Josh Wieder

Words fail me.

Observe, if you will, the following clear cut photographic evidence that something  is amiss in Washington. Henry Waxman . Powerful Congressman, member of the House of Representatives. Former Chair of the Energy and Commerce Subcommittee on Health and the Environment. Chairman of the House Energy and Commerce Committee . Rumored to snort cocaine without the aid of a straw or similar apparatus. Claims the ability to "smell fear". Edward Tattsyrup . Star of BBC television documentary " League of Gentlemen ". Owner of Royston Vasey's Local Shop. Brother and husband of Tulip "Tubbs" Tattsyrup. Committed to the interests of both his Local Shop and the Local People of Royston Vasey. The genetic link between these two individuals is clear. Have Royston Vasey politics leapt across the pond? Royston Vasey is a Local Shop for Local People - there is nothing for Americans, there . How have the Tattsyrup's bizaare opinions regarding transp

I don't get them.

For the last few days I've had great fun watching James Comey and his pack of Keystone Cyber Cops failing to convince the world that they should be CC'd on everyone's calls, tweets and texts and generally exposing himself as the incompetent, braying ass that he is. Keep in mind the camera adds 10 pounds Dan Froomkin and Natasha Vargas-Cooper over at The Intercept  exposing each of the examples that Comey used to indicate the necessity for breaking cell phone encryption as fabricated - the cases were real, but none of them relied on cell phones or computers to obtain a conviction. In one case of infanticide, the parents who were eventually found guilty had been previously convicted of child cruelty and had the deceased child previously taken from their custody for neglect. Not only did the state not need to read the parents' phones for evidence, if they had read their own files  and demonstrated some inter-agency cooperation they could very likely have prevent

A significant number Palo Alto Networks (PAN) firewalls are leaking critical information onto the open internet. Its vital to immediately qualify that statement. The leaks result from firewall administrators enabling Client Probing and Host Probing within the User-ID settings without explicitly limiting such probes to a trusted "zone" or subnet. Username, domain name and password hash are provided to those initiating a properly formatted SMB connection to impacted firewalls.  HD Moore , Chief Research Officer of Rapid7  and founder of MetaSploit , is responsible for the initial publication of the vulnerability. Enabling such a configuration on a production firewall appliance, with its resulting leaks, results in a somewhat unusual situation where responsibility for the resulting vulnerability ought to be shared between security administrators and PAN developers. SMB probing should be filtered to trusted subnets; this is obvious. That said, such a setting should not be

Congress appears to have abandoned FBI Director James Comey's bungled attacks on consumer adoption of encryption . Its a rare glimmer of sanity from Capitol Hill; press reports quoting congressional officials using language not ripped from the pages of an Orwell novel. Readers may remember that in a recent post we mentioned some danger signs indicating that the executive wanted to take some more aggressive action to ensure that the commoners and foreign-folk don't have access to encryption tools that would help keep their data free from snooping. Top brass from the FBI and the Attorney Generals Office were telling anyone who would listen that unless tech companies stopped trying to protect their customer's data, law enforcement would be powerless in the face of modern "cyber" criminals. Congress has refused to jump on this alarmist bandwagon. Darrell Issa, a member of that rarest of species - California Republicans - had this to say about federal law enforcem

You may have heard about last month's hack of computers belonging to NATO, Ukrainian and European Union representatives . The attack vector was a classic - a loaded email; classic enough that at first I wondered why the attacks were so successful, post-Stuxnet. Every target opened an email with an infected Microsoft Power Point document. The Power Point was executable. Under ordinary circumstances, users are provided with a security warning that they must over-ride when running and saving executable Power Points. I haven't been able to find confirmation in the news as to whether users read and confirmed these security warnings before running the loaded files; I haven't been able to get my hands on a copy of Sandworm to see for myself, either (please leave a message or email me if you have such a copy). In some sense, the incompetence entailed in triggering the infection is a bit more forgivable as apparently this infection has been running unabated since its first succe