Obama’s $845 billion U.N. plan forwarded to U.S. Senate floor
He said the legislation, if approved, dedicates 0.7 percent of the U.S. gross national product to foreign aid, which over 13 years he said would amount to $845 billion “over and above what the U.S. already spends.”

The plan passed the House in 2007 “because most members didn’t realize what was in it,” Kincaid reported. “Congressional sponsors have been careful not to calculate the amount of foreign aid spending that it would require.”

A recent statement from Obama’s office noted the support offered by the Senate Foreign Relations Committee.

“With billions of people living on just dollars a day around the world, global poverty remains one of the greatest challenges and tragedies the international community faces,” Obama said. “It must be a priority of American foreign policy to commit to eliminating extreme poverty and ensuring every child has food, shelter, and clean drinking water. As we strive to rebuild America’s standing in the world, this important bill will demonstrate our promise and commitment to those in the developing world.

“Our commitment to the global economy must extend beyond trade agreements that are more about increasing profits than about helping workers and small farmers everywhere,” he continued.

E-mail to the Editor
No more votes for ignoramuses

In this 2008 election for president, we are told we have a choice between McCain and Obama, Republican or Democrat. My friends, that is not a choice. Given that we should try and keep Obama out, I agree, but how much better is John McCain? Really, the only reason I would consider voting for him is the possibility that he would nominate better candidates for the Supreme Court.

To paraphrase Alan Stang, “Imagine that you are sitting under a big bug. At ground level, each leg looks separate until you look up and see they are connected to the same bug.” So it is with McCain and Obama. Both of them are surrounded with advisers who are members of the Council on Foreign Relations (and each are members too), and here and there some Trilateral Commission guys. Both of these candidates are willing to play ball with those behind the scenes who have been working toward a world socialist government.

In 1974, the “Club of Rome” determined it would be best to divide the world into 10 political and economic regions. Today, we have the European Union; we hear of the African Union, the South American Union and the hardly secret “North American Union.” Bush/Clinton/Bush have taken us down this road rapidly.

Someone said that the world government pukes “are sprinting naked toward the finish line.” In other words, they figure that they have a lock on things; they don’t need to hide what is going on anymore. Their man will be in the White House, Republican or Democrat. This next treasonous administration may well finish us off as a free and independent nation.

I’ve often wondered why Congress wasn’t doing anything about this situation. Well, with few exceptions, they seem to be a useless lot, more interested in self-enrichment and personal power to bother with insignificant issues like national sovereignty. Some are worse than useless – they are “useful idiots.”

I am a state delegate for one of the exceptions, Ron Paul. I supported Dr. Paul in this campaign, but he isn’t running anymore. The only other real choice is the Constitution Party. Chuck Baldwin will not play ball with the world socialists, and he will do everything possible from the executive office to return us to a constitutional republic. I spent a day with the Constitution Party vice presidential candidate Darrell Castle. I asked him: “If there was one thing that you could say to people, what would it be?” He told me that if we keep electing the same kind of people, nothing will change. It is true.

I’ve come to the conclusion that I am not responsible for what Obama or McCain does. They will stand before God and give account for what they have done in this life, whatever it is. I am responsible for what I do, as I will give account as well. I am going to vote for who I believe is the best, Chuck Baldwin of the Constitution Party. No more voting for an ignoramus just to keep a clueless clown out of office.

We Americans have been bamboozled for too long. Republicans and Democrats are not a choice anymore. Let’s do something different this time!

“Do not fret because of evildoers, Nor be envious of the workers of iniquity. For they shall soon be cut down like the grass, And wither as the green herb. Trust in the Lord, and do good; Dwell in the land and feed on His faithfulness.”

– Psalm 37:1-3.

Steven R. Tanska

It doesn’t play here.  Now i’m not saying Obama is the Anti-christ but this world citizenship garbage is exactly what the ac is going to peddle.

Matasano - Kaminsky - DNS Forgery | Buanzolandia

Now how serious is this?  Actually it’s serious.  This allows anyone to hit your device providing any kind of DNS services(with a few exceptions) to fool your device and redirect your traffic without your knowledge or control to any site they want to.  This will lead to an increase in phising, pharming, scamming, spam with fraudulent links in them..etc etc etc. This is platform agnostic..which means all os’es are affected and all forms of dns services(with a few exceptions) are affected.  This means millions of home users and businesses with routers are vulnerable. This means many Linux firewall servers that are not patched are vulnerable.  This is NOT something to panic over but at the same time this needs to be TOP priority for you.

