Showing posts with label crime. Show all posts
Showing posts with label crime. Show all posts

Wednesday, January 01, 2020

Books read in 2019

Not much blogging going on here still, but here's my annual list of books read for 2019.
  • Graham T. Allison, Destined for War: Can America and China Escape Thucydides's Trap?
  • Ross Anderson, Security Engineering (3rd edition, draft chapters)
  • Herbert Asbury, The Barbary Coast: An Informal History of the San Francisco Underworld
  • Heidi Blake, From Russia with Blood: The Kremlin's Ruthless Assassination Program and Vladimir Putin's Secret War on the West
  • Rutger Bregman, Utopia for Realists: How We Can Build the Ideal World
  • Oliver Bullough, Moneyland: The Inside Story of the Crooks and Kleptocrats Who Rule the World
  • Bryan Caplan and Zach Weinersmith, Open Borders: The Science and Ethics of Immigration
  • C.J. Chivers, The Fighters: Americans in Combat
  • Sefton Delmer, Black Boomerang
  • Nina J. Easton, Gang of Five: Leaders at the Center of the Conservative Crusade (bio of Bill Kristol, Ralph Reed, Clint Bolick, Grover Norquist, and David McIntosh)
  • Ronan Farrow, Catch and Kill: Lies, Spies, and a Conspiracy to Protect Predators
  • Ronan Farrow, War on Peace: The End of Diplomacy and the Decline of American Influence
  • Ian Frisch, Magic is Dead: My Journey into the World's Most Secretive Society of Magicians
  • Anand Giridharadas, Winners Take All: The Elite Charade of Changing the World
  • Reba Wells Grandrud, Sunnyslope (Images of America series)
  • Andy Greenberg, Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers
  • Jodi Kantor and Megan Twohey, She Said: Breaking the Sexual Harassment Story That Helped Ignite a Movement
  • Stephen Kinzer, Overthrow: America's Century of Regime Change From Hawaii to Iraq
  • Michael Lewis, Flash Boys: A Wall Street Revolt
  • Jonathan Lusthaus, Industry of Anonymity: Inside the Business of Cybercrime
  • Ben MacIntyre, A Spy Among Friends: Kim Philby and the Great Betrayal
  • Joseph Menn, Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World
  • Anna Merlan, Republic of Lies: American Conspiracy Theorists and Their Surprising Rise to Power
  • Jefferson Morley, Our Man in Mexico: Winston Scott and the Hidden History of the CIA
  • Sarah T. Roberts, Behind the Screen: Content Moderation in the Shadows of Social Media
  • Hans Rosling, with Ola Rosling and Anna Rosling Rönnlund, Factfulness: Ten Reasons We're Wrong About the World--and Why Things Are Better Than You Think
  • Russell Shorto, Amsterdam: A History of the World's Most Liberal City
  • Alexander Stille, The Sack of Rome: Media + Money + Celebrity = Power = Silvio Berlusconi
  • Jamie Susskind, Future Politics: Living Together in a World Transformed by Tech
  • Erik Van De Sandt, Deviant Security: The Technical Computer Security Practices of Cyber Criminals (Ph.D. thesis)
  • Tom Wolfe, The Right Stuff
  • Tim Wu, The Attention Merchants: The Epic Scramble to Get Inside Our Heads
Top for 2019: Bullough, Farrow (Catch and Kill), Wu, Chivers, Rosling, Greenberg, Blake, Allison, Caplan and Weinersmith, Kinzer, Delmer.

I started the following books I expect to finish in early 2020:

Myke Cole, Legion versus Phalanx: The Epic Struggle for Infantry Supremacy in the Ancient World
Walter LaFeber, Inevitable Revolutions: The United States in Central America (2nd edition)
Brad Smith and Carol Anne Browne, Tools and Weapons: The Promise and Peril of the Digital Age
Peter H. Wilson, The Holy Roman Empire: A Thousand Years of Europe's History

Two books I preordered and look forward to reading in 2020:

Anna Wiener, Uncanny Valley: A Memoir (due out January 14)
Thomas Rid, Active Measures: The Secret History of Disinformation and Political Warfare (due out April 21)

(Previously: 20182017201620152014201320122011201020092008200720062005.)

Friday, August 10, 2012

The myth of fingerprints

I've been reading Ross Anderson's epic tome, Security Engineering: A Guide to Building Dependable Distributed Systems (2nd edition, 2008, Wiley), and have just gotten into the chapter on biometrics (ch. 15).  Section 15.5.2, on Crime Scene Forensics, points out three major criminal cases where fingerprint matches have been in error, including the Brandon Mayfield case which I wrote about at this blog back in 2007.  Anderson points out that law enforcement agencies have claimed to juries "that forensic results are error-free when FBI proficiency exams have long had an error rate of about one percent, and misleading contextual information can push this up to ten percent or more" (pp. 470-471).  It's probability at work:
Even if the probability of a false match on sixteen points [the UK standard, the U.S. has no minimum] were one in ten billion (10-10) as claimed by police optimists, once many prints are compared against each other, probability theory starts to bite. A system that worked fine in the old days as a crime scene print would be compared manually with the records of a hundred and fifty-seven known local burglars, breaks down once thousands of prints are compared every year with an online database of millions. (p. 471)
One of the other two cases Anderson discusses is that of Scottish policewoman Shirley McKie, who was prosecuted on the basis of a 16-point fingerprint match found at a murder scene and could not find any fingerprint examiner in Britain to defend her.  She found two Americans who testified on her behalf that it was not a match (Anderson shows the crime scene print and her inked print on p. 469; the crime scene print is heavily smudged).  McKie's own fellow officers tried to convince her to give false testimony about her presence at the crime scene, which she refused to do.  She was acquitted, but lost her job and was unable to get reinstated.

