Security Troubleshoot and Maintain:
Find what you need to respond to current security issues.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/Default.asp
Saturday, December 13, 2003
Security Pipeline | News | Spam-Virus Marriage Seen As Leading 2004 Internet Threat:
"The use of viruses to commandeer personal computers on the Internet for relaying spam is a trend that started this year and is expected to escalate in 2004, an e-mail security company said Friday.
In the last six months, MessageLabs Inc. has seen a steady rise in the use of spam and virus techniques in sending out junk e-mail hawking drugs, pornography and sexual enhancements. "
The Minneapolis-based company, which filters corporate e-mail for spam and viruses, intercepts about 27 spam messages a second today, up from two per second at the same time last year. Sixty-six percent of those messages are generated from PCs that have been taken over by spammers without the knowledge of the computers' owners, Mark Sunner, chief technology officer for MessageLabs, said.
The number of PCs commandeered by spammers is expected to increase next year. "Spammers are taking advantage of the flaw in traditional anti-virus software people are running on their desktops today," Sunner said.
Traditional anti-virus software requires users to download code capable of detecting a virus after it's released on the Internet.
Until this year, people seeking a thrill from the chaos they could cause on the Internet accounted for most of the viruses. The malevolent code is hidden in an e-mail attachment that the sender tries to trick a person into opening by pretending the message is from a legitimate vendor or someone who can be trusted, like a friend.
Spammers are now using the same techniques to get PC users to unknowingly install applications that allow the machines to be used later to relay spam. The pre-eminent example of this kind of malevolent code was the Sobig.F virus, which had such an effective mass-mailing engine that it managed to shut down some corporate and government networks.
"The authors behind Sobig were definitely spammers using the virus to harvest lots of machines to blast spam," Sunner said.
Relaying spam through other computers enables spammers to remain anonymous and avoid law enforcement agencies. In addition, by hiding the original source of the mass-mailings, spammers can avoid black lists used by filtering software to separate spam from legitimate messages.…
http://informationweek.securitypipeline.com/news/showArticle.jhtml;jsessionid=F1K3ID3UJ3UQIQSNDBCSKHQ?articleId=16600263
"The use of viruses to commandeer personal computers on the Internet for relaying spam is a trend that started this year and is expected to escalate in 2004, an e-mail security company said Friday.
In the last six months, MessageLabs Inc. has seen a steady rise in the use of spam and virus techniques in sending out junk e-mail hawking drugs, pornography and sexual enhancements. "
The Minneapolis-based company, which filters corporate e-mail for spam and viruses, intercepts about 27 spam messages a second today, up from two per second at the same time last year. Sixty-six percent of those messages are generated from PCs that have been taken over by spammers without the knowledge of the computers' owners, Mark Sunner, chief technology officer for MessageLabs, said.
The number of PCs commandeered by spammers is expected to increase next year. "Spammers are taking advantage of the flaw in traditional anti-virus software people are running on their desktops today," Sunner said.
Traditional anti-virus software requires users to download code capable of detecting a virus after it's released on the Internet.
Until this year, people seeking a thrill from the chaos they could cause on the Internet accounted for most of the viruses. The malevolent code is hidden in an e-mail attachment that the sender tries to trick a person into opening by pretending the message is from a legitimate vendor or someone who can be trusted, like a friend.
Spammers are now using the same techniques to get PC users to unknowingly install applications that allow the machines to be used later to relay spam. The pre-eminent example of this kind of malevolent code was the Sobig.F virus, which had such an effective mass-mailing engine that it managed to shut down some corporate and government networks.
"The authors behind Sobig were definitely spammers using the virus to harvest lots of machines to blast spam," Sunner said.
Relaying spam through other computers enables spammers to remain anonymous and avoid law enforcement agencies. In addition, by hiding the original source of the mass-mailings, spammers can avoid black lists used by filtering software to separate spam from legitimate messages.…
http://informationweek.securitypipeline.com/news/showArticle.jhtml;jsessionid=F1K3ID3UJ3UQIQSNDBCSKHQ?articleId=16600263
Windows XP Professional File Sharing:
"The file system in Windows XP is based on Windows NT and Windows 2000, so many of its features are new to users of Windows 95, 98, and Me. "
In Windows 95/98/Me, you can assign a password to a shared disk or folder, so that only people who know the password can gain access. That works well in a small home network where, for example, Mom and Dad know the password to the family's financial data, but Junior doesn't. But it isn't practical in a large corporate network, where Windows XP Professional is likely to be used. It's hard to keep a password secret in a large company, and changing to a new password requires giving it to everyone who needs to use it.
Windows XP Professional replaces password-based security with two alternatives:
http://www.practicallynetworked.com/sharing/xp_filesharing/index.htm
"The file system in Windows XP is based on Windows NT and Windows 2000, so many of its features are new to users of Windows 95, 98, and Me. "
In Windows 95/98/Me, you can assign a password to a shared disk or folder, so that only people who know the password can gain access. That works well in a small home network where, for example, Mom and Dad know the password to the family's financial data, but Junior doesn't. But it isn't practical in a large corporate network, where Windows XP Professional is likely to be used. It's hard to keep a password secret in a large company, and changing to a new password requires giving it to everyone who needs to use it.
Windows XP Professional replaces password-based security with two alternatives:
- Simple File Sharing is enabled by default on Windows
XP Professional systems that are members of a workgroup (typically
used in small networks) rather than a domain (typically used in
large corporate networks). For full details, see our article
on Simple
File Sharing. There are no passwords or access restrictions
and, with one exception described in the article, everything that's
shared is accessible by everyone on the network. Simple File
Sharing is the only type of sharing available in Windows XP Home
Edition. - By disabling Simple File Sharing, you can specify an Access
Control List (ACL) for each shared
disk or folder. The ACL specifies which users are allowed to
have access.
http://www.practicallynetworked.com/sharing/xp_filesharing/index.htm
Thursday, December 11, 2003
Eureka! Mac's Are Not Invulnerable:
"The truth is that the Mac OS is just as vulnerable as Microsoft Windows. Overall, maybe OS X is better than Windows, but that's not the point. Panther, for example, is a great OS, but it's also complex, and complexity leaves room for gaps—some small, some not.
OS X 10.x may not be as widely used as Windows (let's face it, it isn't) but some of its devotees seem far more fanatical than Windows users. Those who toil in Windows—me, for instance—care about their OS to a certain degree, but hardly feel the need to jump to its defense or come up with ridiculous conspiracy theories to explain why, say, Bob bombed or Windows Me stank."
