My Archives: January 2006

Tuesday, January 31, 2006

I do not, and will not, own an iPod. I think the Consumer Council of Norway has adequately summarized my reasons (as reported in The Register):

"ITMS [iTunes Music Store] can change the Ts&Cs [terms and conditions] governing music after it has been purchased. That, the CCN said, is 'a violation of basic principles of consumer contract law'.... [C]onsumers are prevented from claiming damages if iTunes should create a breach of security that that could be exploited by hackers or malware... Consumers are forced to play downloaded music on an iPod - attempts to use other portable players require the removal of a song's DRM protection, a process banned by the Ts&Cs. The CCN reckons this runs contrary to copyright law's fair use provision."

I also agree with Simon Phipps' objections to DRM (some overlap with the above). He adds a point I hadn't considered: if widely adopted, Digital Rights Management will condemn us to the slow loss of our culture's music (and film):

Posted by brad @ 07:09 AM EST [Link]

Monday, January 30, 2006

I recall an exchange in Atlas Shrugged that went something like this: "If you had a broken leg, you'd pay a doctor to set it." "Not if he was the one who broke it."

Microsoft is now trying to sell users on an upgrade to Windows Vista because — wait for it — the security of Windows XP is so bad.

So, let me see if I understand their marketing plan. First, sell a shoddy product. Then, tell customers the product they just bought is shoddy, and they need to buy the new and improved model. Repeat as necessary.

With their confessed ineptitude at security to date -- and a long list of Windows versions to demonstrate it -- why should anyone believe that this Windows will be magically different? (Didn't they say that about XP?)

Here's a tip, guys. "Security" is not your strongest selling point.  —brad

Posted by brad @ 07:04 AM EST [Link]

Sunday, January 29, 2006

Feburary 3rd is going to be ugly. F-Secure reports that over half a million computers have been infected with the Nyxem virus. On the 3rd, these computer owners are going to lose all of their DOC, XLS, MDB, MDE, PPT, PPS, ZIP, RAR, PDF, PSD and DMP files. Of course, some of those computers may have been disinfected by now...but odds are most of them haven't.

And now some musings of my own, which originated in my latest eBay purchase. [more]

Posted by brad @ 06:16 PM EST [Link]

Thursday, January 26, 2006

Zone Labs says the "phone home" that was discovered in its Zone Alarm firewall is a bug related to its automatic update feature, and does not compromise any of your PC's or your personal information. Which is a relief, if true. I'm waiting for independent confirmation.  —brad

Posted by brad @ 12:32 PM EST [Link]

Wednesday, January 25, 2006

Windows users: I'm sure you've heard by now that there's a new virus circulating, which will delete your documents on February 3rd. Now would be an excellent time to update your anti-virus signatures, if you haven't been doing so regularly.

And lest the Linux users start feeling superior, note that the popular KDE system has a JavaScript bug which affects the Konqueror web browser. Time to update your packages.

This is probably an opportune moment for me to recommend this excellent article from The Register, on the benefits of a multi-layered defense...and why the last line of defense is an alert user.

Alas, quis custodiet ipsos custodes? I thank L.W. for passing on this item, about how the Zone Alarm firewall "phones home" with data about your activities. You can block this by a simple edit to your hosts file...but I don't think I'll be recommending Zone Alarm in the future.

This, unfortunately, is the risk you run whenever you install software written by someone else. The best way I know to mitigate this risk is to have all of the source code, and all of the development, out in the open. For closed-source code, we can only rely upon the diligence of independent security experts and the tech media.


Posted by brad @ 08:09 AM EST [Link]

Monday, January 23, 2006

An update from Bob Harris: if you put the text of the Fourth Amendment into Microsoft's search engine, you get "We couldn't find any results."

Do you suppose this was another request from the Chinese?  —brad

P.S. In response to a query, no, I don't really believe Microsoft is blocking the Fourth Amendment from their search engine. I think their search engine is incompetent. Which means integrating MSN Search with Windows Vista is their only hope of grabbing search business away from Google. Fortunately, users of Firefox and Opera already have the search of their choice integrated with their browsers.