The third case Anderson mentions is Stephan Cowans, who was convicted of shooting a police officer after a robbery in 1997.  He was convicted, but argued it was not his fingerprint.  After Cowans was able to get crime scene evidence tested for DNA which was found not to match, a re-examination of the fingerprint also found that there was no match.  So six years after his conviction, he was acquitted on appeal.

Further evidence of the errors which can arise from fingerprint examination comes from two studies by psychologist Itiel Dror which Anderson describes.  In one study, five fingerprint examiners were each shown a pair of prints, allegedly the falsely matched prints from the Mayfield case, and asked to point out the errors.  Three examiners gave explanations for the non-matches, one said that they did, in fact, match, and one was uncertain.  In fact, the pairs of prints were each purported matches by the corresponding examiner from a recent criminal case, so only one of the five was still certain that a match testified to in court was in fact a match upon re-examination with a skeptical mindset.  In a second study, Dror gave each of six experts eight prints that they had matched in previous cases, and four of the six gave inconsistent results.

Anderson points out that belief in the infallibility of fingerprint evidence has the effect of promoting carelessness by examiners, not giving proper critical scrutiny to the method or its assumptions in changing conditions (e.g., the increase in the number of fingerprints to match against in the age of the computer), and increasing the negative consequences of cases of failure.  In the McKie case, Anderson points out, "there appears to have arisen a hierarchical risk-averse culture in which no one wanted to rock the boat, so examiners were predisposed to confirm identifications made by colleagues (especially senior colleagues).  This risk aversion backfired when four of them were tried for perjury." (p. 472)

Itiel Dror's two papers (references from Anderson, p. 923):

IE Dror, D Charlton, AE Péron, "Contextual information renders experts vulnerable to making erroneous identifications," in Forensic Science International 156 (2006) 74-78

IE Dror, D Charlton, "Why Experts Make Errors," in Journal of Forensic Identification v 56 no 4 (2006) pp 600-616; at http://users.ecs.soton.ac.uk/id/biometrics.html

(Previously, which includes reference to Simon Cole's book on fingerprint evidence which shares the title of this post.)

Saturday, February 11, 2012

Work-at-home scams

I was asked earlier today if I could give my opinion on whether the work-from-home opportunity advertised at the domain onlineprofitmasterssystem.com is a scam.  A quick bit of research produced some interesting results, my conclusion is that it is almost definitely a scam, by people with a history of promoting scams.

First, the domain registration:


Registrant:
   Phillip Gannuscia
   1780 W. 9000 South
   #315
   West Jordan, Utah 84088
   United States

   Registered through: Go Daddy
   Domain Name: ONLINEPROFITMASTERSSYSTEM.COM
      Created on: 04-Nov-11
      Expires on: 04-Nov-12
      Last Updated on: 29-Nov-11

   Administrative Contact:
      Gannuscia, Phillip  nate@essentmedia.com
      1780 W. 9000 South
      #315
      West Jordan, Utah 84088
      United States
      (801) 803-5769      Fax --

The very domain and URL and web content of the page are already screaming red flags, and there are more to be found in the above data.  It's a recently registered domain, and the contact physical address appears to be a private mail drop service.  Both the address and telephone number listed are associated with multiple other companies (e.g., BBB F-rated eVenture International, run by Richard Scott Nemrow, who was cited multiple times by the Utah Division of Consumer Protection in 2009) and domain names (e.g., makerichesfromhome.com, educationtrainingsonline.com, executivelearningonline.com, learningresourceontheweb.com, and lightlifemaster.com) which also look like scams,.  This particular company, Online Profit Masters, has an F rating from the BBB.  The named contact, Phillip Gannuscia, has an email address with someone else's name, nate@essentmedia.com, apparently Essent VP Nathan L. Kozlowski, a former Mormon missionary.  Does Gannuscia even exist, or is the name just an alias for Kozlowski?  The company whose domain is used here for the contact email address, Essent Media LLC, another Richard Scott Nemrow company, has a corporate registration which expired in 2010.

I'd steer clear of any business with these guys.  And if you come across this blog post because you've already been ripped off by them (like this guy reports), I suggest you file a complaint with the Internet Crime Complaint Center as well as contacting your local law enforcement agency.


Miscellanea

I recently had a few opportunities on a plane to catch up on some reading and podcasts.  A few of the more interesting things I came across:

A bunch of interesting articles in The Economist for the past few weeks:

January 28-February 3, 2012:

"Saving Lives: Scattered Saviors" -- harnessing social media and mobile devices to deploy first aid faster than an ambulance can arrive (United Hatzalah in Israel believes it will be able to have first responders on the scene within 90 seconds).

"China's new tribes: Ant tribes and mortgage slaves" -- a new vocabulary in Mandarin describing emerging social groups in China.  (Reminds me of Cory Doctorow's Eastern Standard Tribe.)

