Defending TV
Grok Headline matches for Defending TV
Defending against the OS X help:
vulnerability
Defending against the OS X help:
vulnerability
05/18/2004 03:05 PMThere's a nasty OS X
vulnerability under discussion at the moment which lets a web page
run a program on your drive by taking advantage of a flaw in the
"help:" protocol. There's a non-malicious demonstration of the exploit
on this page, and Jay
Allen is hosting a discussion on the exploit and ways to avoid
it.
To save you from digging through the discussion, the quickest way
to defend yourself is to install the More
Internet preference pane (mount the DMG, then copy the More
Internet.prefPane file to your /Library/PreferencePanes folder
or run the "install prefpane" script). Then go to system preferences,
launch the "More Internet" panel, select the "help" protocol and use
the Change button to assign it to some non-harmful application such as
Chess (simply deleting the protocols will not solve the problem).
While you're there it's a good idea to add a new protocol called
"disk" and assign it to a non-harmful application as well - this
prevents malicious sites from being able to auto-mount networked disk
images on your system, something which while not exploitable on its
own can be used in conjunction with other exploits (like the help:
one) to execute arbitrary code.
For those who are interested, it seems the exploit itself is as
simple as this:
<a
href="help:runscript=MacHelp.help/Contents/Resources/English.lproj/shr
d/OpnApp.scpt string=usr:bin:top">click to run 'top'</a>
CDJ: Defending ColdFusion Against...
CDJ: Defending ColdFusion Against...
09/17/2004 08:31 AMNew from
PHP Magazine today:
"Defending their country"
"Defending their country"
08/11/2004 11:56 AMTwo Britons born in Iraq explain their reasons for joining the
insurgents loyal to Muqtada al-Sadr.
Defending the Core
Defending the Core
03/06/2004 02:01 AMSolutions seek to catch intrusions inside the perimeter.
defending Newt Gingrich
defending Newt Gingrich
09/05/2004 08:42 PMAgainst Appomattox .. the South
wins
tnr.com/doc.mhtml?i=20040906&s=brownsifton090604
track this
site | 3 links
Defending the Great White Tax
Defending the Great White Tax
12/12/2003 04:17 PMAs noted previously, the Copyright Board of Canada has approved a
tariff on digital audio recorders. Devices like Dell's DJ, Apple's
iPod and other MP3 devices will increase in price from $2 to $25. The
move mirrors the Canadian policy of additional taxes for blank media
such as cassettes, minidisks and CDs. The tariffs are collected on
behalf of musicians, songwriters and other copyright holders in order
to compensate them for non-commercial distribution of music.
Fighting phishing and defending IM
Fighting phishing and defending IM
04/04/2005 03:35 PMGoogle adapts its e-mail service to foil online fraudsters. Microsoft
is also out to nail phishers, and faces a worm targeting MSN
Messenger.
Defending Paid Inclusion
Defending Paid Inclusion
03/06/2004 02:09 AMIn Yahoo Harms Trust in Search Engine, Dan Gillmor references a
WSJ.com article that I cannot read (because I don't want their lame
"free" registration) and claims that allowing companies to pay to make
sure they're included in Yahoo! Search "makes it impossible for users
to know whether companies are paying to be included in the results."
Dan, it's called "paid inclusion" and it's been around for quite a
while. But you don't live and breathe search like John Battelle...
Defending a Longer View of Intel
Defending a Longer View of Intel
04/14/2004 09:13 AMTheStreet.com Apr 14 2004 1:22PM GMT
Year in Review: Defending the internet
Year in Review: Defending the internet
12/21/2003 09:36 AMIDGNet New Zealand Dec 21 2003 8:50AM ET
Defending web applications against
dictionary attacks
Defending web applications against
dictionary attacks
01/22/2004 02:39 AMOver at Reflective Surface, Ronaldo M. Ferraz discusses the
usability of an authentication system that locks down an account for a
certain period of time after three failed login attempts. Ronaldo sees
this as a trade off between usability and security, but I see it more
as an added security issue in that it allows malicious third parties
to lock other user's accounts armed only with their username.