There’s tons of links inside the articles i link to so if you REALLY want to research there’s hours of fun for you..:)

ECC’s recommendations:

ALL ECC clients needs to do one of two things first:

1.  contact ECC to arrange a time to test your dns devices for you OR

2.  Head to this site and click on the test my dns button on the upper right.  E-mail me the results of your test to ECC for consultation.

3.  Anyone else who reads this please either follow the above advice or contact ECC for further details.

i’m going to post background on this..then i’ll post my thoughts on this and then I’ll post the text that exposes this flaw.

Earlier this year a security researcher named Dan Kaminsky found what he says is a bad flaw in DNS.  The only thing that was available online was that the flaw was bad..we needed to patch our dns servers and that the details would be released august 6th.  The problem was ISP’s and Cisco and other large vendors were notified but smaller consultants who have clients that are affected were not.  This means many millions of folks with routers, custom servers, managed services were not able to figure out the severity of the flaw, determine which, if any clients were affected and how to fix it.  We were told to take the word of a small group of researcher’s word that we had to patch and that the flaw was so horrible it could not be released due to the bad buys being able to use it.  I hate to say this but the bad guys already knew about it.  it’s called pharming. I have already castigated the industry about security by obscurity which is what this supposed “responsible” disclosure is.

Well now things have changed.  A security researcher named Halvar Flake speculates about the flaw despite the author’s request not to.  Halvar says he feels the viewpoint about not speculating is flawed, “In a strange way, if nobody speculates publicly, we are pulling wool over the eyes of the general public, and ourselves. Consider the following:

Let’s assume that the DNS problem is sufficiently complicated that an average person that has _some_ background in security, but little idea of protocols or DNS, would take N days to figure out what is problem is.
So clearly, the assumption behind the “discussion blackout” is that no evil person will figure it out before the end of the N days.

Let’s say instead of having an average person with _some_ background in security, we have a particularly bright evil person. Perhaps someone whose income depends on phishing, and who is at the same time bright enough to build a reasonably complicated rootkit. This person is smart, and has a clear financial incentive to figure this out. I’d argue that it would take him N/4 days.

By asking the community not to publicly speculate, we make sure that we have no idea what N actually is. We are not buying anybody time, we are buying people a warm and fuzzy feeling.

It is imaginable that N is something like 4 days. We don’t know, because there’s no public speculation.

So in that case, we are giving people 29 days of “Thank us for buying you time.”, when in fact we have bought them a false perception of having time. The actual time they have is N/4th, and we’re just making sure they think that N/4th > 30. Which it might not be. It might be … 1.”

Halvar apparently got really close.  A security company named Matasano posted a blog response in which they confirmed Halvar was close enough and then posted the details.  They then quickly pulled the page down..but google already had it and another blogger posted the text in full. The full text follows in case his post gets pulled:

Reliable DNS Forgery in 2008: Kaminsky’s Discovery
from Matasano Chargen by ecopeland
0.

The cat is out of the bag. Yes, Halvar Flake figured out the flaw Dan Kaminsky will announce at Black Hat.
1.

Pretend for the moment that you know only the basic function of DNS — that it translates WWW.VICTIM.COM into 1.2.3.4. The code that does this is called a resolver. Each time the resolver contacts the DNS to translate names to addresses, it creates a packet called a query. The exchange of packets is called a transaction. Since the number of packets flying about on the internet requires scientific notation to express, you can imagine there has to be some way of not mixing them up.

Bob goes to to a deli, to get a sandwich. Bob walks up to the counter, takes a pointy ticket from a round red dispenser. The ticket has a number on it. This will be Bob’s unique identifier for his sandwich acquisition transaction. Note that the number will probably be used twice — once when he is called to the counter to place his order and again when he’s called back to get his sandwich. If you’re wondering, Bob likes ham on rye with no onions.

If you’ve got this, you have the concept of transaction IDs, which are numbers assigned to keep different transactions in order. Conveniently, the first sixteen bits of a DNS packet is just such a unique identifier. It’s called a query id (QID). And with the efficiency of the deli, the QID is used for multiple transactions.
2.