"Affinity fraud: Fleecing the flock" -- the rise in affinity fraud, especially religious affinity fraud, during the economic downturn, and why it works so effectively.  (Also see my blog post from 2008 and another on the same topic from the Secular Outpost in 2006.)  Briefly mentioned is the Baptist Foundation of Arizona affinity fraud, which victimized my step-grandfather by stealing most of his retirement savings.

"Visible-light communication: Tripping the light fantastic" -- an update on where we stand with Li-Fi (using LED lighting as a mechanism for data transmission).

February 4-10, 2012:

"Synaesthesia: Smells like Beethoven" -- A new study finds correlations between odors and sounds, even among people who are not synaesthetes.

"Scientific publishing: The price of information" -- On the boycott of Elsevier by scientists tired of excessive charges for journals, and the competition from arXiv and PLoS.

"Biomimetics: Not a scratch" -- lessons from the microstructure of scorpion armor for reducing wear rates on aircraft engines and helicopter rotors.

Podcasts:

Philosophy Bites interview with Alain de Botton on Atheism 2.0: de Botton, author of Religion for Atheists, argues that there are good and useful components of religion which can be secularized, and that it is as legitimate to borrow things we like from religion while discarding what we don't as it is to prefer different kinds of art and music.  (Also see the Token Skeptic interview with de Botton and watch his TED talk.)  I think his picture of religion, like that of Scott Atran (In Gods We Trust) and Pascal Boyer (Religion Explained) makes more sense than the way some atheists talk about it as though fundamentalist religion is the essence of religion, and should be discarded completely (which doesn't seem likely to happen as long as we live in social communities).

Rationally Speaking interview with Joseph Heath: Heath, author of Economics without Illusions: Debunking the Myths of Modern Capitalism (Canadian title: Filthy Lucre: Economics for People who Hate Capitalism, which the publishers decided wouldn't sell in the U.S.), talks about misunderstandings of economics on both the right and the left.  (Also see this BloggingHeads TV interview of Heath by Will Wilkinson, who writes: "The section on right-wing fallacies is largely on the money and a great challenge for rote libertarians and conservatives. The section of left-wing fallacies is terrific, and it would be terrific if more folks on the left were anywhere near as economically literate as Heath.")  Heath's "Rationally Speaking pick" also sounds fascinating, Janos Kornai's The Socialist System: The Political Economy of Communism, which explains the creative but ultimately futile ways that human beings tried to replace markets with planning and design.)

Thursday, January 19, 2012

The Decline and (Probable) Fall of the Scientology Empire!

The title of this post is the title of my multi-book review article in the current issue of Skeptic magazine, which is primarily about last year's Inside Scientology: The Story of America's Most Secretive Religion by Janet Reitman and The Church of Scientology: A History of a New Religion by Hugh Urban.  It's a very long article for a book review in the magazine, running from pp. 18-27 with a couple of sidebars and a couple pages of footnotes. What I had in mind when I started writing it wasn't what I ended up with--my envisioned article would probably be more like a book that tells the story of Scientology's two wars with the Internet, which Reitman only devoted a few paragraphs to.  (If that never happens, the best place to find the information in question is in the writings of Village Voice editor Tony Ortega, who has done more than anyone to cover those topics.)  I also would have liked to have done a bit more analysis of Urban's book, which I think is a bit wishy-washy in places in the name of academic objectivity, and makes a few promises at the beginning that it fails to deliver on as though it were rushed to completion.  But I think it came out OK, and I recommend Reitman's book as the best and most up-to-date single overview of Scientology and its history, and Urban's for its coverage of Scientology's battles with the IRS for religious tax exemption and its contribution to explaining what Hubbard was up to when he created Scientology.  I think Hubbard died believing his own nonsense, because some Scientology doctrines literally became true for him--he was the one person in Scientology who really could dream things up and make them happen around him, through the efforts of his devotees.

I also hoped to devote a bit more space to what I allude to in my first footnote, referencing John Searle's The Construction of Social Reality, pp. 90-93 and 117-119, about how institutions can quickly collapse when collective agreement about social facts is undermined, as seems to be happening at an accelerating pace within the Church of Scientology.

(All posts on Scientology at this blog--65 so far since 2005--can be found here. An overview of my involvement in Scientology's battles with the Internet is in my 2006 "Scientology Sampler" post, which was updated with a 2009 post, "Scientology v. the Internet history lesson.")

UPDATE (26 January 2012): Tony Ortega, editor-in-chief at the Village Voice and prolific investigative journalist on the subject of Scientology, says very nice things about my article and Michael Shermer's associated article in Skeptic at his "Runnin' Scared" blog, where there are lots of comments.

This issue of Skeptic should be available in all Barnes & Noble stores beginning around the first of February.

Sunday, July 03, 2011

TSA security loophole exploited

As this blog has reported on multiple prior occasions (in 2006, 2008, and 2009, at the very least), the fact that U.S. airport security separates the checking of the boarding pass by TSA from the use of a boarding pass to check in to board makes it easy to get through security with a boarding pass that matches your ID while flying under a boarding pass on a ticket purchased in a different name.

Now, as The Economist (July 2, 2011) reports, Olajide Oluwaseun Noibi, a 24-year-old Nigerian American, has been arrested after successfully doing something along these lines to fly around the country, apparently on multiple occasions.  Only Noibi wasn't even using boarding passes valid for the flights he was on--he was caught with a boarding pass in another person's name for a flight from a day prior.  And he wasn't caught because the boarding pass was detected at check-in--he had already successfully boarded the flight and was seated.  He was only caught because of his extreme body odor and a fellow passenger complained, which led to his boarding pass being checked and found to be invalid.

