Inept City Manager Threatens Cent-OS Linux with the FBI

A typically self-important and technically incompetent bureaucrat threatened makers of the Cent-OS linux distribution with the FBI after his city’s misconfigured webserver crashed and the Apache boilerplate showing “Cent-OS” in the text led him to believe that the server had been “hacked” by Cent-OS software.

The Register reports:

“Who gave you permission to invade my website and block me and anyone else from accessing it???,” Taylor wrote to CentOS. “Please remove your software immediately before I report it to government officials!! I am the City Manager of Tuttle, Oklahoma.”

and later after a very patient explanation from Cent-OS that they were not responsible for his problems and to contact his IT staff or ISP the inept city manager continued his threats:

“I have four computers located at City Hall. All of these computers display the same CentOS page when attempting to bring up Tuttle-ok.gov. Now if your software is not causing this problem, how does it happen??? No one outside this building has complained about this problem. This is a block of public access to a city’s website. Remove your software within the next 12 hours or an official complaint to the FBI is being filed!”

Priceless, but it gets better. Mr. “I am going to report you linux hackers to the FBI” later asserts that he is computer literate with 22 years experience in system engineering.

“I am computer literate! I have 22 years in computer systems
engineering and operation. Now, can you tell me how to remove ‘your
software’ that you acknowledge you provided free of charge? I consider
this ‘hacking.'”

Read the rest of the bizarre email exchange here.

The folks at Cent-OS should really be applauded for their patience and continued willingness to help in the face of such hubris and absurdity. What strikes me about this story is not the fact that the city manager of Tuttle, OK – Jerry Taylor – was and is such an e-tard but his outright refusal to admit even in the end that he was at fault. Instead he continues to blame Cent-OS because he didn’t understand their (very comprehensible and helpful) initial reply to his threatening email:

“I am sorry that we had to go through the process and accusations to
get the problem resolved. It could have been resolved a lot quicker if
the initial correspondence with you provided the helpful information
that was transmitted in the last messages. My initial contact with
VIDIA disallowed any knowledge of creating the problem.”

Mr. Taylor, you like most bureaucrats and “government officials” are an arrogant dolt and are an embarassment to your city and your constituents. If you had owned up to the fact that you over-reacted and then apologized and thanked the Cent-OS folks for helping you when they had no obligation to do so then this would be a non-event. Rather, considering your rush to abuse your much-cherished authority, you should be removed from your office, tarred and feathered on public access television and barred from using a computer for the rest of your life.

Debit/Credit Card Security Breaches Kept Secret

This SecurityFocus.com article examines the recent rash of debit and credit card security breaches and how cardholders are kept in the dark about them. It seems that current law offers many loopholes for card companies to withold such information from their clients and worse yet, our bought and paid-for so-called representatives in congress are about to make it even easier for such information to be witheld from consumers.

Despite the recent epidemic of debit- and credit-card fraud and last year’s titanic breach at CardSystems Solutions, Congress is considering a bill that will let more companies escape taking responsibility for fraud, consumer advocates charge.

The bill, known as H.R. 3997 or the “Financial Data Protection Act of 2005,” would let companies decide when a data breach is significant enough to merit warning their customers. The House Financial Services Committee approved the legislation on Friday.

Once again it is obvious whose interests Washington is serving and it is not the average citizen’s.

Here is what Ed Mierzwinski had to say about the bill on his consumer blog:

The bill establishes weak duties to protect confidential consumer DNA yet grants broad discretion to ignore telling us when banks or other companies lose it. The bill gives identity theft victims only, but not everyone, a clunky consumer-unfriendly right to place a security freeze on their credit report. It then preempts the 8 states that give every consumer the right to a security freeze. Among these is New Jersey’s freeze, which is the most streamlined and consumer-friendly. The bill preempts all stronger state protections in a broad array of identity theft areas.

He who controls the data controls the universe.

