Slashdot Mirror
Swedish Lemon Angels
slaytanic killer writes: "Bruce Schneier addresses the "Third Wave of Computer Attacks" in a recent ZDnet article. Another step in his evolution towards looking at the human side of computer weaknesses; analyzing the dangers which come into life when humans translate syntax into meaning. Complete with links at the bottom about rigorous military analysis and Penn&Teller's exploding Swedish Lemon Angels."
Lemon juice has weak citric acid and baking soda is a weak base. Mix them and you get a few bubbles. You need to heat it quite a lot to get any reaction and there's still only a small amount of foam you can get.
En gång var det ett härligt flamewar mellan höger och vänstertyper. Dessutom blev det (förstås) några svenskspråkiga inlägg senast uttalet av Linux diskuterades.
Hm,... skriva på engelska till svenskar. Det gör jag tillräckligt på jobbet.
All opinions are my own - until criticized
- 1 egg
- 1/2 cup buttermilk
- 5 tsp. baking soda
- 1/2 tsp. vanilla
- 1 cup lemon juice
- 1 and 1/4 cups sugar
- 1 cup flour
- 3/4 cup sugar
- 8 tbs. melted butter
preheat oven to 375 degrees.- In a small bowl beat egg until foamy.
- Add the butter milk and the vanilla and blend well.
- Add the baking soda, one teaspoon at a time, sprinkling it in and beating until it is smooth.
- Add the lemon juice all at once and blend into the mixture.
- Scoop the mixture out of the bowl useing a spatula and spread onto a floured surface.
- sift the flour and the sugar and work it into the mixture using your fingertips.
- With a floured rolling pin, roll the dough out 1/32" thick, and with the tip of a sharp knife, cut out "angel" shapes and sprinkle on some sugar.
- Brush with butter.
- Place on ungreased baking sheet and bake for 12 minutes or until the edges curl up.
- Let cool and serve.
For anyone who somehow managed to miss kitchen chemistry as a kid, these are going to blooey right around step 4. Fun.Slashdot is jumping the shark. I'm just driving the boat.
Bakpulver inlindat i lite hushållspapper (så reaktionen dröjer lite) och ättikssprit i en väl tillsluten c-vitamintub. Se där en kul liten fälla att lämna någonstans...
All opinions are my own - until criticized
People will almost always believe things that are being told by an "authority". This happens on TV, in newspapers and nearly every other source of information. The only way this is going to change is by shoving down their throat the difference between an authority and a phony, and that's just not going to happen. People want to believe what they're being told, instead of having to think on their own.
People replying to my sig annoy me. That's why I change it all the time.
I don't know of any instance of someone breaking into a newspaper's article database and rewriting history, but I don't know of any newspaper that checks, either.
Anyone pick up the 1984 reference, or am I being paranoid? What's really to stop person or organization from selectively editing history. With much of our text-based news coming from just a few on-line sources, such a future is conceivable, I think.
Along those lines, not too long ago there was an article in The New Yorker discussing how libraries are destroying or giving away their vast archives of newspapers. Without such hard copies, we make ourselves vulnerable to such attacks.
"Who controls the past controls the future; who controls the present controls the past." -- George Orwell, Nineteen Eighty-Four, pt. 1, ch. 1
Baking soda and the acid from the lemon juice will cause a messy reaction in your kitchen.
Nothing to do with the swedish chef either (bort-bort-bort)
All opinions are my own - until criticized
the onslaught of bad laws.
Whenever people can't think for themselves, they look to their political leaders to protect them. The politicos always see this as a chance to grab for power.
Case in point. Shyesters go around selling magical elixers that cure everything from snoring to herpes. Usually, the potions do more harm than good. Foolish people fall for the shenanigans time after time after time.
The super-amazing, ever-vigilent Congress comes to the rescue. Their solution? No one is allowed to sell anything as a drug that isn't approved by the FDA. The shyesters disappear, but as a side effect innovation is shot full of holes. If I am a cancer victim with 3 months to live, I have to find a way to Mexico in order to try a new experimental drug, since the FDA hasn't determined if the drug will kill me or not. The point isn't that the Mexican cure most likely will, but that the FDA now has the power to make the choice for me.
The better solultion, IMHO, would be for the FDA to have an approval process. No one be allowed to claim FDA Approval, with the approval signifying that the medicine has been proven to be safe and effective. Now, as soon as the shyester rolls in, you ask to see his seal of approval. When he can't produce it, you walk away. I still get to decide if the guy is legite, but I do have some authority from knowledgeable people to guide me.
Now we are saying the same thing about computer networks. Some people are misrepresenting themselves. Be on the lookout for politicos to pass laws that will limit our choice and freedoms while increasing their power in order to save us from these miscreants.
BTW, the shyesters are still in operation, despite the FDA. If in doubt, visit a health food store or your local gym and read the labels of some of products they sell.
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
It's a tradgedy that something like this occurred to you, but the root of the problem is:
The individuals in our society (American, mostly) do not want to take responsibility for their own actions.
