Looks like my latest article is up on Midwest Tech Journal. Check it out if you’d like to read an analysis of a zero-day PHP cross-site-scripting attack that happened on a client’s site.

Midwest Technology Journal – PHP Web Application Security: A Zero-Day Exploit Case Study

On December 29, 2004 James Bercegay of the GulfTech Security Research Team (http://www.gulftech.org/) published a security vulnerability advisory about a web-based calendar application called php-Calendar. This is the advisory notice he posted on his website, and that was also published on the 29th of December by the network security research site Zone-H.org (http://www.zone-h.org).

VoteToImpeach/ImpeachBush.org: Noted for the Consideration of the Impeachment of George W. Bush, Vice President Richard B. Cheney, Secretary of Defense Donald H. Rumsfeld, and Attorney General John David Ashcroft

FOR THE CONSIDERATION OF THE IMPEACHMENT OF PRESIDENT GEORGE W. BUSH, VICE PRESIDENT RICHARD B. CHENEY, SECRETARY OF DEFENSE DONALD H. RUMSFELD, AND ATTORNEY GENERAL JOHN DAVID ASHCROFT

1. Provisions on Impeachment in the U.S. Constitution
2. British Experience With Imperial Power and Abuse
3. The Intention of the Founders to Grant the Power of Impeachment
4. Impeachment of U.S. Presidents
5. President George W. Bush and Other Named Officials Have Committed Impeachable Offenses of Unprecedented Danger to the Constitution and People of the United States
6. We Must Act Now to Prevent Catastrophe and Ensure Accountability

PROVISIONS ON IMPEACHMENT IN THE U.S. CONSTITUTION

Impeachment is the direct constitutional means for removing a President, Vice President or other civil officers of the United States who have acted or threatened acts that are serious offenses against the Constitution, its system of government, or the rule of law, or that are conventional crimes of such a serious nature that they would injure the Presidency if there was no removal.

The power of impeachment is a vital part of the Constitution. It was among the proposals first presented to the Constitutional Convention in 1787. Its terms were debated repeatedly and remained prominently in the text from the first drafts of the Constitution to the final document. Impeachment is more fully and carefully detailed in substance and procedure than any other power delegated to the Congress by the Constitution. Provisions relating to impeachment appear six times in text of the Constitution and once in an Amendment. They are:

1. Article I, which creates the legislative branch of government, in Section 2, para. 4 provides:
that the House of Representatives… “shall have the sole power of impeachment.”

2. Article I, Section 3, para. 6 provides:
“The Senate shall have the sole Power to try all Impeachments. When sitting for that Purpose, they shall be on Oath or Affirmation. When the President of the United States is tried, the Chief Justice shall preside: And no Person shall be convicted without the Concurrence of two thirds of the Members present.”
3. Article I, Section 3, paragraph 7 provides:
Judgment in Cases of Impeachment shall not extend further than to removal from Office, and disqualification to hold and enjoy any Office of honor, Trust or Profit under the United States: but the Party convicted shall nevertheless be liable and subject to Indictment, Trial, Judgment and Punishment, according to Law.”

4. Article II, which creates the Executive branch, in Section 2 provides the President:
…shall have Power to Grant Reprieves and Pardons for Offenses against the United States, except in Cases of Impeachment.

5. Article II, Section 4 provides:
The President, Vice President and all civil Officers of the United States, shall be removed from Office on Impeachment for, and Conviction of , Treason, Bribery, or other high Crimes and Misdemeanors.

Allegations:

PRESIDENT GEORGE W. BUSH AND OTHER NAMED OFFICIALS OF THE UNITED STATES HAVE COMMITTED IMPEACHABLE OFFENSES OF UNPRECEDENTED DANGER TO THE CONSTITUTION AND PEOPLE OF THE UNITED STATES.

Draft Articles of Impeachment of President George W. Bush and other named officials of the United States charge the most serious crimes known to law and history. Nothing in the experience of the impeachment power under the Constitution compares. The conduct charged threatens the Constitution, the United Nations, the rule of law and the lives of unknown thousands, or millions of people by their act and example.

