Once in a while a person finds an author who writes enough for a person to really like that author. The ideas that come across are coherent, consistent, and moving. Cory Doctorow is such an author for me. He understands technology, he is brilliant at coming up with plausible futuristic scenarios and he conveys ideas that are as important as anything we will face today. I've met him twice, once at Toorcon San Diego 2006 and once yesterday at a reading. He answered my question quite well. His new book "Little Brother" focuses on a revolution of ideas and values in present day America. He pits students against a tyrannical DHS frighteningly similar to the DHS we know today. He explains with incredible clarity why a war against an abstract noun is invalid and a system designed to protect people from rare events at the cost of their freedom is no more than common tyranny.
My question was: "What brought you to the idea of the probability of rare events and the detectors being useless?" He explained that the problem is that lurid rare events are much less of a threat than common events that harm a person. In his book he explains that trying to find a needle in a haystack is incredibly difficult when the margin of error of detection is so high. Any system designed to trade freedom for really poor results should be rejected.
We live in a country where basic freedoms are being trashed, we are at war with a country who has not attacked us, and the general populous will never revolt against it. We're basically in a downward spiral. With a new president and a possible solution to the war and removal of nationwide wiretaps and institutional torture, we can have hope for a new tomorrow. But persevering and incredible diligence is required still. We cannot afford to allow any screwups to send us back to our downward spiral if we get a chance to fix it. Tell the next president, Mr. Obama that we we're expecting nothing less than a complete change in the way our government is running.
Read more »I am a hacker, a self-employed programmer, an open-source advocate, a scientist, and an independent security researcher.
April 19-27, 2008
This program was written in a few days to solve the issue of watching network traffic in realtime. I split packets into groups of IP, TCP, UDP, and non-IP as well as in/out and update the screen every second. It shows packets per second, kilobits per second, and horizontal lines show how much data. The bars switch to yellow when the traffic increases over 1Mbps and to red when it increases over 5 Mbps.
jvoss@altsci.com
jvoss@myuw.net
May 15, 2007
Official Asterisk bug report
I am releasing the full Asterisk IAX2 exploit framework / alternative implementation. I am giving a talk at Toorcon Seattle 2008 about my findings. Read more about the handshake (and it's failure) at that page.
Although the Asterisk team described a bugfix and mentioned intention to fix this bug, this bug has not been fixed as of Jan 17, 2008 (Tested against 1.4.17). Since the exploit code is widely available through this website, it would seem prudent to fix this if it were indeed a fixable bug. However, it is my opinion that introducing a handshake requirement to the IAX2 protocol would make the protocol far less likely to work with third-party software and hardware.
I am running a vulnerable version at suzy.altsci.com for test (as well as development and actual use) and I intend to keep it running for the purpose of education and disclosure of this vulnerability.
Read more »