When Microsoft released Windows 95 three years and some months later, for the first time there was a degree of parity between the graphical interfaces. I found things to grumble about, but they were minor. Microsoft's less-than-stellar OS security took a while to become apparent. In fact, the problem wasn't epidemic until a few years after the Internet took off. Windows' market domination makes it a target for the virus authoring community. The OS also bears the burden of user wrath because those who depend on Windows so often feel let down. But nothing drives me crazier than Mac true believers shaking their heads and grinning at me every time another Windows virus hits. This past summer was particularly difficult. As Blaster and SoBig wreaked havoc across the Internet and with millions of Windows PCs, Mac users would tell me with mock sympathy, "This wouldn't happen if we all ran Macs".
We don't, of course, and again, that's the point. The discovery of this OS X security hole will be like a tree falling in a particularly remote forest. So few people actually use Macs (notwithstanding, of course, what you see in the alternate universe of movies, where everyone appears to use them), that I think it's unlikely this problem will have any long-term effect. Hackers are unlikely to exploit this hole the way they have Windows failings.
If the Macintosh OS ever became dominant, the tables would turn, and there would be just as many reports of viruses, security holes, and attacks on it as we currently have with Windows. As one Macophile I spoke with noted, no one has even bothered to exploit this security flaw. I doubt anyone will. Meanwhile, we can already see what happens when Apple has a broadly popular product that cuts across platforms. The Apple iPod is the number one MP3 player, and now that its companion computer utility, iTunes, is available for both the Mac and the PC, it has become a hack target. In fact, Jon Lech Johansen, the same Norwegian who cracked the DVD security code, recently circumvented the iTunes music protection scheme. An event like that occurring makes sense to me, since iTunes' popularity makes it a target worth hacking—and whatever mystical Mac mojo there may be, it didn't go far in protecting a popular Apple product.…
http://www.pcmag.com/article2/0,4149,1408924,00.asp
"The truth is that the Mac OS is just as vulnerable as Microsoft Windows. Overall, maybe OS X is better than Windows, but that's not the point. Panther, for example, is a great OS, but it's also complex, and complexity leaves room for gaps—some small, some not.
OS X 10.x may not be as widely used as Windows (let's face it, it isn't) but some of its devotees seem far more fanatical than Windows users. Those who toil in Windows—me, for instance—care about their OS to a certain degree, but hardly feel the need to jump to its defense or come up with ridiculous conspiracy theories to explain why, say, Bob bombed or Windows Me stank."
When Microsoft released Windows 95 three years and some months later, for the first time there was a degree of parity between the graphical interfaces. I found things to grumble about, but they were minor. Microsoft's less-than-stellar OS security took a while to become apparent. In fact, the problem wasn't epidemic until a few years after the Internet took off. Windows' market domination makes it a target for the virus authoring community. The OS also bears the burden of user wrath because those who depend on Windows so often feel let down. But nothing drives me crazier than Mac true believers shaking their heads and grinning at me every time another Windows virus hits. This past summer was particularly difficult. As Blaster and SoBig wreaked havoc across the Internet and with millions of Windows PCs, Mac users would tell me with mock sympathy, "This wouldn't happen if we all ran Macs".
We don't, of course, and again, that's the point. The discovery of this OS X security hole will be like a tree falling in a particularly remote forest. So few people actually use Macs (notwithstanding, of course, what you see in the alternate universe of movies, where everyone appears to use them), that I think it's unlikely this problem will have any long-term effect. Hackers are unlikely to exploit this hole the way they have Windows failings.
If the Macintosh OS ever became dominant, the tables would turn, and there would be just as many reports of viruses, security holes, and attacks on it as we currently have with Windows. As one Macophile I spoke with noted, no one has even bothered to exploit this security flaw. I doubt anyone will. Meanwhile, we can already see what happens when Apple has a broadly popular product that cuts across platforms. The Apple iPod is the number one MP3 player, and now that its companion computer utility, iTunes, is available for both the Mac and the PC, it has become a hack target. In fact, Jon Lech Johansen, the same Norwegian who cracked the DVD security code, recently circumvented the iTunes music protection scheme. An event like that occurring makes sense to me, since iTunes' popularity makes it a target worth hacking—and whatever mystical Mac mojo there may be, it didn't go far in protecting a popular Apple product.…
http://www.pcmag.com/article2/0,4149,1408924,00.asp
Don't Let These Security Gotcha's Get Your Database:
"Securing the database is top of mind at most organizations now more than ever. How not? As it is, Slammer slapped us last winter, Microsoft had yet another SQL Server Hotfix patch out as of Friday, and Oracle on Friday put out a high-severity security alert warning of Secure Sockets Layer (SSL) vulnerabilities that require immediate attention."
No matter how locked-down-by-default Oracle 10g gets …, no matter how automated SQL Server security patches get, database administrators and security officers are still making mistakes that can easily be avoided.
http://www.eweek.com/print_article/0,3048,a=114260,00.asp
"Securing the database is top of mind at most organizations now more than ever. How not? As it is, Slammer slapped us last winter, Microsoft had yet another SQL Server Hotfix patch out as of Friday, and Oracle on Friday put out a high-severity security alert warning of Secure Sockets Layer (SSL) vulnerabilities that require immediate attention."
No matter how locked-down-by-default Oracle 10g gets …, no matter how automated SQL Server security patches get, database administrators and security officers are still making mistakes that can easily be avoided.
http://www.eweek.com/print_article/0,3048,a=114260,00.asp
Secunia - Advisories - Internet Explorer URL Spoofing Vulnerability:
"A vulnerability has been identified in Internet Explorer, which can be exploited by malicious people to display a fake URL in the address and status bars.
The vulnerability is caused due to an input validation error, which can be exploited by including the '%01' and '%00' URL encoded representations after the username and right before the '@' character in an URL.
Successful exploitation allows a malicious person to display an arbitrary FQDN (Fully Qualified Domain Name) in the address and status bars, which is different from the actual location of the page. "
This can be exploited to trick users into divulging sensitive information or download and execute malware on their systems, because they trust the faked domain in the two bars.
Example displaying only "http://www.trusted_site.com" in the two bars when the real domain is "malicious_site.com":
http://www.trusted_site.com%01%00@malicious_site.com/malicious.html
A test is available at:
http://www.secunia.com/internet_explorer_address_bar_spoofing_test/
The vulnerability has been confirmed in version 6.0. However, prior versions may also be affected.…
http://www.secunia.com/advisories/10395
"A vulnerability has been identified in Internet Explorer, which can be exploited by malicious people to display a fake URL in the address and status bars.
The vulnerability is caused due to an input validation error, which can be exploited by including the '%01' and '%00' URL encoded representations after the username and right before the '@' character in an URL.
Successful exploitation allows a malicious person to display an arbitrary FQDN (Fully Qualified Domain Name) in the address and status bars, which is different from the actual location of the page. "
This can be exploited to trick users into divulging sensitive information or download and execute malware on their systems, because they trust the faked domain in the two bars.
