Unpaid Obama workers
Here is a story I ran into and thought I would share. I’ve included the content of the original article as well as a link to the original in case the link vanishes.
http://www.wthr.com/global/story.asp?s=9299280
Indianapolis – Lines were long and tempers flared Wednesday not to vote but to get paid for canvassing for Barack Obama. Several hundred people are still waiting to get their pay for last-minute campaigning. Police were called to the Obama campaign office on North Meridian Street downtown to control the crowd.
The line was long and the crowd was angry at times.
“I want my money today! It’s my money. I want it right now!” yelled one former campaign worker.
A former spokesman for the Obama campaign said 375 people were hired as part of the Vote Corps program and said people signed up to work three-hour shifts at a time. Three hours of canvassing got workers a $30 pre-paid Visa card.
The workers showed up to get their cards Wednesday morning at 10:00 am.
“There was a note on the door saying 1:00 pm and then at 1:20 pm everybody was like why is nobody here. They just got here and they’re trying to get it organized,” said Heather Richards, a former campaign worker.
The large gathering of around 375 people prompted police to call in extra officers and set up temporary barricades. The barricades helped keep the crowd from spilling out onto Meridian Street. Police say the several hundred people in line were for the most part orderly.
“No arrests. Some of the people were upset at first because the line wasn’t moving as fast as they thought it should. But we really haven’t had any problems,” said Major Darryl Pierce, Metro Police.
Eventually people did start getting paid, but some said they were missing hours and told to fill in paperwork making their claim and that eventually they would get a check in the mail.
“Still that’s not right. I’m disappointed. I’m glad for the president, but I’m disappointed in this system,” said Diane Jefferson, temporary campaign worker.
“It should have been $480. It’s $230,” said Imani Sankofa.
“They gave us $10 an hour. So we added it. I added up all the hours so it was supposed to be at least $120. All I get is $90,” said Charles Martin.
“I worked nine hours a day for 4 days and got paid half of what I should have earned,” said Randall Waldon.
Some people weren’t satisfied with filling out a claim form for money they felt was still due to them.
“They say that they gonna call you or they going to mail it to you, but I don’t know. We’ll see what happens,” said Antron Grose.
“Talking about they’ll mail it to us. I ain’t worried about that, man. They’re not going to mail nothin’,” said Martin.
Note: The comments tool has been disabled for this story. It is WTHR.com’s policy to approve all comments before they are posted because we aim to maintain a civil dialogue on our site. However, because of the large volume of comments generated by this story, we do not have the time to approve them – therefore they have been turned off. We are sorry for any inconvenience. While our goal is to encourage interactivity on our site, in this case, we simply do not have the staff to devote the time to approving comments.
iPod Search & Seizure
|
OTTAWA – The federal government is secretly negotiating an agreement to revamp international copyright laws which could make the information on Canadian iPods, laptop computers or other personal electronic devices illegal and greatly increase the difficulty of travelling with such devices.
The deal could also impose strict regulations on Internet service providers, forcing those companies to hand over customer information without a court order.
Called the Anti-Counterfeiting Trade Agreement (ACTA), the new plan would see Canada join other countries, including the United States and members of the European Union, to form an international coalition against copyright infringement.
The agreement is being structured much like the North American Free Trade Agreement (NAFTA) except it will create rules and regulations regarding private copying and copyright laws.
Federal trade agreements do not require parliamentary approval.
The deal would create a international regulator that could turn border guards and other public security personnel into copyright police. The security officials would be charged with checking laptops, iPods and even cellular phones for content that “infringes” on copyright laws, such as ripped CDs and movies.
The guards would also be responsible for determining what is infringing content and what is not.
The agreement proposes any content that may have been copied from a DVD or digital video recorder would be open for scrutiny by officials – even if the content was copied legally.
“If Hollywood could order intellectual property laws for Christmas what would they look like? This is pretty close,” said David Fewer, staff counsel at the University of Ottawa’s Canadian Internet Policy and Public Interest Clinic. “The process on ACTA so far has been cloak and dagger. This certainly raises concerns.”
The leaked ACTA document states officials should be given the “authority to take action against infringers (i.e., authority to act without complaint by rights holders).”
Anyone found with infringing content in their possession would be open to a fine.
They may also have their device confiscated or destroyed, according to the four-page document.
The trade agreement includes “civil enforcement” measures which give security personnel the “authority to order ex parte searches” (without a lawyer present) “and other preliminary measures”.
In Canada, border guards already perform random searches of laptops at airports to check for child pornography. ACTA would expand the role of those guards.
On top of these enforcement efforts, ACTA also proposes imposing new sanctions on Internet service providers. It would force them to hand over personal information pertaining to “claimed infringement” or “alleged infringers” – users who may be transmitting or sharing copyrighted content over the Internet.
Currently, rights holders must collect evidence to prove someone is sharing copyrighted material over the Internet. That evidence is then presented to a judge who issues a court order telling the Internet service provider to identify the customer.
The process can produce lengthy delays.
It is expected the new agreement will be tabled at July’s meeting of G8 nations in Tokyo, Japan.
Fewer has been following the progress of ACTA and has exhausted every avenue at his disposal to gain insight into its details.
He said Friday’s leak of a “discussion paper” which outlines the priorities of the agreement is the first glimpse anyone has into ACTA.
