CHAOS MANOR MAILMail 249 March 17 - 23, 2003 |
||
CLICK ON THE BLIMP TO SEND MAIL TO ME The current page will always have the name currentmail.html and may be bookmarked. For previous weeks, go to the MAIL HOME PAGE. FOR THE CURRENT VIEW PAGE CLICK HERE If you are not paying for this place, click here... Highlights this week: IF YOU SEND MAIL it may be published; if you want it private SAY SO AT THE TOP of the mail. I try to respect confidences, but there is only me, and this is Chaos Manor. If you want a mail address other than the one from which you sent the mail to appear, PUT THAT AT THE END OF THE LETTER as a signature. In general, put the name you want at the end of the letter: if you put no address there none will be posted, but I do want some kind of name, or explicitly to say (name withheld). Note that if you don't put a name in the bottom of the letter I have to get one from the header. This takes time I don't have, and may end up with a name and address you didn't want on the letter. Do us both a favor: sign your letters to me with the name and address (or no address) as you want them posted. I try to answer mail, but mostly I can't get to all of it. I read it all, although not always the instant it comes in. I do have books to write too... I am reminded of H. P. Lovecraft who slowly starved to death while answering fan mail. Search engine:
or the freefind search
|
||
If you subscribed: If you didn't and haven't, why not? Search: type in string and press return.
|
||
If you contemplate sending me
mail, see the INSTRUCTIONS here and here.
Warning!
|
This week: | Monday
Subject: 45 years ago today. http://www.spacedaily.com/news/satellite-tech-03c.html Roland Dobbins We should be halfway to Alpha Centauri by now... Greetings, Dr. Pournelle, A couple of comments on varied subjects: -The spirit of the X projects is still alive, as is the pursuit of space. You don't seem to have mentioned John Carmack and his crew over at Armadillo Aerospace on your site. Surely you can't be unaware of his efforts to build an X-Prize vehicle and fly it? http://www.armadilloaerospace.com/ Fascinating videos of their progress to date. -Your recent mailing problems. You say you do your current mailing list by bcc'ing all subscribers on a message to yourself. This is horribly primitive and prone to being filtered out as spam by many ISPs, and could explain your recent problems mailing to Hotmail users. Hotmail and other free webmail providers tend to silently drop mail they think is spam, and large numbers of bcc'd recipients is a pretty good indicator of spam. You need a real mailing list manager, preferably one that does bounce detection through a technique known as VERP. ezmlm (actually ezmlm-idx) is the best mailing list manager for this. It completely eliminates the need for manual administration due to bounces, etc -- you could say goodbye to your badmail page and all the time you currently spend maintaining the list. I'm not a subscriber to your site, but I like your writings, so I'll volunteer to host your mailing list for you in this fashion at no charge. Just email me to get this set up. Thanks, Charles Cazabon -- ----------------------------------------------------------------------- Charles Cazabon <web-jpdotcom@discworld.dyndns.org> ----------------------------------------------------------------------- Carmack was at the meeting. Welcome to my primitive place. I know I don't have an optimum system, but I don't think the solution is to hand the list to someone else. Thanks for the offer. Subject: Ignoring the unthinkable. http://www.washingtonpost.com/wp-dyn/articles/A35567-2003Mar16.html Roland Dobbins Indeed. I have written on this before; and it may be the best incentive to full empire. On the other hand, empire may provide the incentive. CoDominium security... Subject: shuttle e-mails chip away at NASA's credibility, an article
in the Kansas city Star should be of interest. http://www.kansascity.com/mld/kansascitystar I am afraid I has little faith in NASA's credibility to begin with? Subject: Stalin's legacy. http://www.nationalreview.com/comment/ Roland Dobbins And it's hardly the end. There are still many victims of the 70 Years War, but I suspect our education class hasn't learned any of this, and continues to fill the heads of our youth with mush. I recommended this last week, but it's worth repeating: Subject: An interesting article http://www.techcentralstation.com/1051/ Mike Flynn An intriguing analysis of history. And a commentary on the article from John Welch: Hello, Jerry, I saw the article last Friday, pointed out by another of your regular readers, by the way. I replied: The article shifts silently between Saddam and Osama bin Laden; the argument makes no sense unless they are the same. The article refers to both are "radical Islam", and uses Saddam and Osama as if they were interchangeable. It makes a convincing case for overthrowing Mullah Omar and the Taliban, because they protected Al Queda. Yes. Agreed, and done. It is a persuasive defense of any semi-covert actions that the US, and our allies, need to take in, say, Pakistan, to capture Fundamentalists. And by Islamic Fundamentalists, or "Islamists", as Judith Miller calls them, I mean an identifiable cluster of allied groupings, active in many Muslim countries, who believe that "Islam is the answer", and who work to bring their countries under the countrol of Sharia, the old-fashioned Islamic law as explained by right-wing Saudis and Egyptians ("Muslim Brotherhood"). One bunch of them spent years murdering Algerian villagers. Another hunts Coptic Christians in Egypt. Another controls the religious institutions of Saudi Arabia. Another has the allegiance of most of the people of Pakistan. Another