Category Archives: Security

History, Security

America’s Holy Blackwater

Leave a comment

Here is an interesting report on militant American forces operating in Iraq and elsewhere:

The former New York Times Mideast Bureau chief warns that the radical Christian right is coming dangerously close to its goal of co-opting the country’s military and law enforcement.

The drive by the Christian right to take control of military chaplaincies, which now sees radical Christians holding roughly 50 percent of chaplaincy appointments in the armed services and service academies, is part of a much larger effort to politicize the military and law enforcement. This effort signals the final and perhaps most deadly stage in the long campaign by the radical Christian right to dismantle America’s open society and build a theocratic state. A successful politicization of the military would signal the end of our democracy.

The parallels with historic militarist movements are obvious:

“Contracting out security to groups like Blackwater undermines our constitutional democracy,â€? said Michael Ratner, the president of the Center for Constitutional Rights. “Their actions may not be subject to constitutional limitations that apply to both federal and state officials and employees—including First Amendment and Fourth Amendment rights to be free from illegal searches and seizures. Unlike police officers they are not trained in protecting constitutional rights and unlike police officers or the military they have no system of accountability whether within their organization or outside it. These kind of paramilitary groups bring to mind Nazi Party brownshirts, functioning as an extrajudicial enforcement mechanism that can and does operate outside the law. The use of these paramilitary groups is an extremely dangerous threat to our rights.”

I was thinking more about the Taliban or the Spanish Civil War, but point taken. It’s no longer sufficient to understand what’s the matter with Kansas, it’s becoming necessary to observe moderate Christians being swept out of public office by militant, organized, rich and highly political radical fringe groups claiming to fight secular bogeyman, or terrorists, or Muslims, or whatever else they can stand on to justify their supremacy in a time of “need”. The clear irony is that fundamentalists always end up quietly moving towards a police-state on a platform that says they must intervene to prevent any movement towards a police-state.

Food, Security

Swedish goats at vanguard of fire-proofing tech

Leave a comment

The BBC has posted an amusing security lesson about the historic battle between arsonists and the keepers of a straw goat:

Goats of Christmas past have been burned down on 22 occasions, ram-raided or simply smashed to pieces.

Authorities said the goat’s longevity in 2006 was down to a special flame-resistant chemical coating.

“If the Gavle goat hadn’t been impregnated with flame-resistant chemicals, we would have been left with a black skeleton,” said Anna Oestman, a member of the city’s goat committee.

Leave it to a Swedish city’s “goat committee” to provide the world a way to protect straw from catching fire. But is it safe to touch/breathe, and can animals eat it, or is it just for decoration (like most food preserved and then brought out for the holiday season)?

This year was a big success compared to last year’s tragic end:

In 2005, arsonists dressed as Santa Claus and the Gingerbread Man burned the goat to the ground.

Beware the Santa who wants to get your goat.

Security

Quicktime Buffer Overflow Warning

Leave a comment

The notice affects both Apple and Microsoft OS. A remote attacker does not need to do much to take over your system. In a nutshell:

A vulnerability exists in the handling of the rtsp:// URL handler. By supplying a specially crafted string (rtsp:// [random] + semicolon + [299 bytes padding + payload]), an attacker could overflow a stack-based buffer, using either HTML, Javascript or a QTL file as attack vector, leading to an exploitable remote arbitrary code execution condition.

Version 7.1.3 of Quicktime and earlier are said to be affected.

In other news the latest Mac OS X security update (2006-007) seems to have caused some interesting Thunderbird 1.5.0.9 issues, or vice versa. Nothing confirmed yet but the TB 2.x beta is ok.

Security

Europe gives up on protecting citizen data from US

Leave a comment

The Telegraph has raised new privacy considerations for travelers in 2007:

Britons flying to America could have their credit card and email accounts inspected by the United States authorities following a deal struck by Brussels and Washington.

By using a credit card to book a flight, passengers face having other transactions on the card inspected by the American authorities. Providing an email address to an airline could also lead to scrutiny of other messages sent or received on that account.

[…]

“There is no guarantee that a bank or internet provider would tell an individual that material about them was being subpoenaed,” an American lawyer said.

“Then there are problems, such as where the case would take place and whether an individual has time to hire a lawyer, even if they wanted to challenge it.”

Initially, such material could be inspected for seven days but a reduced number of US officials could view it for three and a half years. Should any record be inspected during this period, the file could remain open for eight years.

The European high courts had previously struck down an agreement, as I’ve mentioned before, so this is the latest incarnation. Apparently “data protection” laws (e.g. privacy rights) had been interpreted as the legal basis to search travelers personal information for national security purposes. It seems to me some people might call that the opposite of data protection. The US response to the decision against their interpretation was harsh, which led to a series of meetings between the two sides to find a compromise:

Reaching a new deal had been an EU priority to ensure airlines could continue to legally submit 34 pieces of data about passengers flying from Europe to the United States. Such data — including passengers’ names, addresses and credit-card details — must be transferred to U.S. authorities within 15 minutes of a flight’s departure for the United States.

Washington had warned that airlines failing to share passenger data faced fines of up to $6,000 per passenger and the loss of landing rights.

During the negotiations, EU officials stressed they shared Washington’s concerns about terrorism, but demanded strict data protection guarantees in return for more routine sharing of passengers’ personal details among U.S. government law enforcement officials.

Washington and Brussels have already faced off over the U.S. administration’s use of secret CIA detention centers in Europe to interrogate terror suspects.

European governments are also annoyed over a secret deal between the U.S. Treasury and the Belgium-based money transfer company SWIFT, which has for years secretly supplied U.S. authorities with massive amounts of personal data for use in anti-terror investigations, violating EU privacy rules.

Yes, the terms now in effect are a compromise position. The US had originally required things like storing the data for 50 years, if you can believe that, so coupled with threats of huge fines and grounded planes I’m not sure what wiggle room the EU had to work with. What might have happened if the EU Parliament had not stepped in to protect privacy of its citizens at all? I also wonder whether Europeans will blissfully ignore this loss of privacy to American data mining organizations (thanking the Americans for saving the world from terror), or if they will see this as yet another brick in the wall that threatens to divide them from Washington in matters of public policy, global commerce, and human rights.