Though any given muslim may not be your enemy, don’t be deceived America, Islam is our enemy and the enemy of all freedom and liberty loving people.  The building of this mosque must be stopped!

via Is this man Obamas worst nightmare?.

via VDHs Private Papers:: Interview with Blog4History.

All the way back from March.  Can’t believe I missed this for so long.

Interesting.  I’m going to try and see an implementation of this and see how it works with my new Android-based phone.

The World from Berlin: Will Obama Be the ‘Jimmy Carter of the 21st Century’?

Two choices:  The Obamanation is either:

1)  A complete idealistic moron on the scale of and beyond Jimmy Carter.

2)  A true Marxist believer who is actively working towards the damage of the United States.

Another way of thinking of it:

1) bumbling fool

2) evil genius

There are really no alternatives.  He either is accidentally or on purpose destroying America and her leadership role for overall good in the world.

Man in the middle attacks circumventing authenticators

This makes perfect sense as:

1. OTP tokens such as the Authenticator are obviously susceptible to a live man-in-the-middle (MITM) attack as has been demonstrated as something well beyond “theoritical” a decade ago.  The issue isn’t with the token vendor or type, it is with the entire scheme of a short-lived, shared secret in an increasingly real-time, share-it-and-lose-it networked world.
2. Blizzard is likely the largest OTP deployment on the planet.  They haven’t released any numbers, but if even 10% of users use it, that’s roughly 1.2 million users.  i.e. Big ROI.
3. There’s money in “them thar accounts”.

What can you do?

• All the normal things, run anti-virus, anti-spyware, etc.
• Log into WoW from as few PCs as possible and only those you absolutely control.
• Try to log into any web page that requires authenticator authentication as little as possible, as a man-in-the-middle attack in a browser doesn’t require a local keylogger file as is being used in this current attack

What can Blizzard do?

• The obvious:
  • I believe their thick client already scans for a large number of known attack libraries, files, etc. at the time of launch.  This will be added to the list.
  • I also suspect they are looking for suspicious behavior to the extent that they can with the client.  This type of behavior should be added to the list for that.  Also, they may want to consider increasing the terms and conditions of what we allow them to do in the client with regard to looking for vulnerabilities and suspicious behavior.
• Less Obvious:  Blizzard should seriously consider having a separate authentication mechanism for getting into the game client than for logging into the various portions of Battle.Net / WorldofWarcraft.com / etc.  Why?
  • The more times you use the Authenticator, the more opportunities you have to be compromised.
  • Blizzard has more controls and capabilities to protect the login through their seriously “thick” client to provide additional protections to the authenticator login.
  • Blizzard has much less control over the login environment and ability to monitor what is happening in a web-based authentication with an authenticator.  This current attack is heavy-weight in regards to payload necessary to pull it off.  A successful MITM attack in a web login requires much less work and no payload (client software installed) to execute.
  • What does the attacker want access to, my WoW account details or the stuff on my various characters, in my banks or my guild’s banks?  Go look at what is on file in your “My Account” section. Ask yourself:
    • What is there that an attacker couldn’t get more readily and simply somewhere else given Blizzard is following good practices with regard to what details are shown, masked, etc.?
    • What can the attacker do to you there?  Change your password?  Why bother when I can steal both your static password and dynamic password in a simple web-based MITM attack?  As you now realize, an attacker only need to compromise you one time.  They don’t need to have a reusable password.
    • How about turn off your authenticator?  Hopefully you would stop and think seriously about providing the serial number of your Authenticator if asked outside of your specifically intending to turn it off.
• My suggestion to Blizzard is to consequently move authenticator management and use completely into the WoW client and only ever ask for the Authenticator code from within the client for game session login.  Enable the ability and strongly suggest to users that they use a separate password for Battle.Net web page logins (sans Authenticator) and another separate password to use in the game client with your Authenticator).
• Lastly, and I know from first-hand experience in discussing this with Blizzard devs that this probably won’t fly, but seriously consider offering additional forms of authentication that aren’t susceptible to MITM attacks.  I know the alternatives aren’t as globally friendly for all our WoW brethren that login from shared network cafe PCs, but that’s not the whole market and those of us not constrained in that fashion would like something better if you offered it.  More work for you, yes.  Better security for us and retention of us as customers, yes.

via CNN Poll: Majority says government a threat to citizens’ rights.

Maybe there is hope given that this apparently “astonishing poll” reflects the firmly held belief of the crafters of the U.S. Constitution.  Government is an evil.  A necessary evil, but evil all the same and is to be kept small and easy to stomp on when it starts to do what it must by its nature… restrict freedom of the individual.

Want to fix the economy?  Want to fix healthcare?

• Reduce the number of regulations everywhere.
• Reduce taxes across the board.
• Reduce all levels of government employment.
• Break the unions in all government hiring so the weak and the lazy can actually be fired.  (Throw in the completely evil NEA while you’re at it).
• Introduce “loser pays” tort reform.

That would do for a start as there would be such a boom as hasn’t been seen since at least the post-WW2 or 1980s boom and would likely be even bigger than that.  Then the problem just becomes keeping those that feel guilty for living in the greatest country ever on earth to keep from gaining power and undoing what makes it great.  Once we leave this obamanation behind, let’s vow to never return.  Let our rally cry be, “Remember Carter and the obamanation!”.