Free Republic

Barack Obama announced Monday what the New York Times called a "new strategy," his Nuclear Posture Review: he is narrowing the conditions under which the U.S. would use nuclear weapons. For the first time since the U.S. became a nuclear power, the President of the United States has explicitly vowed that we will not use nukes even against countries that use chemical or biological weapons against us, or take us down with a massive cyberattack -- as long as those states are obeying the provisions of the Nuclear Nonproliferation Treaty. He also overruled his own Secretary of Defense and said...

So, is California's brittle Democratic Sen. Barbara Boxer about to become the next Harry Reid? Which is to say, embattled at home. As Reid worked the wallets of San Francisco on Presidents' Day to raise money for his endangered seat in Nevada, some stunning new Rasmussen Reports poll out today makes a compelling point: For the second straight month the three-term senator is unable to break the 50% mark against any potential Republican opponents, the historical measuring mark of vulnerability for an incumbent nine months before an election.

Islamist terror’s Christmas present to America — a deadly fireball over Detroit International Airport — failed to materialize late Friday morning, but not for lack of ingenuity or dedication on the terrorist’s part. The incendiary device carried aboard Northwest Airlines Flight 253 by a Nigerian national identified by authorities as Abdul Farouk Abdulmutallab didn’t work as designed — thus sparing 278 passengers and 11 crew members gruesome deaths. But he did manage to carry inflammable chemicals aboard the aircraft — and come perilously close to igniting them. Just how Abdulmutallab came to be on the aircraft is a compelling mystery....

Senior U.S. military officers working for the Joint Chiefs of Staff discussed the danger of Russia and China intercepting and doctoring video from drone aircraft in 2004, but the Pentagon didn't begin securing the signals until this year, according to people familiar with the matter. The disclosure came after The Wall Street Journal reported insurgents in Iraq had intercepted video feeds from drones, downloading unencrypted communications from the unmanned planes. Shiite fighters in Iraq used software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, said a person...

From the 'Mission Accomplished?' files: For more than a year now I've heard lots of people in the Internet industry proclaiming DNSSEC (DNS Security Extensions) as the long-term solution to DNS cache poisoning vulnerabilities. That may not necessarily be the case. A new vulnerability is now out that attacks DNS servers  WITH DNSSSEC installed. In the summer of 2008, security researcher Dan Kaminsky made the whole world aware of potential security issues with DNS, which could have undermined the integrity of the Internet itself. DNSSEC is supposed to be answer, with most of the world's major Internet registries moving to...

Note: The original version of this page contained a simple workaround for this issue which I believed would protect users against this problem. I have since discovered (on 13 January 2009) that changing the default RSS feed reader application in Safari does not correctly disassociate Safari from all RSS feed URLs. The workaround section of this post has been updated with additional information. I regret that what initially appeared to be a simple workaround is now substantially more complicated and requires the installation of third-party software to perform. I have discovered that Apple's Safari browser is vulnerable to an attack...

Euthanasia Video, Turning the Tide, Incredibly Well Received September 10, 2007 (LifeSiteNews.com) - Turning the Tide, the powerful DVD on euthanasia and assisted suicide, has been incredibly well received. The Euthanasia Prevention Coalition has sold more than 700 copies of Turning the Tide since its release in April and Turning the Tide has received positive reviews from people across Canada and the US. Turning the Tide is produced by the Euthanasia Prevention Coalition and Salt and Light media foundation. Turning the Tide was designed to change the way secular society perceives the issues of euthanasia and assisted suicide. Secular society views the...

No less than three critical vulnerabilities have been identified by Adobe affecting upon users of Flash Player 9.0.45.0 and earlier, 8.0.34.0 and earlier, and 7.0.69.0 and earlier. The cross-platform problem refers to an input validation error that could, potentially, lead to arbitrary code execution via content delivered from a remote location using web browser, email client, or pretty much any application that includes or references the Flash Player. Furthermore, a separate issue regarding an insufficient validation of the HTTP Referrer has also been identified in Flash Player 8.0.34.0 and earlier which could result in a cross-site request forgery attack. Although...

Google's security team has discovered vulnerabilities in the Sun Java Runtime Environment that threaten the security of all platforms, browsers and even mobile devices. "This is as bad as it gets," said Chris Gatford, a security expert from penetration testing firm Pure Hacking. "It's a pretty significant weakness, which will have a considerable impact if the exploit codes come to fruition quickly. It could affect a lot of organizations and users," Gatford told ZDNet Australia. Australia's Computer Emergency Response Team analyst, Robert Lowe, warned that anyone using the Java Runtime Environment or Java Development Kit is at risk. "Delivery of...

Attackers are targeting a flaw in the DNS service for Windows server OSes that could hijack the computers that run them, Microsoft warns. The software behemoth advises admins to employ workarounds pending completion of its investigation. The vulnerability affects Windows 2000 Server, Service Pack 4 and SP 1 and SP2 versions of Windows Server 2003, according to this Microsoft advisory. DNS functionality exposed over port 53 is not at risk. Nor are Windows 2000 Professional, Windows XP and Windows Vista. An attack can be carried out by executing a stack-based buffer overrun in the DNS Server's remote procedure call (RPC)...