Posted by brad @ 08:27 AM EST [Link]

Sunday, January 22, 2006

This is such an entertaining idea that I had to share it. Bob Harris, one of the contributors to Tom Tomorrow's blog, upon hearing that the feds are trying to grab Google search records, decided to put the entire text of the Fourth Amendment into a Google search:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

You can perform that search yourself with this URL. Or do what Bob did and set it as the default web page for your browser, so that every time you launch your browser you leave one more search record in Google's database.  —brad

Posted by brad @ 10:17 AM EST [Link]

Saturday, January 21, 2006

Food for thought: Jeffrey Tucker looks at the decentralized and multifarious ways in which the free market provides computer security, and contrasts that with the rigid and uniform responses offered by a government agency.

As important as computers have become, there are interesting implications here. On a day-by-day basis the security of these machines is a far bigger matter than the threat of terrorism. Whether we like it or not, and regardless of ideology, we all depend on market competition to bring us not only innovation but also to protect us in our dealings with information technology. It is not a perfect solution. It can be messy and fallible. But the market is the strongest and best hope for security, and the alternative [bureaucracy] is unthinkable.

He's right: I wouldn't trust the government with the security of my computer. They'd be slow, unresponsive, uncaring, and invasive. (Imagine getting your antivirus signatures updated once a year...or having to give them your admin passwords.) So why does almost everyone assume only the government can provide physical security?  —brad

Posted by brad @ 09:42 AM EST [Link]

Friday, January 20, 2006

Do you suppose that Someone is trying to tell me something? Less than 12 hours after I read that God wants me to boycott Microsoft (and supposedly Apple*), I discover the Church Sign Generator to help spread the word.


* Just so you know, the Apple story is a probable hoax.

Posted by brad @ 09:28 AM EST [Link]

Thursday, January 19, 2006

Don't say you weren't warned. The feds are trying to harvest search records from Google. Google, to their credit, is fighting. (Hat tip to  —brad

Posted by brad @ 07:56 AM EST [Link]

Humor break: Ted Rall on the Alito hearings, Chuck Asay on reforming Congress, and Tom Tomorrow on "The Scandal Unfolds" a hat tip to L.W. for this Day by Day cartoon.  —brad

Posted by brad @ 07:39 AM EST [Link]

Wednesday, January 18, 2006

Not to intrude into Brad's territory BUT Calum Macleod offers tips to make yourself security against data breaches in '06.

Posted by mac @ 12:37 PM EST [Link]

In watching CNN this afternoon, I note the prominence given to the story of President Bush meeting with "victims of Hussein." Perhaps the President will now find time to attend the funeral of even ONE American killed in Iraq? Perhaps not. What would be the rating advantage in doing so?

Posted by mac @ 12:22 PM EST [Link]

Sunday, January 15, 2006

Thanks to Bruce Schneier's Crypto-Gram newsletter, I now have plans for an RFID-proof wallet...made of duct tape and aluminum foil.

I actually have a source for RF shielding fabric, but I lack the pattern (and the sewing skills) to make a standard nylon-and-velcro wallet. Looks like I'll have to buy a cheap nylon wallet and reverse-engineer it.  —brad

Posted by brad @ 03:23 PM EST [Link]

Saturday, January 14, 2006

Microsoft is denying that the WMF flaw is a deliberate backdoor...and some other security analysts agree. I'm keeping an open mind until someone gets to examine their source code.

Meanwhile, Microsoft insists this is not a "critical" flaw. The secret here is how Microsoft defines "critical": according to Gibson, "only if its exploitation could allow the propagation of an Internet worm without user action." (Emphasis added.)

In other words, according to Microsoft, if you innocently open an email -- or visit a web page -- and the simple act of doing so causes a virus to load which infects your computer, emails itself to all your friends, steals all your passwords, disables your CD-ROM drive, erases all third-party software, deletes your "My Documents" folder, emails a continuous stream of neo-Nazi spam, and starts a Denial of Service attack on, why, that's not critical. That's merely an "important" flaw. Because you had to take some action -- like clicking a link -- to start the process.

I grant that vulnerabilities which propagate without user intervention pose a greater threat to the Internet -- think of Slammer, Code Red, and Nimda -- but in my opinion Microsoft is pulling a bit of a con by labelling flaws which can steal your identity and reduce your computer to junk less than "critical".