They want to blame it on somebody else, or disregard issues that affect them in a detrimental way. It is a form of greed and selfishness.
Until each and every one of us wakes up and realizes that we are not in our own little world, and that the world doesn't revolve around us, such tradgedies will continue to occur.
I support the EFF - do you?
Reason is the Path to God - Anon
Actually, I believe there was one terminal, long time ago, that did have such a key (ADDS ViewPoint keeps popping into my head, but it may be another, even more obscure terminal). I remeber seeing an ad or an article about it in a very old BYTE magazine...
I support the EFF - do you?
Reason is the Path to God - Anon
Seems like Slashdot itself is responsible for a number of "Third Wave" attacks... and at the same time, is a perfect vector for a third-party Third Wave...
Too lazy to look up examples - fire away...
I realize that Bruce needs to structure some sort of narrative around his article, but this "third wave" of "semantic hacking" is hardly new.
The attack on Internet Wire was just an insider abusing the system. It's been going on for quite a while, and shame on Internet Wire for having lax enough security than an ex-employee could abuse the system. Social Engineering has also been a common practice for years: call the helpdesk from the CEO's phone and demand that your password be reset. Easy stuff, old practices. In fact, social engineering, manipulation of the press, and misleading the public are practices that predate the internet by a few thousand years:
"What of this again, that these people are experts in flattery, and will commend the talk of an illiterate, or the beauty of a deformed, friend, and compare the scraggy neck of some weakling to the brawny throat of Hercules when holding up Antaeus[12] high above the earth; or go into ecstasies over a squeaky voice not more melodious than that of a cock when he pecks his spouse the hen? We, no doubt, can praise the same things that they do; but what they say is believed."
- Juvenal's Satires
What's new is that the interconnectedness of the internet community is allowing these practices to migrate to the internet in powerful ways. At least one person believes that this is cause for deep optimism:
"All the bad things we hear about the Web are true. There really are people online who'd like to lure our children into shadows. There really are hucksters who'll steal not only your money but your identity. There really are people who'll take pictures of you in a public bathroom and publish the pictures to the world. Every human vice
we can imagine finds its way onto the Web, which seems to spur the world's most lurid imaginations even further. But the reason for this should be a cause for optimism."
You can check the article out yourself for more, but I agree with the premise. The internet continuing to mirror the "real" world is generally a good thing, and the "forces of good" can harness those powers as well as the "forces of evil".
Noam Chomsky has worried quite a bit about the power of centralized press.
"Chomsky's central belief is that propaganda plays the same role in a democracy as violence plays in a dictatorship.
In the United States, therefore, you need to be less afraid of the National Guard and more afraid of the manipulation of information by governmental, corporate and academic sources. According to Chomsky, the elites who control and benefit from the American political system preserve that system by marginalizing alternative political views, selectively reporting on the consequences of United States foreign policy, and creating political apathy among the general populace by encouraging them to watch professional sports and TV sitcoms rather than actively participate in the political process."
Bruce Schneier should be less worried about manipulation of public news outlets, stock prices, and the economy by hackers, and more worried about the manipulation of public opinion by corporations and governments. Hackers, by showing people how easy it is to have their opinions manipulated, actually serve a positive purpose. I'm not saying I endorse the Internet Wire hack, real people lost money and that's not good. But, creative hacks, the "jam the WTO" movement in Seattle, cool sites like The Onion and Adbusters are all great ways to wake up an uninterested, uninvolved public.
- Twid
- "When you want something with all your heart, the entire universe conspires to give it to you" -Paulo Coelho
Beware the LOTR (Lawyers On The Rampage) attacks. The perpetrators of these attacks seem to be hitting small to medium sites all over the internet, in a seemingly random pattern.
Ñ'
From: president@whitehouse.gov
To: The People of the United States of America
My fellow Americans,
I hereby forfeit all American land and assets to the Republic of Iraq. May Allah forgive us for our past evils.
Signed,
Saddam^H^H^H^H^H^HBill Clinton
Swedish Lemon Angels
That sounds like it would be the title of a corny pr0n video...
-- Dr. Eldarion --
That's the most obvious use of this, and it appears that in this case, even a pathetically crude and transparent fraud managed to cause significant damage, though it appears they caught the perp.
Even a teenager has been able to pull off a scam of this sort. This article in The Standard has the story of a teenager caught manipulating stock prices, who was ordered to pay back his illegal profits after he got caught.
Now this is an inexperienced kid, and another idiot who apparently made his transactions transparently obvious and got caught. We only hear about the ones who get caught, and I highly doubt these guys are the only ones doing it. They're just the only ones dumb enough to make it so transparent.
I never really thought of this before, but this explains a lot of the online behavior and attitudes we see everyday, even on /.
No matter how much information is out there, it is rare that people will look outside of their familiar haunts and find information that they truly trust that they disagree with.
Right. No, your other right. No, the other other right.
It seems to me that Schneier's idea of semantic attacks as a new, third generation attack is a little overstated - what is a semantic attack but a natural progression out of social engineering?
