RTFA: http://blog.wired.com/27bstroke6/2007/10/att-inven…

From the company that brought you the C programming language comes Hancock, a C variant developed by AT&T researchers to mine gigabytes of the company’s telephone and internet records for surveillance purposes.

An AT&T research paper published in 2001 and unearthed today by Andrew Appel at Freedom to Tinker shows how the phone company uses Hancock-coded software to crunch through tens of millions of long distance phone records a night to draw up what AT&T calls “communities of interest” — i.e., calling circles that show who is talking to whom.

The system was built in the late 1990s to develop marketing leads, and as a security tool to see if new customers called the same numbers as previously cut-off fraudsters — something the paper refers to as “guilt by association.”

But it’s of interest to THREAT LEVEL because of recent revelations that the FBI has been requesting “communities of interest” records from phone companies under the USA PATRIOT Act without a warrant.

This is a highly interesting read. Please read the full story at wired.

RTFA: http://www.eonline.com/news/article/index.jsp?uuid…

The daytime queen profusely apologized to the parents of students at her all-girls school in South Africa for a sex-abuse scandal that resulted in the dismissal of one of its dormitory matrons…

Allegations surfaced two weeks ago that a “dorm parent” had been accused of fondling a girl and physically and verbally abusing several others, including grabbing them about the neck, beating them and hurling them against a wall.

RTFA: http://www.hollywoodlostandfound.net/wilhelm/

One sound effect that has found a following with many sound editors and observant movie fans is a distinctive scream named Wilhelm.

In 1951, the Warner Bros. film “Distant Drums” directed by Raoul Walsh starred Gary Cooper as Captain Quincy Wyatt, who leads a group of soldiers to stop some Seminole Indians from threatening settlers in early 19th Century Florida. During a scene in which the soldiers are wading through a swamp in the everglades, one of them is bitten and dragged underwater by an alligator.

As is usually the case with the making of a movie, the scream for that character was recorded later. Six short pained screams were recorded in a single take, which was slated “man getting bit by an alligator, and he screams.” The fifth scream was used for the soldier - but the 4th, 5th, and 6th screams recorded in the session were also used earlier in the film when three Indians are shot, one after another, during a raid on a fort.

After “Distant Drums,” the recording was archived into the studio’s sound effects library, and was re-used in many Warner Bros. productions.

This one sound effect has made its way into dozens of movies, including the Star Wars & Indiana Jones series.

RTFA: http://en.wikipedia.org/wiki/My_Name_is_Bruce

My Name Is Bruce is an American horror film scheduled for release in October 2007, directed, co-produced by, co-written and starring B movie cult actor Bruce Campbell.
The plot revolves around Campbell, playing himself, who, after being harassed and mistaken by fans to be a character much like Ash from the Evil Dead series of horror films, is abducted from his trailer park home to fight against Guan Di, a Chinese war deity.
According to Campbell, the film is in post-production, although Campbell has shown several minutes of this upcoming movie during some of his campus lectures, as well as a few public screenings including showings at the 6th Annual Ashland Independent Film Festival and CineVegas.

Talk about art imitating life. This is so recursive my head is going to sucksplode.

RTFA: http://www.foxnews.com/story/0,2933,305761,00.html

“It appears to be a primate-like animal. In my opinion, it appears to be a juvenile Sasquatch,” said Paul Majeta of the bigfoot group.

However, the Pennsylvania Game Commission has a more conventional opinion. Agency spokesman Jerry Feaser said conservation officers routinely trap bears to be tagged and often see animals that look like the photos.

“There is no question it is a bear with a severe case of mange,” Feaser told The Bradford Era.

RTFA: http://www.blather.net/blather/2005/10/klaatu_bara…

Helen has already been told to use the words “Klaatu Barada Nikto” to prevent Gort - Klaatu’s tall silvery robot sidekick, a faultless policeman of the universe (holy spirit, angelic being) - from destroying everything.

Very random post, but I always thought this line came from Army of Darkness! In fact, it is from the very old sci-fi movie “The Day the Earth Stood Still”.