Saturday, July 02, 2011

Cory Maye to be released from prison

As a result of the investigative reporting of Radley Balko, Cory Maye is about to be released from prison after ten years of incarceration and seven years after being sentenced to death on the basis of a terrible defense and kooky testimony from a now discredited and removed medical examiner.  Maye shot and killed a police officer during a no-knock drug raid against a duplex property in which Maye resided, on the basis of a report of unusual traffic at the other unit of the duplex by an unreliable informant.  Maye was defending his daughter from an unknown intruder kicking his door in.

Through the efforts of Balko and a legal team from Covington & Burling, Maye was removed from death row in 2006.

Saturday, June 25, 2011

Arizona Department of Public Service's security breach

LulzSec breached the security of the Arizona Department of Public Service (DPS) at some point in the past, and on June 23 around 4 p.m. Arizona time, posted some or all of what they had acquired.  This included the names, email addresses, and passwords of several DPS officers as well as a number of internal documents which appeared to have been obtained from email attachments or perhaps from the compromise of end user systems.  The documents included a PowerPoint presentation on gang tattoos that purported to be a way of identifying Islamic radicals, which was reminiscent of similar ludicrous law enforcement presentations from the 1980s about identifying Satanic cult members by their black clothing and occult symbols. (Some police departments still promote such nonsense, citing exposed fraud "Lauren Stratford" as a source).  The documents also included a bulletin which expresses concern about the "Cop Recorder" iPhone application.

On June 24, DPS posted a press release responding to the attacks, accusing LulSec of being a "cyber terrorist group"--a term better reserved for the use of criminally disruptive activities intended to cause physical harm or disruption of critical infrastructure, not embarrassing organizations that haven't properly secured themselves.  In the press release, DPS enumerates the steps they've taken to secure themselves and the safeguards they've put in place. It's an embarrassing list which suggests they've had poor information security and continue to have poor information security.

First, their press release has a paragraph suggesting that the damage is limited, before they're probably had time to really determine that's the case.  They write:

There is no evidence the attack has breached the servers or computer systems of DPS, nor the larger state network. Likewise, there is no evidence that DPS records related to ongoing investigations or other sensitive matters have been compromised.

Just because they have "no evidence" of something doesn't mean it didn't happen--what records did they review to make this determination?  Were they doing appropriate logging?  Have logs been preserved, or were they deleted in the breach?  Do they have centralized logging that is still secure?  When did the compromise take place, and when did DPS detect it?  The appearance is that they didn't detect the breach until it was exposed by the perpetrators.  What was the nature of the vulnerability exploited, and why wasn't it detected by DPS in a penetration test or vulnerability assessment?  LulzSec has complained about the number of SQL injection vulnerabilities they've found--was there one in DPS's web mail application?

Next, they report what they've done in response, and again make statements about how "limited" the breach was:

Upon learning that a limited number of agency e-mails had been disclosed, DPS took action. In addition to contacting other law enforcement agencies, the Arizona Counter Terrorism Information Center (ACTIC) has been activated. Remote e-mail access for DPS employees remains frozen for the time-being. The security of the seven DPS officers in question remains the agency’s top priority and, since a limited amount of personal information was publicly disclosed as part of this breach. Steps are being taken to ensure the officers’ safety and that of their families. 

They've disabled the e-mail access that they believe was used in the breach--that's good.  Presumably the exposed officer passwords were discovered to be from this system.  Perhaps they will not re-enable the system until they have a more secure mechanism that requires VPN access and two-factor authentication--or at least intrusion prevention, a web application firewall, and effective security monitoring.  They've notified ACTIC--presumably in part because of their overblown claim that this breach constitutes "terrorism" and in part because there are some ACTIC personnel who have good knowledge of information security.  And they're doing something to protect the safety of officers whose personal information (including some home addresses) was exposed.


In the final paragraph of the press release, they list some of the safeguards they have in place:

- 24/7 monitoring of the state’s Internet gateway.
- Industry-standard firewalls, anti-virus software and other capabilities.
- IT security staff employed at each major state agency.
- Close coordination between the State of Arizona and state, federal and private-sector authorities regarding cyber-security issues.

This sounds like a less-than-minimal set of security controls.  Is that 24/7 monitoring just network monitoring for availability, or does it include security monitoring?  Do they have intrusion detection and prevention systems in place?  Do they have web application firewalls in front of web servers?  Do they have centralized logging and are those logs being monitored?  Are they doing event correlation?  How many full-time information security staff are there at DPS?  Are there any security incident response staff? Is there a CISO, and if so, why isn't that person being heard from?  Does DPS have an incident response plan?  Are they reviewing policy, process, and control gaps as part of their investigation of this incident?  Have they had any third-party assessments of their information security?  Have any past assessments, internal or external, recommended improvements that were not made?

These are questions journalists should be asking, which DPS should certainly be asking itself internally, and which organizations that haven't had a publicized breach yet should be asking themselves.  Breaches are becoming inevitable (a recent Ponemon Institute survey says 90% of surveyed businesses have had a security breach in the last 12 months; CNet charts the recent major publicly known breaches), so having in place the capacities to respond and recover quickly is key.

