- Our President did not underestimate how tough economic circumstances were going to be, except that he didn’t know how bad things were.
- The Acting Director of the OMB has no clue what he’s talking about. Of course, President Obama’s former OMB director (and current chief of staff) also has no clue what he’s talking about. They just need some Truth Team action.
- Speaking of Jeff Zients not knowing what he’s talking about, here he is again, not knowing what he’s talking about, or at least what his superiors want people to believe.
- President Obama’s FFY 2013 budget is a joke.
- Some small part of me feels bad for Tim Geithner, who apparently has some realization as to just how crappy it is to carry Obama’s water. It’s a very small part, though, and counter-balanced with the knowledge that he’s one of the key players in our current corporatist game.
- Speaking of corporatism, let’s end with a sad story on corporate whoring. Reading this story, I understand completely why corporate whoring is such a popular activity: where else can you get a 5-fold return on your initial investment?
There’s some interesting stuff out regarding the Heartland Institute document dump. Megan McArdle has a detailed analysis of one fake (obviously fake) document, but I want to emphasize something she kind of downplays: the security and forensic aspect here.
The original breach was a classic social engineering maneuver: convince the person on the other end that you’re someone else, and gain access or information that you otherwise would not be privileged to have. The general answer to this particular type of attack is to have a level of confirmation involved. In a small enough organization, you have the “everyone knows everybody else” advantage, but in a larger and potentially more disparate organization—particularly, an organization with board members who are not day-to-day participants in regular activities—you need something else. That something else could be a key phrase, an identification number, driver’s license, or some other form of positive identification. People can still get around this (for example, by pretending to be Heartland and extracting the passphrase or identification number from a board member, or making a false license), but the level of difficulty is a bit higher.
Finding out about the phony document took a bit of forensic investigation. McArdle did her own sleuthing, which provided rather strong circumstantial evidence in favor of the hypothesis that one particular document was a fake. Combine that with reading PDF metadata and you can see that the person who pulled this off was good enough to avoid leaving incriminating metadata, but not good enough to cover all of his tracks. McArdle ends her second post by thinking about who potentially could be the culprit, given what we know. She draws a number of quality inferences (being a reporter helps a lot in sleuthing), and other investigators could follow up on these clues to try to get to the bottom of the story.
Incidentally, the next day, Peter Gleick admitted to stealing documents (and thereby fraud). He denies having created the forged document, however.
Really excited to see D’Qwell Jackson get a new deal.
In a 4-3 like the Browns run, the middle linebacker is #3 in importance for the defense (behind the two tackles) from a physical standpoint and #1 from a mental standpoint. If he’s healthy, he’s one of the best in the league; if he isn’t, I’m sure there are plenty of protections for the Browns.
Alana Goodman points out Rick Santorum’s nanny statism and wonders where the conservative outrage is. Allahpundit makes roughly the same point.
This is a pretty good summation of the case against Santorum: like George W. Bush, he’s a big-government conservative. I’m not arguing either way here whether he’s more conservative, less conservative, or a better or worse potential candidate than Mitt Romney, but I will say that big government conservatism needs to die. A multi-trillion dollar deficit and already-invasive regulatory State are too much; bringing in yet another person who wants to expand the reach of Leviathan (but in a somewhat different way than the current President) does not help.
In contrast, Jeff G. over at Protein Wisdom has a solid counter-argument, noting that Santorum had a very high grade from the NTU during his two terms in the Senate. He also had a lifetime rating of 88.1 with the American Conservative Union.
Just about a week ago, I finished up a course on computer forensics. The course itself was interesting and I learned several things, including just how difficult computer forensics can be (particularly when you have to take the stand in a civil or criminal case) and the combination of maddening frustration combined with the intense satisfaction of finding hidden or “lost” information.
As part of the course, we went through a number of case studies using various tools. I’m listing them here in case anybody else is interested and wants to take a crack at them.
One of the first case studies we did was a live incident response from Real Digital Forensics (a book which I plan on purchasing). After that, we spent a lot of time on the 2010 CSI Challenge from Long Island University. This is a rather tricky one, and unfortunately, I wasn’t able to break the case. I think that if I spent a weekend on it, I’d probably get a little closer, but they did a good job.
Taking a break from the Frodo challenge, we went to the CFReDS Project and performed a Rhino Hunt to get some experience reading packet traces. It was a relatively easy challenge and it was nice having answers. I plan on trying out some of the other data sets to improve my skills a bit. Digital Corpora has a few free scenarios, too, including M57-Jean, which I plan on working through.
On the last day, we spent a lot of time on the CHFI Al-Queda Challenge. There were a few things that I was unable to complete in time—such as cracking the stego password used on images or a text file—but I did crack most of that case in time.
All of these case studies were interesting and informative, showing me that I’ve got a lot to learn yet…
Money quote from Glenn Reynolds: “I’m not against user fees,” Reynolds said. “But this is not a user fee. This is a fee for being used. I don’t think the TSA does any good at all. Every dollar that goes to them is a waste. More dollars is more waste. I think the TSA should be abolished.”
Facebook and the State of Washington are suing Adscend Media LLC for spreading malware and stealing information.
Ad companies are in a bit of a difficult situation, in that they want to automate as much of their work as they can, but automate too much and you can accidentally let malware through. It’s probably better just to use NoScript and not even load those ads to begin with.