Remember that when you hear Microsoft crowing about how few "critical" Windows vulnerabilities turned up in any given month.  —brad

Posted by brad @ 02:45 PM EST [Link]

Friday, January 13, 2006

Steve Gibson of Gibson Research has been examining the Windows WMF vulnerability, and has tentatively concluded that it is a backdoor deliberately inserted by someone at Microsoft. We won't know if it was a rogue programmer or an official action until we get a look at Microsoft's source code, and when that happens Satan will need a snowmobile. (Hat tip to Groklaw.)  —brad

Posted by brad @ 12:50 PM EST [Link]

Thursday, January 12, 2006

Thanks to Lee for a heads-up on this item. Your cellphone records are available to anyone, online, for a fee! AmericaBlog has a current post entitled "AMERICAblog just bought General Wesley Clark's cell phone records for $89.95." One company advertises a basic service: for "$110 - Up to 100 outgoing calls with dates within the most recent billing cycle. Incoming calls on request if available with carrier. (Will not be indicated as incoming on results, if incoming must be indicated the charge is double the order) No guarantee incoming calls will be included in report as they are not available with all carriers." Special requests are extra. The Chicago Sun-Times ran an article on Jan. 5th entitled "Your phone records are for sale" and, so, with the practice receiving greater exposure, the government may soon be cracking down on it. Which is the only thing worse than it being available for sale.

As a ham radio operator, I learned long ago to speak with discretion while broadcasting because many ears may be listening to my apparently "one-on-one" conversation. If I ever have something personal to communicate with another ham, I pick up a landline phone and use it. Indeed, I may be the last person in North America not to own a cell phone because I am too jealous of my privacy to throw personal conversations out into the ether. Correction, my husband and I may be the last two people....

Posted by mac @ 03:28 PM EST [Link]

A happy 100th birthday (one day late) to Albert Hoffman, the discoverer of LSD.  —brad

Posted by brad @ 11:56 AM EST [Link]

Wednesday, January 11, 2006

I was about to give Microsoft a grudging "attaboy" for rushing out an official patch for the WMF vulnerability, before the regular monthly überpatch. Then I learned that Windows XP machines downloaded and installed this patch even when their administrators had said not to. Whose computer is it, anyway?  —brad

Posted by brad @ 05:53 PM EST [Link]

Tuesday, January 10, 2006

As usual Chris Sciabarra hits a home run, this time in his essay "Libertarianism": Libertarianism is the political ideology of voluntarism, a commitment to voluntary action in a social context, where no individual or group of individuals can initiate the use of force against others. It is not a monolithic ideological paradigm; rather, it signifies a variety of approaches that celebrate the rule of law and the free exchange of goods, services, and ideas – a laissez-faire attitude towards what philosopher Robert Nozick (1974) once called ‘capitalist acts between consenting adults’.

Posted by mac @ 11:48 AM EST [Link]

A new post on the libertarian discussion BB associated with this site:

I am posting the attached article by the incredible Declan McCullagh under the "Personal" category because I know that many members maintain blogs, post and otherwise communicate under monikers and, so, may wish to change their personal e-habits or, at least, be aware of the possible consequences associated with maintaining those habits. The article opens:

"Annoying someone via the Internet is now a federal crime. It's no joke. Last Thursday, President Bush signed into law a prohibition on posting annoying Web messages or sending annoying e-mail messages without disclosing your true identity. In other words, it's OK to flame someone on a mailing list or in a blog as long as you do it under your real name. Thank Congress for small favors, I guess. This ridiculous prohibition, which would likely imperil much of Usenet, is buried in the so-called Violence Against Women and Department of Justice Reauthorization Act. Criminal penalties include stiff fines and two years in prison." [more]

Posted by mac @ 11:38 AM EST [Link]

I hadn't thought about this. Even if your cell phone does not include a GPS receiver, it's possible to get an approximate fix on your location by triangulating the signal strength from three cell towers...and the government has easy access to this information.  —brad

Posted by brad @ 09:27 AM EST [Link]

Friday, January 6, 2006

On the Reason blog, Matt Welch asks:

"Some self-described small-government conservatives and libertarians exasperatedly ask if critics of the policy understand that we're at war, and explain how this latest kerfuffle illustrates why libertarians should never be invited to the grown-ups' table when discussing foreign policy. I bring this up not necessarily to criticize supporters of George Bush's Executive-Power grabs, nor to play quien es mas libertarian (a game I generally lose), nor to belittle the real contributions to the debate they may have made during the previous go-rounds. But rather, I'm interested in breaking the cycle for a moment, stepping back, and asking the Glenn Reynoldses and Thomas Sowells of the world one question: How far is too far in the War on Terror?"

