The two [Jeremiah Grossman and Matt
Johansen] discovered that even reputable ad networks do a poor job of vetting
the java script that is bundled with ad images. "As long as it looks
pretty, they have no problem with it," Johansen said. "The folks we were
skills to know the difference anyway."
reports on a Black Hat security conference presentation
In the [Bradley] Manning case, the prosecution used Manning's use of a standard, over
15-year-old Unix program called Wget to collect information, as if it were
a dark and nefarious technique. Of course, anyone who has ever called up
this utility on a Unix machine, which at this point is likely millions of
ordinary Americans, knows that this program is no more scary or spectacular
(and far less powerful) than a simple Google search. Yet the court
apparently didn't know this and seemed swayed by it.
We've seen this trick before. In a case EFF handled in 2009, Boston College police used the fact that our client worked on a Linux operating system with "a black screen with white font" as part of a basis for a search warrant. Luckily the Massachusetts Supreme Court tossed out the warrant after EFF got involved, but who knows what would have happened had we not been there.
of the Electronic Frontier Foundation (EFF)
What would a spoofing attack look like in practice? Suppose the spoofer's
goal is to run the target vessel aground on a shallow underwater
hazard. After taking control of the ship's GPS unit, the spoofer induces a
false trajectory that slowly deviates from the ship's desired
trajectory. As cross-track error accumulates, the ship's autopilot or
officer of the watch maneuvers the ship back into apparent alignment with
the desired trajectory. In reality, however, the ship is now off
course. After several such maneuvers, the spoofer has forced the ship onto
a parallel track hundreds of meters from its intended one. Now as the ship
moves into shallow waters, the ECDIS display and the down-looking depth
sounder may indicate plenty of clearance under the keel when in truth a
dangerous shoal lies just underwater dead ahead. Maybe the officer of the
watch will notice the strange offset between the radar overlay and the
underlying electronic charts. Maybe, thinking quickly, he will reason that
the radar data are more trustworthy than the ship's GPS-derived position
icon displayed on the ECDIS. And maybe he will have the presence of mind to
deduce the ship's true location from the radar data, recognize the looming
danger, and swing clear of the shoal to avert disaster. Or maybe not.
on GPS spoofing as reported by ars technica
To call Prime Minister Cameron a "clown" at all might reasonably be taken by some as an affront to clowns and jesters reaching back through history. Because Cameron's style of clowning is far more akin to the nightmarish, sneering "clowns" of "B" horror movies, not the bringers of entertainment under the big top.
Cameron, through a series of inane and grandstanding statements and pronouncements both deeply technically clueless and shamelessly politically motivated, has been channeling Napoleon by placing the clown prince crown on his own head.
Laughing at his antics would be a terrible mistake. For his wet dream of
Internet censorship poses an enormous risk not only to the UK, but to other
nations around the world who might seek comfort in his idiocy for their own
censorship regimes (already, calls have been made in Canada to emulate
Cameron's proposed model).
— Lauren Weinstein
to post comments)