planted bombs in Bali. Saddam is a different animal, different politics, different history: a Saddamite, but not an Islamist. There is a second shifting of targets in the article: it slides back and forth between poison gas / chemical weapons, and nuclear weapons. Yes, if Saddam had gotten a nuclear weapons plant going, we should bomb it. No hesitation, and for most of Harris's reasons. However, Iraq does not have nuclear weapons -- sure Saddam wants them, but a nuclear program takes time, space, work, we have the power to stop him as soon as he starts. He does have some amount of chemical weapons, which makes him dangerous inside his own borders, and probably along his frontier. However, he can't do much with chemical weapons as long as he has to move them constantly. The article makes an interesting point when Harris says that nations have to define themselves, to build themselves out of struggles with others. It leads to interesting questions about Israel / Palestine, but what does that have to do with Iraq? Does Harris believe that overthrowing Saddam, and occupying Iraq, will improve relations between Palestinians and Israelis? How? Finally, the entire section on world-historical events should be an alert-buzzer. When a leader thinks they face a world-historical moment, life gets worse. Think about Kaiser Bill in August, 1914. In fact, it might be a fruitful subject to study the appeal to intellectuals of Hegels's world-historical moments. Shouldn't we be on guard whenever we hear that phrase? * Regards, John
Subject: Shooting Yourself in the Foot Dept The Federal Government is trying to help the passenger air travel industry to kill itself off, but the job the industry itself is doing is not too shabby. From a report on the Game Developers' Conference found at http://www.gignews.com/gdc2003a.htm . <<BEGIN>> Let's Begin This Recap With a Big Fat Self-Commiserating Rant Airline customer service plans are always
quick to point out that the companies are not responsible for damages
caused by delays, cancellations, lost baggage, or anything else. Which
basically means that they can do whatever the heck they want, and if
you're not happy, you can always dial
1-800-We-don't-give-a-crap-because-all-of-our- Case in point: my flight from Montreal to San Jose, with connection in Chicago, on March 5th. To make a long story short, I arrived in San Jose five hours late because of an incident that was solved with a foot of duct tape. (Some baggage handler dude had backed his truck into the plane, which was parked at the gate at the time and therefore neither hard to see nor sneaking up on the truck in treacherous fashion. After careful inspection, application of the aforementioned adhesive and copious paperwork shuffling, we lifted off just in time to get to Chicago, sit helpless on the tarmac while our connection left on time - the one plane in a million to actually do so - and spend the rest of the day waiting for the next one. The kicker: between us and another group coming in from Toronto at the same time, there were thirty of us who missed that flight. By a grand total of 90 seconds.) Qualitative Analysis Airlines can wait an hour for one foot of duct tape, but not five minutes for thirty passengers. Duct tape, important. Customers who have non-refundable tickets, not important. Quantitative Analysis Duct tape costs, what, five bucks for 100 yards? That makes it about 1.5 cents a foot. It took less than a foot of duct tape to keep us on the ground in Montreal for an hour (I was sitting 8 feet away from the whole surreal process) but we'll round it up to 1.5 cents anyway. Dividing that 1.5 cents by 30 passengers, we reach the conclusion that, since the airline couldn't wait for us in Chicago, the value of a captive passenger is less than five hundredths of a cent. My dead, desiccated remains will be worth more than that, based on atoms of trace elements alone. Transportation is the backbone of a modern economy. You have to wonder how the USA have managed to remain a superpower, despite the airline industry's best efforts to bludgeon it back into the Stone Age. <<SNIP-END>> Once the feet are shot off they can begin with the legs. I used to shop at Pep Boys. [Perhaps I still do, see their response below]: Subject: So much for supporting our troops.... Afternoon Jerry, I'm still on the fence about the war, but have no reservation about supporting our troops. It appears that Pep Boys has a different attitude - they're firing reservists: http://www.tucsoncitizen.com/business/3_15_03reservist.html Interesting choice. If it were discrimination against anyone but soldiers we'd already have calls for a nationwide boycott. Regards, Doug Lhotka PGP Sig: C2F9 EB96 127A D4DD 02C7 ABE0 13A0 4C30 9C93 9D6F alterius gratia numquam vive nec pete ut alius tui gratia viva Well, I certainly will no longer take my business to Pep Boys. [But see Below] Interesting Article Goes into some details about how all of the networks are basically about to field-test millions in pristine video, satellite, editing, laptop tech to cover the war. http://www.poynter.org/content/content_view.asp?id=23585 -Dan S. You've probably already seen this, but in case you haven't: http://www.bayarea.com/mld/mercurynews/news/5401775.htm My sympathies are reserved for the AF Security Police, who might have to pull the trigger on (terminally stupid) US citizens. As for the protesters themselves, I say leave 'em for the buzzards, or hang up the bodies as a warning to the rest. John Stephens I hadn't seen it. I am not surprised. Terminal stupidity is not an uncommon cause of death... Subject: The New Arab Way of War http://www.usni.org/Proceedings/Articles03/prolayton03.htm Roland Dobbins Alert level is Orange.
