What do they have to gain?

It would appear that David Maynor and Johnny Cache have been at least partially vindicated. I wouldn’t go so far as to say they’ve been fully vindicated: as the saying goes, “show us the code”. If they really believe Apple have been acting irresponsibly, then maybe that would be the best thing to do, in the interests of full disclosure.
However, that’s not really why I wanted to post; as the title suggests, one of the questions that their defenders (including Twitchy from pauldotcom and Andy the IT Guy, among others) have been asking is “what would they have to gain by lying?” That’s a fair enough question, and rationally, the answer is nothing – as it usually is. However, that doesn’t stop hordes of people from lying anyway. What did they have to gain? Notoriety, perhaps a contract or three… who knows. Maybe they never expected it to get that big and things just got out of hand, like a Coen Brothers movie. “All The Dude wanted was his rug back.”
I’m not saying they’re lying – I’m sure there’s at least a grain of truth to their allegations – but until and unless there’s Real Code That Works released, I’ll stick with I’ll believe it when I see it. And if Apple’s recent patches really and truly vindicate them (as in, the patches fix precisely what they claimed was broken) then turn the title’s question on its head – what do they have to lose by releasing the code? Nothing. What do they have to gain? Vindication.

Spyware, or, How I Hate Windows

(Security, because it’s spyware, but General Tech, because it’s not actually all that interesting, being spyware on Windows, but I figured I’d post a bit of my notes here.)
Linda’s mother asked me if I could have a look at her PC. It was giving her weird error messages when she tried to go into the Control Panel and such to remove software. She blamed it on Linda’s sister, who’d been using LimeWire on the machine, but I figured it could have been anything, so I agreed to have a look. (There’s some history between us regarding fixing computers, and I generally loathe looking at family PCs anyway, but I figured what the hell, I’d never seen that particular error message before.) So, mostly last night and a bit today, I had a look.

Continue reading


My wife takes classes at a local university, and they have recently started using the iclicker. She got hers today, and I immediately started scheming. It’s $40 so I don’t really want to go out and buy another one just to take apart, but it’s still pretty tempting. All in all, I’m fairly disgusted by the whole thing (especially since I’m sure her uni is making a bit of a profit off selling her this thing). She has to go to their website – the company’s, not the university’s – in order to tie it to her student ID. Looks like it might be susceptible to jamming, at least (maybe a modified 900MHz cordless phone?). Unfortunately, my wife won’t let me take hers apart, but it might almost be worth sinking $40 into it to see what I can do with it. Of course, I wouldn’t use my knowledge for Bad, but I wonder how much thought has been put into this thing’s security? It’s tied to your student ID, after all.

Argus 3.0 on FreeBSD

After reading Tao of Network Security Monitoring, and other associated reading, I was all fired up to try getting some session data of my own. (Having a stepdaughter with her own internet-connected PC makes me leery too.)
So I tried argus from ports tree (2.0.6) and didn’t have much luck with it, although in retrospect I’m not sure that it just doesn’t like the tcpdump files I was passing it for some reason. I’ve been keeping all my documentation on this stuff in a private twiki, but I thought some of this information might be useful more generally, so I’m throwing it out onto the internets, Bejtlich-style.

Continue reading

First they took away…

OK, it has to be said. This is probably not original to me, although I haven’t yet seen it elsewhere (I was camping last week and so was pretty out of touch).
What happens when The Evil Terrorists come up with a plot to destroy an airplane with stuff stashed in a prosthetic limb, using a pacemaker as a trigger? For extra laughs, they can use a wheelchair too. And let’s play a race card or two – find some cleancut fellow with black or yellow or white skin to carry it.
Why not just cut to the chase now, and force everybody to fly stark-naked after a two week cleansing in a monitored clinic? Crazy? So is dumping gallons of liquid into big barrels *surrounded by hundreds of people*. The terrorists with explosives in their bottles don’t have to make it past security – they just have to make it *to* security.
And my first source of news on this whole sports drink bottle foofarah was Kitchener’s own The Record, which had a front page article (continued to the second page for about 12 column inches) on how The New Rules aren’t all that bad, really.
My new rules are about this || close to “if I can’t walk, drive, bus, or train there, I’m not going”. Add that to my refusal to travel to the US now – nothing against you Yanks, I just hate the idea of requiring passports for me and my family at $75 a pop – and it looks like I’m going to be pretty static for a good long time to come.
Remember all those people crying about how we can’t let the events of September 11, 2001 change our lives, “or the terrorists will have already won”?
They’re winning.