Hmmm, seems to me as if the terrorists are now no longer the draught horse du jour.
You see, back in the summer of 2001 every organisation that wanted to control the masses and that wanted to impose some new law to restrict everyones rights and freedoms and turn society into something they could control used (the fight for) child porn as an argument.
Some entity (like a three letter agency or the police) wanted to put laws into place that would allow the state (or the police) more fascistic control over the people. So they made strong lobbying efforts to get it pushed through legislation and practically no politician could afford to oppose it as then the TLAs might have said something like:
"Hey, but we need this legislation in order to fight child porn. You are against the legislation so you must want to support child porn!"
What this meant was that if you ever wanted to take away some serious liberties from the people, all you had to do was find a way in which you could connect your evil, fascistic surveillance state agenda with an argument on how this would help fight child porn and you had carte blanche to it.
Now, then came 9/11, and after that the obligatory "we need to take away liberty X" statement was no longer justified with "in order to fight child porn" but instead was instantly replaced with "in order to fight terrorism".
This now seems to have been replaced yet again by the child porn argument. For example today in Austria a new ministress of justice [pun intended] was introduced and immediately remarked that it would be on her agenda to act against child porn. Terrorism on the other hand side seems to be a total non-issue.
So I guess that means that the people of at least the central european countries are more likely to accept further restrictions of their rights and liberties in support of the fight of child porn and no longer in support of the fight of terrorism. Interesting indeed.
They might not have been spying on you. Maybe they were much more interested in securing the corporate network by detecting threats like accidentally or intentionally downloaded malware and hack tools and/or drive by downloads via HTTPS. Because, if you want your corporate AV scanners at your perimeter to be able to detect such threats you have to break up the encrypted HTTPS traffic in order to protect against it.
Of course, they could also have been worried about "extrusion prevention" and feared that internal documents might get uploaded via HTTPS or that trojans might be able to phone home without the possibility of detecting them.
Well, that server service thing was patched out of cycle because it was "wormeable". Thus, you could easily turn it into a worm like sasser. Of course, such worms are already out there now but imagine if there would have been worms exploiting this before MS had a patch available. All defcon levels would have been raised, including the ISCs warning levels.
I personally do hope that MS will patch this sooner but I do not expect it. I have instead blocked the.wri extensions at the perimeter.
Wrong - you see? Exploits are being written by skilled crackers* and security experts alike. But:
Finding flaws and creating reliable exploits, as you say, is very Zen.
Therefore it does not make sense to waste a 0-day on a broad public. It might have taken you very long to find and write and a worm or a mass exploitation (botnet, autorooter, infected web portal) guarantees you that
your secret vulnerability gets detected and patched by the vendor
AV & IDS signatures will be added very very soon
It is much better for a cracker to only use few targeted attacks and stay under the radar of the infosec community.
The whitehat security researchers might tell Microsoft about the problem, which you can observe as "the vulnerability was privately reported" in those advisories. Those are the vulnerabilities that are found by "hackers" that do not make money out of it.
And therefore, the blackhats keep their 0-days and those get only patched when the whitehats discover the same vulnerability and report it.
Apart from that, the creator of the 0-day could possibly also just have a very good tool for finding flaws automatically or could be good in fuzzing techniques and might as well just have directed his skills at the program mentioned in the advisories. All I want to say is that it was not necessarily someone who looked at the disassembled code, looking for the patched vulnerability and just realizing (matrix like by "seeing the code") another vulnerability.
Personally I regard this as unlikely as I know of some very good programs to analyze the patch and find the vulnerability this very patch tries to close but would not show you any other flaws.
Maybe the cracker got his hands on a description of the patched vulnerabilities that Microsoft gives out to paying customers? And has then targeted the mentioned programs? But as finding some otherwise unspecified flaw in IE is difficult, targeting a small executable is much more simple and so the attacker might have looked for a flaw and found one that later turned out to be a different flaw that what MS thought of in the early patch announcement. I find this scenario to be especially likely as this would explain why the attacker has wasted a precious 0-day for mass exploitation: he simply thought he would exploit what the MS patch was about to patch. So there would not have been any benefit in keeping that knowledge but instead it would have been most profitable to exploit it before the patch comes!