Yahoo has patched a buffer overflow vulnerability in its instant-messaging tool that would have enabled attackers to potentially execute code on a compromised machine.

Core Security is reporting a remote buffer exploit for the OpenBSD operating system. This is also being reported on /. Title: OpenBSD's IPv6 mbufs remote kernel buffer overflow Class: Buffer Overflow Remotely Exploitable: Yes Locally Exploitable: No   Advisory URL:http://www.coresecurity.com/?action=item&id=1703Vendors contacted:OpenBSD.org   Vulnerability Description The OpenBSD kernel contains a memory corruption vulnerability in the code that handles IPv6 packets. Exploitation of this vulnerability can result in: 1) Remote execution of arbitrary code at the kernel level on the vulnerable systems (complete system compromise), or; 2) Remote denial of service attacks against vulnerable systems (system crash due to a kernel panic)...

FEBRUARY 12--As he campaigns for the Republican presidential nomination, Rudolph Giuliani will have to contend with political and personal baggage unknown to prospective supporters whose knowledge of the former New York mayor is limited to his post-September 11 exploits. So, in a bid to educate the electorate, we're offering excerpts from a remarkable "vulnerability study" that was commissioned by Giuliani's campaign prior to his successful 1993 City Hall run. The confidential 450-page report, authored by Giuliani's research director and another aide, was the campaign's attempt to identify possible lines of attack against Giuliani and prepare the candidate and his staff...

FEBRUARY 12--As he campaigns for the Republican presidential nomination, Rudolph Giuliani will have to contend with political and personal baggage unknown to prospective supporters whose knowledge of the former New York mayor is limited to his post-September 11 exploits. So, in a bid to educate the electorate, we're offering excerpts from a remarkable "vulnerability study" that was commissioned by Giuliani's campaign prior to his successful 1993 City Hall run. The confidential 450-page report, authored by Giuliani's research director and another aide, was the campaign's attempt to identify possible lines of attack against Giuliani and prepare the candidate and his staff...

There is a major zero day bug announced in solaris 10 and 11 with the telnet and login combination. It has been verified. In my opinion NOBODY be should running telnet open to the internet. Versions of Solaris 9 and lower do not appear to have this vulnerability. The issue: The telnet daemon passes switches directly to the login process which looks for a switch that allows root to login to any account without a password. If your telnet daemon is running as root it allows unauthenticated remote logins. Telnet should be disabled. Since 1994 the cert.org team has recommended...

Firefox Popup Blocker Allows Reading Arbitrary Local Files There is an interesting vulnerability in the default behavior of Firefox built-in popup blocker. This vulnerability, coupled with an additional trick, allows the attacker to read arbitrary user-accessible files on the system, and thus steal some fairly sensitive information Vulnerable Systems:  * Firefox version 1.5.0.9 For security reasons, Firefox does not allow Internet-originating websites to access the file:// namespace. When the user chooses to manually allow a blocked popup however, normal URL permission checks are bypassed. The attacker may fool the browser to parse a chosen HTML document stored on the local...

Last month, security researcher HD Moore decided to write a simple program that would mangle the code found in web pages and gauge the effect such data would have on the major browsers. The result: hundreds of crashes and the discovery of several dozen flaws. The technique - called packet, or data, fuzzing - is frequently used to find flaws in network applications. Moore and others are now turning the tool on browsers to startling results. In a few weeks, the researcher had found hundreds of ways to crash Internet Explorer and, to a lesser extent, other browsers. In another...

Michael Lehn has discovered a vulnerability in Mac OS X, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the processing of file association meta data in ZIP archives (stored in the "__MACOSX" folder) and mail messages (defined via the AppleDouble MIME format). This can be exploited to trick users into executing a malicious shell script renamed to a safe file extension stored in a ZIP archive or in a mail attachment. This can also be exploited automatically via the Safari browser when visiting a malicious web site.

Smoot Hawley, Chinese Style By: George Gilder Forbes.com May 20, 2005 Original Article In his insightful new book, The World Is Flat, Tom Friedman of The New York Times, though generally disdainful of anything conservative, somehow brings himself to cite an exemplary Heritage Foundation study of U.S. companies with facilities in China. These firms are not an unhealthy set of "Benedict Arnolds," as they were quaintly dubbed by Sen. John Kerry during the last presidential campaign. They are the heart of the U.S. economy and the spearhead of global economic growth. As Friedman explains, these manufacturing outsourcers together generate...

Computer security experts were grappling with the threat of a newweakness in Microsoft’s Windows operating system that could put hundreds of millions of PCs at risk of infection by spyware or viruses. The news marks the latest security setback for Microsoft, the world’s biggest software company, whose Windows operating system is a favourite target for hackers. “The potential [security threat] is huge,” said Mikko Hyppönen, chief research officer at F-Secure, an antivirus company. “It’s probably bigger than for any other vulnerability we’ve seen. Any version of Windows is vulnerable right now.” The flaw, which allows hackers to infect computers using...