Example displaying only "http://www.trusted_site.com" in the two bars when the real domain is "malicious_site.com":
http://www.trusted_site.com%01%00@malicious_site.com/malicious.html
A test is available at:
http://www.secunia.com/internet_explorer_address_bar_spoofing_test/
The vulnerability has been confirmed in version 6.0. However, prior versions may also be affected.…
http://www.secunia.com/advisories/10395
On 'Seamless Computing' and Other Microspeak:
"You can tell a lot about a company by the phrases it coins. And Microsoft continues to mint some telltale ones.
More than a few Microsoft-spawned terms have made their way into the wider tech lexicon. Think 'dogfooding,' 'show stopper,' 'three-finger salute,' etc.
(Hats off to the MicroNews crew, the folks who produce Microsoft's internal company newsletter, for keeping tabs on the latest lingo from Redmond, documenting everything from 'blibbets' to 'Lake Bill.')"
Check a Partial Guide to Microspeak (from MicroNews)
But Microspeak is always morphing. Just this past week, we heard Chairman Bill Gates toss around his seeming new favorite: "Seamless Computing." Gates used the term in both his Comdex keynote and subsequent press interviews, ad nauseum.
Microsoft execs first began talking about seamless computing (no "TM," but Microsoft is using initial caps when referring to the term) back in 2001, when the company rolled out Windows XP.
Microsoft seems to be equating Seamless Computing with interoperability. But Redmond's kind of Seamless Computing isn't focused interoperability among heterogeneous systems and software from different vendors (which is what most folks mean when they talk interoperability). Instead, Seamless Computing, according to Microsoft, is all about interconnecting Windows-based systems, from the Auto PC, to the Media Center PC, to the data-center hub.…
http://www.gisuser.co.nz/pdfs/MicroSpeak.pdf
http://www.microsoft-watch.com/article2/0,4248,1394053,00.asp
"You can tell a lot about a company by the phrases it coins. And Microsoft continues to mint some telltale ones.
More than a few Microsoft-spawned terms have made their way into the wider tech lexicon. Think 'dogfooding,' 'show stopper,' 'three-finger salute,' etc.
(Hats off to the MicroNews crew, the folks who produce Microsoft's internal company newsletter, for keeping tabs on the latest lingo from Redmond, documenting everything from 'blibbets' to 'Lake Bill.')"
Check a Partial Guide to Microspeak (from MicroNews)
But Microspeak is always morphing. Just this past week, we heard Chairman Bill Gates toss around his seeming new favorite: "Seamless Computing." Gates used the term in both his Comdex keynote and subsequent press interviews, ad nauseum.
Microsoft execs first began talking about seamless computing (no "TM," but Microsoft is using initial caps when referring to the term) back in 2001, when the company rolled out Windows XP.
Microsoft seems to be equating Seamless Computing with interoperability. But Redmond's kind of Seamless Computing isn't focused interoperability among heterogeneous systems and software from different vendors (which is what most folks mean when they talk interoperability). Instead, Seamless Computing, according to Microsoft, is all about interconnecting Windows-based systems, from the Auto PC, to the Media Center PC, to the data-center hub.…
http://www.gisuser.co.nz/pdfs/MicroSpeak.pdf
http://www.microsoft-watch.com/article2/0,4248,1394053,00.asp
Wednesday, December 10, 2003
News: Developers take Linux attacks to heart:
"During the last four months, unknown intruders have breached the security around servers hosting programs and code published by the Linux kernel development team, the Debian Project, the Gentoo Linux Project and the GNU Project, which manages the development of many important programs used by Linux and other Unix-like systems. The attacks have convinced open-source project leaders to take another look at their security. "
"It is a definite eyebrow raiser that there has been this targeting of open-source servers and core open-source development servers," said Corey Shields, a member of the infrastructure team that overseas the distribution system for Gentoo Linux's code. "The worry is that if someone wanted to be malicious, they could change core software and users could be using corrupted packages."
Although the open-source model has led to immense progress in developing a competing operating system to Microsoft's Windows--long a target of hackers--it now seems to be a magnet for attackers itself. In a sort of backhanded compliment, attackers are aiming at the Linux OS and other open-source applications because of the software's popularity. Even developers who believe they've adequately secured their development systems are looking at the trend with some trepidation.
"It is one of those things where you have to hope you are not next and try to be one step ahead of the bad guys," said Jeremy Allison, co-founder and developer of the Samba Project, the programming effort for the popular open-source file server that seamlessly fits into Windows networks.
On Dec. 1, an attack on Gentoo Linux compromised one of 105 volunteer-run servers that make copies of Gentoo's source code available to users. The attack, however, didn't threaten the main source-code database. Moreover, security software on the targeted server detected the attack quickly and kept a detailed record of it.
The incident followed a November attack on the Linux kernel, which similarly happened because another system--this time a developer's--had been breached and used as a stepping-stone. The attacker used the developer's machine to submit code to a secondary server, code that could have been used by a later attacker to gain access to any systems that installed it. That attack also was detected within 24 hours.
Other incidents in the rash of attacks have been more serious.
Intruders gained access to the GNU Project's development system, Savannah, and in a separate incident, to four Debian Project servers used to manage development and community efforts for that Linux distribution.
Both attacks were similarly executed: An attacker managed to garner a legitimate user's log-in name and password and then used a recently discovered vulnerability in the Linux kernel to gain the rights and privileges of the system's owners. Both Debian and GNU Project leaders continue to keep the systems offline--and inaccessible to developers--until they can ensure they're secure.
The GNU Project said the latest attack, and another one that compromised the project's file transfer servers last March, had prompted its leadership to make changes.…
http://zdnet.com.com/2100-1105_2-5117271.html
"During the last four months, unknown intruders have breached the security around servers hosting programs and code published by the Linux kernel development team, the Debian Project, the Gentoo Linux Project and the GNU Project, which manages the development of many important programs used by Linux and other Unix-like systems. The attacks have convinced open-source project leaders to take another look at their security. "
"It is a definite eyebrow raiser that there has been this targeting of open-source servers and core open-source development servers," said Corey Shields, a member of the infrastructure team that overseas the distribution system for Gentoo Linux's code. "The worry is that if someone wanted to be malicious, they could change core software and users could be using corrupted packages."
Although the open-source model has led to immense progress in developing a competing operating system to Microsoft's Windows--long a target of hackers--it now seems to be a magnet for attackers itself. In a sort of backhanded compliment, attackers are aiming at the Linux OS and other open-source applications because of the software's popularity. Even developers who believe they've adequately secured their development systems are looking at the trend with some trepidation.