Until very recently, there were two basic classes of DNS vulnerabilities. One of them involves mucking about with the QID in DNS packets and the other requires you to know the Deep Magic.

First, QIDs.

Bob’s a resolver and Alice is a content DNS server. Bob asks Alice for the address of WWW.VICTIM.COM. The answer is 1.2.3.4. Mallory would like the answer to be 6.6.6.0.

It is a (now not) secret shame of mine that for a great deal of my career, creating and sending packets was, to me, Deep Magic. Then it became part of my job, and I learned that it is surprisingly trivial. So put aside the idea that forging IP packets is the hard part of poisoning DNS. If I’m Mallory and I’m attacking Bob, how can he distinguish my packets from Alice’s? Because I can’t see the QID in his request, and the QID in my response won’t match. The QID is the only thing protecting the DNS from Mallory (me).

QID attacks began in the olden days, when BIND simply incremented the QID with every query response. If you can remember 1995, here’s a workable DNS attack. Think fast: 9372 + 1. Did you get 9372, or even miss and get 9373? You win, Alice loses. Mallory sends a constant stream of DNS responses for WWW.VICTIM.COM. All are quietly discarded —- until Mallory gets Bob to query for WWW.VICTIM.COM. If Mallory’s response gets to your computer before the legitimate response arrives from your ISP’s name server, you will be redirected where Mallory tells you you’re going.

Obvious fix: you want the QID be randomly generated. Now Alice and Mallory are in a race. Alice sees Bob’s request and knows the QID. Mallory has to guess it. The first one to land a packet with the correct QID wins. Randomized QIDs give Alice a big advantage in this race.

But there’s a bunch more problems here:

*

If you convince Bob to ask Alice the same question 1000 times all at once, and Bob uses a different QID for each packet, you made the race 1000 times easier for Mallory to win.
*

If Bob uses a crappy random number generator, Mallory can get Bob to ask for names she controls, like WWW.EVIL.COM, and watch how the QIDs bounce around; eventually, she’ll break the RNG and be able to predict its outputs.
*

16 bits just isn’t big enough to provide real security at the traffic rates we deal with in 2008.

Your computer’s resolver is probably a stub. Which means it won’t really save the response. You don’t want it to. The stub asks a real DNS server, probably run by your ISP. That server doesn’t know everything. It can’t, and shouldn’t, because the whole idea of DNS is to compensate for the organic and shifting nature of internet naming and addressing. Frequently, that server has to go ask another, and so on. The cool kids call this “recursion”.

Responses carry another value, too, called a time to live (TTL). This number tells your name server how long to cache the answer. Why? Because they deal with zillions of queries. Whoever wins the race between Alice and Mallory, their answer gets cached. All subsequent responses will be dropped. All future requests for that same data, within the TTL, come from that answer. This is good for whoever wins the race. If Alice wins, it means Mallory can’t poison the cache for that name. If Mallory wins, the next 10,000 or so people that ask that cache where WWW.VICTIM.COM is go to 6.6.6.0.
3.

Then there’s that other set of DNS vulnerabilities. These require you to pay attention in class. They haven’t really been talked about since 1997. And they’re hard to find, because you have to understand how DNS works. In other words, you have to be completely crazy. Lazlo Hollyfeld crazy. I’m speaking of course of RRset poisoning.

DNS has a complicated architecture. Not only that, but not all name servers run the same code. So not all of them implement DNS in exactly the same way. And not only that, but not all name servers are configured properly.

I just described a QID attack that poisons the name server’s cache. This attack requires speed, agility and luck, because if the “real” answer happens to arrive before your spoofed one, you’re locked out. Fortunately for those of you that have a time machine, some versions of DNS provide you with another way to poison the name server’s cache anyway. To explain it, I will have to explain more about the format of a DNS packet.

DNS packets are variable in length and consist of a header, some flags and resource records (RRs). RRs are where the goods ride around. There are up to three sets of RRs in a DNS packet, along with the original query. These are:

*

Answer RR’s, which contain the answer to whatever question you asked (such as the A record that says WWW.VICTIM.COM is 1.2.3.4)
*

Authority RR’s, which tell resolvers which name servers to refer to to get the complete answer for a question
*

Additional RR’s, sometimes called “glue”, which contain any additional information needed to make the response effective.