I suppose the distinction, if one is to be made, is that in the past, social engineering was a means to an end - you would use your 'leet SE skillz to get a private dialup number, or access to a machine - whereas semantic attacks tend to be ends in themselves.
Nevertheless, the distinction feels somewhat contrived, and moreover, anyone who's read books like Sterling's The Hacker Crackdown (or anyone who knows their computer history, for that matter) knows that SE has been a big part of these attacks since the beginning: obtaining access to university systems, obtaining AT&T technical docs - SE is what armed people to commit the physical and syntactic attacks he mentions.
His pessimism about their severity is striking too - sure people online don't verify their sources as well as they should - but a) they've for the most part not known how, and moreover b) the media's been doing this for at least the last century without civilization grinding to a halt.
Semantic attacks against humans rely on gullibility or sometimes in the case of the internet, technical ignorance - but with digital signatures coming into fashion, it may not be long before grandma's email program tells her when a signature is invalid, and when grandma herself knows not to trust unsigned mail. And the idea of semantic attacks against computers, through feeding them bad data, is really about spamming search engines, and trying to overflow buffers, which are neither new nor noteworthy.
I know Schneier has gradually become more skeptical about the ability of people, especially online, to take care of themselves - and in many cases, he has good reason to. But having said that, I do feel that the picture he paints is a little too bleak.
Can airplanes be delayed, or rerouted, by feeding bad information into the air traffic control system? Can process-control computers be fooled by falsifying inputs? What happens when smart cars steer themselves on smart highways?
::evil grin::
most of these things are highly preventable...
DON'T CONNECT THEM TO THE INTERNET!!
.. and now i gotta go get that book, time to get my mom to make some swedish lemon angels.... hahahah....
Shit adds up at the bottom...
First off, while Social Engineering has been a tool of good penetration experts for some time, that is all it has been - a tool. The purpose of the use of SE was to gain access to a network. What Bruce is describing is not necessarily a new idea in the real world (look at the World War II counterintelligence operations), it is a (relatively) new concept in information attack, and one that has been primarily the domain of government agencies. Rather than manipulating a person to gain access to a system, the point is to gain access to a system in order to manipulate a person. Or, in the case of the Emulex fraud, many persons.
As to the tired rant telling Schneier to worry more about government and less about hackers, this is a pretty tired saw. Believe it or not, there *are* black hats out there. The only way to adequately defend against them is to educate their targets - like the helpdesk worker who will freely change the CEO's password.
Mind you, I'm not saying that governments and corporations are blameless; rather that disregarding the hackers is not a reasonable (or money-making) option.
Information wants to be free
Information wants to be free
So what? Guns want to kill, but we have laws against that.
If semantic attacks leading to bad information are the "third wave", then Slashdot must be the greatest threat to the internet, ever!
.)
(Well, sheesh. Sometimes you'd swear they haven't read the articles they're linking to. .
...but I can't eat them anymore. They give me gas.
Computer are easy to fix in comparison to humans. Computers accept any given set of instructions we see fit to give them, and they execute those instructions exactly, every time. When there's a problem in the instructions, we can give the computer a new set to fix the problem.
Humans dont WANT to be fixed. Humans don't even want to admit that they're broken. About 3 1/2 years ago, my mother was driving around a curve with my younger brother in the car when she was striken by an elderly woman nearly head on. Her car was demolished, and she was badly injured herself. (My younger brother was not.) Even after the physical therapy, she will suffer pain every day for the rest of her life. The elderly woman couldn't see well enough to see the bend in the road, or even my mothers car. She was for all intents and purposes blind, and a terrible danger to everyone on the road. Any responsible person would know that they should not drive in that condition, but people are frequently NOT RESPONSIBLE. Given the choice between safe and convenient, the woman chose convenience.
Could this problem have been prevented? Can it be fixed? Sure! First, however, someone has to admit that there is a problem. Then people would have to implement more frequent checks and more rigid requirements for the license to drive.
People don't want to go out of their way for safety or correctness. They don't want to learn good practice. They want convenience, and they want fast results. That will probably always be the case. As long as it is, those people will be the biggest source of trouble, computer related or not.
Does anyone else remember the war that went on in the late 80s between talk.bizarre and alt.tv.tinytoons? It all started when someone from alt.tv.tinytoons started cross posting his fan fiction to talk.bizarre. No one in talk.bizarre liked it, and told him to stop. He didn't. Things got increasingly heated, and eventually others from alt.tv.tinytoons came to his defense. This really infuriated those on talk.bizarre, and someone took it upon themselves to declare war on alt.tv.tinytoons. They did this by posting inflammatory messages in various newsgroups, and setting the followup-to header to alt.tv.tinytoons. The only message I specifically remember was to soc.culture.islam and used the word towelhead. Anyway, with less than 1/4 of the messages on alt.tv.tinytoons having any relevance, it wasn't long before there were no messages about Tiny Toons on talk.bizarre.
Woogie
All opinions are my own - until criticized