"It is one of those things where you have to hope you are not next and try to be one step ahead of the bad guys," said Jeremy Allison, co-founder and developer of the Samba Project, the programming effort for the popular open-source file server that seamlessly fits into Windows networks.
On Dec. 1, an attack on Gentoo Linux compromised one of 105 volunteer-run servers that make copies of Gentoo's source code available to users. The attack, however, didn't threaten the main source-code database. Moreover, security software on the targeted server detected the attack quickly and kept a detailed record of it.
The incident followed a November attack on the Linux kernel, which similarly happened because another system--this time a developer's--had been breached and used as a stepping-stone. The attacker used the developer's machine to submit code to a secondary server, code that could have been used by a later attacker to gain access to any systems that installed it. That attack also was detected within 24 hours.
Other incidents in the rash of attacks have been more serious.
Intruders gained access to the GNU Project's development system, Savannah, and in a separate incident, to four Debian Project servers used to manage development and community efforts for that Linux distribution.
Both attacks were similarly executed: An attacker managed to garner a legitimate user's log-in name and password and then used a recently discovered vulnerability in the Linux kernel to gain the rights and privileges of the system's owners. Both Debian and GNU Project leaders continue to keep the systems offline--and inaccessible to developers--until they can ensure they're secure.
The GNU Project said the latest attack, and another one that compromised the project's file transfer servers last March, had prompted its leadership to make changes.…
http://zdnet.com.com/2100-1105_2-5117271.html
EasyRGB - Color harmonies, complements and themes.:
"Search for colors complements to your RGB values.
Create color harmonies, combinations and themes.
From your main (or background) color select trim and accents tones."
http://www.easyrgb.com/harmonies.php
"Search for colors complements to your RGB values.
Create color harmonies, combinations and themes.
From your main (or background) color select trim and accents tones."
http://www.easyrgb.com/harmonies.php
Tuesday, December 09, 2003
CSS Design: Creating Custom Corners & Borders: A List Apart:
http://www.alistapart.com/articles/customcorners/
We’ve all heard the rap:
“Sites designed with CSS tend to be boxy and hard-edged. Where are the rounded corners?”
Answer: the rounded corners are right here. In this article, we’ll show how customized borders and corners can be applied to fully fluid and flexible layouts with dynamic
content, using sound and semantically logical markup.
http://www.alistapart.com/articles/customcorners/
News: U.N. confab to see tussle over Net control:
"Leaders from nearly 200 countries will convene in Geneva for the World Summit on the Information Society (WSIS) on Dec. 10-12, an inaugural conference with lofty goals to discuss bridging the digital divide and fostering press freedoms.
But a contentious political move to grant an international governing body such as the U.N.'s International Telecommunication Union (ITU) control over Internet governance issues--from distributing Web site domains to the public to fighting spam--has all but obscured the more virtuous aspects of the event. "
…the Internet has become a thriving global marketplace since being fully turned over to the private business community in the early 1990s.
But many in the developing world believe a new approach is needed as the medium enters its teen years, one that will see poorer countries harness new technologies to improve their competitive stance.
The most recognizable Internet governance body is a California-based nonprofit company, the International Corporation for Assigned Names and Numbers (ICANN). Under the new plan, it has the most to lose. Incorporated in 1998, ICANN oversees management of the Internet's crucial addressing system which matches numerical addresses to familiar Web site addresses such as www.google.com.
While ICANN's oversight has been confined to the decidedly technical matters behind doling out domain names and establishing a system for resolving domain name disputes, the group has been criticized roundly for adopting a probusiness approach that neglects the developing world.
The ITU, a 138-year-old trade body that among other things established country code rules for international telephone dialing, has been put forth by the developing world as the governing body that will best address its needs.…
So far, a change in leadership has been bogged down by fractious discussion with a definitive resolution not expected until 2005 when the second WSIS summit is held in Tunisia.
But many believe the new guard has already arrived.…
http://zdnet.com.com/2100-1104_2-5113744.html?tag=adnews
"Leaders from nearly 200 countries will convene in Geneva for the World Summit on the Information Society (WSIS) on Dec. 10-12, an inaugural conference with lofty goals to discuss bridging the digital divide and fostering press freedoms.
But a contentious political move to grant an international governing body such as the U.N.'s International Telecommunication Union (ITU) control over Internet governance issues--from distributing Web site domains to the public to fighting spam--has all but obscured the more virtuous aspects of the event. "
…the Internet has become a thriving global marketplace since being fully turned over to the private business community in the early 1990s.
But many in the developing world believe a new approach is needed as the medium enters its teen years, one that will see poorer countries harness new technologies to improve their competitive stance.
The most recognizable Internet governance body is a California-based nonprofit company, the International Corporation for Assigned Names and Numbers (ICANN). Under the new plan, it has the most to lose. Incorporated in 1998, ICANN oversees management of the Internet's crucial addressing system which matches numerical addresses to familiar Web site addresses such as www.google.com.
While ICANN's oversight has been confined to the decidedly technical matters behind doling out domain names and establishing a system for resolving domain name disputes, the group has been criticized roundly for adopting a probusiness approach that neglects the developing world.
The ITU, a 138-year-old trade body that among other things established country code rules for international telephone dialing, has been put forth by the developing world as the governing body that will best address its needs.…
So far, a change in leadership has been bogged down by fractious discussion with a definitive resolution not expected until 2005 when the second WSIS summit is held in Tunisia.
But many believe the new guard has already arrived.…
http://zdnet.com.com/2100-1104_2-5113744.html?tag=adnews
Fighting Phishing:
"Phishing, e-mail and Web-based efforts by online scammers to hijack personal information from unsuspecting users, faces a new obstacle. A group of global banks and technology companies have joined forces to fight the scams. The group is running a Web site, Anti-Phishing.Org (www.antiphishing.org), where those who have received phishing messages can report them, and personnel will follow up by trying to track down the originators of the scams."
http://www.pcmag.com/article2/0,4149,1407031,00.asp
"Phishing, e-mail and Web-based efforts by online scammers to hijack personal information from unsuspecting users, faces a new obstacle. A group of global banks and technology companies have joined forces to fight the scams. The group is running a Web site, Anti-Phishing.Org (www.antiphishing.org), where those who have received phishing messages can report them, and personnel will follow up by trying to track down the originators of the scams."
http://www.pcmag.com/article2/0,4149,1407031,00.asp
Could The Bad Guys Win on Spam?: http://eletters.eweek.com/zd1/cts?d=79-356-2-3-13145-42538-1
"Spam and mail-based attacks are coming to dominate Internet e-mail. Nothing seems able to stop them, and some days it's rare to find real mail among the spam. Could it come to the point that it's not worth dealing with e-mail's problems?"
