Buried somewhere deep inside the code of some Web browsers and websites is an old, weak version of encryption that can easily be cracked. And the only reason it exists is because of bad U.S. policies that have since been abolished.
Back in the 1990s, the federal government restricted the export of powerful data encryption. Computer companies were forced to employ two versions of encryption: weak and strong. But the weak stuff stuck around long after it was no longer needed.
The bug was found late last year by academic security researchers at the French computer science institute INRIA. They’ve been quietly helping Apple and others fix this behind the scenes since November. They dubbed it the FREAK bug, short for “Factoring Related Attack on RSA Keys.”
Akamai (AKAM), a company that hosts websites with an extra layer of protection, made the bug public on Tuesday. The company said it’s racing to fix the problem for all of its customers.
Kevin talks about a pervasive industry problem - being compliant according to your auditor and their checklist, but still being highly vulnerable. One of the common faults in compliance is senior level managers who don’t really know enough end up classing systems as outside the targeted population that must be compliant when the servers really should be part of the population that gets audited.
Compliance has been a buzzword in the cyber security industry for quite some time now. Many organizations have dedicated teams with the sole purpose of ensuring that their systems are in compliance with industry-regarded best practices, standards, and guidelines. We race toward compliance not fully understanding to what extent it impacts our overall security posture. Along this race many fail to realize that compliance doesn’t necessarily lead to systems being more secure.
We’ve seen from Target and others that you can be in compliance with industry-regarded best practices, standards, and guidelines, and still be compromised. Compliance doesn’t always lead to tighter security controls; often it’s a checklist to ensure that at the least, minimum security practices are being followed and implemented. As long as you can provide and produce artifacts or documentation, and be able to speak intelligently with some understanding of risk management, you can zip through the compliance process with flying colors. As an industry, we have to move past checklists, and doing “just enough” to provide the necessary security protection commensurate to protect sensitive data.
In the federal government the first thing people want to know is…has the system been C&A’d (certification and accreditation process)? This is the formal process of evaluating, testing, and examining security controls for an information system against a federal standard or industry mandated best practice. Having led and participated on many C&A teams, I became extremely frustrated with this checklist or checkbox approach. Oftentimes the teams would be comprised of individuals with very limited technical knowledge and system experience conducting the compliance review. This leads to information systems passing the compliance tests, but failing majorly from a security protection perspective.
Justice Department Spokesman Marc Raimondi released the following statement Tuesday:
“Three documents - a criminal Information, a plea agreement, and a statement of facts - were filed today in the United States District Court for the Western District of North Carolina’s Charlotte Division in the case of United States v. David Howell Petraeus. The criminal Information charges the defendant with one count of unauthorized removal and retention of classified material, in violation of 18 U.S.C. § 1924. The plea agreement and corresponding statement of facts, both signed by the defendant, indicate that he will plead guilty to the one-count criminal Information.”
Morgan Whitaker exposes where wingnuts are getting their “information” on “the evil, un-American, Kenyan, Marxist Muslim” Obama. This story is about a year old, but its still relevant today.
Figures of President Barack Obama with the word “Hoax” are on display at the Conservative Political Action conference (CPAC) in Washington on February 10, 2011. Kevin Lamarque/Reuters
David Jackson, of Belmont, NC, does not like President Obama. He doesn’t like much of anything President Obama does. But he thinks the president has done a great many things that in fact never happened.
MSNBC Contributor Jonathan Capehart traveled to Belmont shortly after Sen. Ted Cruz’s pseudo-filibuster to gauge public opinion of the Affordable Care Act as the health insurance exchanges were about to open.
That’s where he met David Jackson, who shared his thoughts on Obamacare (he hates it) and Obama (likewise). Many of the claims Jackson made were almost astonishing in their inaccuracy, but in almost all cases, they can be traced back to some of the biggest names in the right-wing media sphere.
Here’s a breakdown of some of the sources of Jackson’s firmly-held beliefs.
This is a random post, but since I did a little bit of research, I decided to write up a short summary that may be useful for others.
Ever since the 1988 carbon dating of the Shroud of Turin showed that it was a medieval artefact, the attempts to cast doubt on the procedure have been unceasing (some of them are briefly reviewed by Joe Nickell in Relics of the Christ).
One of the problem sindonologists have is that the dating basically corresponds to the moment when this particular Shroud appears in history (according to contemporary documents, the artist who faked it actually confessed). Its existence before this period is simply not documented. Or so it would seem, because the Shroud enthusiasts now claim that a 12th century Hungarian manuscript, the Pray codex, actually depicts the Shroud. Such claims can be found everywhere on the sindonological websites and blogs, as well as in their books and other “serious” publications. Just a couple of examples to give you the taste of the argument:
The weave is important because it is evident in one of the illustrations in the Hungarian Pray manuscript which dates to 1180-1195 which is earlier than the 1988 carbon dating of 1260-1390. The manuscript shows the burial of Jesus naked with hands over his pubic area and no visible thumbs. It shows the identical pattern of burn holes found on the shroud. The herringbone weave of the shroud is depicted.