I for one imagine a cracker somewhere, now biting into his ass that he disclosed a vulnerability which previously nobody knew of - in a way, not even himself. *g*
______ * call me pathetic for using the correct words. I know, nobody uses them any more
Yes, but where AV-Comparatives clearly fails, IMHO, is on the point of speed:
They do not take into account, how fast an AV vendor is updating their signature after the release of a new malware specimen. In this category in my experience, some AV vendors are much better then others. E.g. Kaspersky and F-Secure are way better than Symantec in this respective. And for me (and the security of the infrastructure I protect) this is a very important criteria.
Witness how many legitimate products get flagged as "hacker tools" (like Angry IP Scanner)
A port scanner is a hacker tool. Of course you can use it for legitimate purposes as you can with many other tools. I can even use a malicious virus as a tool for testing my AV engines. But it is still a virus. If you are in the position to legitimately use a port scanner you obviously should also be in the position to get this program on your machine from being excluded by the corporate antivirus.
Apart from that, if I would discover some of my users to use such a tool without entitlement and the AV engine would not detect it, I would demand for a signature to be added by the AV vendor.
Apart from that the last time I checked they mentioned that not every AV vendor is used for comparison because they have to fullfill certain minimal requirements. But as a matter of fact I just checked again and concerning Trend they say:
[...]while their commercial counterparts are ignored (ostensibly after paying them off to get off their little black list).
Do you notice how I am much less likely to submit potential evil software for inclusion in the next signature update if it is commercial sw, as my users (and supposedly many hackers) are more likely to use the freely available software to piss me off?
When you have got the source code of the entire OS there is nothing that you can't do, at least such a silly thing can be done, I dare you to convince me otherwise.
That having said, what do you pay me if I make your Linux computer automatically run code by inserting a USB flash drive? Apart from the fact that it might very well already run code automatically by inserting a USB flash drive, I assume I can even make it run executables contained on that very USB flash drive.
And yes, I do know, I am beeing pedantic but we are on/. here and are discussing what Linux might or might not be capable of, okey?:-)
Autorun does not work on WinXP, at least not since SP2 on USB sticks.
Therefore products have been developed that circumvent this: they simply simulate a CD-ROM drive. A well known product is the U3.
Why CD-ROMs are still able autostart untrusted executables is simple: customers got used to inserting their CD-ROMs into their drive and have their apps autostart/autoinstall. If M$ took this away both the users and the companies providing them easy-to-use software would lynch them.
[...]Another procedure operates more energetically and more thoroughly. It regards reality as the sole enemy and as the source of all suffering, with which it is impossible to live, so that one must break off all relations with it if one is to be in any way happy. The hermit turns his back on the world and will have no truck with it. But one can do more than that; one can try to re-create the world, to build up in its stead another world in which its most unbearable features are eliminated and replaced by others that are in conformity with oneâs own wishes. But whoever, in desperate defiance, sets out upon this path to happiÂness will as a rule attain nothing. Reality is too strong for him. He becomes a madman, who for the most part finds no one to help him in carrying through his delusion. It is asserted, howÂever, that each one of us behaves in some respect like a paranoiac, corrects some aspect of the world which is unbearÂable to him by the construction of a wish and introduces this delusion into reality. A special importance attaches to the case in which this attempt to procure a certainty of happiness and a protection against suffering through a delusional remoulding of reality is made by a considerable number of people in common. The religions of mankind must be classed among the mass-delusions of this kind. No one, needless to say, who shares a delusion ever recognizes it as such.
Sigmund Freud, Discontent in Civilization, SE XXI, p. 81
And how about people to whom god is whispering in their ear to kill thousands of people in an unjustified preemptive war in order to fight the (axis of) evil, that happens to consist of people who believe in the wrong god?
What the AV engine and detection rates are concerned I strongly suggest either Kaspersky or F-Secure. I don't know how those are like from an endpoint usability standpoint though.
Usually one could assume that the ISC would not write about it if it was not true as one of their handlers is Joshua Wright, my favourite wireless enthusiast. Not only do I dare saying that he is one of the world greatest wifi researchers but he also has close ties to many other wifi experts. I would be surprised if he does not know Martin Beck (the author of aircrack-ng) in person.
BTW, Josh, if you happen to read this, I would love to here a comment from you on that issue.
So, I do not think that this story could have been checked out more thoroughly apart from asking the researches themselves about the correctness of the articles.
Watch the zeitgeist movie. Skip to 01:48:50 and you'll know what I mean.