On some days, life in the security business is more depressing than on others. My recent reading about Mimail.L, the latest in a long line of sociopathic worms, tipped me into the blues.
Mimail.L is particularly vile. Here are some of the actions it takes:
So, not only is this a particularly offensive worm, but it specifically attacks anti-spam sites! Do the authors of the worm have a particular problem with these groups? Perhaps, or maybe it's just more anti-social behavior. They also attack Register.com, but I doubt they're opposed to domain name registration on principal
After reading about this I'm tempted to agree with a poster on a Slashdot thread on Mimail.L: "They won't stop 'til they've destroyed e-mail." We keep hearing about the ever-increasing percentage of Internet e-mail that is composed of spam. The latest consensus I hear is "over 50 percent," but you can bet your last "F_R_E_E whatever" that the number will continue to climb.…
http://www.eweek.com/article2/0,4149,1403354,00.asp?kc=EWNWS120903DTX1K0000599
"Spam and mail-based attacks are coming to dominate Internet e-mail. Nothing seems able to stop them, and some days it's rare to find real mail among the spam. Could it come to the point that it's not worth dealing with e-mail's problems?"
On some days, life in the security business is more depressing than on others. My recent reading about Mimail.L, the latest in a long line of sociopathic worms, tipped me into the blues.
Mimail.L is particularly vile. Here are some of the actions it takes:
- It arrives as a pornographic e-mail with an attached ZIP file purporting to contain dirty pictures. That file contains a file with a .jpg.exe extension, so if someone runs it to see the picture they actually infect themselves. As always, this subterfuge works far more often than I'd like to think, but so far it's just a run of the mill worm.
- It scours the hard disk for e-mail addresses and stores them in a file named xu298da.tmp in the Windows folder. It then mails itself out with the same porno message to these addresses.
- If there's a problem sending that mail, it instead tries to send a different message without the attachment. This fallback message says that the recipient's credit card has been charged for a purchase of child pornography. It directs the reader, if they want to cancel, to contact security@europe.spamhaus.org.
- The message also lists more than a half a dozen sites as places you can get more kiddy porn, including Disney.go.com, Spamcop.net and Spews.org, and attempts to perform a denial of service attack on these sites..
So, not only is this a particularly offensive worm, but it specifically attacks anti-spam sites! Do the authors of the worm have a particular problem with these groups? Perhaps, or maybe it's just more anti-social behavior. They also attack Register.com, but I doubt they're opposed to domain name registration on principal
After reading about this I'm tempted to agree with a poster on a Slashdot thread on Mimail.L: "They won't stop 'til they've destroyed e-mail." We keep hearing about the ever-increasing percentage of Internet e-mail that is composed of spam. The latest consensus I hear is "over 50 percent," but you can bet your last "F_R_E_E whatever" that the number will continue to climb.…
http://www.eweek.com/article2/0,4149,1403354,00.asp?kc=EWNWS120903DTX1K0000599
News: Worm hits Windows-based ATMs:
"An unknown number of ATMs running Windows XP Embedded were shut down during the spread of the so-called Nachi worm, said executives at Diebold, which made the ATMs and refused to name the customers affected.
The Nachi worm, also dubbed 'Welchia,' was written to clean up after the MSBlast, or Blaster, worm. Instead it crippled or congested networks around the world, including the check-in system at Air Canada. Both worms spread through a hole in Windows XP, 2000, NT and Server 2003. "
"It's a harbinger of things to come," said Bruce Schneier, chief technical officer of network monitoring company Counterpane Internet Security.
"Specific-purpose machines, like microwave ovens and until now ATM machines, never got viruses," said Schneier, author of "Beyond Fear: Thinking Sensibly About Security in an Uncertain World." "Now that they are using a general purpose operating system, Diebold should expect a lot more of this in the future," he said.
John Pescatore, an analyst at Gartner, agreed.
"It's a horrendous security mistake," he said of specific-purpose machines like ATMs running Windows, which is written for general-purpose computers and for which Microsoft releases security fixes on a regular basis. "I'm a lot more worried about my money than I was before this."
Diebold switched from using IBM's OS/2 on its ATMs because banks were requesting Windows, said Steve Grzymkowski, senior product marketing manager at Diebold.
To help prevent future problems Diebold is shipping ATMs with firewall software designed to block out viruses and other attacks, he said.
"As far as it happening again, I wouldn't want to speculate on that," Grzymkowski said.
Schneier and Pescatore said they were worried about the security of other Windows-based Diebold appliances--voting machines, which run Windows CE.…
http://zdnet.com.com/2100-1105_2-5117285.html
"An unknown number of ATMs running Windows XP Embedded were shut down during the spread of the so-called Nachi worm, said executives at Diebold, which made the ATMs and refused to name the customers affected.
The Nachi worm, also dubbed 'Welchia,' was written to clean up after the MSBlast, or Blaster, worm. Instead it crippled or congested networks around the world, including the check-in system at Air Canada. Both worms spread through a hole in Windows XP, 2000, NT and Server 2003. "
"It's a harbinger of things to come," said Bruce Schneier, chief technical officer of network monitoring company Counterpane Internet Security.
"Specific-purpose machines, like microwave ovens and until now ATM machines, never got viruses," said Schneier, author of "Beyond Fear: Thinking Sensibly About Security in an Uncertain World." "Now that they are using a general purpose operating system, Diebold should expect a lot more of this in the future," he said.
John Pescatore, an analyst at Gartner, agreed.
"It's a horrendous security mistake," he said of specific-purpose machines like ATMs running Windows, which is written for general-purpose computers and for which Microsoft releases security fixes on a regular basis. "I'm a lot more worried about my money than I was before this."
Diebold switched from using IBM's OS/2 on its ATMs because banks were requesting Windows, said Steve Grzymkowski, senior product marketing manager at Diebold.
To help prevent future problems Diebold is shipping ATMs with firewall software designed to block out viruses and other attacks, he said.
"As far as it happening again, I wouldn't want to speculate on that," Grzymkowski said.
Schneier and Pescatore said they were worried about the security of other Windows-based Diebold appliances--voting machines, which run Windows CE.…
http://zdnet.com.com/2100-1105_2-5117285.html
Welcome to TechBuilder.org:
"Secure wireless networking can be a reality, but only if you employ some very straightforward techniques."
http://www.techbuilder.org./article.htm?ArticleID=46364
"Secure wireless networking can be a reality, but only if you employ some very straightforward techniques."
http://www.techbuilder.org./article.htm?ArticleID=46364
Monday, December 08, 2003
Op-Ed Contributor: A Million Miles From the Green Zone to the Front Lines:
"The other day I told General Petraeus about a young specialist fourth class I had met while waiting for a military flight out of Baghdad. The specialist was a college student from Iowa whose National Guard unit had been called up for the war. He had told me about a prolonged firefight that took place the week before, outside Camp Anaconda on the outskirts of the city of Balad, 40 miles from Baghdad.