The alleged impeachable acts of President George W. Bush include:

1. Ordering and directing “first strike” war of aggression against Afghanistan causing thousands of deaths;

2. Removing the government of Afghanistan by force and installing a government of his choice;

3. Authorizing daily intrusions into Iraqi airspace and aerial attacks including attacks on alleged defense installations in Iraq which have killed hundreds of people in time of peace;

4. Authorizing, ordering and condoning attacks in Afghanistan and Iraq on civilians, civilian facilities and locations where civilian casualties are unavoidable;

5. Threatening the use of nuclear weapons and ordering preparation for their use;

6. Threatening the independence and sovereignty of Iraq by belligerently proclaiming his personal intention to change its government by force;

7. Authorizing, ordering and condoning assassinations, summary executions, murder, kidnappings, secret and other illegal detentions of individuals, torture and physical and psychological coercion of prisoners;

8. Authorizing, ordering and condoning violations of rights of individuals under the First, Fourth, Fifth, Sixth and Eight Amendments to the Constitution and of the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, and other international protections of human rights;

9. Authorizing, directing and condoning bribery and coercion of individuals and governments to obtain his war ends;

10. Making, ordering and condoning false statements and propaganda and concealing information vital to public discussion and informed judgment to create a climate of fear and hatred and destroy opposition to his war goals.

President Bush is accused of Crimes Against Peace, War Crimes and Crimes Against Humanity. No crimes are greater threats to the Constitution of the United States, the United Nation Charter, the rule of law or the future of humanity.

MAXIMUM EFFORT TO SECURE FULL CONSIDERATION OF IMPEACHMENT IS THE DUTY OF EVERYONE.

Impeachment is the means by which We The People of the United States and our elected representatives in Congress can prevent further crimes by the President and the human catastrophe they threaten and force accountability for crimes committed.

Congressional proceedings for impeachment can bring about open, fearless consideration of the most dangerous acts and threats ever committed by an American President. If courageously pursued, they can save our Constitution, the United Nations, the rule of law, the lives of countless people and leave open the possibility of peace on earth. Each of us must take a stand on impeachment now, or bear the burden of having failed to speak in this hour of maximum peril.

- – Ramsey Clark
January 15, 2003

Note – this was prepared in January 2003. Obviously much more has happened since, and much worse. Break out the <h1> and pass it on:

IMPEACH BUSH

IMPEACH BUSH

It is time to impeach Bush, Cheney, and his cabinet for lying. Or incompetence. Or lying. Whichever it is. As a state trooper once asked me, after I hit a car in front of me, “Were you driving too fast, or were you following too close?” There is no escaping true, karmic responsibility.

IMPEACH BUSH

Pass it on.

It always gives me a certain amount of satisfaction when an idea comes and Google yields 0 results. It’s happened to me a couple of times. One was when I started Securanix – a network security services company back in 2001.

And, this evening, the same thing for the latest project. This one isn’t under the super-duper-stealth wrapping, so it’s kind of cool to post this screenshot here:

Interview with Chuck D & Hank Shocklee of Public Enemy

How Copyright Law Changed Hip Hop

An interview with Public Enemy’s Chuck D and Hank Shocklee

[ by Kembrew McLeod ]

When Public Enemy released It Takes a Nation of Millions to Hold Us Back, in 1988, it was as if the album had landed from another planet. Nothing sounded like it at the time. It Takes a Nation came frontloaded with sirens, squeals, and squawks that augmented the chaotic, collaged backing tracks over which P.E. frontman Chuck D laid his politically and poetically radical rhymes. He rapped about white supremacy, capitalism, the music industry, black nationalism, and–in the case of “Caught, Can I Get a Witness?”– digital sampling: “CAUGHT, NOW IN COURT ‘ CAUSE I STOLE A BEAT / THIS IS A SAMPLING SPORT / MAIL FROM THE COURTS AND JAIL / CLAIMS I STOLE THE BEATS THAT I RAIL … I FOUND THIS MINERAL THAT I CALL A BEAT / I PAID ZERO.”

In the mid- to late 1980s, hip-hop artists had a very small window of oppor-tunity to run wild with the newly emerging sampling technologies before the record labels and lawyers started paying attention. No one took advantage of these technologies more effectively than Public Enemy, who put hundreds of sampled aural fragments into It Takes a Nation and stirred them up to create a new, radical sound that changed the way we hear music. But by 1991, no one paid zero for the records they sampled without getting sued. They had to pay a lot.

After reading this article it occurred to me that blogs today are somewhat similar to old-school hip hop sampling — we take snippets that are interesting, use them as a background for our own musings layered on top.

Well, since I’m pretty much too hesitant chicken to go ahead and spray paint a message like this on overpasses, walls, buildings, the road, people’s cars sportin’ the big W, I figured I could at least vandalize my own site with a heartfelt message.

So, I made this graphic. I hearby release it under Creative Commons license. Please use it, post it, share it, whatever if you like it or you think it conveys your feelings too. I may be adding other different messages along the same lines to the header graphic, but for now, please, this message needs to be spread.

Also, if the Democrats blow this election, shame on them. And, like Dave says, if you vote for Bush and he wins we’ll blame you for the next 4 years.

If you use this, download it, post it, whatever, please leave a comment below with URL if you want. Thanks.

–
Gabriel

This work is licensed under a Creative Commons License.

BoingBoing: Bruce Sterling SIGGRAPH 2004 speech “When Blobjects Rule the Earth”

It’s possible to live in a cleaner way. We live in debris and detritus because of our ignorance. That ignorance is no longer technically necessary. Those who know, know. Instead, our problem is becoming obscurantism, which is a deliberate hiding of the facts by vested interests who know they are injuring us. Such acts of evil must be combated. Sunlight is the best disinfectant.

Wanting to know, wanting to do it, that’s half the struggle right there. Our capacities are tremendous. Eventually, it is within our technical ability to create factories that clean the air as they work, cars that give off drinkable water, industry that creates parks instead of dumps, or even monitoring systems that allow nature to thrive in our cities, neighborhoods, lawns and homes. An industry that is not just “sustainable,” but enhances the world. The natural world should be better for our efforts and our ingenuity. It’s not too much to ask.

You and I will never live to see a future world with those advanced characteristics. The people who will be living in it will pretty much take it for granted, anyway. But that is a worthy vision for today’s technologists: because that is wise governance for a digitally conquered world. That is is not tyranny. That is legitimacy.

Without vision, the people perish. So we need our shimmering, prizes, goals to motivate ourselves, but the life is never in the prize. The living part, the fun part, is all in the wrangling. Those dark cliffs looming ahead — that is the height of your achievement.

Go read the entire speech. It’s quite nice. (via Boing Boing)

This article describes a conceptual implementation of a free, secure, multiply redundant method of backing up an unlimited number of files using the increased disk space allowances offered by webmail providers such as Yahoo, Hotmail and Gmail.

Introduction
In the past, email providers gave you enough room to store a good amount of plain email correspondance. Yahoo and Hotmail, the two leaders in free webmail, offered between 2 and 10 MB of disk space storage for free. Up until very recently, even if you were paying for a premium account your disk space was still limited to 25 MB using Yahoo. Today, competition is heating up for the free webmail providers, with Gmail offering 1 GB of online disk space, Yahoo now offering 250 MB per account, and Hotmail soon to follow. So what else can we do with all that offered disk space (other than send emails to one another)?

Free, secure, distributed backups
Signing up for a new account with Hotmail or Yahoo is relatively easy. It takes a couple of minutes to get set up. This article proposes a system whereby free, secure, distributed backups of your files can be easily created for a potentially unlimited amount of disk space.

Method
The method proposed is as follows:

Back up your data

1. Client application on workstation assesses files to be saved – operates like a normal backup program and can be your entire hard drive if you want.
2. Backup program consults available online free webmail space, initiates account creation process if not enough space is available.
3. Backup program then creates compressed, encrypted chunks in par format, saved to the maximum attachment size allowed by free email provider.
4. Backup chunks are then sent to email accounts for storage

Restore your data

1. Backup restore program determines which files you want to restore, looks up which files it needs to download from webmail to restore correct files
2. Program downloads chunks from webmail, then reconstructs data and decrypts and decompresses data, saving it wherever you want it to.
3. Your data is restored

Why this could / should be a web-based application
Part of the basic reason why you want to back up your data to a secure off-site location is in event of catostrophic failure. Your computer dies. Your hard-drive dies. Your house burns down. In these cases it may not be feasible that you even have the backup restore application available, or your encryption keys available to decrypt your data. In this case, using a 3rd party web-based application to do the back up and recovery makes sense. In a distributed, community-based model, multiple servers could be run, just as key servers are run, that would ensure secure and timely access to your data backup and recovery process.

Backup server architecture
The main function the backup server provides is maintaining an index of your available backups and the abilty to encrypt and decrypt your data. This might suggest a small, downloadable executable, probably written in Java for portability. You enter your username and password into the small backup/restore applet and it communicates with the server to establish a key pair for the encryption. You would have the option of saving your private key locally, to a USB key device for example. The server might also store both public and private key pairs encrypted with your password for the purpose of remote web-based file access.

Bandwidth
This system relies on having access to a high-speed Internet connection in order to function efficiently. The desirable use of bandwidth would be between the workstation and the webmail providers. So the Java applet would connect to the webmail provider and download each required attachment for the backup restore, or would send an email using the webmail interface to each account to store the backup.

This vs. other backup systems
The main difference between this proposed approach and other currently available backup systems is the use of the free webmail and storage providers to provide distributed and, most importantly, free online backup storage space.

Please add your thoughts or comments below regarding this concept. Has it been done already? Is it worth it? What would you change or do differently, and why?

Thanks,
Gabriel