|
This week: | Tuesday, March
18, 2003
Jerry I Don't quite know how the hack works but it brought a smile to my face. Open Google and type 'French Military Victories' into the search line, then click on "I'm feeling lucky"......... Regards Ian Crowe Zut Alors! From: Stephen M. St. Onge saintonge@hotmail.com Date: March 18, 2003 subject: Hans Blix's error message Dear Jerry: Blix should shift to Linux. Or maybe it's the host's fault. http://www.coxar.pwp.blueyonder.co.uk/ Best, Stephen Odd The Pep Boys' Case: Dr. Pournelle, To be fair, Pep Boys has their own response to the claims of reservists being fired for fulfilling their military reserve obligations: http://www.pepboys.com/statement.html I don't know what to believe about this case at the moment, but until it becomes clear one way or the other, I'm defaulting toward support for the reservists' side and not shopping at Pep Boys. (I'm an auto hobbyist and avid autocrosser--I spend a lot of time in auto parts stores.) David L. Burkhead "May I be just half the person mailto:dburkhuad@comcast.net my dog thinks I am." Science Fiction -- Judo -- Space -- Science -- Cars http://www.sff.net/people/dburkhead And we feel safer already: I just received this from a good friend who recently adopted from China and hopes to adopt a second child. It's a good example of our government at work nowadays. She writes; The former-INS, now BCIS (Bureau of Citizenship and Immigration), has decided to vigorously enforce a previous rule about fingerprints expiring in 15 months. (In other words, if you were fingerprinted 15 months ago for some form or other, you need to go get fingerprinted again & have it run through the FBI's computers...) This was decided about five days ago. What does this have to do with yours truly? Well, of course, to get a baby into the country, you need to be--ta da!--fingerprinted. The approval for bringing that baby into the country is good for 18 months. Hahaha. Suddenly, my Chinese adoption email lists have been getting frantic messages from folks who ARE IN CHINA RIGHT NOW who are being told by the consulate in China that they can't bring their babies home because their fingerprints expired! These are folks who were told before they traveled that it wouldn't be a problem.. So it goes. Julie Woodman. I am all in favor of getting better control over our borders, but there are better ways to do it than this.
|
This week: |
Wednesday,
March 19, 2003
[Original Message] From: <Heather_Ward@PepBoys.com To: <a reader> Date: 3/19/2003 12:08:12 PM Subject: Thank you for your inquiry regarding recent press reports concerning a former Pep Boys employee who filed a lawsuit against Pep Boys alleging termination due to military obligations. We are confident that no inappropriate actions have been taken toward this or any Pep Boys associate due to his or her military obligations. At the present time, more than 30 Pep Boys associates have been called to active duty and are now serving. We would never terminate an employee for military service in support of our nation and are very proud, not only of our associates currently serving in the military, but also of every U.S. service man and woman who has ever served. Our policy grants leaves of absence to our associates for military dutyand we are in full compliance with, and in some areas exceed, state and federal laws. The policy is consistent with the guidelines of the Employer Support of the Guard and Reserve, a volunteer organization serving reserve and guard members. While it is not our practice to comment on ongoing litigation and personnel matters, this particular employee's termination, on June 27, 2002, was unrelated to his military reserve status and solely related to other factors dating back to the summer of 2001 Our prayers and thoughts are with our troops and their families in this= tenuous time and we offer them our support and gratitude. Thank you for your interest in Pep Boys. Which seems plain enough. This comes from a Special Forces Colonel. v/r, RGMcF PRIDE The average age of the Infantryman is 19 years. He is a short haired, tight-muscled kid who, under normal circumstances is considered by society as half man, half boy. Not yet dry behind the ears, not old enough to buy a beer, but old enough to die for his country. He never really cared much for work and he would rather wax his own car than wash his father's; but he has never collected unemployment either. He's a recent High School graduate; he was probably an average student, pursued some form of sport activities, drives a ten year old jalopy, and has a steady girlfriend that either broke up with him when he left, or swears to be waiting when he returns from half a world away. He listens to rock and roll or hip hop or rap or jazz or swing and 155mm Howitzers. He is 10 or 15 pounds lighter now than when he was at home because he is working or fighting from before dawn to well after dusk. He has trouble spelling, thus letter writing is a pain for him, but he can field strip a rifle in 30 seconds and reassemble it in less-in the dark. He can recite to you the nomenclature of a machine gun or grenade launcher and use either one effectively if he must. He digs foxholes and latrines and can apply first aid like a professional. He can march until he is told to stop or stop until he is told to march. He obeys orders instantly and without hesitation, but he is not without spirit or individual dignity. He is self-sufficient. He has two sets of fatigues: he washes one and wears the other. He keeps his canteens full and his feet dry. He sometimes forgets to brush his teeth, but never to clean his rifle. He can cook his own meals, mend his own clothes, and fix his own hurts. If you're thirsty, he'll share his water with you; if you are hungry, his food. He'll even split his ammunition with you in the midst of battle when you run low. He has learned to use his hands like weapons and weapons like they were his hands. He cansave your life - or take it, because that is his job. He will often do twice the work of a civilian, draw half the pay and still find ironic humor in it all. He has wept in public and in private, for friends who have fallen in combat and is unashamed. He feels every note of the National Anthem vibrate through his body while at rigid attention, while tempering the burning desire to 'square-away' those around him who haven't bothered to stand, remove their hat, or even stop talking. In an odd twist, day in and day out, far from home, he defends their right to be disrespectful. Just as did his Father, Grandfather, and Great-grandfather, he is paying the price for our freedom. Beardless or not, he is not a boy. He is the American Fighting Man that has kept this country free for over 200 years. He has asked nothing in return, except our friendship and understanding. Remember him, always, for he has earned our respect and admiration with his blood. Dear Dr. Pournelle, I have read lots of history, some of your essays, and the Tech Central Station article by Mr. Harris you referenced on 03/16/03. None alter conclusions reached years ago. World unity will be achieved when an outside enemy is perceived to be strong enough to destroy us. Idealism may make unity sound wonderful, but reality, including the hard fact of limited resources, will