'We began taking small arms fire about 8 a.m., from Abu Shakur, the village just north of the base camp's gate,' the specialist told me. 'Our guys responded with small arms and then mortars. Someone on patrol outside the wire got wounded, and they sent Bradley Fighting Vehicles out, and they hit the Bradleys pretty hard, and by 10 a.m., they were firing 155-millimeter howitzers, and attack helicopters were firing missiles into the village, and you could see tracers and smoke everywhere.
'I had just gotten off a night shift, and I was sitting outside my tent about 100 meters from the gate in my pajamas reading a book. Right near me, guys were doing laundry and standing in line for chow. I was sitting there thinking: `Have we had wars like this before? Shouldn't we drop everything and help? I mean, we were spectators! What kind of war is this, sir?' '"
General Petraeus, who graduated from West Point in 1974, just in time to witness the ignominious end to the war in Vietnam, didn't say anything. But slowly, and it seemed, unconsciously, his head began to nod, and his mind seemed far, far away. It seemed clear he knew the answer: yes, specialist, we have had wars like this before.
Commanding generals have had lavishly appointed offices before, as well. My grandfather, Gen. Lucian K. Truscott Jr., occupied the Borghese Palace when his VI Corps swept into Rome in 1943. His aide kept a record of the meals prepared for him by his three Chinese cooks, while every day dozens — and on some days, hundreds — of his soldiers perished on the front lines at Anzio, only a few miles away from his villa on the beach.
So there may be nothing new about this war and the way we are fighting it — with troops on day and night patrols from base camps being hit by a nameless, faceless enemy they cannot see and whose language they do not speak. However, the disconnect between the marbled hallways of the Coalition Provisional Authority palaces in Baghdad and the grubby camp in central Mosul where I spent last week as a guest of Bravo Company, First Battalion, 502nd Infantry Regiment, is profound, and perhaps unprecedented.
An colonel in Baghdad (who will go nameless here for obvious reasons) told me just after I arrived that senior Army officers feel every order they receive is delivered with next November's election in mind, so there is little doubt at and near the top about who is really being used for what over here. The resentment in the ranks toward the civilian leadership in Baghdad and back in Washington is palpable. Another officer described the two camps, military and civilian, inhabiting the heavily fortified, gold-leafed presidential palace inside the so-called Green Zone in Baghdad, as "a divorced couple who won't leave the house."
Meanwhile in Mosul, the troops of Bravo Company bunker down amid smells of diesel fuel and burning trash and rotting vegetables and dishwater and human waste from open sewers running though the maze of stone and mud alleyways in the Old City across the street. Bravo Company's area of operations would be an assault on the senses even without the nightly rattle of AK-47 fire in the nearby streets, and the two rocket-propelled grenade rounds fired at the soldiers a couple of weeks ago.
It is difficult enough for the 120 or so men of Bravo Company to patrol their overcrowded sector of this city of maybe two million people and keep its streets safe and free of crime. But from the first day they arrived in Mosul, Bravo Company and the rest of the 101st Airborne Division were saddled with dozens of other missions, all of them distinctly nonmilitary, and most of them made necessary by the failure of civilian leaders in Washington and Baghdad to prepare for the occupation of Iraq.
The 101st entered Mosul on April 22 to find the city's businesses, civil ministries and utilities looted and its people rioting in the streets. By May 5, the soldiers had supervised elections for mayor and city council. On May 11, they oversaw the signing of harvest accords and the division of wheat profits among the region's frequently warring factions of Arabs, Kurds, Turkmen and Assyrians. On May 14, a company commander of Alpha Company, Third Battalion, 187th Infantry Regiment of the 101st re-opened the Syrian border for trade, and by May 18, soldiers had largely restored the flow of automobile gas and cooking propane, shortages of which had been causing riots.
Since that time, soldiers from the 101st have overseen tens of millions of dollars worth of reconstruction projects: drilling wells for villages that had never had their own water supply; rebuilding playgrounds and schools; repairing outdated and broken electrical systems; installing satellite equipment needed to get the regional phone system up and running; restoring the city's water works; repairing sewers and in some cases installing sewage systems in neighborhoods that had never had them; policing, cleaning and reorganizing the ancient marketplace in the Old City; setting up a de facto social security system to provide "retirement" pay to the 110,000 former Iraqi soldiers in the area; screening and, in most cases, putting back to work most of the former Baath Party members who fled their jobs at the beginning of the war.
So many civil projects were reported on at a recent battle update briefing I attended that staff officers sometimes sounded more like board members of a multinational corporation than the combat-hardened infantry soldiers they are.…The Coalition Provisional Authority nominally has the job of "rebuilding" Iraq — using $20 billion or so of the $78 billion that recently flew out of America's deficit-plagued coffers. But during the time the 101st has been in Mosul, three regional coalition authority directors have come and gone. Only recently, long after the people of Mosul elected their mayor and city council, was a civilian American governance official sent to the area. And, according to the division leadership, not a nickel of the $20 billion controlled by the provisional authority has reached them.
"First they want a planning contractor to come in here, and even that step takes weeks to get approved," one officer in Mosul complained of the civilian leadership. "The planners were up here for months doing assessments, and then more weeks go by because everything has to be approved by Baghdad. If we sat around waiting for the C.P.A. and its civilian contractors to do it, we still wouldn't have electricity and running water in Mosul, so we just took our own funds and our engineers and infantry muscle and did it ourselves. We didn't have the option of waiting on the guys in the Green Zone."
But the guys in the Green Zone seem to have plenty of time on their hands. The place is something to behold, surrounded on one side by the heavily patrolled Tigris River, and on the three others by a 15-foot-high concrete wall backed by several rows of concertina razor wire and a maze of lesser concrete barriers. There's only one way in and out, through a heavily fortified checkpoint near the Jumhiriya Bridge guarded by tanks and Bradley Fighting Vehicles from the First Armored Division and an invisible array of British commando teams. More tanks guard key intersections inside the walls, machine gun towers line the wide boulevards, snipers man firing positions atop palaces great and small.
In all, hundreds of uniformed soldiers and heavily armed civilian security guards stand watch all day, every day over a display of grim garishness that would have given Liberace nightmares. If you're curious about how your tax dollars are being spent in Baghdad, you should get one of the many colonels strolling about the Green Zone to take you on a tour of the rebuilt duck pond across the road from the marble and gold-leafed palace serving as headquarters of an Army brigade. As I went to sleep one night a couple of weeks ago in the Green Zone, listening to the gurgle of the duck pond fountain and the comforting roar of Black Hawk helicopters patrolling overhead, it occurred to me that it was the safest night I've spent in about 25 years.
