud complaint operation that goes beyond what is apparent to most consumers.  Law enforcement individuals doing investigations can post here that they are interested in a particular business, web site, suspect, etc. then there are regular searches to see if two or more policepersons expressed an interest in the same suspect, within the last 24 hours & an e-mail is sent to introduce them to each other.   Computer crime is global.  The victims are global.  Law enforcement personnel could be working in duplicate investigations except for this cooperative venture.  http://www.icsa.net/html/labs/  I think I have the right link here.  I found this outfit when researching what firewall to get for my home PC.  They have firewalls from 40 some outfits on PCs connected to the internet & they continuously bombard them with every piece of nonsense the malware people come up with.  What they are doing is quality testing the fact that the firewalls really do what they are advertised to do.  Many popular brand names are conspicuous by their absence from the list of firewalls that do in fact do what they are advertised to do. One of my computer security e-mail contacts sent me his Computer Security Glossary that spells out his honey pot strategy for keeping an intruder distracted long enough to back trace him.  I personally feel people time better spent keeping the intruders out in the first place, but my view is a minority in the West today. Another contact sent me copy of Halcrow's draft policy on corporate Computer Security Policy. I am collecting goodies like these, and then can share some with other people making similar collections. 10:33:08 AM

I have been trying out RandomFreshBlog from [Philringnalda] and if this stuff is truely representative of the broad spectrum of everyone who blogs, then I agree that the overall quality is rather high.  However, I think we need a variation on this software so that we can opt out of stuff that is in a foreign language, and stuff that the randomizer already hit in the last hour. 2:23:51 AM

[Bruce's Computing Category] passes on news of Radio's change to referrer visibility.  QUOTE A tiny change in Radio's aggregator makes referer logs more interesting. Please read this if you provide an RSS source for Radio users, and you watch your referer logs. Updated. [Scripting News] Well I don't watch my referer logs every day, but I do check them from time to time. UNQUOTE [Bruce's Computing Category] [Bruce's Place] shares a story QUOTE Dead Men Tell No Passwords The man in charge of some of Norway's most precious electronic documents died without divulging the way to access them. A plea to hackers to help crack the system is out. By Michelle Delio. [Wired News] UNQUOTE [Bruce's Place] If the security works, why break it?  If the documents cannot be accessed, and the only person who knew how to access them died, then it is as if the data was in the man's head and he died.  There is something wrong with this picture.  Where I work, I have some computer security responsibilities, but they are not exclusively in my head.  With each new boss, I ask if I can give a briefing on what kind of computer security we have, and what to do if I get run over by the proverbial union truck.  One of my suggestions is to provide on paper, a list of the most secret passwords to get into such things as computer security itself, then that paper is to go in an envelope in the safe of our corporate lawyer or auditor or some outside firm that we have some confidentiality agreement with, then if anything happens to me or my boss, there is this backup of the most important corporate stuff that is in our brains.  When I change the master security access codes, I tell my boss that I did so, and why I did so. After a new boss has been on board a year or two, I ask if I can give a briefing on the strengths and weaknesses of our computer security.  We do get intruder alerts, and I notify the managers involved.  For example, executives are out to lunch, and some unknown person is in their office trying different password combinations, then the computer security kicks in and pulls the plug on that work station (you only get a certain number tries to forget your password, then computer security makes certain automatic assumptions), then a few minutes later history repeats at the next office down the hall.  Then a few hours later, I am reviewing the system message logs and discover the fact that this was happening.  I have made some changes to the system logging so that we discover this kind of stuff faster. 1:55:33 AM

