Monthly Archives: January 2010

IE Considered Dangerous

Posted on January 16, 2010 by Michael Froomkin

Exploit in the Wild for New Internet Explorer Flaw — Krebs on Security

Less than 24 hours after Microsoft acknowledged the existence of an unpatched, critical flaw in all versions of its Internet Explorer Web browser, computer code that can be used to exploit the flaw has been posted online.

This was bound to happen, as dozens of researchers were poring over malicious code samples that exploited the flaw, which has generated more interest and buzz than perhaps any other vulnerability in recent memory. The reason? Anti-virus makers and security experts say this was the same flaw and exploit that was used in a series of sophisticated, targeted attacks against Google, Adobe and a slew of other major corporations, in what is being called a massive campaign by Chinese hacking groups to hoover up source code and other proprietary information from these companies.

… this is a browse-to-a-nasty-site-and-get-owned kind of vulnerability. As such, Internet users will be far more secure surfing the Web with an alternative browser (at least until Microsoft fixes this problem), such as Google Chrome, Mozilla Firefox, Opera, or Apple’s Safari for Windows.

No doubt there will be a patch soonish, but until then…and even after then for folks who don't patch religiously.

Incidentally, do we actually know all those other browsers are safe, or is it just that no exploits are in the wild yet?

Posted in Software | 6 Comments

Peak Quip

Posted on January 15, 2010 by Michael Froomkin

I don't care much about the talk show wars, but I love this line at the end of a fine essay by Wendy Grossman, net.wars: The once and future late-night king:

When the history of the digital revolution is written, historians may pinpoint the day Carson announced his retirement as the broadcasting equivalent of Peak Oil.

Posted in Kultcha | 1 Comment

Is Your Aftermarket Cellphone Charger Phoning Home?

Posted on January 15, 2010 by Michael Froomkin

Risks of USB chargers for cell phones from Paul Pomes writing in The Risks Digest Volume 25, Issue 90:

My wife recently purchased a no-name third-party USB charger for her Droid cell phone. When the included cable is connected to the USB port of her laptop, the phone charges normally albeit somewhat slowly. Connecting the cable to the included voltage-sensing wall transformer starts a menagerie of interesting effects: opening applications, creating garbled text messages, changing settings, etc. No doubt this is due to floating signal lines with induced voltages that is triggering this storm of activity.

It takes little imagination, however, to visualize more sinister applications. A very small amount of logic, specific for each cell phone model the charger is marketed for, could be embedded inside the plastic transformer block. After a few minutes delay the phone could be probed for sensitive information and the results sent to an electronic dead-drop. The risk is a classic trade-off of security vs convenience. Having a single charger for our Kindles, cell phones, PDAs simplifies the number of ancillary chargers we need to tote around. Mixing the mission of power supply and data conduit opens a covert channel.

Paul Pomes, DVM (formerly a network and computer security engineer until I got tired of meetings)

I suspect phone hacks of one sort or another could be the tech privacy story of the next two years. Phones are getting more powerful; they're minicomputers now and used for drafting email and short documents and even spreadsheets. Plus, there's just a lot less anti-virus tech available and in use than for PCs. Most importantly, people don't yet think of their phones as soft targets.

Posted in Sufficiently Advanced Technology | Comments Off on Is Your Aftermarket Cellphone Charger Phoning Home?

Zinsser on Writing Good English

Posted on January 15, 2010 by Michael Froomkin

Writing Good English: A talk by William Zinsser to foreign students at the Columbia University Graduate School of Journalism is a wonderful essay for native speakers too. Although it is aimed at journalism students, most of it is applies to legal writing too. I wish all my students would read it.

Legal writing is different from journalistic writing in ways that matter, and these may obscure the essential lessons of Zinsser's exhortation for “Clarity, Simplicity, Brevity, and Humanity.” Lawyers sometimes must deal in great complexity. We must use terms of art if we mean the things that those terms, however unhappy, refer to, else we will be thought to mean something else. Details matter, and detail in law is rarely brief. Nevertheless.

And especially this:

The epidemic I’m most worried about isn’t swine flu. It’s the death of logical thinking. The cause, I assume, is that most people now get their information from random images on a screen—pop-ups, windows, and sidebars—or from scraps of talk on a digital phone. But writing is linear and sequential; Sentence B must follow Sentence A, and Sentence C must follow Sentence B, and eventually you get to Sentence Z. The hard part of writing isn’t the writing; it’s the thinking. You can solve most of your writing problems if you stop after every sentence and ask: What does the reader need to know next?”

Oh yes. [update: But see the comments.]

Posted in Law School | 4 Comments

Run For the Hills! It’s the Supersnake!

Posted on January 14, 2010 by Michael Froomkin

snake01.jpgThe Miami Herald warns that New python sparks fears of a 'super snake'. It seems that African Rock Pythons have been captured in Miami-Dade — probably vacationing from the Everglades in an attempt to warm up. Worse, some spotted were not captured. Worse still, one of the big ones that got away was carrying eggs (how could they get close enough to tell but not catch it?). And even worse than that, the Herald found a biologist who speculates the African Rock Pythons (pictured) might hybridize with our plentiful escaped Burmese Python population to create the headlined “supersnake”.

A three-day, state-coordinated hunt that started Tuesday had, by Wednesday, netted at least five African rock pythons — including a 14-foot-long female — in a targeted area in Miami-Dade County.

Those findings add to concerns that the rock python is a new breeding population in the Everglades and not just the result of a few overgrown pets released into the wild, according to the South Florida Water Management District.

In addition, state environmental officials worry that the rock python could breed with the Burmese python, which already has an established foothold in the Everglades. That could lead to a new “super snake,'' said George Horne, the water district's deputy executive director.

In Africa, the rock python eats everything from goats to crocodiles. There have been cases of the snakes killing children.

“They are bigger and meaner than the Burmese python. It's not good news,'' said Deborah Drum, deputy director of the district's restoration sciences department.

The area the snakes were found is about 15 miles due west of the law school. So, even though no one has yet spotted such a hybrid, RUN FOR THE HILLS!

Oh, wait. We don't have any hills in South Florida. Never Mind.

Posted in Miami | 1 Comment

The Hate that Dare Not Speak By Name

Posted on January 13, 2010 by Michael Froomkin

I have nothing original or interesting to say about today's Supreme Court decision blocking televised transmission of the Proposition 8 bench trial. (This is the case in which a left-right coalition of trial lawyers is challenging the legality of the anti-same-sex-marriage state constitutional law provision narrowly adopted by referendum in California.)

Well, nothing except maybe this:

Isn't it amazing and in some way wonderful that where on the one hand it used to be the love that dare not speak its name, now it is the opponents of same-sex marriage who argue that they should not be forced to state their views in too public a manner because it might lead them to be shunned and ridiculed.

Of course, it stands to reason that anyone arguing that their marriage could by harmed by the existence of someone else's might have reason to fear some embarrassment or ridicule.

Irrelevant but somehow fitting fact: Divorce Rates Higher in States with Gay Marriage Bans.

Update: YouTube substitute for Prop 8 hearing: Gil Scott Heron, The Revolution Will Not Be Televised. (Alternate version with better sound, worse graphics.)

Posted in Law: Con Law: Marriage | 5 Comments