forever frustrate it. Only an outside enemy and the chance to capture additional resources will give us the possibility of unity, and it may be too late. Wars have losers, too. Utopia, where the desires all are provided for and fulfilled, is a fantasy. Give some individuals the universe and they will immediately try to expand it. Unity in an isolated environment, under an agreed authority, has been tried many times. It always breaks down. Samples include Imperial Japan and the Roman Empire. Even the rulers never saw the permanent personal Utopia for which they worked. Dreams and ideals are fine, but reality can be very ugly. Having lived a fairly long time, I find that survival in any of the many societies and cultures experienced in and outside of the United States is possible. Life would not always be pleasant or agreeable, but would be livable. As for being a dictator, remember Lady Jane Grey in England. She had powerful friends, some resources, and survived nine days. I would not last that long. As a Christian, I can read Ecclesiastes. It provides a good picture of where the individual fits in God's universe. regards, William L. Jones
|
This week: |
Thursday,
March 20, 2003
War Dear Jerry, I hear French jokes are popular over there at the moment. They were popular here in Australia a few years ago when the French were setting off nuclear bombs in the Pacific. People were upset. Very upset. I remember driving to work one morning and listening to a radio program where people were ringing in and describing the French products they were giving up in protest. Some said they were giving up French champagne, one woman was buying no more French perfume. No more Citroens said another caller. Then this guy came on and said he was so angry at the French he was giving up... mènage a trois. I laughed so hard I nearly ran into the car in front of me. Is "Freedom Fries" really the best American politicians can come up with? Why not just call them chips like the rest of the English-speaking world? -- David Shanahan. You should never wear your best trousers when you go out to fight for freedom and liberty. -- Henrick Ibson A good way to open the day. Back in a bit after a walk. Subject: Foreign entanglements. http://www.suntimes.com/output/novak/cst-edt-novak201.html Roland Dobbins Subject: A thoughtful soldier's thought's before the War Dear Doctor Pournelle, I thought you might appreciate this, I like to think Falkenberg might have said something like it in similar circumstances. ---- Extracts from the pep talk given by Lieutenant Colonel Tim Collins to the battlegroup of the 1st Battalion of the Royal Irish before moving forward in preparation to entering Iraq: "We go to liberate not to conquer. We will not fly our flags in their country, we are entering Iraq to free a people and the only flag which will be flown in that ancient land is their own. Show respect for them. "There are some who are alive at this moment who will not be alive shortly. Those who do not wish to go on that journey, we will not send. "As for the others I expect you to rock their world. Wipe them out if that is what they choose. But if you are ferocious in battle remember to be magnanimous in victory. "Iraq is steeped in history. It is the site of the Garden of Eden, of the Great Flood and the birthplace of Abraham. Tread lightly there. "You will see things that no man could pay to see and you will have to go a long way to find a more decent, generous and upright people than the Iraqis. "You will be embarrassed by their hospitality even though they have nothing. "Don't treat them as refugees for they are in their own country. Their children will be poor, in years to come they will know that the light of liberation in their lives was brought by you. "If there are casualties of war then remember that when they woke up and got dressed in the morning they did not plan to die this day. "Allow them dignity in death. Bury them properly and mark their graves." ... "It is my foremost intention to bring every single one of you out alive but there may be people among us who will not see the end of this campaign. "We will put them in their sleeping bags and send them back. There will be no time for sorrow. "The enemy should be in no doubt that we are his nemesis and that we are bringing about his rightful destruction. "There are many regional commanders who have stains on their souls and they are stoking the fires of hell for Saddam. "He and his forces will be destroyed by this coalition for what they have done. As they die they will know their deeds have brought them to this place. Show them no pity." ... "It is a big step to take another human life. It is not to be done lightly. "I know of men who have taken life needlessly in other conflicts, I can assure you they live with the mark of Cain upon them. "If someone surrenders to you then remember they have that right in international law and ensure that one day they go home to their family. "The ones who wish to fight, well, we aim to please." ... "If you harm the regiment or its history by over enthusiasm in killing or in cowardice, know it is your family who will suffer. "You will be shunned unless your conduct is of the highest for your deeds will follow you down through history. We will bring shame on neither our uniform or our nation." ... "As for ourselves, let's bring everyone home and leave Iraq a better place for us having been there. Our business now is north." --- This is edited from a report here: http://news.bbc.co.uk/1/hi/uk/2866581.stm Rgds. Tom Ayerst ===== Jerry: Thomas Sowell has some interesting points in his latest "random thoughts" piece. As usual. < http://www.jewishworldreview.com/cols/sowell.html > "Most people do not realize that Winston Churchill was a pariah in the 1930s, for telling people what they didn't want to hear -- namely that Britain needed to build up its military forces to deal with the threat that Hitler and the Nazis represented. What we are seeing today in the attempts to ridicule or demonize President Bush is nothing new." "Too many critics of missile defense start the argument in the middle, with enemy missiles already in the air. But, if a missile defense system simply creates enough serious doubt in an enemy's mind as to whether his missiles will get through, then it has done its job." .........Karl Lembke More or less what Possony and I said in The Strategy of Technology. Subject: Missile defense in action. http://www.cnn.com/2003/WORLD/meast/03/20/sprj.irq.kuwait.rockets/index.html Roland Dobbins ==== Subject: Slackware Linux 9.0 out. http://slackware.com/announce/ANNOUNCE.9_0 Roland Dobbins
=== Subject: Evolution hole ( priority one). Please post ASAP, thanks! http://www.securityfocus.com/advisories/5134 Roland Dobbins
|
This week: |
Friday, March
21, 2003
Springtime for Saddam Dr. Pournelle, You wrote: For an analysis of what's going on by someone influential, see http://www.nwc.navy.mil/newrulesets/ThePentagonsNewMap.htm He makes some very good points about economic interdependence. Still, I'm reminded of _The Peace of Dives_, and that Kipling wrote it eleven years before the outbreak of WW I. Best, JBWoodford All true. this is really something. The Guardian is a bastion of 'leftist' thought. For that paper to blast the French is very surprising to me!