RTFA: http://www.techcrunch.com/2007/10/29/googles-respo…

The bigger vision is to combine all of Google’s apps and services through Maka-Maka. Google already has so much data on you, depending on how many Google apps you already use. It just needs to bring everything together. Your contacts are in Gmail. Your feeds are in Google Reader. Your IM buddy list is in Gtalk. Your upcoming events are in Google Calendar. Your widgets are in iGoogle. And don’t forget about your search history. Overtime, Google will connect all of these together in different ways, along with data about you from other social services across the Web, and give developers access to the social layer tying all of these apps together underneath. The real killer app for Google is not to turn Orkut into a Facebook clone. It is to turn every Google app into a social application without you even noticing that you’ve joined yet another social network.

RTFA: http://en.wikipedia.org/wiki/Confessions_of_an_Eco…

Economic hit men (EHMs) are highly paid professionals who cheat countries around the globe out of trillions of dollars. They funnel money from the World Bank, the U.S. Agency for International Development (USAID), and other foreign “aid” organizations into the coffers of huge corporations and the pockets of a few wealthy families who control the planet’s natural resources. Their tools included fraudulent financial reports, rigged elections, payoffs, extortion, sex, and murder. They play a game as old as empire, but one that has taken on new and terrifying dimensions during this time of globalization.

I saw a very interesting interview with John Perkins. For what it’s worth, I believe his story.

RTFA: http://www.wired.com/science/space/magazine/15-11/…

It’s easy to snicker at the James Bond theatrics at the headquarters of Bigelow’s eight-year-old company, Bigelow Aerospace. It’s even easier when you find out he’s trying to build his very own space station. An inflatable space station, to be precise - a massive bouncy castle meant to expand when it gets into orbit. It will be the first privately owned destination in space, and Bigelow proposes to rent it out as an orbital research lab, a training facility, or even a tourist hotel. Sure, have a chuckle. But here’s the thing: He’s actually doing it.

In the past 16 months, BA has successfully shot two Hummer-sized prototypes of the station into orbit. Dubbed Genesis I and II, they’re circling the globe as you read this. The last one went up in June, blasting out of Earth’s atmosphere on the back of a modified Soviet-era SS-18 missile. It was launched from a space complex in central Russia, ISC Kosmotras, the rocket-for-hire venture run by Russia, Ukraine, and Kazakhstan.

RTFA: http://news.yahoo.com/s/ap/20071026/ap_on_go_ca_st…

A team of specially trained investigators will hunker down in an Army office north of Detroit on Monday to begin poring over hundreds of Iraq war contracts in search for rigged awards.

This team of 10 auditors, criminal investigators and acquisition experts are starting with a sampling of the roughly 6,000 contracts worth $2.8 billion issued by an Army office in Kuwait that service officials have identified as a hub of corruption.

RTFA: http://www.win.tue.nl/hashclash/TargetCollidingCer…

Our construction requires that the two colliding certificates are generated simultaneously. Al- though each resulting certificate by itself is completely unsuspicious, the fraud becomes apparent when the two certificates are put alongside, as may happen during a fraud analysis. An attacker can generate one of the certificates for a targeted person, the other one for himself, and attempt to use his own credentials to convince an external and generally trusted CA to sign the second one.
If successful, the attacker can then distribute the first certificate, which will be trusted by relying parties, e.g. to encrypt messages for the targeted person. The attacker however is in control of the corresponding private key, and can thus decrypt confidential information embedded in intercepted messages meant for the targeted person. Or the attacker can masquerade as the targeted person while signing messages, which will be trusted by anyone trusting the CA. In this scenario it does not matter whether the two certificates have different public keys (as in our example) or identical ones (in which case the colliding blocks would have to be hidden somewhere else in the certificate).
A problem is, however, that the CA will register the attacker’s identity. As soon as a dispute arises, the two certificates will be produced and revealed as colliding, and the attacker will be identified. Another problem is that the attacker must have sufficient control over the CA to predict all fields appearing before the public key, such as the serial number and the validity periods. It has frequently been suggested that this is an effective countermeasure against colliding certificate constructions in practice, but there is no consensus how hard it is to make accurate predictions.
When this condition of sufficient control over the CA by the attacker is satisfied, colliding certificates based on chosen-prefix collisions are a bigger threat than those based on random collisions. Obviously, the attack becomes effectively impossible if the CA adds a sufficient amount of fresh randomness to the certificate fields before the public key, such as in the serial number (as some already do, though probably for different reasons). This randomness is to be generated after the approval of the certification request. On the other hand, in general a relying party cannot verify this randomness. In our opinion, trustworthiness of certificates should not crucially depend on such
secondary and circumstantial aspects. On the contrary, CAs should use a trustworthy hash function that meets the design criteria. Unfortunately, this is no longer the case for MD5, or SHA-1. We stress that our construction (we prefer this wording to ‘attack’) is not a preimage attack.
As far as we know, existing certificates cannot be forged by chosen-prefix collisions if they have not been especially crafted for that purpose. However, a relying party cannot distinguish any given trustworthy certificate from a certificate that has been crafted by our method to violate PKI principles. Therefore we repeat, with more urgency, our recommendation that MD5 is no longer used in new X.509 certificates. Similar work [1] is in development for the SHA-1 hash function, so we feel that a renewed assessment of the use of SHA-1 in certificate generation is also appropriate.