Which was a blessing for me, but a curse on the war effort. The super-defended Green Zone is the biggest, most secure American base camp in Iraq, but there is little connection between the troops in the field and the bottomless pit of planners and deciders who live inside the palace. Soldiers from the 101st tell me that they waited months for the Bechtel Corporation to unleash its corporate might in northern Iraq. "Then one of the Bechtel truck convoys got ambushed on the way up here three weeks ago, and one of the security guys got wounded," an infantryman told me. "They abandoned their trucks on the spot and pulled out, and we haven't seen them since."
"It's really not helpful when people down in Baghdad and politicians back in Washington refer to the `disorganized and ineffective' enemy we supposedly face," said one young officer, as we walked out of a battalion battle briefing that had been concerned largely with the tactics of an enemy force that is clearly well organized and very, very effective. After spending more than a week with the soldiers of Bravo Company, I know that they resent not only the inaccuracy of such statements, but the implication that soldiers facing a disorganized and ineffective enemy have an easy job.
No matter what you call this stage of the conflict in Iraq — the soldiers call it a guerrilla war while politicians back home often refer to it misleadingly and inaccurately as part of the amorphous "war on terror" — it is without a doubt a nasty, deadly war. And the people doing the fighting are soldiers, not the civilian employees of Kellogg, Brown & Root, or the officials of the Coalition Provisional Authority, or the visiting bigwigs from the Defense Department.
The troops in Bravo Company don't pay much attention to the rear-guard political wars being waged back in Washington, but they loved President Bush's quick visit to Baghdad on Thanksgiving. While it was clearly a political stunt, they were quick to credit the risks he took. I can confirm that flying in and out of Baghdad — even at night, when it's safest — is not for the faint of heart. A C-130 on approach takes a nervous, dodgy route, banking this way and that, gaining and losing altitude. Hanging onto one of those web-seats by only a seat belt (no shoulder harnesses), you're nearly upside down half the time — it would feel like the ultimate roller-coaster ride, except it's very much for real.
When Bravo Company troops roll out of the rack at 2 a.m. for street patrols, they walk the broad boulevards and narrow alleyways spread out as if they're walking a jungle trail — wheeling to the rear, sideways, back to the front; their eyes searching doorways, alleys, windows, rooftops, passing cars, even donkey carts — trying to keep one another alive for another day, another week, another month, whatever it takes to get home.
Meanwhile, two soldiers armed with M-4 carbines and fearsome M-249 Saws machine guns stand guard inside concrete and sandbag bunkers atop the Bravo Company camp's roof, while squads of soldiers patrol alleys with no names in Mosul's Old City, and everyone prays.
http://www.nytimes.com/2003/12/07/opinion/07TRUS.html?pagewanted=all&position=
"The other day I told General Petraeus about a young specialist fourth class I had met while waiting for a military flight out of Baghdad. The specialist was a college student from Iowa whose National Guard unit had been called up for the war. He had told me about a prolonged firefight that took place the week before, outside Camp Anaconda on the outskirts of the city of Balad, 40 miles from Baghdad.
'We began taking small arms fire about 8 a.m., from Abu Shakur, the village just north of the base camp's gate,' the specialist told me. 'Our guys responded with small arms and then mortars. Someone on patrol outside the wire got wounded, and they sent Bradley Fighting Vehicles out, and they hit the Bradleys pretty hard, and by 10 a.m., they were firing 155-millimeter howitzers, and attack helicopters were firing missiles into the village, and you could see tracers and smoke everywhere.
'I had just gotten off a night shift, and I was sitting outside my tent about 100 meters from the gate in my pajamas reading a book. Right near me, guys were doing laundry and standing in line for chow. I was sitting there thinking: `Have we had wars like this before? Shouldn't we drop everything and help? I mean, we were spectators! What kind of war is this, sir?' '"
General Petraeus, who graduated from West Point in 1974, just in time to witness the ignominious end to the war in Vietnam, didn't say anything. But slowly, and it seemed, unconsciously, his head began to nod, and his mind seemed far, far away. It seemed clear he knew the answer: yes, specialist, we have had wars like this before.
Commanding generals have had lavishly appointed offices before, as well. My grandfather, Gen. Lucian K. Truscott Jr., occupied the Borghese Palace when his VI Corps swept into Rome in 1943. His aide kept a record of the meals prepared for him by his three Chinese cooks, while every day dozens — and on some days, hundreds — of his soldiers perished on the front lines at Anzio, only a few miles away from his villa on the beach.
So there may be nothing new about this war and the way we are fighting it — with troops on day and night patrols from base camps being hit by a nameless, faceless enemy they cannot see and whose language they do not speak. However, the disconnect between the marbled hallways of the Coalition Provisional Authority palaces in Baghdad and the grubby camp in central Mosul where I spent last week as a guest of Bravo Company, First Battalion, 502nd Infantry Regiment, is profound, and perhaps unprecedented.
An colonel in Baghdad (who will go nameless here for obvious reasons) told me just after I arrived that senior Army officers feel every order they receive is delivered with next November's election in mind, so there is little doubt at and near the top about who is really being used for what over here. The resentment in the ranks toward the civilian leadership in Baghdad and back in Washington is palpable. Another officer described the two camps, military and civilian, inhabiting the heavily fortified, gold-leafed presidential palace inside the so-called Green Zone in Baghdad, as "a divorced couple who won't leave the house."
Meanwhile in Mosul, the troops of Bravo Company bunker down amid smells of diesel fuel and burning trash and rotting vegetables and dishwater and human waste from open sewers running though the maze of stone and mud alleyways in the Old City across the street. Bravo Company's area of operations would be an assault on the senses even without the nightly rattle of AK-47 fire in the nearby streets, and the two rocket-propelled grenade rounds fired at the soldiers a couple of weeks ago.
It is difficult enough for the 120 or so men of Bravo Company to patrol their overcrowded sector of this city of maybe two million people and keep its streets safe and free of crime. But from the first day they arrived in Mosul, Bravo Company and the rest of the 101st Airborne Division were saddled with dozens of other missions, all of them distinctly nonmilitary, and most of them made necessary by the failure of civilian leaders in Washington and Baghdad to prepare for the occupation of Iraq.
The 101st entered Mosul on April 22 to find the city's businesses, civil ministries and utilities looted and its people rioting in the streets. By May 5, the soldiers had supervised elections for mayor and city council. On May 11, they oversaw the signing of harvest accords and the division of wheat profits among the region's frequently warring factions of Arabs, Kurds, Turkmen and Assyrians. On May 14, a company commander of Alpha Company, Third Battalion, 187th Infantry Regiment of the 101st re-opened the Syrian border for trade, and by May 18, soldiers had largely restored the flow of automobile gas and cooking propane, shortages of which had been causing riots.