At 01:51:00 comes the part with the RFID chip. Damn scary. So I think might be more of an effort to get people used to carrying around remotely readable RFID chips carrying their ID.
Ahem...taken from the last Crypto-Gram:
on
Schneier on Security
·
· Score: 3, Interesting
The Seven Habits of Highly Ineffective Terrorists
[...]
Conventional wisdom holds that terrorism is inherently political, and that people become terrorists for political reasons. This is the "strategic" model of terrorism, and it's basically an economic model. It posits that people resort to terrorism when they believe -- rightly or wrongly -- that terrorism is worth it; that is, when they believe the political gains of terrorism minus the political costs are greater than if they engaged in some other, more peaceful form of protest. It's assumed, for example, that people join Hamas to achieve a Palestinian state; that people join the PKK to attain a Kurdish national homeland; and that people join al-Qaida to, among other things, get the United States out of the Persian Gulf.
If you believe this model, the way to fight terrorism is to change that equation, and that's what most experts advocate. Governments tend to minimize the political gains of terrorism through a no-concessions policy; the international community tends to recommend reducing the political grievances of terrorists via appeasement, in hopes of getting them to renounce violence. Both advocate policies to provide effective nonviolent alternatives, like free elections.
Historically, none of these solutions has worked with any regularity. Max Abrahms, a predoctoral fellow at Stanford University's Center for International Security and Cooperation, has studied dozens of terrorist groups from all over the world. He argues that the model is wrong. In a paper published this year in International Security that -- sadly -- doesn't have the title "Seven Habits of Highly Ineffective Terrorists," he discusses, well, seven habits of highly ineffective terrorists. These seven tendencies are seen in terrorist organizations all over the world, and they directly contradict the theory that terrorists are political maximizers:
Terrorists, he writes, (1) attack civilians, a policy that has a lousy track record of convincing those civilians to give the terrorists what they want; (2) treat terrorism as a first resort, not a last resort, failing to embrace nonviolent alternatives like elections; (3) don't compromise with their target country, even when those compromises are in their best interest politically; (4) have protean political platforms, which regularly, and sometimes radically, change; (5) often engage in anonymous attacks, which precludes the target countries making political concessions to them; (6) regularly attack other terrorist groups with the same political platform; and (7) resist disbanding, even when they consistently fail to achieve their political objectives or when their stated political objectives have been achieved.
Abrahms has an alternative model to explain all this: People turn to terrorism for social solidarity. He theorizes that people join terrorist organizations worldwide in order to be part of a community, much like the reason inner-city youths join gangs in the United States.
The evidence supports this. Individual terrorists often have no prior involvement with a group's political agenda, and often join multiple terrorist groups with incompatible platforms. Individuals who join terrorist groups are frequently not oppressed in any way, and often can't describe the political goals of their organizations. People who join terrorist groups most often have friends or relatives who are members of the group, and the great majority of terrorist are socially isolated: unmarried young men or widowed women who weren't working prior to joining. These things are true for members of terrorist groups as diverse as the IRA and al-Qaida.
For example, several of the 9/11 hijackers planned to fight in Chechnya, but they didn't have the right paperwork so they attacked America instead. The mujahedeen had no idea whom they would attack after the Soviets withdrew from Afghanistan, so they sat around until they came up with a new enemy: America. Pakistani terrorists regularly defect to another terro
One question for any Chaos Theory fans: what are the long-term effects of creating large, man-made clouds over the ocean?
I am quite sure that you already know that by the very nature of the Chaos Theory you can not predict the outcome of a contibution to a truly chaotic process. But you seemed to be looking for someone to answer that question, did you?
Now, if climate was that chaotic - in opposition to weather, which arguably is quite chaotic - nobody would be able to predict that more greenhouse gasses would lead to a climate change as the climate would change all the time without any observable reason except that everybody would know that it changes all the time without reason because it is chaotic.
But I guess the climate could be similar to the Saturn rings which are subject to chaotic processes. Say, you are a piece of rock orbiting around Saturn. As the planet is not a perfect sphere but there are mountains and regions of matter with different density within the planet, you are subjected to different gravitational forces depending where you are in your orbit. Now, if you happen to be in an orbit where you will happen to encounter the exact same forces again and again at later dates because - say - after the planet has turned around 50 times and you have circled the planet 7 times and after that you find yourself in the exact same position as when you started, the gravitational forces (or the centrifugal forces for that matter) will accumulate over time and you will be thrown out of your not-so-stable orbit and smash into the planet or get thrown into space or into a stable orbit where you will never periodically be expired to the very same constellation of centrifugal/gravitational forces time and time again and be it after hundreds of rotations of the planet and yourself around that planet.