Wow! I know this paper was distributed 8 months ago, but holy shit! In case you don’t know about X.509, it’s the standard that the entire SSL trust infrastructure is built on. X.509 describes what fields need to appear an an SSL certificate, and it’s in relying on these SSL certificates that a web browser (e.g. IE) decides if a secure (HTTPS) connection is forged or not.

So today, I was attempting to validate the SSL certificates involved in a particular communication. I visited https://www.verisign.com to see how their signing chain looked, because I assumed this would be a good example. On Verisign’s site, the chain starts with a Generation One (G1 - a Verisign marketing term, I think) Public Primary Certificate Authority (PCA). Some PCAs (around 100, at the moment) are trusted enough that they ship directly with web browsers. The private keys that correspond to those public PCAs are well-guarded. Verisign has a bunch of these public/private PCA key pairs, and one is used to start the chain that secures verisign.com. I already had it, since it came with Opera.

The next item in the chain was a G5 PCA, which was directly signed by the G1 PCA. Although the G5 PCA isn’t shipped with Opera, it is trusted because the G1 PCA is trusted; the G1 PCA extends trust through its signature on the G5 PCA.

The G5 PCA was used to sign another CA that appears to be used only for SSL certificates. The trust from the G1 PCA, which flows through the G5 PCA, extends to the SSL CA. Ultimately, the SSL CA is used to sign the verisign.com certificate. That’s why my browser “trusts” verisign.com. So, verisign SSL chain looks like this:

G1 PCA signs ITSELF, which signs G5 CA, which signs SSL CA, which signs verisign.com

Next, I looked at the SSL signing chain for a site that I was suspicious of. The other site’s chain looks like this:

G5 CA signs ITSELF, which signs SSL CA, which signs othersite.com

Because the G5 CA doesn’t ship with Opera, I don’t trust it unless I go out of my way to download, install, and trust that certificate. I actually did this, by locating the key on the Verisign website based on its “signature.” It’s not very hard to add SSL certificates to Opera, but there are a few problems with the process.

For example, unless I trust that my nameserver will correctly resolve the Verisign website, I cannot trust that I am actually getting a good copy of the certificate. Also, I must trust that verisign’s web servers are secure enough to guarantee that I am getting a trustworthy copy of the certificate.

Finally, there’s the proof of concept in the paper above, which suggests that it’s possible to tamper with X.509 certificates. Basically, this leaves open the possibility that the site I am connecting to is using a separate public keychain, which somehow is called by the same name, but which is self signed instead of G1-signed. In the case that a separate keychain is in use, the communication could conceivably be compromised…

So how to very if it’s good or not? I don’t trust the self-signed certificate as much as the G1-signed certificate. …so do I trust it at all?

RTFA: http://www.livescience.com/strangenews/071026-hott…

Researchers at New Mexico State University have discovered the world’s hottest chili pepper. It’s called the Bhut Jolokia, a variety originating in Assam, India.

In tests that yield Scoville heat units (SHUs), the Bhut Jolokia reached 1 million SHUs, almost double the SHUs of former hotshot Red Savina (a type of habanero pepper), which measured a mere 577,000. The result was announced today by the American Society for Horticultural Science.

Time to make some enhanced pepper spray!

RTFA: http://www.cnn.com/2007/US/law/10/26/wilson.freed/…

The Georgia Supreme Court on Friday ordered that Genarlow Wilson be released from prison, ruling 4-3 that his sentence for a teen sex conviction was cruel and unusual punishment.

Genarlow Wilson’s case received national attention and led to changes in Georgia law.

Wilson, 21, was convicted in 2005 of having oral sex with a consenting 15-year-old girl when he was 17.

He has served more than two years in prison.

I can’t believe he served 2 years in jail - absolutely disgusting.