Sun brands Chirac 'Saddam's whore' Guardian - 50 minutes ago The Sun has renewed its attack on the French, branding President Jacques Chirac "Saddam Hussein's whore" in a special Paris edition that has once again caused fury in the highest echelons of French government. France defies US request to expel Iraqi envoys Indian Express Veto, the road to Baghdad and the French connection Sydney Morning Herald Canada.com - Chicago Sun Times - National Post - Orange County Register - and 278 related » Douglas M. Colbary I & C The Electric Plant City of Painesville "You Can't See Where you stand, From Where You Sit" unknown Blood thicker than water and all that... More on the critical Microsoft vulnerability. Begin forwarded message: > From: "iDEFENSE Labs" <labs@idefense.com> > Date: Wed Mar 19, 2003 3:57:46 PM US/Pacific > To: full-disclosure@lists.netsys.com > Subject: [Full-Disclosure] iDEFENSE Security Advisory 03.19.03: Heap > Overflow in Windows Script Engine > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > iDEFENSE Security Advisory 03.19.03: > http://www.idefense.com/advisory/03.19.03.txt > Heap Overflow in Windows Script Engine > March 19, 2003 > > I. BACKGROUND > > Microsoft Corp.'s Windows Script Engine within the Windows operating > system (OS) interprets and executes script code written in scripting > languages such as VBscript and JScript. Such script code can be used to > add functionality to web pages, or to automate tasks within the OS or a > program. Script code can be written in several different scripting > languages, such as Visual Basic Script, JScript or JavaScript. > > II. DESCRIPTION > > By passing malicious JavaScript via Internet Explorer (IE), Outlook or > Outlook Express, remote attackers can exploit an integer overflow > within > the Windows Script Engine causing a corruption of the heap thereby > allowing for arbitrary code execution. Specifically, the vulnerability > lies in the Windows Script Engine's implementation of JScript that is > provided by jscript.dll (located in %SystemRoot%\system32). The > following > snippet of JavaScript code demonstrates the existence of the > vulnerability > by crashing IE on a vulnerable Windows system: > > <script> > var trigger = []; > i = 1; > do {trigger[i] = 1;} while(i++ < 10000); > trigger[0x3FFFFFFF] = 1; > trigger.sort(new Function("return 1")); > </script> > > The internal affected function, JsArrayFunctionHeapSort, creates two > arrays on the heap - one of size 4 * (MaxElementIndex + 1) and one of > size > 20 * (MaxElementIndex + 1). In the above example, MaxElementIndex is > 0x3FFFFFFF. When it is incremented and multiplied by four, an integer > overflow occurs, thereby causing the application to allocate memory > for an > array of size 0. Indexes within the trigger array can then be used to > overwrite segments of the second array that are filled with a structure > for each element being sorted. Arbitrary code execution is possible by > overwriting the heap control blocks to replace the stored address of > soon-to-be-called functions with the address of shellcode that is > stored > in memory. > > III. ANALYSIS > > Exploitation requires an attacker first create a malicious JavaScript > snippet containing shellcode. Once accomplished, any of a number of > attack > vectors are possible. Some include social engineering a user into > browsing > to a malicious web page, sending a malicious HTML-enabled e-mail to the > target user, redirecting the user to the malicious script by leveraging > numerous cross-site scripting (XSS) vulnerabilities that are in > existence, > or exploiting the browser directly using an XSS attack with embedded > JavaScript. iDEFENSE has verified these issues with working exploit > code. > > This is a serious issue because, given working exploit code under the > above scenarios, an attacker can cause any command to execute under the > privileges of the targeted user. The problem is further magnified when > taking into consideration the countless number of applications that > utilize the IE browsing engine, such as Outlook and Outlook Express. > > IV. DETECTION > > iDEFENSE has confirmed the existence of the above-described > vulnerability > in the following Windows environments: > > * Microsoft Windows 98 > * Microsoft Windows 98 Second Edition > * Microsoft Windows Me > * Microsoft Windows NT 4.0 > * Microsoft Windows NT 4.0 Terminal Server Edition > * Microsoft Windows 2000 > * Microsoft Windows XP > > with Jscript.dll versions: > > * 5.1.0.4615 > * 5.5.0.6330 > * 5.6.0.6626 > > V. WORKAROUND > > Disable active scripting if it is not necessary for day-to-day > operations > using the following steps: > > 1. In IE, click on Tools and select Internet Options from the drop-down > menu. > 2. Click the Security tab and the Custom Level button. > 3. Under Scripting, then Active Scripting, click the Disable radio > button. > > In the HTML-enabled e-mail scenario, if the user were using Outlook > Express 6.0 or Outlook 2002 in their default configurations, or > Outlook 98 > or 2000 in conjunction with the Outlook Email Security Update, then an > attack could not be automated and the user would still need to click > on a > URL sent in the e-mail. As such, Outlook 98 and 2000 users should > install > the update, which is available at > http://office.microsoft.com/Downloads/2000/Out2ksec.aspx . > > VI. VENDOR FIX > > Microsoft has patched this vulnerability, upgrading jscript.dll to > version > 5.6.0.8513. Various incarnations of the fix are available from > http://www.microsoft.com/technet/security/bulletin/MS03-008.asp . > > VII. CVE INFORMATION > > The Mitre Corp.'s Common Vulnerabilities and Exposures (CVE) Project > assigned the identification number CAN-2003-0010 to this issue. > > VIII. DISCLOSURE TIMELINE > > 07/07/2002 Microsoft initially notified > 12/07/2002 Issue disclosed to iDEFENSE > 01/09/2003 iDEFENSE notification sent to Microsoft > (secure@microsoft.com) > 01/10/2003 Response received from secure@microsoft.com > 01/10/2003 iDEFENSE clients notified > 01/11/2003 to 03/18/2003 No less than eight e-mails requesting status > reports on patch status > 03/19/2003 Public disclosure > > IX. CREDIT > > Roland Postle (mail@blazde.co.uk) discovered this vulnerability. > > > Get paid for security research > http://www.idefense.com/contributor.html > > Subscribe to iDEFENSE Advisories: > send email to listserv@idefense.com, subject line: "subscribe" > > > About iDEFENSE: > > iDEFENSE is a global security intelligence company that proactively > monitors sources throughout the world - from technical > vulnerabilities and hacker profiling to the global spread of viruses > and other malicious code. Our security intelligence services provide > decision-makers, frontline security professionals and network > administrators with timely access to actionable intelligence > and decision support on cyber-related threats. For more information, > visit http://www.idefense.com . > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > --------------------------------------------------------- Roland Dobbins Thanks. ====== Iraq Question - Building a Democracy I have heard from several sources that the Kurds want "two states in a federal Iraq" in a structure patterned after the early USA. With the various "ethnic identities" and the legendary clash between the various branches of religion in the rest of Iraq, a federal system seems ideal as a goal to aim for. But is it possible? Can a federal system arise when there were not pre-existing nation-states? The two Kurd provinces have been functioning as nation-states for a decade. They may be ready to join such a structure. But can a structure be built for them to join? The rest of Iraq has been massively centralized as a requirement of totalitarian rule. There are many examples of totalitarian regimes being replaced by NATIONAL democracies, often under the watchful eye of Western conquerors. Japan, Germany, Taiwan, South Korea, India all seem to have functioning democratic centralized governments. The federal systems (Canada, USA, Australia, Switzerland) all seem to have grown in place slowly then united as peers. If everyone is expecting a short war, then the structure we want to impose should be being discussed. I see none of it. I know too little of how governments other than my own (federal democracy under a ceremonial monarch) function to hold valid opinions, and I form my most reliable opinions from watching people who know their stuff argue in public. Iraq: Federal or centralized? King (constitutionally limited) or none? The very phrase "regime change" seems to conflict with the stated goals of democratization. Structure change, or just regime change? Are we merely replacing "that son of a bitch" with "our son of a bitch"? Greg Goss gossg@gossg.org All good questions, but really beyond my competence. Arab monarchies depend in large part on support by traditional tribal loyalties, and I doubt there are many of those remaining in Iraq. Iraq was created in a European colonial office, and has no national existence, since there are at least three major ethnic groups, two major and half a dozen minor religious groups, and no really obvious borders for a Swiss canton type of structure. Building a federal republic out of that will no be easy. It is one reason I didn't want to be in there. Now we are, and these problems have to be solved. Subject: "Freedom Fries" "Freedom Fries" doesn't get it. Call them what the Brits do--"chips," as in fish and chips. -- Pat O'Connell Take nothing but pictures, Leave nothing but footprints, Kill nothing but vandals... We had Freedom beans last night... Subject: What you have been saying Although this viewpoint article discusses weapons, the thrust is that we require cheaper and more reliable space access infrastructure. http://www.foxnews.com/story/0,2933,81722,00.html Gary Alston Indeed. And Eric on another subject: Subject: Putting the intellectual cards on the table Education isn't everything but it damn well counts for a lot. I did wonderfully on IQ tests as a child but managed to have enough other problems to sabotage myself thoroughly while. Others who had far more difficult circumstances than mine managed to do quite a lot by supplementing intelligence with persistence and determination. With that in mind I was greatly amused to see this comparison of the academic and professional histories of our nation's leaderships versus many of those from Hollywood who persist in describing them as mentally deficient. Perhaps someone should remind them that the ability to act like an intellectual doesn't make you equivalent to those who've actually done the work, regardless of how they come off on television. http://www.hollywoodhalfwits.com/misc/cindyosborne.htm Eric Pobirs ===== Also from Eric: Subject: Optimus Prime is on his way to Iraq This is so damn weird and wonderful at the same time. http://www.wkyc.com/news/news_fullstory.asp?id=3828 I'm not sure whether it is disturbing or not that a General at the Pentagon understood the reference.