A word about the Additional RR’s. Think about an NS record, like the one that COM’s name server uses to tell us that, to find out where WWW.VICTIM.COM is, you have to ask NS1.VICTIM.COM. That’s good to know, but it’s not going to help you unless you know where to find NS1.VICTIM.COM. Names are not addresses. This is a chicken and egg problem. The answer is, you provide both the NS record pointing VICTIM.COM to NS1.VICTIM.COM, and the A record pointing NS1.VICTIM.COM to 1.2.3.1.

Now, let’s party like it’s 1995.

Download the source code for a DNS implementation and hack it up such that every time it sends out a response, it also sends out a little bit of evil — an extra Additional RR with bad information. Then let’s set up an evil server with it, and register it as EVIL.COM. Now get a bunch of web pages up with IMG tags pointing to names hosted at that server.

Bob innocently loads up a page with the malicious tags which coerces his browser resolve that name. Bob asks Alice to resolve that name. Here comes recursion: eventually the query arrives at our evil server. Which sends back a response with an unexpected (evil) Additional RR.

If Alice’s cache honors the unexpected record, it’s 1995 —- buy CSCO! —- and you just poisoned their cache. Worse, it will replace the “real” data already in the cache with the fake data. You asked where WWW.EVIL.COM was (or rather, the image tags did). But Alice also “found out” where WWW.VICTIM.COM was: 6.6.6.0. Every resolver that points to that name server will now gladly forward you to the website of the beast.
4.

It’s not 1995. It’s 2008. There are fixes for the attacks I have described.
Fix 1:

The QID race is fixed with random IDs, and by using a strong random number generator and being careful with the state you keep for queries. 16 bit query IDs are still too short, which fills us with dread. There are hacks to get around this. For instance, DJBDNS randomizes the source port on requests as well, and thus won’t honor responses unless they come from someone who guesses the ~16 bit source port. This brings us close to 32 bits, which is much harder to guess.
Fix 2:

The RR set poisoning attack is fixed by bailiwick checking, which is a quirky way of saying that resolvers simply remember that if they’re asking where WWW.VICTIM.COM is, they’re not interested in caching a new address for WWW.GOOGLE.COM in the same transaction.

Remember how these fixes work. They’re very important.

And so we arrive at the present day.
5.

Let’s try again to convince Bob that WWW.VICTIM.COM is 6.6.6.0.

This time though, instead of getting Bob to look up WWW.VICTIM.COM and then beating Alice in the race, or getting Bob to look up WWW.EVIL.COM and slipping strychnine into his ham sandwich, we’re going to be clever (sneaky).

Get Bob to look up AAAAA.VICTIM.COM. Race Alice. Alice’s answer is NXDOMAIN, because there’s no such name as AAAAA.VICTIM.COM. Mallory has an answer. We’ll come back to it. Alice has an advantage in the race, and so she likely beats Mallory. NXDOMAIN for AAAAA.VICTIM.COM.

Alice’s advantage is not insurmountable. Mallory repeats with AAAAB.VICTIM.COM. Then AAAAC.VICTIM.COM. And so on. Sometime, perhaps around CXOPQ.VICTIM.COM, Mallory wins! Bob believes CXOPQ.VICTIM.COM is 6.6.6.0!

Poisoning CXOPQ.VICTIM.COM is not super valuable to Mallory. But Mallory has another trick up her sleeve. Because her response didn’t just say CXOPQ.VICTIM.COM was 6.6.6.0. It also contained Additional RRs pointing WWW.VICTIM.COM to 6.6.6.0. Those records are in-bailiwick: Bob is in fact interested in VICTIM.COM for this query. Mallory has combined attack #1 with attack #2, defeating fix #1 and fix #2. Mallory can conduct this attack in less than 10 seconds on a fast Internet link.

Links:

The Register

The Reg #2

Eweek

Matasano

Softpedia

Dan Kaminsky(Doxpara)

ZDNET

Rudd-o.com

Artuo Busleiman(post of removed exploit details)

addxorrol @ blogspot

CNET 1

CNET 2

Tao Security

X Force

WHOAH!  It turns out Mr. Reiser is actually guilty.  That’s highy unfortunate as he had a successful business.  It’s a shame as the reiser file system is one of hte best around..it’s been in a frozen state for years..I don’t know if the ReiserFS will ever be widely developed now.