The Pray Codex or Hungarian Pray Manuscript is one of the most important historical documents showing that the Shroud of Turin existed prior to the 1200s within the Byzantine Empire.
Charles Mader, Evelyn Campbell, “The Weave of the Shroud of Turin” [PDF]
There is one unmistakeable documentary reference to the Shroud of Turin from before the twelfth century. Well known to all Shroud scholars, its true significance is often overlooked. I am referring of course to Codex Pray, whose name is often misunderstood (at least in the English speaking world) as a reference to prayer. In fact, the name comes from the Jesuit György Pray, who discovered the manuscript in 1770. It is kept in the National Széchenyi library in Budapest, Hungary. It is the earliest known manuscript with a text in the Hungarian language, and so is an important national treasure. There are some miniature drawings in this codex on folios XXVII v and XXVIII r that can only have been inspired by the image on the Turin Shroud. In the first, Joseph of Arimathea and Nicodemus are anointing the dead body of Jesus in preparation for burial. The drawing of the body of Jesus shows several points in common with the Shroud image, points which can only have been inspired by this image. The first is that the body is totally naked, the same as on the Shroud but very differently from the vast majority of Byzantine artistic representations of Christ. The position of the hands is also identical to the Shroud image and different from any other image - the hands are crossed over the genitals, and most interesting of all, the thumbs have been deliberately omitted.
However, the similarities do not stop there. The next miniature shows the women visiting the tomb, only to find the body gone and the burial cloths still there.
The Pray manuscript artist has clearly tried to copy even the weave of the Shroud, strongly suggesting he had seen it himself and knew what he was drawing. Most interesting of all are the four holes in the cloth in the form of a letter L. Whatever the origin of these holes, they are clearly burn marks, accidental or deliberate. They are visible four times on the Shroud, in a logical order of decreasing intensity, showing that the cloth was folded when the holes were made. The holes are burn marks, but they were not made as a result of the fire of 1532. This can be shown from a copy of the Shroud made in 1516, kept in Lierre, Belgium, which logically does not reproduce the marks from the 1532 fire, but does include the four sets of L shaped holes. They clearly predate 1516 then, but apart from Codex Pray, no further approximation can be made as to when they were actually produced.
Mark Guscin, “The History of the Shroud”, [PDF]
And so on.
The Pray codex is available online here.
Here is the page in question (folio 28):
Indeed, we see an ornamented rectangle with “poker holes” forming an L - as on the Shroud and with zig-zag patterns that the Shroud enthusiasts interpret as herringbone weave pattern.
The most obvious problem springs up immediately: if this rectangle is the Shroud, where is the famous image of Jesus which is, kinda, the whole point of the Shroud? Do sindonologists seriously claim that the artist would depict such secondary details as a weave pattern or some burn holes (which, it should be noted, were not there during the alleged Resurrection, and so there was no sense in drawing them in that context), yet omitted the whole image? I understand that they probably have a host of implausible ad hoc explanations at the ready, but this is prima facie against common sense.
But that’s the least of the problems with this interpretation of the Pray codex illustration. For the sindonologists have simply astoundingly misinterpreted what the picture shows.
The Italian skeptical Shroud researcher Gian Marco Rinaldi pointed out that the rectangular shape is in fact a sarcophagus lid, in accordance with the standard iconography of the era.
I decided to look up how other medieval manuscripts depict the resurrection or the post-resurrection scene and here are some of the results from the Morgan Library & Museum online collection:
From the same manuscript:
Book of Hours, Germany, possibly Bamberg, 1204-1219, MS M.739 fol. 24r
It is thus clear that as a rule:
- The tomb lid is depicted as a rectangle.
- It is often ornamentally decorated.
- It is mostly depicted at an angle to the sarcophagus.
- The angel or Jesus can sit on the lid or have their feet on it.
- The shroud itself is never depicted as some sort of a rigid rectangle, rather it always looks distinctly like cloth.
- Neither does anyone step or sit on the shroud.
The obvious conclusion is that there is no way the rectangle on that illustration in the Pray codex is the Shroud. It is, in fact, the tomb lid.
A shroud is depicted there though: Jesus lies on it on the top picture, the shroud lies all bunched up on the sarcophagus lid on the bottom picture.
Here’s a graphic explanation of the elements:
All the “coincidences*” are thus necessarily imaginary and the Pray codex can in no way be used to discredit the radiocarbon dating.
* On one of the “coincidences”: it is claimed that the fact that both the Turin Shroud and the Pray codex show Christ with only 4 fingers is a significant coincidence. In fact, whenever Christ is depicted with crossed hands the probability is great that his thumbs will be either absent or barely visible, as a simple search for “Man of Sorrows” shows, which brings up images both ancient and modern: 1 2 3 4 5 6 7 8 9 10 11 12 13. It seems that when Christ’s hands are in this position, it is simply more or less natural for an artist to “hide” the thumbs. If so, that’s hardly a significant “coincidence” - but in any case it would be irrelevant in the light of the considerations above.