RTFA: http://news.bbc.co.uk/2/hi/uk_news/england/tees/70…

A man who urinated on a woman as she lay dying and shouted “this is YouTube material” has been sentenced to three years in prison.

Anthony Anderson also covered Christine Lakinski with shaving foam after she collapsed in a Hartlepool street.

The 50-year-old, who suffered from a number of medical conditions, was later pronounced dead at the scene.

RTFA: http://www.cbsnews.com/stories/2007/10/24/national…

University of Florida police were justified in using a Taser against a student who refused to stop questioning Sen. John Kerry on campus last month, according to a state investigation released Wednesday.

RTFA: http://www.abcnews.go.com/Health/GlobalHealth/stor…

Environmental and public health experts overwhelmingly denounced editing by the White House of a federal health agency head’s testimony to Congress Tuesday.

RTFA: http://www.washingtonpost.com/wp-dyn/content/artic…

JOHANNESBURG, Oct. 24 — South African AIDS researchers have begun warning hundreds of volunteers that a highly touted experimental vaccine they received in recent months might make them more, not less, likely to contract HIV in the midst of one of the world’s most rampant epidemics.

The move stems from the discovery last month that an AIDS vaccine developed by Merck & Co. might have led to more infections than it averted among study subjects in the United States and other countries. Among those who received at least two doses of the vaccine, 19 contracted HIV compared with 11 of those given placebos.

RTFA: http://news.bbc.co.uk/2/hi/business/7062669.stm

The US Department of Justice has fined oil giant BP a total of 373m, for breaking environmental rules and committing fraud.

The fines include 50m relating to a Texas refinery explosion in 2005 that killed 15 people and injured 180 more.

That sum is the highest fine of its kind levied under the Clean Air Act.

The largest fine relates to a price manipulation scandal between April 2003 and February 2004, over which four ex-BP workers have also been indicted.

RTFA: http://today.reuters.com/news/articlenews.aspx?typ…

Prostitutes in the Bolivian city of El Alto sewed their lips together Wednesday as part of a hunger strike to demand that the mayor reopen brothels and bars ordered closed after violent protests by residents last week.

“We are fighting for the right to work and for our families’ survival,” Lily Cortez, leader of the El Alto Association of Nighttime Workers, told local television.

“Tomorrow we will bury ourselves alive if we are not immediately heard. The mayor will have his conscience to answer to if there are any grave consequences, such as the death of my comrades,” she said, surrounded by about 10 prostitutes who had sewn their lips together with thread.

Some 30 other women were shown fasting inside a medical clinic nearby.

Wow.

RTFA: http://www.bloomberg.com/apps/news?pid=20601103&si…

James Watson, winner of the Nobel Prize as co-discoverer of DNA’s molecular structure, retired as chancellor of New York’s Cold Spring Harbor Laboratory amid a controversy over racial remarks.

The lab suspended Watson from his position earlier this month after he questioned the intelligence of Africans during a book tour. Watson announced his decision to retire and leave the lab’s board in an e-mail.

“Closer now to 80 than 79, the passing on of my remaining vestiges of leadership is more than overdue,” Watson said in the e-mail. “The circumstances in which this transfer is occurring, however, are not those which I could ever have anticipated or desired.”

RTFA: http://news.yahoo.com/s/ap/20071025/ap_on_go_ca_st…

The Bush administration imposed sweeping new sanctions against Iran Thursday - the harshest in nearly three decades - cutting off key Iranian military and banking institutions from the American financial system for Tehran’s alleged support for terrorism and nuclear weapons ambitions.

In the broadest U.S. unilateral penalties on Iran since the takeover of the U.S. Embassy in 1979, the administration slapped sanctions on Iran’s Revolutionary Guard Corps, a main unit of its defense ministry, three of its largest banks and eight people that it said are engaged in missile trade and back extremist groups throughout the Middle East.

The timing of this is a bit suspicious.

RTFA: http://www.washingtonpost.com/wp-dyn/content/artic…

The Internet’s key oversight agency is investigating suspicions that insider information is being used to snatch desired domain names before an individual or business can register them.

The Security and Stability Advisory Committee of the Internet Corporation for Assigned Names and Numbers termed the practice “domain name front running” and likened it to a stock broker buying or selling shares ahead of a client’s trade, in anticipation of a movement in price.

In the case of Internet addresses, many people who see a domain name available the first time they check find it already taken by the time they return to buy it.

