Category Archives: Government

SCADA Has Holes!

In addition to foreign manufacturers, very long (decade or more) upgrade times, deployments in odd locations that pretty much require network access by non-net-savvy technicians, etc., SCADA also has another bug:

Neutralbit identified the vulnerability in NETxAutomation NETxEIB OPC (OLE for Process Control) Server. OPC is a Microsoft Windows standard for easily writing GUI applications for SCADA. It’s used for interconnecting process control applications running on Microsoft platforms. OPC servers are often used in control systems to consolidate field and network device information.
Neutralbit reports that the flaw is caused by improper validation of server handles, which could be exploited by an attacker with physical or remote access to the OPC interface to crash an affected application or potentially compromise a vulnerable server. Neutralbit has also recently published five vulnerabilities having to do with OPC.
— Hole Found in Protocol Handling Vital National Infrastructure, physorg.com, 25 March 2007

Neutralbit also claims this is the first remotely accessible SCADA vulnerability, which the smallest amount of googling shows is not true (I leave that as an exercise for the reader). However, they probably have found a real vulnerability. Continue reading →

Malamud Concludes

Carl Malamud has not only started archiving and indexing Congressional committee hearings, he’s spent two years studying the problem of using the Internet to make Congress accessible, and has concluded:

By the end of the 110th Congress, the U.S. House of Representatives could achieve the goal of providing broadcast-quality video of all hearings and the floor for download on the Internet.
— Report to Congress, Carl Malamud to Nancy Pelosi, Speaker of the House, 13 March 2007

Sounds doable to me. See his report for copious details.

-jsq

Cringely Does DNS

I often admire Cringely’s posts, but not so much this one, in which he channels a proposal for replacing DNS:

Domain dispute resolution would be rapid: one week for evidence presentation, 24 hours to decide, and 24 hours for appeals. At which point the Inet DNS system would block the loser. Domain transfers would be fast and low cost. All domain activity would operate through Inet, not be farmed out to resellers, since the system is too important, and has proved to be difficult to police on the Internet. Inet domain holders would be expected to maintain control over the content of their users on sites with Inet domain registrations. Repeated failures to rapidly do so would result in the temporary or permanent loss of their Inet domain.
Just Say No: David Harrison wants to replace your Internet. I, Cringely, February 22, 2007

So, let’s see: wait until the owner of a domain is on a road trip, claim he’s a squatter, run through this kangaroo court’s process, and by the time he’s back, he’s got no domain, because he didn’t respond in 24 hours. Continue reading →

RIAA v. Fair Use Act

According to the Recording Industry Association of America (RIAA):

"The DMCA has enabled consumers to enjoy creative works through popular new technologies," the RIAA said in a statement. "The DVD, iPod and the iTunes Music Store can all be traced to the DMCA. Online games, on-demand movies, e-books, online libraries, and many other services are coming to market because of a secure environment rooted in the DMCA’s protections."

— RIAA slams FAIR USE Act by Eric Bangeman, Ars Technica, 2/28/2007 4:14:26 PM, by Eric Bangeman

Eric Bangeman points out that the DVD actually precedes the DMCA, but "secure" is more or less accurate. Secure in the sense that a traditional newspaper is secure: those pesky readers can’t alter it; they have to read it as they get it. Kind of like the old AT&T telephone network before the Carterfone decision let other companies attach equipment to it. That decision led to mobile phones, the Internet, and other benefits.

Continue reading →

Malamud Opens Congress

Carl Malamud is working on opening video of U.S. Congressional committee meetings to the public. You may wonder, doesn’t C-Span do that already? Well, C-Span broadcasts via cable Congressional meetings, but with a C-Span copyright on them. And C-Span has taken to trying to enforce that copyright. This became news when House Speaker Nancy Pelosi started a blog, The Gavel, and posted some video with the C-Span copyright:

…last week, as it happens, C-Span did contact the speaker’s office to have it take down a different clip from her blog–one shot by C-Span’s cameras at a House Science and Technology Committee hearing on global warming where Pelosi testified, Daly said. (The blog has substituted material filmed by the committee’s cameras, he said.)

Which videos are protected? Lawmakers get a lesson After Nancy Pelosi was accused of "pirating" clips from C-Span, members of Congress were introduced to the complexities of copyright law. By Noam Cohen, The New York Times, Published: February 26, 2007, 6:41 AM PST

This isn’t the first time C-Span has asserted such copyright.