Breaking into the FBI

THIRTY-FIVE YEARS ago today, a group of anonymous activists broke into the small, two-man office of the Federal Bureau of Investigation in Media, Pa., and stole more than 1,000 FBI documents that revealed years of systematic wiretapping, infiltration and media manipulation designed to suppress dissent.

read more | digg story

Mastering Wget

Geek to Live: Mastering Wget – Lifehacker

A versatile, old school Unix program called Wget is a highly hackable, handy little tool that can take care of all your downloading needs. Whether you want to mirror an entire web site, automatically download music or movies from a set of favorite weblogs, or transfer huge files painlessly on a slow or intermittent network connection, Wget’s for you.

List Of Security-related Firefox Extensions

Firefox’s extensions are one of its biggest selling points. Looking for ones that will help make your browsing more secure? Check out this list.

read more | digg story

Cash Register Software Stores Sensitive Customer Data

News.com reports on Visa’s warning that popular cash register software among retailers such as Best Buy, Staples and OfficeMax made by Fujitsu Transaction Solutions may inadvertently store sensitive customer information including debit card PIN codes.

Read the full article at News.com

RIAA and MPAA: ‘Piss on your infrastructure’

…and your life. This is the short of it when it comes to the long circuitous blather of MPAA and RIAA (aka “copyright owners”) attorneys. So reports Ed Felton of the Freedom to Tinker website:

One would have thought they’d make awfully sure that a DRM measure didn’t threaten critical infrastructure or endanger lives, before they deployed that measure. But apparently they want to keep open the option of deploying DRM even when there are severe doubts about whether it threatens critical infrastructure and potentially endangers lives.

Read the rest of the article

Wiretapping Countermeasures

The Electronic Frontier Foundation’s Seth Schoen reports on wiretapping: how it works, and how a simple touch-tone chord can disable it. I found it interesting that law enforcement actually auctions off their old wiretapping equipment on ebay, sometimes failing to erase old taps off the system.

Read “Wiretapping Vulnerabilities

Related: “Signaling Vulnerabilities in Wiretapping Systems”

Securing VoIP with Zfone

Philip Zimmerman, creator of PGP, has released new software for Linux, MacOS and Windows called Zfone which encrypts VoIP telephony. Here is how Zimmerman describes it:

Zfone is my new secure VoIP phone software, which lets you make secure phone calls over the Internet. It encrypts your call so that only the other person can hear you speak. Zfone lets you whisper in someone’s ear, even if their ear is a thousand miles away.

In the future, the Zfone protocol will be integrated into standalone secure VoIP clients, but today we have a software product that lets you turn your existing VoIP client into a secure phone. The current Zfone software runs in the Internet Protocol stack on any Windows XP, Mac OS X, or Linux PC, and intercepts and filters all the VoIP packets as they go in and out of the machine, and secures the call on the fly. You can use a variety of different software VoIP clients to make a VoIP call. The Zfone software detects when the call starts, and initiates a cryptographic key agreement between the two parties, and then proceeds to encrypt and decrypt the voice packets on the fly. It has its own little separate GUI, telling the user if the call is secure. It’s as if Zfone were a “bump on the cord”, sitting between the VoIP client and the Internet. Think of it as a software bump-on-the-cord. Maybe a bump in the protocol stack.

Zfone is still in beta and versions are available for download for Linux and MacOS. A Windows version is due out in mid-April.

Read more at the Zfone website

A Brief Introduction to Port Knocking

Infoworld’s Roger Grimes writes:

Many, many innovations come from the Linux and Unix world. Few are more intriguing to me than port knocking. As a global security plug-in to protect services, it has a lot going for it and few downsides. However, for one reason or another, it suffers from lack of use and understanding. A lot of administrators may have heard of it, but few know how to implement it. Even fewer have used it.

Port knocking works on the concept that users wishing to attach to a network service must initiate a predetermined sequence of port connections or send a unique string of bytes before the remote client can connect to the eventual service. In its most basic form, the remote user’s client software must first connect to one or more ports before connecting to the final destination port.

Read the rest of the article.

More on Port Knocking: