Thursday, December 29, 2011

28c3: Data Mining the Israeli Census (English)

Data Mining the Israeli Census

Insights into a publicly available registry

The entire Israeli civil registry database has been leaked to the internet several times over the past decade. In this talk, we examine interesting data that can be mined and extracted from such database. Additionally, we will review the implications of such data being publicly available in light of the upcoming biometric database.

Ниже есть продолжение.

The Israeli census database has been freely available on the Internet since 2001. The database has been illegally leaked due to incompetent data security policies in the Ministry of Interior of Israel, which is responsible for the management of the Israeli census.

The data available includes all personal data of every Israeli citizen: name, ID number, date and location of birth, address, phone number and marital status, as well as linkage to parents and spouses.

In this talk we discuss various statistics, trends and anomalies that such data provides us with insight to. Personal details will obviously be left out of the talk, though it is important to note that any person who wishes to retrieve such details can easily do so.

We will end the talk with a discussion about upcoming and relevant privacy issues in light of Israel's soon-to-be biometric database.
Attached files

Slides v1 (application/pdf - 3.1 MB)

28c3: Reinventing code injection (English)

String Oriented Programming

Circumventing ASLR, DEP, and Other Guards

The protection landscape is changing and exploits are getting more and more sophisticated. Exploit generation toolkits can be used to construct exploits for specific applications using well-defined algorithms. We present such an algorithm for leveraging format strings and introduce string oriented programming.

Ниже есть продолжение.

String oriented programming takes format string exploits to the next level and turns an intrusion vector that needs hand-crafted exploits into arbitrary code execution. Similar to return oriented programming or jump oriented programming string oriented programming does not rely on existing code but concatenates gadgets in the application using static program analysis.

This talk presents an algorithm and a technique that takes a vulnerable application that contains a format string exploit as a parameter and constructs a format string exploit that can be used to inject a dynamic jump oriented programming dispatcher into the running application. String oriented programming circumvents ASLR, DEP, and ProPolice.
Attached files

28c3-SOP-payerm.pdf (application/pdf - 210.4 KB)

Евгений Сатановский: арабская весна похоронила возможность прихода либеральной демократии

По наводке блога Давыдова.

Стэнли Фишер пообещал трудные времена

Наступающий 2012 год обещает быть непростым: он будет отмечен падением на бирже и ростом безработицы, а также общемировым экономическим спадом. Об этом...заявил управляющий Банком Израиля, профессор Стэнли Фишер.

Вместе с тем, Фишер отметил, что у Израиля есть все необходимое, чтобы пройти тяжелый период оптимально.

На вопрос о том, во что лучше вкладывать средства, Фишер сказал, что это зависит от возраста. "Если вы желаете сделать надежное вложение, нужно приобрести облигации госзайма, привязанные к инфляции. В 50-55 лет стоит, чтобы вложение было безопасным, и вы точно знали, каково будет ваше благосостояние. Я не могу никого обязать, но некоторые государства обязывают вкладчиков старшее 55 лет делать надежные вложения", - сказал управляющий Банком Израиля.

Update On The "Non-Printing" ECB's Parabolically Rising Balance Sheet (English)

28c3: The copyright war was just the beginning (English)

По наводке блога Давыдова.
Форматирование не сохранено.

The coming war on general computation

The copyright war was just the beginning

The last 20 years of Internet policy have been dominated by the copyright war, but the war turns out only to have been a skirmish. The coming century will be dominated by war against the general purpose computer, and the stakes are the freedom, fortune and privacy of the entire human race.

There is more below, including links to another videos.
Ниже есть продолжение.

The problem is twofold: first, there is no known general-purpose computer that can execute all the programs we can think of except the naughty ones; second, general-purpose computers have replaced every other device in our world. There are no airplanes, only computers that fly. There are no cars, only computers we sit in. There are no hearing aids, only computers we put in our ears. There are no 3D printers, only computers that drive peripherals. There are no radios, only computers with fast ADCs and DACs and phased-array antennas. Consequently anything you do to "secure" anything with a computer in it ends up undermining the capabilities and security of every other corner of modern human society.

And general purpose computers can cause harm -- whether it's printing out AR15 components, causing mid-air collisions, or snarling traffic. So the number of parties with legitimate grievances against computers are going to continue to multiply, as will the cries to regulate PCs.

The primary regulatory impulse is to use combinations of code-signing and other "trust" mechanisms to create computers that run programs that users can't inspect or terminate, that run without users' consent or knowledge, and that run even when users don't want them to.

The upshot: a world of ubiquitous malware, where everything we do to make things better only makes it worse, where the tools of liberation become tools of oppression.

Our duty and challenge is to devise systems for mitigating the harm of general purpose computing without recourse to spyware, first to keep ourselves safe, and second to keep computers safe from the regulatory impulse.

See also:
Wikimania 2011 - Wiki Academy 2011 - Copyright. Cultural Fair Use, Political Narrative
Wikimania 2011 - Wiki Academy 2011 - Copyright. Fighting the Intellectual Property Regime
Wikimania 2011 - Wiki Academy 2011 - Copyright. Wikimedia and the Public Domain

Падение пятого касама в районе Эшколь. Нет пострадавших.

רקטת קסאם נפלה הבוקר (חמישי) בשטח פתוח במועצה האיזורית אשכול. לא דווח על נפגעים או על נזק. זוהי הרקטה החמישית הנופלת בשטח ישראל מאז חיסל צה"ל את פעיל הג'יהאד האיסלמי, עבדאללה תלבאני.

Краткий перевод: Сегодня утром упал на открытой местности в региональном совете Эшколь ракета касам. Нет пострадавших. Не причинено ущерба. Это уже пятый касам после ликвидации деятеля Исламского Джихада Абдаллы Талбани.

Cм. также:
Сирена в районном совете Бээр Тувия
Палестинские террористы выпустили 2 ракеты "касам" по Западному Негеву

Сирена в районном совете Бээр Тувия

См. также
Палестинские террористы выпустили 2 ракеты "касам" по Западному Негеву