Yesterday went well..breast feeding has started and she is setting her own schedule.  She is an amazing baby..she only cires when something is truly wrong..and once you fix it it’s like you hit the light switch..the crying stops that quickly.   Working is hard for me..i normally can just think about my job mowing grass..but right now i have to watch my time which constantly reminds me of what is going on.  This is a minor sacrifice if it means i can be there as quickly as possible once they release our daughter.  So far aside from Mr. nothingness the nicu experience has been excellent and things are continuing to progess well.  More updaes to come.

p.s. in case youa re wondering why i am blogging while in the ncu..only three folks ar allowed bedside at hte same time..since they ahve free wifi and gen’s mom and our oldest daughter has not seen our new child in a while(or at all) i figured i could easily wait my turn this time..<G>.

They have discontinued monitoring our daughter’s blood sugar levels. It also looks like she is maintaining her body temperature nicely. She has three more days of antibiotics and then we will see what is happening from there. The doctors have also turned down the amount of oxygen she requires to close to regular air levels.

We got some excellent news.  it apears that MAYBE our newborn should be home by this Wed.  No gurantees though but it’s nice to hear the doctors are pleased that she has been making steady and noticeable progress each day.

My daughter was born via c-section.  She had a moderate load of merconium inside with her(she pooped in there).  The OB very concerned about that.  Gen went into labor on Monday morning and after 12 hours a c-section was highly recommended due to signs of distress on our daughter.  we went with the c-section.  Gen was having issues(fright) on the operating table and our daughter got taken to an incubator(she was at term and otherwise ok) where 1 doctor and 3 nurses surrounded her.  My inquiries as to why she wasn’t crying for over 2 minutes went unanswered..my gut told me something was wrong.  She then finally cried and we thought things were good.  I got shuttled with our daughter to the nursery where my further inquiries about what went on in the OR where met with the “nurse and doctor shoo”.  I was then told she has to go to the nicu(neo-natal intensive care unit) due to her having low blood sugar.  I was assured this was normal for babies who were of large size(9 lbs 7 oz) and born by c-section.  Over the next 3 days further inquiries were met with,” this particular tracking protein is way to high and is indicative of an infection or inflammation..she needs to stay here.”  That’s all i got.  Take into account though our daughter is not requiring a ventilator but is hooked up to a monitor for respiration, heart rate and oxygen levels.  Finally it’s Thursday..gen’s looking at a Friday discharge and i have no information as to why our daughter cannot come home.  I finally marched into the nicu and announced that unless i got some REAL information about my daughter i was forcibly going to discharge her.  That announcement happened this morning.  10 minutes later the neo-natal doctor called our room and asked to speak with us.  We then got a totally different story:

We were told our daughter has to be resuscitated after birth.  she has aspirated some merconium that has settled into her lungs.  Gen’s placenta was also infected and this posed a double risk of infection to out daughter.  We were informed her cultures came back negative but that her lungs had  not fully inflated yet at the very bottom of both lungs and that x-rays showed inflamed tissues int he same area.  We were also informed that she began to have oxygen levels drop overnight so our daughter has to be put on small amounts of oxygen.

Needless to say my first reaction was total shock.  Once i was able to process things i immediately got furious.  This vital information was withheld from us and i honestly believe we would not have been informed had i not rattled some cages.  I got nothing but the medical shoo at each inquiry.

The moral here is..don’t blindly take modern medicine’s advice on ANYTHING.  Take our time and look at all your options(if you have it).  Don’t be afraid to stand up and rattle some cages..IT’S YOUR LIFE, WIFE, CHILD, BROTHER..etc,etc and the modern medical establishment is not god.

right now I’m still extremely angry with the OR/OB at the Frederick Memorial Hospital in Frederick, Maryland.  Once i rattled some cages the nicu staff has been extremely forthcoming.  Dr. Miller was genuinely apologetic shen she was informed we had none of the information she gave us and the nicu nurses have been a great help the past couple of days.  My issue is with the OB, surgeons, and neo-natologist in the OR and the first nursery our daughter wa at.  Please don’t take medical advice as gospel..you could be making a deadly decision if you do.