Now, assume that earths climate would be such a more or less stable rock. We know that it is not that stable as there have been ice ages and very warm times as well. But for what is concerned to be our lifetime and that of our grandchildren it might well be considered sufficiently stable although strictly speaking even that is not 100% sure.
But what we do know is that if mankind produces a force that constantly pushes that rock from or to the planet, that we will be shifted into a much less stable orbit and thus might get thrown into space (e.g. ice age) or will descent to the planets surface eventually (ever rising temperatures). Either way, there is nothing wrong with trying to generate a new force that will counter another manmade force that pushes the climate out of orbit into something very unstable.
p.s. I am posting as AC as not everything might be 100% correct in terms of explaining the saturn rings thing and also my mother tongue is not English and so it causes me tremendous efforts to not make a single spelling or grammar mistake and I do not have enough time to do that now.
First DoS vulnerability detected already
on
Google Chrome, Day 2
·
· Score: 1, Interesting
Google Chrome Browser URL Handler Crash
SUMMARY
An issue exists in how chrome behaves with undefined-handlers in
chrome.dll version 0.2.149.27. A crash can result without user
interaction. When a user is made to visit a malicious link, which has an
undefined handler followed by a 'special' character, the chrome crashes
with a Google Chrome message window "Whoa! Google Chrome has crashed.
Restart now?". It crashes on "int 3" at 0x01002FF3 as an exception/trap,
followed by "POP EBP" instruction when pointed out by the EIP register at
0x01002FF4.
DETAILS
Vulnerable Systems:
* Google Chrome Browser version 0.2.149.27
Slashdot Mirror
Hmmm, seems to me as if the terrorists are now no longer the draught horse du jour.
You see, back in the summer of 2001 every organisation that wanted to control the masses and that wanted to impose some new law to restrict everyones rights and freedoms and turn society into something they could control used (the fight for) child porn as an argument.
For example, the European Cyber Crime Convention was initiated back then and I was told that it worked like this:
Some entity (like a three letter agency or the police) wanted to put laws into place that would allow the state (or the police) more fascistic control over the people. So they made strong lobbying efforts to get it pushed through legislation and practically no politician could afford to oppose it as then the TLAs might have said something like:
"Hey, but we need this legislation in order to fight child porn. You are against the legislation so you must want to support child porn!"
What this meant was that if you ever wanted to take away some serious liberties from the people, all you had to do was find a way in which you could connect your evil, fascistic surveillance state agenda with an argument on how this would help fight child porn and you had carte blanche to it.
Now, then came 9/11, and after that the obligatory "we need to take away liberty X" statement was no longer justified with "in order to fight child porn" but instead was instantly replaced with "in order to fight terrorism".
This now seems to have been replaced yet again by the child porn argument. For example today in Austria a new ministress of justice [pun intended] was introduced and immediately remarked that it would be on her agenda to act against child porn. Terrorism on the other hand side seems to be a total non-issue.
So I guess that means that the people of at least the central european countries are more likely to accept further restrictions of their rights and liberties in support of the fight of child porn and no longer in support of the fight of terrorism. Interesting indeed.
They might not have been spying on you. Maybe they were much more interested in securing the corporate network by detecting threats like accidentally or intentionally downloaded malware and hack tools and/or drive by downloads via HTTPS. Because, if you want your corporate AV scanners at your perimeter to be able to detect such threats you have to break up the encrypted HTTPS traffic in order to protect against it.
Of course, they could also have been worried about "extrusion prevention" and feared that internal documents might get uploaded via HTTPS or that trojans might be able to phone home without the possibility of detecting them.
Well, that server service thing was patched out of cycle because it was "wormeable". Thus, you could easily turn it into a worm like sasser. Of course, such worms are already out there now but imagine if there would have been worms exploiting this before MS had a patch available. All defcon levels would have been raised, including the ISCs warning levels.
I personally do hope that MS will patch this sooner but I do not expect it. I have instead blocked the .wri extensions at the perimeter.
exploits are only developed by analyzing patches.
Wrong - you see? Exploits are being written by skilled crackers* and security experts alike. But:
It is much better for a cracker to only use few targeted attacks and stay under the radar of the infosec community.