Here's how NOT to prepare:
Depth Security, "How to Get Properly Owned"

Here's how NOT to respond to a breach or vulnerability disclosure:
SANS ISC, "How Not to Respond to a Security Incident"

How to publicly disclose a breach:
Technologizer, "How to Tell Me You Let Somebody Steal My Personal Information"

Saturday, January 08, 2011

Rep. Gabrielle Giffords shot at Tucson grocery store event

Rep. Gabrielle Giffords (D-AZ CD8) was shot this morning at an event at a Tucson grocery store, along with several other people.  The Tucson Citizen reports that she was "shot point blank in the head."  This brings to mind a previous gun incident at another Tucson event at a grocery store in August 2009.

The image below is from Sarah Palin's website, "Take Back the 20."  The lower right target sight image on Arizona is Congressional District 8, which was one of the "targets" for candidates who supported the Health Care Reform bill to be defeated.


UPDATE: CNN reports that an employee of a nearby business reported "15 to 20 gunshots" and 12 victims.

UPDATE: The Arizona Republic reports that at least four of the victims are dead.

UPDATE: NPR reports that Rep. Giffords is one of the dead and that the killer, a male in his teens or twenties, was apprehended at the scene.  The death toll is up to seven.

UPDATE: KOLD News-13 in Tucson says Giffords is not dead but is in surgery at University Medical Center.

UPDATE: Another version of Palin's "target map" explicitly called out Giffords as a target:


UPDATE (1 p.m. Arizona time): The Palin takebackthe20.com gunsight map has been removed.

UPDATE: In an MSNBC interview after her office was vandalized after her vote for Health Care Reform, Rep. Giffords said:
We need to realize that the rhetoric, and the firing people up and … for example, we’re on Sarah Palin’s ‘targeted’ list, but the thing is, the way she has it depicted, we’re in the crosshairs of a gun sight over our district. When people do that, they’ve gotta realize that there are consequences to that action.

UPDATE (1:29 p.m.): Talking Points Memo reports that a federal judge was also one of the shooting victims. There will be a UMC press briefing at 1:30 p.m.

UPDATE: NBC reports that the federal judge is one of the dead.  That judge, John Roll, was chief judge  of the U.S. District Court for Arizona and received death threats last year over an immigration case.

Sarah Palin has deleted her tweet from March, below:


UPDATE: Correction, the tweet above has NOT been deleted from Sarah Palin's tweetstream.

UPDATE (1:54 p.m.): The shooter suspect in custody is named Jared Loughner. The Pima County Sheriff's Office reports 6 dead, 18 wounded.

UPDATE: A YouTube video from Jared Lee Loughner.  He was a student at Pima Community College and apparently a disturbed individual.  Here's an apparent sample of his writing:

Hello, and welcome my classified leak of information that's of the United States Military to the student body and you. Firstly, I want you to understand this from the start. Did you know grammar is double blind, listener? Secondly, if you want to understand the start of revelatory thoughts then listen to this video. I'll look at you mother fuckin Anarchists who have a problem with them illegal illiterate pigs. :-D If you're a citizen in the United States as of now, then your constitution is the United States. You're a citizen in the United States as of now. Thus, your constitution is the United States. Laugh. I'll let you in on their little cruel joke that's genocidal. They're argument is appeal to force on their jurisdiction with lack of proof of evidence. Each subject is in question for the location! The police don't quite get paid correctly with them dirty front runners under section 10? Their country's alliances are able to make illegal trades under section 10. Eh! I'm a Nihilist, not someone who put who put trust in god! What is section 10 you ask? If you make a purchase then it's illegal under section 10 and amendment 1 of the United States constitution. You make a purchase. Therefore, it's illegal under section 10 and amendment 1 of the United States constitution. We need a drum roll for those front runners in the election; those illegal teachers, pigs, and politicians of yours are under illegal authority of their constitution. Those dirty pigs think they know the damn year. Thirdly, tell them mother fuckers to count from 0 to whenever they feel a threat to stop their count. We can all hope they add new numbers and letters to their count down. Did you run out of breath around the trillions, listener? Well, B.C.E is yet to start for Ad to begin! What does this mean for a citizen in any country? Those illegal military personal are able to sign into a country that they can't find with an impossible date! How did you trust your child with them fraud teachers and front runners, listener? Did you now know that the teachers, pigs, and front runners are treasonous! You shouldn't jump to conclusion with your education plan. The constitution as of now, which is in use by the current power pigs, aren't able to protect the bill of rights! Do you now have enough information to know the two wars are illegal! What is your date of time, listener? Fourthly, those applications that are with background checks break the United States constitution! What's your riot name? I'll catch you! Top secret: Why don't people control the money system? Their Current Currency(1/1) / Your new infinite currency (1/~infinte) This is a selcte information of revoluntary thoughts! Section 10 - Powers prohibited of States No State shall enter into any Treaty, Alliance, or Confederation; grant Letters of Marque and Reprisal; coin Money; emit Bills of Credit; make any Thing but gold and silver Coin a Tender in Payment of Debts; pass any Bill of Attainder, ex post facto Law, or Law impairing the Obligation of Contracts, or grant any Title of Nobility. No State shall, without the Consent of the Congress, lay any Imposts or Duties on Imports or Exports, except what may be absolutely necessary for executing it's inspection Laws: and the net Produce of all Duties and Imposts, laid by any State on Imports or Exports, shall be for the Use of the Treasury of the United States; and all such Laws shall be subject to the Revision and Controul of the Congress. No State shall, without the Consent of Congress, lay any duty of Tonnage, keep Troops, or Ships of War in time of Peace, enter into any Agreement or Compact with another State, or with a foreign Power, or engage in War, unless actually invaded, or in such imminent Danger as will not admit of delay. Each subject is unlocatible!