The problem then is how best to defend web applications against
brute force password guessing attacks without enabling denial of
service attacks at the same time. The largest risk is from automated
scripts that try every possible password until they get in.
Identifying these attacks should be trivial - a real user could
potentially fail a dozen or so times, but would be unlikely to try
hundreds of combinations in quick succession. Assuming a malicious
cracking attempt has been identified, what steps should a system take
to foil the attack while still allowing the real user to access the
site?
I can think of a few options, none of which seem like the ideal
solution:
- Ban login requests from the attacker's IP address. This introduces the usual problems
with IP banning, namely
the risk of banning a whole bunch of people indiscriminately but
leaving the attacker free to skip the ban using open web proxies.
- Lock the user's account and email them a warning of the attack
and a special key needed to unlock the account again. This relies on
the user having access to their email account when they next have a
need to access the system. It also assumes that the user's email
account is secure, but since both the user's password and the secret
unlocking key will be required to access the system email security is
of less importance (the user's password is not sent with the unlock
key).
- Send an automated alert to a system administrator so they can
analyze the situation in real time and take any necessary action. This
relies on administrators being available 24/7 - hardly a safe
assumption for most systems.
- After a certain number of failed attempts, challenge the user to
"prove their humanity" with one of those obscured-text-as-image
things. This comes with accessibility issues which have as yet been
unresolved.
If anyone has any better solutions, please leave a comment.
Defending The Skies Against Congress And
The Elderly
Defending The Skies Against Congress And
The Elderly
08/22/2004 07:22 PMDefending Open Source Security
Defending Open Source Security
02/14/2004 08:03 AMPetrova Upsets Defending U.S. Open Champ
(AP)
Petrova Upsets Defending U.S. Open Champ
(AP)
09/06/2004 11:17 PMAP - Justine Henin-Hardenne lost her U.S. Open title and her No. 1
ranking Monday night. The defending champion was upset by Nadia
Petrova 6-3, 6-2 in the fourth round, the earliest exit by the Open's
top-seeded woman since Billie Jean King quit because of illness during
her third-round match in 1973.
Ahmad and Me - Defending Chalabi. By
Christopher Hitchens
Ahmad and Me - Defending Chalabi. By
Christopher Hitchens
05/31/2004 01:02 AMChristopher Hitchens makes defense for Captain Unpopular .. Ahmad and
Me - Defending Chalabi. By Christopher Hitchens .. well worth a read
.. defending .. Hitchens
slate.msn.com/id/2101345
track this
site | 4 links
"Ahmad and Me - Defending Chalabi. By
Christopher Hitchens"
"Ahmad and Me - Defending Chalabi. By
Christopher Hitchens"
05/29/2004 08:52 PM"John Derbyshire, defending his mental
state"
"John Derbyshire, defending his mental
state"
05/14/2004 03:36 AMDefending Weak Electronic Voting
Machines
Defending Weak Electronic Voting
Machines
05/11/2004 06:09 PMI'm still a bit confused why anyone would object to electronic voting
machines having
more security and
more ways to prove
they're accurate, but everyone has their reasons. Unfortunately, this
debate is turning into a political debate of Republicans vs. Democrats
rather than a focus on the actual issues. That explains this latest
editorial
in
defense of current electronic voting machines, which seems to
paint the whole discussion as a Democratic plot to make democracy more
expensive. The author does try to go through all the complaints, but
starts off with a completely pointless argument to set the tone of his
argument. He picks up the comment of a
comedian about how the
machines can be hacked over the internet and points out these machines
are not hooked up to the internet. This makes it appear that the
people who are really complaining about these machines have no idea
what they're talking about and think the machines are hooked up to the
internet. The real complaints about the system being easily tampered
with are brushed off by saying no one has ever been caught tampering
with these machines. The simple response to that is that he forgot to
add the word "yet" to the end (and that just because no one's been
caught doesn't mean it hasn't happened). He then brushes off the idea
that tampering is a real problem anyway, since people could only
tamper with one machine at a time, since (apparently) messing up a few
votes is okay. As for the very unlikely possibility that anyone is
tampering with the voting software to better favor one candidate, he
says that random testing takes care of that. Random testing certainly
helps - but as the California situation showed, the random testing was
done incorrectly and uncertified software was loaded after machines
had been "tested." Furthermore, there's simply no reason not to make
voting machine software publicly open so that independent testers can
go through the code and verify there's nothing wrong with it.