==== One comment that should be made in the context of the War for Iraqi Liberation that I haven't heard, at least so far. All those opponents of missile defense systems told us for years that we shouldn't build them, because they couldn't possibly work. At this point, the upgraded Patriot 3 systems are 6 for 6 shootdowns. This is a pretty clear vindication of the supporters of ballistic missile defense efforts. Will the opponents admit that they were/are wrong? Somehow I doubt it. Highest regards, Tim Pleasant Colorado Springs Yep Flags: "We go to liberate not to conquer. We will not fly our flags in their country, we are entering Iraq to free a people and the only flag which will be flown in that ancient land is their own. Show respect for them." And http://sg.biz.yahoo.com/030321/15/39981.html Several news commentators have expressed confusion over the removal of the Marine's stars & stripes from Umm Qasar. I was disturbed by the raising of that flag (as I had earlier been disturbed by the famous 911 flag being flown over the Kabul airport) and find it very reassuring that the invasion forces are taking Collins' words seriously. Greg Goss gossg@gossg.org I suppose. I fear I'd as soon the other side knew who their liberators were. And that "ancient land" was part of the Turkish Empire until WW I.
|
This week: | Saturday,
March 22, 2003
Quick correction to Greg Goss: Germany is in fact a federal republic (the "Bundesrepublik" Deutschland) -- not a unitary state. It consists of 16 states or Laender (each, a Land). Interestingly, the state governments are represented in the upper house (the Bundesrat or "federal council") by from 3 to 6 senators based upon population, a structure closer to the original pre-19th amendment US Constitution. The states are: Baden-Wuerttemberg, Bayern, Berlin, Brandenburg, Bremen, Hamburg, Hessen, Mecklenburg-Vorpommern, Niedersachsen, Nordrhein-Westfalen, Rheinland-Pfalz, Saarland, Sachsen, Sachsen-Anhalt, Schleswig-Holstein, Thueringen. West Germany was federal before re-unification; East Germany needed to be split into its 5 "historical" states before re-unification with the West. More facts can be found at: http://www.cia.gov/cia/publications/factbook/geos/gm.html John Lanius Note Hesse which figured in the American Revolution, given that King George was its ruler as well as King of England. (The House of Hannover were "heirs of the body of the Electress Sophia, being Protestant..." The Treaty of Westphalia dismembered Germany. Napoleon consolidated some 300 small independent states into somewhat fewer as "The Confederation of the Rhine", Bismark chopped the number even further, and Lucius Clay finished the job. Hitler promised to undo the Treaty of Westphalia (of 1648), which may or may not give some insight into what kinds of things dominated political thinking in that region until 1945. Please do not refer to an attack on U.S. military personnel as terrorism. Terrorism is an attack on CIVILIANS!!! A military unit, especially a unit at war, is "fair game" for an attack by the belligerents. Such an attack is just that, an attack. It is a command responsibility to see to the security of any encampment, and this raid on a command tent was a breakdown of that responsibility. Walter E. Wallis Palo Alto, CA When did I do that? I thought it was I who pointed out that the Israeli's were upset over an attack on a military target, and that seemed wrong to me. It now appears that the attack was by a Black Muslim trooper, a comrade of the troopers blown up. That is treason, of course. Not terrorism, precisely. Assuming that this is in fact the case. It could be an infiltrator in a US uniform, of course.