The whitehat security researchers might tell Microsoft about the problem, which you can observe as "the vulnerability was privately reported" in those advisories. Those are the vulnerabilities that are found by "hackers" that do not make money out of it.
And therefore, the blackhats keep their 0-days and those get only patched when the whitehats discover the same vulnerability and report it.
Apart from that, the creator of the 0-day could possibly also just have a very good tool for finding flaws automatically or could be good in fuzzing techniques and might as well just have directed his skills at the program mentioned in the advisories. All I want to say is that it was not necessarily someone who looked at the disassembled code, looking for the patched vulnerability and just realizing (matrix like by "seeing the code") another vulnerability.
Personally I regard this as unlikely as I know of some very good programs to analyze the patch and find the vulnerability this very patch tries to close but would not show you any other flaws.
Maybe the cracker got his hands on a description of the patched vulnerabilities that Microsoft gives out to paying customers? And has then targeted the mentioned programs? But as finding some otherwise unspecified flaw in IE is difficult, targeting a small executable is much more simple and so the attacker might have looked for a flaw and found one that later turned out to be a different flaw that what MS thought of in the early patch announcement. I find this scenario to be especially likely as this would explain why the attacker has wasted a precious 0-day for mass exploitation: he simply thought he would exploit what the MS patch was about to patch. So there would not have been any benefit in keeping that knowledge but instead it would have been most profitable to exploit it before the patch comes!
I for one imagine a cracker somewhere, now biting into his ass that he disclosed a vulnerability which previously nobody knew of - in a way, not even himself. *g*
______
* call me pathetic for using the correct words. I know, nobody uses them any more
"in this perspective" of course. Grammer Nazis, go away, I know, I know. Mea culpa, mea maxime culpa.
Yes, but where AV-Comparatives clearly fails, IMHO, is on the point of speed:
They do not take into account, how fast an AV vendor is updating their signature after the release of a new malware specimen. In this category in my experience, some AV vendors are much better then others. E.g. Kaspersky and F-Secure are way better than Symantec in this respective. And for me (and the security of the infrastructure I protect) this is a very important criteria.
Okey, I will take the time to explain it to you.
1. Set up a honeypot. Catch any number of relatively new viruses with these.
2. Use an AV product with signature files from a date before you started to capture the new viruses.
3. Tadaaa...
4. Of course... profit!
Now, was that so hard to come up with by yourself?
Witness how many legitimate products get flagged as "hacker tools" (like Angry IP Scanner)
A port scanner is a hacker tool. Of course you can use it for legitimate purposes as you can with many other tools. I can even use a malicious virus as a tool for testing my AV engines. But it is still a virus. If you are in the position to legitimately use a port scanner you obviously should also be in the position to get this program on your machine from being excluded by the corporate antivirus.
Apart from that, if I would discover some of my users to use such a tool without entitlement and the AV engine would not detect it, I would demand for a signature to be added by the AV vendor.
Apart from that the last time I checked they mentioned that not every AV vendor is used for comparison because they have to fullfill certain minimal requirements. But as a matter of fact I just checked again and concerning Trend they say:
TrendMicro may be tested separatly in 2008 and will be included in future
Oh, and:
[...]while their commercial counterparts are ignored (ostensibly after paying them off to get off their little black list).
Do you notice how I am much less likely to submit potential evil software for inclusion in the next signature update if it is commercial sw, as my users (and supposedly many hackers) are more likely to use the freely available software to piss me off?
I wouldn't, but then again I do not have the private key that is needed to do so.
Do you have anything to back that claim up before I get my grandma to eat some hash cookies?
When you have got the source code of the entire OS there is nothing that you can't do, at least such a silly thing can be done, I dare you to convince me otherwise.
That having said, what do you pay me if I make your Linux computer automatically run code by inserting a USB flash drive? Apart from the fact that it might very well already run code automatically by inserting a USB flash drive, I assume I can even make it run executables contained on that very USB flash drive.
And yes, I do know, I am beeing pedantic but we are on /. here and are discussing what Linux might or might not be capable of, okey? :-)
Autorun does not work on WinXP, at least not since SP2 on USB sticks.
Therefore products have been developed that circumvent this: they simply simulate a CD-ROM drive. A well known product is the U3.
Why CD-ROMs are still able autostart untrusted executables is simple: customers got used to inserting their CD-ROMs into their drive and have their apps autostart/autoinstall. If M$ took this away both the users and the companies providing them easy-to-use software would lynch them.