Good question. Read Matt's entire commentary on the Reason blog.

Posted by mac @ 11:01 AM EST [Link]

Thanks to Lee for sending along this blog post...
--Item: Words "Suicide Bomber" written in an airline passenger's journal lead to interrogation (turns out to have been the name of a song or music band).
--Item: Forgotten briefcase sets off bomb scare at a post office.
--Item: 4-year-old Houston boy on "No Fly List".

All this fear and paranoia does no good, because it won't stop the next terrorist attack. People should be more afraid of Bush & Co.'s spying on them, of the growing police state, etc., than the chances of a nearby stranger being an actual terrorist. [more]

Posted by mac @ 03:34 AM EST [Link]

Eavesdrop on this site's discussion BB where we are currently exploring the 'difference' between economic and civil liberties. This morning, I wrote in response to Elizabeth:

You raise an interesting point re: economics v. civil liberties. Of course, this is not a dichotomy in terms of theory because both economic and 'personal' rights derive from the same source of which they are merely two different expressions; the source is self-ownership. In psychological terms, however, I have noticed a big difference in the personalities and concerns of those who enter libertarianism because they are attracted to the economic theories as opposed to those who enter because they are attracted to the civil liberties. I fall into the latter category and I cultivated an interest in economics by convincing myself of how inter-dependent the two concerns are in practice as well as in theory. In short, I integrated the two areas, with civil liberties being my main focus. At this point, my economic theories are pretty much straight and predictable Austrian in the fashion of Rothbard, Mises, Hayek, etc. I doubt if I will ever make an original contribution in the area of economics because I view it. I use it merely as a solid springboard for social theory. [more]

Posted by mac @ 02:47 AM EST [Link]

Thursday, January 5, 2006

Humor break: Tom Tomorrow offers The Year in Review, part 1 and part 2.

He also offers "an equation for our times":


Posted by brad @ 06:54 AM EST [Link]

An interesting interview with Phyllis Chesler who has been a major force in pushing the gender feminist (GF) agenda for decades now. She is turning around and lambasting her sister-GFs as being sell-outs to academic and left prestige, etc. I don't much sympathize with her 'ringing the bell in the night' over how feminism has gone wrong since she is one of the reasons it went so many miles off course. Her media-proclaimed "brave" book that turns on GFs just as their movement is clearly dying raises my cynical shackles.. For one thing...Good timing! It is like buying a rising stock when it is low and then selling-short when you see an inevitable collapse. Of course, on Wall St., Chesler would be arrested for inside trading as she is in a position to influence the decline of the stock (GF) by publicly excoriating it. Her interview (and book) are one more indication that GF has lost its hold on society and will be fading fast in the next few years, leaving the rest of us to clean up the mess. Now its former leaders are trying to make a buck and preserve their prestige by distancing themselves from the failure that is their legacy.

Chesler's heart bleeds so profusely for 3rd world women that she is proposing "a feminist foreign policy." She criticizes GFs "because they refused to work with a Republican administration" and, so, shut themselves out of foreign policy. Aha...I begin to see where an enterprising ex-GF can make a new buck and acquire new prestige. I have a suggestion for Chesler; how about repairing the damage you have wrought to gender relations in your own society first? Oh, and when you express wrenching compassion for the poor and oppressed, may I suggest that your accompanying photograph not show you in a glistening evening dress with a glass of wine cradled in your hands? Actually, forget that last suggestion. It gives the reader important information.

