South Park To Be Available Online Free and Legal

"South Park is coming online, free and legal. Brief research has not indicated if it will use DRM, require some silly Windows-only software or be otherwise substandard. According to a Wired blog article, 'Parker and Stone said they were inspired to start the site when they got 'really sick of having to download our own show illegally all the time. So we gave ourselves a legal alternative.'"

In this regard South Park joins fellow Comedy Central notable The Daily Show with Jon Stewart, whose archive was made freely available online late last year.

Hopefully they won't be "bleeped" as the cable episodes are.

Announcing Mandles: Candles for the "Manly Man"

Hattip and hug owed to Cory, use2bshy:

[Error: unknown template 'video']

Attention 007 Wanna-Bees

Spy Phones announced. From Government Computer News:

NSA okays Sectéra Edge smart phone

By John Rendleman

Government users in classified positions can now buy mobile devices that offer secure access to government voice and data networks following the National Security Agency’s certification of the Sectéra Edge smart phone, manufactured by the C4 division of General Dynamics.

The federal government has been evaluating two secure voice and data devices for issue to classified personnel; with NSA certification, the Sectéra Edge cleared the last step in the approval process needed to field the device.

The Sectéra Edge costs $3,350 and begins shipping this month. Personnel must receive clearance from their supervisors to use the devices before ordering them from their information technology departments.

A second device, made by L3 Communications, is close to final approval.

The Sectéra Edge is the result of NSA’s Secure Mobile Environment/Portable Electronic Device program and incorporates the Secure Communication Interoperability Protocol and High Assurance Internet Protocol Encryptor Interoperability Specification specifications for secure access to federal voice and data networks. The devices link to the Department of Defense’s Public Key Infrastructure networks using a Common Access Card, and data stored on the devices is secured with data-at-rest encryption.

The Sectéra Edge runs the Microsoft Windows operating system and includes Internet Explorer for Web browsing secure and non-secure Web applications. It also gives users access to several other Microsoft applications in secure and non-secure modes, including Windows Viewer to see images and Microsoft Office documents and the Personal Organizer for accessing contact and calendar data, as well as Wordpad for jotting notes, Windows Messenger for instant messaging and Windows Media Player.

NSA awarded development contracts for the devices worth $18 million to General Dynamics and L3 Communications in June 2005, followed in August 2007 by indefinite delivery/indefinite quantity contracts to the two vendors valued at $300 million over a five-year period.

Anyone else appreciate the irony that a "Secure Communications Device" runs a version of Microsoft Windows with Internet Explorer?

(no subject)

From The Wall Street Journal:

NSA's Domestic Spying Grows As Agency Sweeps Up Data

Terror Fight Blurs Line Over Domain; Tracking Email

By SIOBHAN GORMAN
March 10, 2008; Page A1

WASHINGTON, D.C. -- Five years ago, Congress killed an experimental Pentagon antiterrorism program meant to vacuum up electronic data about people in the U.S. to search for suspicious patterns. Opponents called it too broad an intrusion on Americans' privacy, even after the Sept. 11 terrorist attacks.

But the data-sifting effort didn't disappear. The National Security Agency, once confined to foreign surveillance, has been building essentially the same system.

The central role the NSA has come to occupy in domestic intelligence gathering has never been publicly disclosed. But an inquiry reveals that its efforts have evolved to reach more broadly into data about people's communications, travel and finances in the U.S. than the domestic surveillance programs brought to light since the 2001 terrorist attacks.

Congress now is hotly debating domestic spying powers under the main law governing U.S. surveillance aimed at foreign threats. An expansion of those powers expired last month and awaits renewal, which could be voted on in the House of Representatives this week. The biggest point of contention over the law, the Foreign Intelligence Surveillance Act, is whether telecommunications and other companies should be made immune from liability for assisting government surveillance.

Largely missing from the public discussion is the role of the highly secretive NSA in analyzing that data, collected through little-known arrangements that can blur the lines between domestic and foreign intelligence gathering. Supporters say the NSA is serving as a key bulwark against foreign terrorists and that it would be reckless to constrain the agency's mission. The NSA says it is scrupulously following all applicable laws and that it keeps Congress fully informed of its activities.

According to current and former intelligence officials, the spy agency now monitors huge volumes of records of domestic emails and Internet searches as well as bank transfers, credit-card transactions, travel and telephone records. The NSA receives this so-called "transactional" data from other agencies or private companies, and its sophisticated software programs analyze the various transactions for suspicious patterns. Then they spit out leads to be explored by counterterrorism programs across the U.S. government, such as the NSA's own Terrorist Surveillance Program, formed to intercept phone calls and emails between the U.S. and overseas without a judge's approval when a link to al Qaeda is suspected.

( More... )

(no subject)

Mac is the first to call in Pwn2Own hack contest

By Dan Goodin in Vancouver → More by this author

28 Mar 2008 02:20

Safari's bad-hair week

CanSecWest A brand-new MacBook Air running a fully patched version of Leopard was the first to fall in a contest that pitted the security of machines running OS X, Vista and Linux. The exploit took less than two minutes to pull off.

Charlie Miller, who was the first security researcher to remotely exploit the iPhone, felled the Mac by tapping a security bug in Safari. The exploit involved getting an end user to click on a link, which opened up a port that he was then able to telnet into. Once connected, he was able to remotely run code of his choosing. The feat won him a $10,000 prize paid by Tipping Point, whose Zero Day Initiative pays bounties to researchers for responsibly disclosing vulnerabilities.

The hack came during the Pwn2Own contest, which is being held at the CanSecWest conference in Vancouver. The competition took place in a conference room overlooking the city's Burrard Inlet, a harbor where pontoon planes took off and disappeared into black rain clouds shrouding nearby Grouse Mountain. A small round of applause broke out immediately after contest officials confirmed Miller's exploit was legit.

At time of writing, the Windows and Linux machines were still standing.

Under contest rules, Miller was forbidden from providing specifics of his hack. He said he chose Apple over the other machines because "I thought of the three it was the easiest". He said he didn't test the exploit on any other platform. As a Mac user, he added, he felt an incentive to exploit the system because he believes it will help make the platform stronger.

Miller's win came on day two of the contest, which gradually eases the rules for what constitutes as qualifying exploit. Not a single attendee entered the contest on day one, when all vulnerabilities had to reside in the machine's operating system, drivers or network stack. Winners were eligible for a $20,000 prize.

On day two, the attack surface was expanded to include browsers, mail applications and other common applications, and the bounty was reduced to $10,000. Contestants on day three will be allowed to attack still more applications, such as Skype, QuickTime and browser plugins for a $5,000 prize.

The Safari exploit came a day after Secunia warned of two critical vulnerabilities in the Apple browser.

As we've said in the past, one benefit of the Pwn2Own contest is its ability to eliminate economic variables from the argument over whether a given platform is vulnerable to attack. Given the proper incentive, it's safe to say that any is ripe for the picking. ®