Sad, but that's the way it is.
God, where are my modpoints when I need them most!
[...]Another procedure operates more energetically and more thoroughly. It regards reality as the sole enemy and as the source of all suffering, with which it is impossible to live, so that one must break off all relations with it if one is to be in any way happy. The hermit turns his back on the world and will have no truck with it. But one can do more than that; one can try to re-create the world, to build up in its stead another world in which its most unbearable features are eliminated and replaced by others that are in conformity with oneâs own wishes. But whoever, in desperate defiance, sets out upon this path to happiÂness will as a rule attain nothing. Reality is too strong for him. He becomes a madman, who for the most part finds no one to help him in carrying through his delusion. It is asserted, howÂever, that each one of us behaves in some respect like a paranoiac, corrects some aspect of the world which is unbearÂable to him by the construction of a wish and introduces this delusion into reality. A special importance attaches to the case in which this attempt to procure a certainty of happiness and a protection against suffering through a delusional remoulding of reality is made by a considerable number of people in common. The religions of mankind must be classed among the mass-delusions of this kind. No one, needless to say, who shares a delusion ever recognizes it as such.
Sigmund Freud, Discontent in Civilization, SE XXI, p. 81
And how about people to whom god is whispering in their ear to kill thousands of people in an unjustified preemptive war in order to fight the (axis of) evil, that happens to consist of people who believe in the wrong god?
Well...
"Religion is comparable to a childhood neurosis."
~ Sigmund Freud
The Future of an Illusion (1927), 53.
_____________
Sorry, I was not logged in when I first submitted this comment as AC
What the AV engine and detection rates are concerned I strongly suggest either Kaspersky or F-Secure. I don't know how those are like from an endpoint usability standpoint though.
Sorry, I just saw that Martin Beck is not the author of aircrack-ng as such but is an aircrack-ng team member).
Well, even the Internet Storm Center (ISC) wrote about it.
Usually one could assume that the ISC would not write about it if it was not true as one of their handlers is Joshua Wright, my favourite wireless enthusiast. Not only do I dare saying that he is one of the world greatest wifi researchers but he also has close ties to many other wifi experts. I would be surprised if he does not know Martin Beck (the author of aircrack-ng) in person.
BTW, Josh, if you happen to read this, I would love to here a comment from you on that issue.
So, I do not think that this story could have been checked out more thoroughly apart from asking the researches themselves about the correctness of the articles.
Mod parents up! *sigh* where are my modpoints when I truly need them?
Watch the zeitgeist movie. Skip to 01:48:50 and you'll know what I mean.
At 01:51:00 comes the part with the RFID chip. Damn scary. So I think might be more of an effort to get people used to carrying around remotely readable RFID chips carrying their ID.
http://www.zeitgeistmovie.com/
The Seven Habits of Highly Ineffective Terrorists
[...]
Conventional wisdom holds that terrorism is inherently political, and that people become terrorists for political reasons. This is the "strategic" model of terrorism, and it's basically an economic model. It posits that people resort to terrorism when they believe -- rightly or wrongly -- that terrorism is worth it; that is, when they believe the political gains of terrorism minus the political costs are greater than if they engaged in some other, more peaceful form of protest. It's assumed, for example, that people join Hamas to achieve a Palestinian state; that people join the PKK to attain a Kurdish national homeland; and that people join al-Qaida to, among other things, get the United States out of the Persian Gulf.
If you believe this model, the way to fight terrorism is to change that equation, and that's what most experts advocate. Governments tend to minimize the political gains of terrorism through a no-concessions policy; the international community tends to recommend reducing the political grievances of terrorists via appeasement, in hopes of getting them to renounce violence. Both advocate policies to provide effective nonviolent alternatives, like free elections.