UPDATE: Another video shows someone, apparently Loughner, burning a U.S. flag.  His YouTube profile says:

Name: Jared Lee Loughner
Channel Views: 271
Joined: October 25, 2010
Website: http://Myspace.com/fallenasleep
Hometown: Tucson
Country: United States
Schools: I attended school: Thornydale elementary,Tortolita Middle School, Mountain View Highschool, Northwest Aztec Middle College, and Pima Community College.Interests: My favorite interest was reading, and I studied grammar. Conscience dreams were a great study in college!
Movies: (*My idiom: I could coin the moment!*)
Music: Pass me the strings!
Books:
I had favorite books: Animal Farm, Brave New World, The Wizard Of OZ, Aesop Fables, The Odyssey, Alice Adventures Into Wonderland, Fahrenheit 451, Peter Pan, To Kill A Mockingbird, We The Living, Phantom Toll Booth, One Flew Over The Cuckoo's Nest, Pulp,Through The Looking Glass, The Communist Manifesto, Siddhartha, The Old Man And The Sea, Gulliver's Travels, Mein Kampf, The Republic, and Meno.

UPDATE: Someone who knew him in 2007 says his politics then were left-wing.  Looks like a flag-burning nihilist kook, perhaps schizophrenic.

UPDATE: The Arizona Daily Star has fairly detailed background on Loughner, who would interrupt his pre-algebra class with "nonsensical outbursts" and was barred from class.

UPDATE: A New York Times profile of Rep. Gabrielle Giffords, titled "A Passionate Politician with a Long List of Friends."

UPDATE (January 9): The federal complaint against Loughner.  Loughner was good enough to leave clear evidence of premeditation at his home.

UPDATE: A "second suspect" turned out to be the cab driver who drove Loughner to the Safeway, who came inside as Loughner had to get change to pay him.  He has been cleared as to any involvement in the shooting.

UPDATE (January 10): The Daily Beast points out, via the Southern Poverty Law Center, that Loughner's rants closely resemble the writings of Milwaukee-based David Wynn Miller, in talk about grammar and mind control--which brings us back to right-wing nutcases.

UPDATE (January 11): CNN is still saying it can find no link between Loughner and any groups, while Boingboing has posted further comparison to the insanity of David Wynn Miller.  It's amazing that this guy has people buying into his nonsense and trying to use it in court (always unsuccessfully, of course).

UPDATE: The DC points out that Loughner was a commenter at the UFO/conspiracy website AboveTopSecret--where his fellow commenters found him difficult to understand, considered him to be crazy, and asked him to get help before he hurt himself or someone else.  Despite mental health programs in Arizona that allowed anyone in contact with him to report him, and Pima Community College's recognition that he had mental problems, no one reported him to the state for evaluation.

Friday, February 19, 2010

Another lottery tragedy

From CNN:
A Florida woman has been charged with first-degree murder in connection with the death of a lottery millionaire whose body was found buried under fresh concrete, authorities said.

Dorice Donegan Moore, 37, was arrested last week on charges of accessory after the fact regarding a first-degree murder in the death of Abraham Shakespeare, 43, said Hillsborough County Sheriff David Gee. She remains in the Hillsborough County Jail, he said.

Moore befriended Shakespeare after he won a $31 million Florida lottery prize in 2006 and was named a person of interest in the case after Shakespeare disappeared, authorities said.

Tuesday, July 28, 2009

O'Reilly on Amsterdam

Via Pharyngula, a video rebuttal to a recent Bill O'Reilly show claim that Amsterdam's drug policies are a failure that has led it to be a "cesspool of corruption, crime, everything is out of control, it's anarchy," according to guest Monica Crowley, Ph.D. (In a bit of irony, her doctorate is in "international relations." She's a Fox News foreign affairs and policy analyst who was a personal foreign policy assistant to Richard Nixon from 1990-1994--I didn't realize former presidents needed personal foreign policy assistants.)



Various cities in the Netherlands have placed additional restrictions on coffee shops that sell marijuana, such as not permitting them to operate within 200m of a school. The Wikipedia entry on drug policy in the Netherlands documents this, along with the details of their decriminalization (not legalization) policies.

Saturday, July 25, 2009

Bad spammer neighborhoods

I've been collecting data about IPs that have been attempting to spam my mail server for the past few months, and today I decided to take a look at what neighborhoods of /24 networks are the most heavily populated with spamming IPs.

Here's the list of the top ten "worst neighborhoods" trying to send me spam, mostly with dictionary attacks against my domain. These are all blocked by the CBL, so none of this spam actually gets through, but it ties up my bandwidth.

I've put an asterisk (*) next to the ranges that are probably actually smaller than /24s based on the distribution of IPs.

Does anybody have a tool that already exists to identify likely bad ranges to block based on the distribution of known bad IPs? All I did here was count IPs within a /24, but it would be nicer to identify the likely ranges of badness at both a more fine-grained and broader level.

Note that these bad neighborhoods may be neighborhoods of poorly secured machines, or they may be neighborhoods of malicious machines. Either way, the providers are not doing a good job of cracking down on malicious activity from their networks.