Finally, all the way at the end, he gets to the real complaint that
most people have with these voting systems: that there's no
recountable paper trail. His response shows just how much he doesn't
understand the real issue. He says that each machine records the
electronic votes multiple times, and the recount is easy: just view
one of the other records. This leaves out the important middle step:
knowing that any of those records actually recorded the vote properly.
I can make a thousand identical copies of the same incorrect records
and it doesn't help me to verify the accuracy of the original vote.
He claims that the only reason to add a paper trail is to make the
machines more expensive - but it's already been shown that the
addition of such a paper trail adds a tiny cost to each machine (many
of them already have paper printers included). Besides, at what point
did anyone say democracy had to be cheap? Ignoring all the politics
on either side concerning these voting machines, why would anyone not
support making these machines more secure while also including some
way to verify the accuracy of the vote? Most people arguing for
better security don't believe there's some big plot to steal an
election or that hackers are waiting to mess up the vote. We just
don't like the fact that it's
possible and would feel a lot
better with a more secure system. What's wrong with that?
Flyers Oust Defending Cup Champion
Devils
Flyers Oust Defending Cup Champion
Devils
04/17/2004 07:22 PMDanny Markov scored on a long shot with 5:23 left, and the Flyers
closed out their first-round series against the Devils with a 3-1
victory.
Defending Against Worm Wave Is A Tough
Task
Defending Against Worm Wave Is A Tough
Task
03/08/2004 11:14 PMKerry Attacks Bush's Record on Defending
Homeland (Reuters)
Kerry Attacks Bush's Record on Defending
Homeland (Reuters)
05/26/2004 07:48 PMReuters - Democratic White House challenger John
Kerry accused President Bush on Wednesday of being more
interested in election-year photo opportunities than providing
funds to defend against another Sept. 11-type attack.
Defending the Philippine IP Law system -
POINT OF LAW By Alex Ferdinand S. Fider
Defending the Philippine IP Law system -
POINT OF LAW By Alex Ferdinand S. Fider
05/24/2004 09:55 PMPhilippine Star May 25 2004 2:05AM GMT
Make it & Break It: Defending Against
Cross-Site Scripting Attacks.
Make it & Break It: Defending Against
Cross-Site Scripting Attacks.
09/13/2004 08:53 AM"defending John Kerry and calling the
right wing on their attack on his
medals/ribbons."
"defending John Kerry and calling the
right wing on their attack on his
medals/ribbons."
04/29/2004 09:52 PMEFF defending creators of This Land is
Your Land parody
EFF defending creators of This Land is
Your Land parody
07/29/2004 06:53 AMI'm proud to relate that EFF is representing Jib Jab, the creators of
the wonderful "This Land is Your Land"
Flash parody that aroused
the ire of the holder of Woody Guthrie's copyrights and resulted in a
threatened
lawuit. Here's a little bit of my cow-orker Fred von Lohmann's
letter to the copyright-holder's lawyers.
In your July 23 letter, you contend that "This Land" offers no
"satirical comment" on the Guthrie original. You are mistaken.
While your view of Guthrie's "This Land is Your Land" as being
predominantly about "the beauty of the American landscape" and "the
disenfranchisement of the underclass" is interesting, most Americans
think of the song as an iconic expression of the ideal of national
unity. Jib Jab's parody addresses, among other things, the lack of
national unity that characterizes our current political climate
(ending with the optimistic hope that unity might be rediscovered). In
short, "This Land" explores exactly the same themes as the Guthrie
original, using the parodic device of contrast and juxtaposition to
comment on the original. See Abilene Music v. Sony Music
Entertainment, 320 F .Supp.2d 84, 90-91 (S.D.N.Y. 2003) (emphasizing
the role of contrast and juxtaposition as parodic devices). The
parodic comment takes on an additional dimension of irony when viewed
in light of the often omitted closing stanzas of Guthrie's original.
556k PDF
LinkGrok Description matches for Defending TV
GrokA matches for Defending TV
Defending TV
