September 13th, 2011

Nick Broomfield goes after Palin and reveals Alaska underbelly

иконописNick Broomfield’s documentary about former US VP candidate, ex-Alaska Govenor, and former Mayor of Wasilla, Alaska Sarah Palin is being screened at The Toronto Film Festival. Coverage from the UK Guardian is here I watched the interview with Broomfield and found it disturbing because the pathology he describes is not just that of Sarah Palin, it’s very similar to many of the people who now populate Alaska – delusional and sociopathic. Maybe it’s time to head south.

Here’s the link to the video interview with Broomfield that includes clips from the film – scary no?свети георги

September 10th, 2011

The threat

Interesting article in Scientific American. It opens with an interesting perspective.

The CIA notes the annual U.S. death rate is 8.38 fatalities per 1,000 citizens, below that of a country like Nigeria but above other places, such as Uzbekistan. The leading causes of death in the U.S. are heart disease, cancer and car accidents, which killed roughly 1.2 million Americans in 2007, according to the U.S. Centers for Disease Control—more than half of all fatalities in the country. For comparison, terrorists killed no one in the U.S. that year.

Something to think about when considering where money is best spend.

Disclaimer: While here in Europe, things are slightly more relaxed and not so “TSA-ish”, I have not doubt whatsoever, both the above numbers, the spending on mostly fake security as well as the outrageous invasion on privacy is at least comparable (and I am being kind here). Sigh.

Peace.иконописikoni

September 3rd, 2011

The true meaning of empathy

иконографияOn TED: Joan Halifax: Compassion and the true meaning of empathy.

About the talk

Buddhist roshi Joan Halifax works with people at the last stage of life (in hospice and on death row). She shares what she’s learned about compassion in the face of death and dying, and a deep insight into the nature of empathy.

Quote:

The [enemies of empathy] are pity, moral outrage, fear. We have a world paralyzed with fear. The word “terror” is [now] global.

Fear destroying empathy, so true!

 икони

September 3rd, 2011

The certificate collapse

I know this is tech stuff, but it is tech stuff affecting us all, as it connectsthe largest internet company in the worls, my little country and axis-of-evil-Iran. And you all know I love connections :)

Short story, highly simplified and for arguments sake untruely only applied to “websites”: This week, the trusted third party “Diginotar”, which issues SSL certificates was proven to be hacked by Iranian hackers. They were able to issue themselves a valid *.google.com certificate, enabling (Iranian AND others of course) governmental men-in-the-middles to eavesdrop on i.e. gmail, without anyone being able to even detect it. Diginotar also issues certificates for next to all governmental services inclusing social security, tax office, drivers licence office, municipal services, etcetera. Furthermore certificates for tor, for the add-on site of Mozilla and god knows what else.

Long story, still not entirely correct to keep it reasonably readable. A certificate is a rather smart digital “seal” that is issued by a trusted third party (TTP) and installed in a website (again simplified, it can in essence be used for all sorts of electronic communications). The TTP issues these certificates from a sort of “mother” certificate. Browsers on the other hand, have a clever way to prove the certificate from the website the user visits is actually derived from the “mother”. Browsers issue a security warning to the user if a website uses a certfiicate that is NOT derived from a well known set of trusted mothers. Now, if a TTP runs a flawless operation, keeps the known mothers entirely safe and actually check if the requester of a certificate (say: me) is requesting a certificate for a valid host for me (say: this website [valid], google.com [most definately NOT valid]), we have an unbreakable trust triangle. TTP trusts the website owner, the user (read: the browser makers) trusts whatever the TTP’s of this world say they can trust. There are around 650 TTP’s in this world, and a few dozens of trusted “mother” certificates.

A well known trusted “mother” is “Staat der Nederlanden Root CA”, which is THE root of my country! A derived “daughter” is “DigiNotar PKIoverheid CA Overheid en Bedrijven”. This root is used by a lot of governmental websites AND commercial companies and has been compromised. The hackers have created various certificates, including one for *.google.com, and various others that are considered “high profile. Browsers, until now, have trusted this false certificate. Several browser makers have started banning this certificate, and last night, the equivalent of the home office secretary, decided to revoke said daughter certificate. By the time you read this, all website using Diginotar’s certificate will be deemed “unsafe”. Oopsie. And the worst part is of course people believing they were using a safe, encrypted, untappable gmail account being secretly spied upon (and you can bet this has been done).

Diginotar’s damage control has been horrendous. Basically they have kept things under the rug when discovered, and they didn’t even file a complaint at the Justice department. That could even been regarded as willful negligence.

Update: oh my, too much, too much (see this list)

Update: Here is the published list of compromised (read: Diginotar certified) certificates. Brace:

CN=*.10million.org
CN=*.JanamFadayeRahbar.com
CN=*.RamzShekaneBozorg.com
CN=*.SahebeDonyayeDigital.com
CN=*.android.com
CN=*.aol.com
CN=*.azadegi.com
CN=*.balatarin.com
CN=*.comodo.com
CN=*.digicert.com
CN=*.globalsign.com
CN=*.google.com
CN=*.microsoft.com
CN=*.mossad.gov.il
CN=*.mozilla.org
CN=*.skype.com
CN=*.startssl.com
CN=*.thawte.com
CN=*.torproject.org
CN=*.walla.co.il
CN=*.windowsupdate.com
CN=*.wordpress.com
CN=Comodo Root CA
CN=CyberTrust Root CA
CN=DigiCert Root CA
CN=Equifax Root CA
CN=GlobalSign Root CA
CN=Thawte Root CA
CN=VeriSign Root CA
CN=addons.mozilla.org
CN=azadegi.com
CN=friends.walla.co.il
CN=login.live.com
CN=login.yahoo.com
CN=my.screenname.aol.com
CN=secure.logmein.com
CN=twitter.com
CN=wordpress.com
CN=www.10million.org
CN=www.Equifax.com
CN=www.balatarin.com
CN=www.cia.gov
CN=www.cybertrust.com
CN=www.facebook.com
CN=www.globalsign.com
CN=www.google.com
CN=www.hamdami.com
CN=www.mossad.gov.il
CN=www.sis.gov.uk
CN=www.update.microsoft.com

|