1. 64.32.26.0/24 (25 IPs)
45 46 51 52 54 66 68 73 81 90 100 102 104 111 113 126 155 157 163 168 194 199 204 236 242
AS 46844 | 64.32.26.0 | ST-BGP - SHARKTECH INTERNET SERVICES
Upstream provider: AS 7922 | 64.32.26.0 | COMCAST-7922 - Comcast Cable Communications, Inc.

*2. 89.232.105.0/24 (24 IPs)
21 24 29 32 48 57 59 63 64 68 76 89 93 94 97 101 103 107 114 117 126 129 137 139
AS 28840 | 89.232.105.0 | TATTELECOM-AS Tattelecom.ru/Tattelecom Autonomous System
Upstream provider: AS 6854 | 89.232.105.0 | SYNTERRA-AS SYNTERRA Joint Stock Company 64.32.26.0

3. 208.84.243.0/24 (20 IPs)
13 30 63 68 78 92 99 123 148 150 175 176 179 185 196 199 216 219 226 250
AS 40260 | 208.84.243.0 | TERRA-NETWORKS-MIAMI - Terra Networks Operations Inc.
Upstream provider: AS 22364 | 208.84.243.0 | AS-22364 - Telefonica USA, Inc.

*4. 83.149.3.0/24 (17 IPs)
5 6 12 14 16 18 21 22 25 28 30 40 42 47 48 51 63
AS 31213 | 83.149.3.0 | MF-NWGSM-AS OJSC MegaFon Network
Upstream providers: AS 12389 | 83.149.3.0 | ROSTELECOM-AS JSC Rostelecom
AS 20485 | 83.149.3.0 | TRANSTELECOM JSC Company TransTeleCom

*5. 76.164.227.0/24 (16 IPs)
138 155 159 174 182 186 194 199 202 206 210 218 222 230 238 246
AS 36114 | 76.164.227.0 | RDTECH-ASN - R & D Technologies, LLC
Upstream providers: AS 6473 | 76.164.227.0 | WCIXN4 - WCIX.Net, Inc.
AS 35937 | 76.164.227.0 | MARQUISNET - MarquisNet LLC

6. 76.164.232.0/24 (15 IPs)
13 21 24 33 36 38 40 43 48 57 198 206 218 232 234
AS 36114 | 76.164.232.0 | RDTECH-ASN - R & D Technologies, LLC
Upstream providers: AS 6473 | 76.164.227.0 | WCIXN4 - WCIX.Net, Inc.
AS 35937 | 76.164.227.0 | MARQUISNET - MarquisNet LLC

7. 77.120.128.0/24 (15 IPs)
20 37 50 85 93 104 107 112 159 162 187 232 239 248 252
AS 43011 | 77.120.128.0 | DATASVIT-AS ISP Datasvit AS Number
Upstream provider: AS 25229 | 77.120.128.0 | VOLIA-AS Volia Autonomous System

*8. 78.138.170.0/24 (12 IPs)
66 68 77 78 160 166 178 189 190 193 202 211
AS 28840 | 78.138.170.0 | TATTELECOM-AS Tattelecom.ru/Tattelecom Autonomous System
Upstream provider: AS 6854 | 89.232.105.0 | SYNTERRA-AS SYNTERRA Joint Stock Company 64.32.26.0

9. 77.232.143.0/24 (12 IPs)
33 37 40 63 69 104 175 182 190 215 218 251
AS 42145 | 77.232.143.0 | BSTV-AS OOO Bryansk Svyaz-TV
Upstream provider: AS 20485 | 77.232.143.0 | TRANSTELECOM JSC Company TransTeleCom

*10. 95.154.113.0/24 (12 IPs)
140 178 181 185 193 195 197 206 218 246 248 254
AS 44724 | 95.154.113.0 | OCTOPUSNET-AS Octopusnet LTD
Upstream provider: AS 34470 | 95.154.113.0 | PTKOM-AS PortTelekom Autonomous system

Thursday, July 23, 2009

How Twitter got compromised

TechCrunch has published "The Anatomy of the Twitter Attack," a detailed account of how "Hacker Croll" used people's password-selection habits, use of multiple online applications, publicly available online information about people, and flawed "I forgot my password" mechanisms to gain access first to individuals' personal webmail accounts and then to Twitter's internal systems.

It's a good idea to use randomly generated passwords, stored in a password safe, so that they're different with every service you use. It's also a good idea to split personal and corporate accounts. Lately I've taken to using randomly generated information for my "I forgot my password" answers, as well, and keeping that in my password safe just like another password.

The "secret questions" for password recovery are a vulnerability when so much personal information is being shared on the Internet. That's how Sarah Palin's email account was compromised last year, as well.

Monday, June 22, 2009

SP Times Scientology article on Lisa McPherson


Part two of the three-part series in the St. Petersburg Times on Scientology has been published, and it's a detailed account of the death of Lisa McPherson. Some of the previously unpublished details include that David Miscavige was personally monitoring McPherson's auditing over closed circuit television and deemed her "clear" in 1995, prior to her minor car accident and subsequent death after being held for 17 days in the Fort Harrison hotel and being subjected to the "introspection rundown." This is according to Tom De Vocht and Don Jason, both former high-ranking Scientologists in Clearwater. The Church of Scientology denies that Miscavige was even present in Clearwater.

In December 1999, when a judge ruled that Miscavige could be added as a defendant in the McPherson wrongful death case, he allegedly became more abusive and irrational. The criminal case against the church fell apart when the medical examiner changed her ruling from undetermined cause of death to accidental death. Former Scientologist Marty Rathbun, one of the critics speaking out for this series, agrees with the church on this point that the medical examiner's decision was based on the evidence rather than on blackmail or pressure from the church.

(Previously.)

(Photograph is of a Scientology Sea Org bus near the Fort Harrison Hotel, with a couple members of the Sea Org in uniform, on June 25, 2005. Sea Org members sign billion-year contracts.)

Tuesday, April 28, 2009

George W. Bush on the difference between democracy and dictatorship

"It's important for people to understand that in a democracy, there will be a full investigation. In other words, we want to know the truth. In our country, when there's an allegation of abuse ... there will be a full investigation, and justice will be delivered. ... It's very important for people and your listeners to understand that in our country, when an issue is brought to our attention on this magnitude, we act. And we act in a way in which leaders are willing to discuss it with the media. ... In other words, people want to know the truth. That stands in contrast to dictatorships. A dictator wouldn't be answering questions about this. A dictator wouldn't be saying that the system will be investigated and the world will see the results of the investigation."

And on the treatment of war crimes: "War crimes will be prosecuted, war criminals will be punished and it will be no defense to say, ‘I was just following orders."

The former quote is from the video below, the latter quote is from this March 2003 CNN transcript.

(First quote via Dispatches from the Culture Wars, second quote via The Agitator.)

And, for your edification, please read Scott Horton's article, "Busting the Torture Myths."

Saturday, April 04, 2009

The Cybersecurity Act of 2009

There's FUD spreading about Sec. 14 of the Cybersecurity Act of 2009, maintaining that it amounts to an effective repeal of the 4th Amendment for the Internet. That's not so--the scope is restricted to "threat and vulnerability information" regarding the Internet, which I interpret to mean network service provider knowledge about compromised systems, botnets, etc., much of which is no doubt already being voluntarily shared with the government as is permissible under the Electronic Communications Privacy Act of 1986, when, in the course of a provider's normal service monitoring, it becomes aware of possible criminal activity.

I expect I'll have more to say after I have a chance to read through the whole bill (PDF).

Friday, March 20, 2009

Corrupt drug cops in Philadelphia

From the Philadelphia Daily News:

ON A SWELTERING July afternoon in 2007, Officer Jeffrey Cujdik and his narcotics squad members raided an Olney tobacco shop.

Then, with guns drawn, they did something bizarre: They smashed two surveillance cameras with a metal rod, said store owners David and Eunice Nam.

The five plainclothes officers yanked camera wires from the ceiling. They forced the slight, frail Korean couple to the vinyl floor and cuffed them with plastic wrist ties.

“I so scared,” said Eunice Nam, 56. “We were on floor. Handcuffs on me. I so, so scared, I wet my pants.”

The officers rifled through drawers, dumped cigarette cartons on the floor and took cash from the registers. Then they hauled the Nams to jail.

The Nams were arrested for selling tiny ziplock bags that police consider drug paraphernalia, but which the couple described as tobacco pouches.

When they later unlocked their store, the Nams allege, they discovered that a case of lighter fluid and handfuls of Zippo lighters were missing. The police said they seized $2,573 in the raid. The Nams say they actually had between $3,800 and $4,000 in the store.

The Nams’ story is strikingly similar to those told by other mom-and-pop store owners, from Dominicans in Hunting Park to Jordanians in South Philadelphia.

Via The Agitator. Officer Cujdik has other issues.

Sunday, March 15, 2009

The success of drug decriminalization in Portugal

Portugal decriminalized drugs in 2001, and Glenn Greenwald discusses the evidence that he says shows it has been "an unquestionable success, leading to improvements in virtually every relevant category and enabling Portugal to manage drug-related problems (and drug usage rates) far better than most Western nations that continue to treat adult drug consumption as a criminal offense."

The U.S. Nazi dirty bomb plot

Remember how the press was all over the story of the 29-year-old millionaire white supremacist and fan of Adolf Hitler in Maine who was building a dirty bomb that he planned to set off at Obama's inauguration, but it didn't happen because his wife shot and killed him?

Me neither, but James G. Cummings of Belfast, Maine, had (quoting Wikileaks) "four lots of one gallon containers of bomb-grade hydrogen peroxide, uranium, thorium (also radioactive), lithium metal, thermite, aluminum powder, beryllium (radiation booster), boron, black iron oxide and magnesium ribbon" which he somehow planned to set off at the inauguration. Personally, I don't think that volume of material could have been easily smuggled in anywhere near the inauguration activities without raising suspicion.

Why no press coverage of this story, apart from the Bangor Daily News?

Wikileaks has a summary; Wonkette has summarized that; the Washington D.C. Regional Threat and Analysis Center report (PDF) is here.

Thursday, March 05, 2009

Scientology and religious visas

Jeff Jacobsen has a new article on Scientology's use of religious R-1 visas to bring people from other countries to the U.S. to work at menial labor for $50/week (with billion-year Sea Org contracts). R-1 visas are supposed to be for religious ministers who have been working for the U.S. organization sponsoring them for at least two years, and it appears that Scientology has abused these conditions to get cheap labor. And in the process, they've brought in people like Artur Solomonyan from Armenia, who was subsequently arrested and found guilty of illegal weapons sales after trying to sell weapons including surface-to-air missiles to an FBI informant.