Posted by mac @ 06:23 AM EST [Link]

Tuesday, January 3, 2006

A bit of good news: it seems that only Windows XP and Windows 2003 systems are vulnerable to the WMF exploit. eWeek's Larry Seltzer has been doing some testing:

It is true, as F-Secure says, that all versions of Windows back to 3.0 have the vulnerability in GDI32. But most versions of Windows are not quite as vulnerable as they appear. Except for Windows XP and Windows Server 2003, no Windows versions, in their default configuration, have a default association for WMF files, and none of their Paint programs or any other standard programs installed with them can read WMF files. ...

Therefore only consider applying the Guilfanov patch on Windows XP and Windows Server 2003. On other platforms, unless you have installed your own vulnerable default handler for WMF files, the likelihood of compromise even when a system is bombarded with malicious WMFs is low.

Note that the Guilfanov patch (also available from Gibson Research) only works on Windows 2000, 2003, and XP, so you can't install it on Windows 98 or ME anyway. But now it looks like 98/ME users don't need it.  —brad

Posted by brad @ 08:27 AM EST [Link]

Monday, January 2, 2006

Unix and Linux gurus have been able to do encryption for ages. Just compose the email in a text file, type the command line to encrypt that file, copy the new file into an email message, and send. Yech.*

In my Windows days, PGP functions could be integrated with Eudora...but I never got through the 70-page primer that I needed to configure it. Since my move to Linux, I've wanted an encyption package that is integrated with a Linux email client, easy to use, and easy to configure. I'm happy to report that I finally found one: Enigmail for Mozilla Mail and Thunderbird. [more]

Posted by brad @ 01:34 PM EST [Link]

Quote of the day:

"Any time you hear the United States government talking about wiretap, it requires - a wiretap requires a court order." — George W. Bush, in Buffalo, NY, April 20, 2004...two years after he had authorized wiretaps without a court order.


Posted by brad @ 09:08 AM EST [Link]

Sunday, January 1, 2006

Windows users, listen up: this new "WMF" vulnerability is seriously bad news. Exploits have been discovered circulating which use it to install keystroke loggers (there go your passwords!) and other spyware. If an infected image arrives as an email attachment, simply viewing it, viewing its folder, or indexing it with Google Desktop will infect your machine. Viewing a web page with one of these images will also infect you. It's bypassing most anti-virus packages, and new exploits are appearing.

Microsoft offers zilch to fix this. The Internet Storm Center has taken the unprecedented (for them) step of publishing an unofficial patch for Windows. F-Secure is recommending that patch too. The ISC page has a good summary of information; be sure to monitor their main page and F-Secure's weblog for the latest news.

Windows 98 users: there's no official word, but ISC reckons that you're vulnerable and that Microsoft will not ever issue a fix for this. It's looking like time to retire those Win98 systems.  —brad

Posted by brad @ 03:46 PM EST [Link]

As a privacy zealot, I am often accused of paranoia due to my reluctance to let people nose around at random in my business. What do I have to hide? Why do I suspect the worst of people who want a legal right to access my property, computer info and personal data? I generally respond...what I have to hide (if anything) is my business, not yours; and just why do you need a legal right -- the equivalent to pointing a gun at me -- to trespass all over my life unless or until I have done something harmful to you or others? And, no, my mere wish to be left alone is not an act of harm.

Generally speaking, critics know so little about the art of valid argumentation that they simply repeat the ad hominem of "paranoia" and, then, proceed to advocate laws that violate my personal and property. Sometimes their blithe but vicious assault on the rights of others is accompanied with bumper-sticker explanations like "security requires a trade-off in liberty." Which is fine. If they wish to trade their liberty for greater security, then I say "go for it!" But what they really mean is that they wish to trade my liberty for their security, and that they have no right to do. [more]

Posted by mac @ 12:11 PM EST [Link]

Here's another New Year's resolution for you. In the wake of recent attacks on privacy, make 2006 the year to encrypt your email.

I was going to write today about how I'm now using Enigmail to provide GPG encryption for Thunderbird. But right away I realized I was getting ahead of myself, and a brief general introduction was needed. [more]

Posted by brad @ 11:25 AM EST [Link]

Happy New Year! Need some resolutions? Consider Chris Hoofnagle's Consumer Privacy Top 11 tips from the Electronic Privacy Information Center West. (Some of them are specific to the U.S.)  —brad

Posted by brad @ 07:51 AM EST [Link]

[Archive Index] [Main Index]

Powered By Greymatter