Historically, none of these solutions has worked with any regularity. Max Abrahms, a predoctoral fellow at Stanford University's Center for International Security and Cooperation, has studied dozens of terrorist groups from all over the world. He argues that the model is wrong. In a paper published this year in International Security that -- sadly -- doesn't have the title "Seven Habits of Highly Ineffective Terrorists," he discusses, well, seven habits of highly ineffective terrorists. These seven tendencies are seen in terrorist organizations all over the world, and they directly contradict the theory that terrorists are political maximizers:
Terrorists, he writes, (1) attack civilians, a policy that has a lousy track record of convincing those civilians to give the terrorists what they want; (2) treat terrorism as a first resort, not a last resort, failing to embrace nonviolent alternatives like elections; (3) don't compromise with their target country, even when those compromises are in their best interest politically; (4) have protean political platforms, which regularly, and sometimes radically, change; (5) often engage in anonymous attacks, which precludes the target countries making political concessions to them; (6) regularly attack other terrorist groups with the same political platform; and (7) resist disbanding, even when they consistently fail to achieve their political objectives or when their stated political objectives have been achieved.
Abrahms has an alternative model to explain all this: People turn to terrorism for social solidarity. He theorizes that people join terrorist organizations worldwide in order to be part of a community, much like the reason inner-city youths join gangs in the United States.
The evidence supports this. Individual terrorists often have no prior involvement with a group's political agenda, and often join multiple terrorist groups with incompatible platforms. Individuals who join terrorist groups are frequently not oppressed in any way, and often can't describe the political goals of their organizations. People who join terrorist groups most often have friends or relatives who are members of the group, and the great majority of terrorist are socially isolated: unmarried young men or widowed women who weren't working prior to joining. These things are true for members of terrorist groups as diverse as the IRA and al-Qaida.
For example, several of the 9/11 hijackers planned to fight in Chechnya, but they didn't have the right paperwork so they attacked America instead. The mujahedeen had no idea whom they would attack after the Soviets withdrew from Afghanistan, so they sat around until they came up with a new enemy: America. Pakistani terrorists regularly defect to another terro
well, I guess I forgot to check the "Post Anonymously" checkbox after proofreading the third time. Gotta go now.
One question for any Chaos Theory fans: what are the long-term effects of creating large, man-made clouds over the ocean?
I am quite sure that you already know that by the very nature of the Chaos Theory you can not predict the outcome of a contibution to a truly chaotic process. But you seemed to be looking for someone to answer that question, did you?
Now, if climate was that chaotic - in opposition to weather, which arguably is quite chaotic - nobody would be able to predict that more greenhouse gasses would lead to a climate change as the climate would change all the time without any observable reason except that everybody would know that it changes all the time without reason because it is chaotic.
But I guess the climate could be similar to the Saturn rings which are subject to chaotic processes. Say, you are a piece of rock orbiting around Saturn. As the planet is not a perfect sphere but there are mountains and regions of matter with different density within the planet, you are subjected to different gravitational forces depending where you are in your orbit. Now, if you happen to be in an orbit where you will happen to encounter the exact same forces again and again at later dates because - say - after the planet has turned around 50 times and you have circled the planet 7 times and after that you find yourself in the exact same position as when you started, the gravitational forces (or the centrifugal forces for that matter) will accumulate over time and you will be thrown out of your not-so-stable orbit and smash into the planet or get thrown into space or into a stable orbit where you will never periodically be expired to the very same constellation of centrifugal/gravitational forces time and time again and be it after hundreds of rotations of the planet and yourself around that planet.
Now, assume that earths climate would be such a more or less stable rock. We know that it is not that stable as there have been ice ages and very warm times as well. But for what is concerned to be our lifetime and that of our grandchildren it might well be considered sufficiently stable although strictly speaking even that is not 100% sure.
But what we do know is that if mankind produces a force that constantly pushes that rock from or to the planet, that we will be shifted into a much less stable orbit and thus might get thrown into space (e.g. ice age) or will descent to the planets surface eventually (ever rising temperatures). Either way, there is nothing wrong with trying to generate a new force that will counter another manmade force that pushes the climate out of orbit into something very unstable.
p.s.
I am posting as AC as not everything might be 100% correct in terms of explaining the saturn rings thing and also my mother tongue is not English and so it causes me tremendous efforts to not make a single spelling or grammar mistake and I do not have enough time to do that now.
SUMMARY
An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a 'special' character, the chrome crashes with a Google Chrome message window "Whoa! Google Chrome has crashed. Restart now?". It crashes on "int 3" at 0x01002FF3 as an exception/trap, followed by "POP EBP" instruction when pointed out by the EIP register at 0x01002FF4.
DETAILS
Vulnerable Systems: * Google Chrome Browser version 0.2.149.27
ADDITIONAL INFORMATION The information has been provided by Rishi Narang. The original article can be found at: http://evilfingers.com/advisory/google_chrome_poc.php