Since that time, soldiers from the 101st have overseen tens of millions of dollars worth of reconstruction projects: drilling wells for villages that had never had their own water supply; rebuilding playgrounds and schools; repairing outdated and broken electrical systems; installing satellite equipment needed to get the regional phone system up and running; restoring the city's water works; repairing sewers and in some cases installing sewage systems in neighborhoods that had never had them; policing, cleaning and reorganizing the ancient marketplace in the Old City; setting up a de facto social security system to provide "retirement" pay to the 110,000 former Iraqi soldiers in the area; screening and, in most cases, putting back to work most of the former Baath Party members who fled their jobs at the beginning of the war.
So many civil projects were reported on at a recent battle update briefing I attended that staff officers sometimes sounded more like board members of a multinational corporation than the combat-hardened infantry soldiers they are.…The Coalition Provisional Authority nominally has the job of "rebuilding" Iraq — using $20 billion or so of the $78 billion that recently flew out of America's deficit-plagued coffers. But during the time the 101st has been in Mosul, three regional coalition authority directors have come and gone. Only recently, long after the people of Mosul elected their mayor and city council, was a civilian American governance official sent to the area. And, according to the division leadership, not a nickel of the $20 billion controlled by the provisional authority has reached them.
"First they want a planning contractor to come in here, and even that step takes weeks to get approved," one officer in Mosul complained of the civilian leadership. "The planners were up here for months doing assessments, and then more weeks go by because everything has to be approved by Baghdad. If we sat around waiting for the C.P.A. and its civilian contractors to do it, we still wouldn't have electricity and running water in Mosul, so we just took our own funds and our engineers and infantry muscle and did it ourselves. We didn't have the option of waiting on the guys in the Green Zone."
But the guys in the Green Zone seem to have plenty of time on their hands. The place is something to behold, surrounded on one side by the heavily patrolled Tigris River, and on the three others by a 15-foot-high concrete wall backed by several rows of concertina razor wire and a maze of lesser concrete barriers. There's only one way in and out, through a heavily fortified checkpoint near the Jumhiriya Bridge guarded by tanks and Bradley Fighting Vehicles from the First Armored Division and an invisible array of British commando teams. More tanks guard key intersections inside the walls, machine gun towers line the wide boulevards, snipers man firing positions atop palaces great and small.
In all, hundreds of uniformed soldiers and heavily armed civilian security guards stand watch all day, every day over a display of grim garishness that would have given Liberace nightmares. If you're curious about how your tax dollars are being spent in Baghdad, you should get one of the many colonels strolling about the Green Zone to take you on a tour of the rebuilt duck pond across the road from the marble and gold-leafed palace serving as headquarters of an Army brigade. As I went to sleep one night a couple of weeks ago in the Green Zone, listening to the gurgle of the duck pond fountain and the comforting roar of Black Hawk helicopters patrolling overhead, it occurred to me that it was the safest night I've spent in about 25 years.
Which was a blessing for me, but a curse on the war effort. The super-defended Green Zone is the biggest, most secure American base camp in Iraq, but there is little connection between the troops in the field and the bottomless pit of planners and deciders who live inside the palace. Soldiers from the 101st tell me that they waited months for the Bechtel Corporation to unleash its corporate might in northern Iraq. "Then one of the Bechtel truck convoys got ambushed on the way up here three weeks ago, and one of the security guys got wounded," an infantryman told me. "They abandoned their trucks on the spot and pulled out, and we haven't seen them since."
"It's really not helpful when people down in Baghdad and politicians back in Washington refer to the `disorganized and ineffective' enemy we supposedly face," said one young officer, as we walked out of a battalion battle briefing that had been concerned largely with the tactics of an enemy force that is clearly well organized and very, very effective. After spending more than a week with the soldiers of Bravo Company, I know that they resent not only the inaccuracy of such statements, but the implication that soldiers facing a disorganized and ineffective enemy have an easy job.
No matter what you call this stage of the conflict in Iraq — the soldiers call it a guerrilla war while politicians back home often refer to it misleadingly and inaccurately as part of the amorphous "war on terror" — it is without a doubt a nasty, deadly war. And the people doing the fighting are soldiers, not the civilian employees of Kellogg, Brown & Root, or the officials of the Coalition Provisional Authority, or the visiting bigwigs from the Defense Department.
The troops in Bravo Company don't pay much attention to the rear-guard political wars being waged back in Washington, but they loved President Bush's quick visit to Baghdad on Thanksgiving. While it was clearly a political stunt, they were quick to credit the risks he took. I can confirm that flying in and out of Baghdad — even at night, when it's safest — is not for the faint of heart. A C-130 on approach takes a nervous, dodgy route, banking this way and that, gaining and losing altitude. Hanging onto one of those web-seats by only a seat belt (no shoulder harnesses), you're nearly upside down half the time — it would feel like the ultimate roller-coaster ride, except it's very much for real.
When Bravo Company troops roll out of the rack at 2 a.m. for street patrols, they walk the broad boulevards and narrow alleyways spread out as if they're walking a jungle trail — wheeling to the rear, sideways, back to the front; their eyes searching doorways, alleys, windows, rooftops, passing cars, even donkey carts — trying to keep one another alive for another day, another week, another month, whatever it takes to get home.
Meanwhile, two soldiers armed with M-4 carbines and fearsome M-249 Saws machine guns stand guard inside concrete and sandbag bunkers atop the Bravo Company camp's roof, while squads of soldiers patrol alleys with no names in Mosul's Old City, and everyone prays.
http://www.nytimes.com/2003/12/07/opinion/07TRUS.html?pagewanted=all&position=
IE 6.0 - QuirksMode - for all your browser quirks:
"QuirksMode.org is the personal and professional site of Peter-Paul Koch, freelance web developer in Amsterdam, the Netherlands. It contains more than 150 pages with CSS and JavaScript tips and tricks, and is one of the best sources on the WWW for studying and defeating browser incompatibilities.
It is free of charge and ads, and largely free of copyrights."
This site is quite large. The table of contents mostly leads to other tables of contents.
http://www.quirksmode.org/
"QuirksMode.org is the personal and professional site of Peter-Paul Koch, freelance web developer in Amsterdam, the Netherlands. It contains more than 150 pages with CSS and JavaScript tips and tricks, and is one of the best sources on the WWW for studying and defeating browser incompatibilities.
It is free of charge and ads, and largely free of copyrights."
This site is quite large. The table of contents mostly leads to other tables of contents.
http://www.quirksmode.org/
Subscribe to:
Posts (Atom)
Posts