Geek Beauty & everyone else's poetry and eye candy, except for the porno-lovers of course.  I just love this stuff.  How much disk space do pictures take up on servers?  The equivalent of 1 k words I suspect.  Here is a site with art collage inspired by the X-Files, and since this site identifies picture of self, it probably has a human helper, because where is a keyboard paws-friendly? That reminds me of some humor about our furry friends. Cat Physics Presented at the Institute of Theoretical & Applied Cat Physics, forwarded to Al by iVillager Graceanne and Gary.Holliday 1. Law of Cat Inertia A cat at rest will tend to remain at rest, unless acted upon by some outside force, such as the opening of cat food, or a nearby scurrying mouse. 2. Law of Cat Motion A cat will move in a straight line, unless there is a really good reason to change direction. 3. Law of Cat Magnetism All blue blazers and black sweaters attract cat hair in direct proportion to the darkness of the fabric. 4. Law of Cat Thermodynamics Heat flows from a warmer to a cooler body, except in the case of a cat, all heat flows to the cat. 5. Law of Cat Stretching A cat will stretch to a distance proportional to the length of the nap just taken.  6. Law of Cat Sleeping All cats must sleep with people whenever possible, in a position as uncomfortable for the people involved as is possible for the cat. 7. Law of Cat Elongation A cat can make her body long enough to reach just about any countertop that has anything remotely interesting on it. 8. Law of Cat Acceleration A cat will accelerate at a constant speed, until he gets good and ready to stop. 9. Law of Dinner Table Attendance Cats must attend all meals when anything good is served. 10. Law of Rug Configuration No rug may remain in its naturally flat state for very long. 11. Law of Obedience Resistance A cat's resistance varies in inverse proportion to a human's desire for her to do something. 12. First Law of Energy Conservation Cats know that energy can neither be created nor destroyed and will therefore use as little energy as possible. 13. Second Law of Energy Conservation Cats also know that energy can only be stored by a lot of napping. 14. Law of Refrigerator Observation If a cat watches a refrigerator long enough, someone will come along and take out something good to eat. 15. Law of Electric Blanket Attraction Turn on an electric blanket and a cat will jump into bed at the speed of light. 16. Law of Random Comfort Seeking A cat will always seek, and usually take over, the most comfortable spot in any given room. 17. Law of Bag / Box Occupancy All bags and boxes in a given room must contain a cat within the earliest possible nanosecond. 18. Law of Cat Embarrassment A cat's irritation rises in direct proportion to her embarrassment times the amount of human laughter.  19. Law of Milk Consumption A cat will drink his weight in milk, squared, just to show you he can. 20. Law of Furniture Replacement A cats desire to scratch furniture is directly proportional to the cost of the furniture. 21. Law of Cat Landing A cat will always land in the softest place possible. 22. Law of Fluid Displacement A cat immersed in milk will displace her own volume, minus the amount of milk consumed. 23. Law of Cat Disinterest A cat's interest level will vary in inverse proportion to the amount of effort a human expends in trying to interest him. 24. Law of Pill Rejection Any pill given to a cat has the potential energy to reach escape velocity. 25. Law of Cat Composition A cat is composed of Matter + Anti-Matter + It Doesn't Matter. 26. Law of Selective Listening Although a cat can hear a can of tuna being opened a mile away, she can't hear a simple command three feet away. 27. Law of Equidistant Separation All cats in a given room will locate at points equidistant from each other, and equidistant from the center of the room. 28. Law of Cat Invisibility Cats think that if they can't see you, then you can't see them. 29. Law of Space-Time Continuum Given enough time, a cat will land in just about any space. 30. Law of Concentration of Mass A cat's mass increases in direct proportion to the comfort of the lap she occupies. 31. Law of Cat Probability (Uncertainty Principle) It is not possible to predict where a cat actually is, only the probability of where she "might" be. 32. Law of Cat Obedience As yet undiscovered. 1:37:47 AM

[Delaware Law Office] tells us that the reasons the FDA is suing the RED CROSS include QUOTE the Red Cross: -- "Continues to accept donors who have not completed the health history questionnaire, including those who leave unanswered the question designed to detect those at high risk for HIV/AIDS." -- Accepts blood from donors with very low blood pressure and those who have given within the past eight weeks, putting them at risk of adverse reactions including anemia. -- Has "lax inventory control," including "losing blood products" and "distributing unsuitable blood products." I'm wondering that, if not for the press reporting about the lawsuit, would we have heard anything about these ongoing troubles between the FDA and the Red Cross. posted UNQUOTE [Delaware Law Office] This on top of all the coverage by Fox News and others about how the Red Cross apparently has a disconnect between who they are collecting donations to help, and whol actually gets their help. 1:30:08 AM

The Bush administration is calling for a centralized Network Operations Center (NOC) to coordinate cyber-security warnings, says this week's e-week.  Previously Computer Security has been voluntary and optional, but the feds want corporations to disclose what they are doing, if anything, towards that goal.  The feds do not know if there is any such thing as secure wireless technology, and if none, no federal agency is to buy any.  I wonder what the military will do to communicate with planes in the sky and ships at sea, if this ban goes into effect. Wednesday = no posts except updates to some stories and categories (access my collection via Radio url number system) because my health was temporarily impaired (I suspect a new food allergy ... as we get older, our body discovers new things to complain about). Tuesday topics:  Blog Education; Computer Illiteracy; Current Events; Politics; Quality; Tara Sue Grubb vs. Howard Coble; 12:44:55 AM

© Copyright 2002 Al Macintyre.