That has led to suspicions that someone with access to search requests has been using the information to gauge interest in a domain name.

I’ve definitely had this happen to me before and had similar thoughts.

RTFA: http://www.nytimes.com/2007/10/25/technology/24cnd…

Microsoft has won a high-profile technology industry battle with Google and Yahoo to invest in the social networking upstart Facebook.

The two companies said on Wednesday that Microsoft would invest 240 million for a 1.6 percent stake in Facebook. The investment values the three-year-old Facebook, which will bring in about 150 million in revenue this year, at 15 billion.

I’m no high paid corporate executive doing blow off the ass of a $1000 hooker, so I could be missing something critical here, but paying $240 million for 1.6% ownership seems like a terrible decision for Microsoft. Let’s say that facebook continues to make $150 million / year. It’s possible they will increase their profit, but the internet is a wild place and they could go the way of instant messenger and pogs. 1.6% of $150 million is $2.4 million a year, which means it will take 100 years to make back the $240 million investment. Again, I feel like I’m missing something critical here, besides the high class prostitute.

RTFA: http://news.bbc.co.uk/2/hi/americas/7042090.stm

The US military has developed a new programme known as the Human Terrain System (HTS) to study social groups in Iraq and Afghanistan.

The HTS depends heavily on the co-operation of anthropologists, with their expertise in the study of human beings and their societies.

Steve Fondacaro, a retired special operations colonel overseeing the HTS, is keen to recruit cultural anthropologists.

“Cultural anthropologists are focused on understanding how societies make decisions and how attitudes are formed. They give us the best vision to see the problems through the eyes of the target population,” he said.

RTFA: http://news.yahoo.com/s/afp/20071022/ts_afp/imfeco…

The head of the International Monetary Fund, Rodrigo Rato, warned Monday of a potential “abrupt fall” in the US dollar that could roil the global economy.

“There are risks that an abrupt fall in the dollar could either be triggered by, or itself trigger, a loss of confidence in dollar assets,” Rato said at the close of annual meetings here of the IMF and the World Bank.

The outgoing IMF managing director spoke here as the European single currency hit a new high of 1.4347 dollars and global equity markets plunged amid renewed fears a US credit crunch could pitch the world’s biggest economy into recession.

RTFA: http://www.salon.com/opinion/greenwald/2007/10/17/…

The impact of amnesty on these investigations:

GG: So, if Congress were to enact a law providing amnesty to telecoms — something like the Bush administration is demanding, whereby the telecoms would receive retroactive amnesty — that would essentially put a halt to your lawsuit?

CC: We would certainly argue that it didn’t, but it’s fair to say that it would put a pretty large hurdle in front of us for going forward. . . . GG: But you would expect AT&T’s lawyers and the telecom industry to argue that the amnesty they got from Congress does in fact bar those claims as well?

CC: Yes. Their goal is plainly to get rid of these litigations full stop. They don’t want the courts to ever rule on whether this is legal or not. That’s their goal. . . .

It’s certainly the goal of the administration and the phone companies to ensure that there’s never a decision about what’s been going on is legal or not. The telecom cases are the last, best hope.GG: In all of these cases that might result in an adjudication as to whether the surveillance programs were illegal, the Bush administration has been actively invovled in trying to block these cases from proceeding at all?

CC: That’s right - they made the same “states secrets” argument as they made in our case in all these other cases as well.GG: And having lost the “state secrets” argument in your case, and also in the ACLU case originally, they’re now attempting to put a stop to these cases through the amnesty law that they’re seeking?

CC: I think that’s right. They’re afraid. I think it’s fair to say that they’re worried they’re not going to win with the rules of the game as they were set up at the time they started spying on everyone. They’re running to Congress to try to change the rules of the game going forward, and trying to cover up what’s happened in the past. And the question is - - is Congress going to go for this?

Great interview.

RTFA: http://people.monstersandcritics.com/news/article_…

Christopher Walken is auditioning for a butt double. Many a male actor has thought it a good idea to show their butt, when in hindsight, it was not.

RTFA: http://abcnews.go.com/US/wireStory?id=3764319

A painting stolen more than 20 years ago was found lying in trash along a street, and now it could fetch up to $1 million at an auction.

Remember kids - it pays to play in trash.

RTFA: http://www.livescience.com/history/071023-civil-ru…

Rumors were spread among Confederate soldiers to keep morale high when the Civil War wasn’t goi