What, precisely, is this woman’s major malfunction? For going on 30 years, she has been the target of every strange conspiracy theory that the half-bright mind of man can dream up. She knows they’re out there, pining to have a coldie with Vince Foster at the cocktail lounge of the Mena Airport. Just in the past six years, she’s watched the Benghazi, Benghazi! BENGHAZI! dreamscape blossom lushly with the wilder flora planted in the public mind by the seedpod that is the brain of Darrell Issa. So she knew that what began with a bust-out Ozarks land deal had not faded just because her husband had skated through his second term. And still, we have this.
Mrs. Clinton did not have a government email address during her four-year tenure at the State Department. Her aides took no actions to have her personal emails preserved on department servers at the time, as required by the Federal Records Act. It was only two months ago, in response to a new State Department effort to comply with federal record-keeping practices, that Mrs. Clinton’s advisers reviewed tens of thousands of pages of her personal emails and decided which ones to turn over to the State Department. All told, 55,000 pages of emails were given to the department. Mrs. Clinton stepped down from the secretary’s post in early 2013.
And let a thousand paranoids bloom.
She had to know what this would mean because she’s lived her whole life under The Clinton Rules, by which every glitch is a crime, and every blunder is a conspiracy. It’s not entirely fair, and we’ll get to that in a minute, but somebody on the nascent campaign should have been D’d up for this kind of thing. A campaign by Hillary Clinton is a different thing, and anyone who doesn’t know this by now is somebody who needs burping on the half-hour. This screw-up has all the earmarks of a campaign still laboring under the ghost of Mark Penn.
Jeb Bush has been adamant that he will not switch his positions on two issues, immigration and Common Core standards, that will generate conservative opposition in the Republican primaries. But he just made a major concession to conservatives on another issue of great importance to many of them—he came out against the U.S. Export-Import Bank. And this new position of Bush’s is not just hard to reconcile with his politics—it’s hard to reconcile with his own business career.
Over the past few years, many conservatives have seized on the Ex-Im Bank as a glaring example of crony capitalism, and they will oppose its reauthorization when it comes up in June. They say the bank, which aids exporters by guaranteeing loans for foreign buyers of U.S. products, mainly aids giants like Boeing, GE, and Caterpillar, and, under proper accounting standards, is running a 10-year deficit of $2 billion, on top of its operating costs. The bank’s supporters argue that it is helping a vast array of smaller businesses as well, and that it is essentially self-financing, at minimal cost to U.S. taxpayers. The relatively obscure institution—which was founded in 1934 and whose leadership is appointed by the president—has become a major point of contention on the right, with groups like the Club for Growth and the Koch brothers’ Americans for Prosperity coming out against it while the traditional business lobby, led by the U.S. Chamber of Commerce, supports it.
The path to 5G has been notable for the lack of acrimony over radio standards, but that doesn’t mean there’s no rivalry at all.
Alcatel-Lucent (NYSE: ALU) and Huawei Technologies Co. Ltd. are pitching rival radio access technologies for 5G, but it’s not the kind of knock-‘em-down, drag-‘em-out fight which made 3G and 4G standard-setting so entertaining for bystanders.
AlcaLu is offering a technology called UF-OFDM, or Universal Filter OFDM, which it says can support low-bandwidth, low-powered IoT at one end of the scale and high-bandwidth video at the other.
Huawei is also proposing an enhancement on the OFDM wave form which it calls Filtered OFDM. Separately it is working on something called Sparse Code Multiple Access (SCMA).
From the National Center for Science Education
House File 272, introduced in the Iowa House of Representatives on February 17, 2015, and referred to the House Committee on Education, would, if enacted, prevent Iowa from adopting the Next Generation Science Standards — and part of the stated reason is the NGSS’s treatment of evolution and climate change.
According to the Cedar Rapids Gazette (March 2, 2015), the bill’s lead sponsor Sandy Salmon (R-District 63) objects to the fact that the standards were not written in Iowa, but is also “concerned that the standards miss some key math and science concepts, present evolution as scientific fact[,] and shine a negative light on human impacts on climate change.”
Also sponsoring HF 272 are Dean Fisher (R-District 72), John H. Wills (R-District 1), Greg Heartsill (R-District 28), Steven Holt (R-District 18), Larry Sheets (R-District 80), Ralph C. Watts (R-District 19), and John Landon (R-District 37). But Salmon told the Gazette that the bill was stalled in a subcommittee and that she did not expect it to emerge.
A lead state partner in the development of the NGSS, Iowa is currently considering whether to adopt the standards. A review team is expected to consider input from four public forums and a public on-line survey in March 2015 and to make a recommendation to the state board of education, which will decide whether to adopt the NGSS.
More: Antiscience Bill in Iowa