|
This week: | Sunday,
March 23, 2003
Subject: Collateral damage Jerry, You say in your recent Byte column "Incidentally, one reason we have military units doing things like delivering groceries that could be done by civilians is that you still have to deliver groceries when the shooting starts and the civilians get out of the way". This is a bit ironic, given the non-combatant casualties so far reported from Baghdad, don't you think? Derrick Ashby (Australia) I have no idea what this means. Does it express astonishment that there are civilian casualties in war? Doc, My friend Dean of Dean's World (www.deanesmay.com)
recently provided me with a rather interesting link on how Arabs view
miltary training: http://www.unc.edu/depts/diplomat/AD_Issues/ "Why Arabs Lose Wars Fighting as you train, and the impact of culture on Arab military effectiveness. by Norvell B. De Atkine The author, a retired U.S. Army Colonel, draws upon many years of first hand observations of Arabs in training to reach conclusions about the ways in which they to into combat. His findings derive from personal experience with Arab military establishments in the capacity of U.S. military attaché and security assistance officer, observer officer with he British-officered Trucial Oman Scouts (the security force in the emirates prior to the establishment of the UAE), as well as some thirty years of study of the middle east. -Ed." Casey Tompkins Comment not needed. Subject: A step further out...for Japan http://www.nytimes.com/2003/03/23/international/asia/23WATE.html [...] "The university is preparing to build an experimental power plant off the coast of Palau that brings up cold seawater from the depths of the sea to an evaporator chamber near the ocean surface. As the water is heated by the surrounding warm surface water, it releases ammonia gas, which then drives the system's power generator, said Yasuyuki Ikegami, deputy director of the Institute of Ocean Energy at Saga University. Meanwhile, the heated water would be transferred to a separate low-pressure chamber where it boils at a lower temperature, producing steam, which would be condensed and collected as fresh water for human consumption, leaving salt crystals behind. One experimental system, which produces power but no usable water, is scheduled to be put into use off the coast of India this month, Mr. Ikegami added. "It works well especially in the western Pacific, where the temperature difference between the ocean's surface and deep seawater is" as much as 43 degrees Fahrenheit, he said. "It is environmentally sound." " [...] Low-pressure boiling to accomplish desalinization had occurred but not exactly in this context. I don't remember a mention of it by you. Very useful either way. Also, I will presume you did not see the following NASA press release, particularly since I've heard no mention of it in the press. Perhaps they're trying to bury it. RELEASE: 03-106 NASA STUDY FINDS INCREASING SOLAR TREND THAT CAN CHANGE CLIMATE Since the late 1970s, the amount of solar radiation the sun emits, during times of quiet sunspot activity, has increased by nearly .05 percent per decade, according to a NASA funded study. "This trend is important because, if sustained over many decades, it could cause significant climate change," said Richard Willson, a researcher affiliated with NASA's Goddard Institute for Space Studies and Columbia University's Earth Institute, New York. He is the lead author of the study recently published in Geophysical Research Letters. "Historical records of solar activity indicate that solar radiation has been increasing since the late 19th century. If a trend, comparable to the one found in this study, persisted throughout the 20th century, it would have provided a significant component of the global warming the Intergovernmental Panel on Climate Change reports to have occurred over the past 100 years," he said. NASA's Earth Science Enterprise funded this research as part of its mission to understand and protect our home planet by studying the primary causes of climate variability, including trends in solar radiation that may be a factor in global climate change. The solar cycle occurs approximately every 11 years when the sun undergoes a period of increased magnetic and sunspot activity called the "solar maximum," followed by a quiet period called the "solar minimum." Although the inferred increase of solar irradiance in 24 years, about 0.1 percent, is not enough to cause notable climate change, the trend would be important if maintained for a century or more. Satellite observations of total solar irradiance have obtained a long enough record (over 24 years) to begin looking for this effect. Total Solar Irradiance (TSI) is the radiant energy received by the Earth from the sun, over all wavelengths, outside the atmosphere. TSI interaction with the Earth's atmosphere, oceans and landmasses is the biggest factor determining our climate. To put it into perspective, decreases in TSI of 0.2 percent occur during the weeklong passage of large sunspot groups across our side of the sun. These changes are relatively insignificant compared to the sun's total output of energy, yet equivalent to all the energy that mankind uses in a year. According to Willson, small variations, like the one found in this study, if sustained over many decades, could have significant climate effects. In order to investigate the possibility of a solar trend, Willson needed to put together a long-term dataset of the sun's total output. Six overlapping satellite experiments have monitored TSI since late 1978. The first record came from the National Oceanic and Atmospheric Administration's (NOAA) Nimbus7 Earth Radiation Budget (ERB) experiment (1978 - 1993). Other records came from NASA's Active Cavity Radiometer Irradiance Monitors: ACRIM1 on the Solar Maximum Mission (1980 - 1989), ACRIM2 on the Upper Atmosphere Research Satellite (1991 - 2001) and ACRIM3 on the ACRIMSAT satellite (2000 to present). Also, NASA launched its own Earth Radiation Budget Experiment on its Earth Radiation Budget Satellite (ERBS) in 1984. The European Space Agency's (ESA) SOHO/VIRGO experiment also provided an independent data set (1996 to 1998). In this study, Willson, who is also Principal Investigator of NASA's ACRIM experiments, compiled a TSI record of over 24 years by carefully piecing together the overlapping records. In order to construct a long-term dataset, he needed to bridge a two-year gap (1989 to 1991) between ACRIM1 and ACRIM2. Both the Nimbus7/ERB and ERBS measurements overlapped the ACRIM 'gap.' Using Nimbus7/ERB results produced a 0.05 percent per decade upward trend between solar minima, while ERBS results produced no trend. Until this study, the cause of this difference, and hence the validity of the TSI trend, was uncertain. Willson has identified specific errors in the ERBS data responsible for the difference. The accurate long-term dataset, therefore, shows a significant positive trend (.05 percent per decade) in TSI between the solar minima of solar cycles 21 to 23 (1978 to present). This major finding may help climatologists to distinguish between solar and man-made influences on climate. NASA's ACRIMSAT/ACRIM3 experiment began in 2000 and will extend the long-term solar observations into the future for at least a five-year minimum mission. For more information on the Internet, visit: http://www.gsfc.nasa.gov/topstory/2003/0313irradiance.html For more information about ACRIM on the Internet, visit: http://www.acrim.com -end- ash ['Seemed important.'] Thanks!
Entire Site Copyright, 1998, 1999, 2000, 2001, 2002, 2003 by Jerry E. Pournelle. All rights reserved. |