“We knew this existed, we filed an Access to Information request for this but all it provided us with was the title. All the rest of it was blacked out, ” he said. “Those negotiations can take place behind closed doors. At the end of the day we may be provided with something that has been negotiated which is a `fait accompli’ in which civil society gets no opportunity to critique it.”
Fewer expressed concerns about the part of the proposal that calls for ACTA to operate outside of accepted international forums such as the World Trade Organization (WTO), the World Intellectual Property Organization (WIPO) or the United Nations.
In the discussion paper, it is proposed ACTA create its own governing body and be overseen by a committee made up of representatives from member nations.
“This initiative is unprecedented,” he said.
The ACTA discussion paper was leaked online by Sunshine Media, the company that runs the Wikileaks.org website – a whistleblowing website created to help circulate secret documents.
In October, International Trade Minister David Emerson announced Canada would participate in ACTA’s creation. The initiative was originally aimed at stopping large-scale piracy, such as printing operations that make thousands of copies of movies that are still in theatres.
“We are seeking to counter global piracy and counterfeiting more effectively,” said Emerson at the time. “This government is working both at home and internationally to protect the intellectual property rights of Canadian artists, creators, inventors and investors.”
The new document is reported to be drafted by the Office of the United States Trade Representative.
A spokeswoman with the office refused to comment on the leaked document and directed all questions about ACTA to a short information circular about the initiative.
Michael Geist, Canada research chair of Internet and E-commerce law at the University of Ottawa and expert on Canadian copyright law, blasted the government for advancing ACTA with little public consultation. Geist said documents detailing ACTA’s plans would not need to be leaked online if the process was open and transparent.
“That’s what happens when you conduct all of this behind closed doors,” he said. “The lack of consultation, the secrecy behind it and the speculation that this will be concluded within a matter of months without any real public input is deeply troubling.”
Fewer and Geist said, once Canada signs the new trade agreement it will be next to impossible to back out of it.
In a situation similar to what happened in the Softwood Lumber trade dispute, Canadians could face hefty penalties if it does not comply with ACTA after the agreement has been completed.
The Department of International Trade did not respond to repeated requests for comment.
More Vista fun… again…
Vista “Out of Memory” errors by ZDNet’s Adrian Kingsley-Hughes — You just can’t seem to throw enough memory at Vista.
URI Protocol Security Hole
Original Article: http://security.itworld.com/5043/070815URIbrowserflaw/page_1.html
WOW! This is a huge hole into a system. I can use a URL on a web page to launch an application and via the app’s command-line, get that app to perform operations on a remote system.
Wikipedia list’s several official and unofficial URI protocols and their associated applications: http://en.wikipedia.org/wiki/URI_scheme
I found the CERT vulnerability listing at: Vulnerability Note VU#403150
I found a blogger posting about his discovery at: http://xs-sniper.com/blog/remote-command-exec-firefox-2005/
Microsoft KB Article 224816: http://support.microsoft.com/kb/224816
Internet Explorer 6 on the workstation I’m writing this entry on, is vulnerable to the URI exploit. I tested this by trying the harmlesss URL “telnet://localhost” on the system just to see if it would launch a telnet window. And… it works!
So, now to see what else I can do with a URI entry….
The blogger I found lists these as examples:
mailto:%00%00../../../../../windows/system32/cmd”.exe ../../../../../../windows/system32/calc.exe ” – ” blah.bat
Just paste that into a IE6 window or a Firefox 2.0.0.5 and watch what happens.
IE7 and Firefox 2.0.0.6 have been updated to be less susceptible to this. However, according to the articles I’ve found, the updated web browsers are still vulnerable, but you have to change the attack vector slightly.
Here’s the original article text:
New URI browser flaws worse than first thought
IDG News Service 8/15/07
Robert McMillan, IDG News Service, San Francisco Bureau
A little-known feature in the Windows operating system can lead to big problems for Web surfers.
Security researchers Billy Rios and Nathan McFeters say they’ve discovered a new way that the URI (Uniform Resource Identifier) protocol handler technology, used by Windows to launch programs through the browser, can be misused to steal data from a victim’s computer.
URI bugs have become a hot topic over the past month, ever since researcher Thor Larholm showed how a browser could be tricked into sending malformed data to Firefox using this technology. This bug allowed an attacker to run unauthorized software on a victim’s PC.
Later, other researchers, including Rios and McFetters, showed how other browsers and applications could be misused to achieve similar goals.
In the past days, however, Rios and McFetters have shifted their focus away from malformed data and have taken a close look at how attackers could simply misuse the legitimate features of software that is launched via the URI protocol handler, something they call “functionality based exploitation.”
Their initial results show that there could be plenty of ways to misuse this technology.
Though they will not name the company responsible for the software, the researchers said they have found a major flaw in a widely used program that could be misused to steal data from a victim’s computer.
“It is possible through the URI to actually steal content form the user’s machine and upload that content to a remote server of the attacker’s choice,” said McFetters, a senior security advisor for Ernst & Young Global Ltd. “This is all through functionality that the application provides.”
Rios and McFetters plan to release the results of their research after the vendor has had a chance to fix the problem, but this may be the beginning of a new round of problems with a technology that is just starting to be scrutinized by security professionals.
“It’s a hacker’s dream and programmer’s nightmare,” said Eric Schultze, chief security architect with Shavlik Technologies LLC. “I think over the next six to nine months, hackers are going to find lots of ways to exploit standard applications to do non-standard functions.”
By using these custom URI protocol names, software developers are trying to make lives easier for their customers. The Windows Registry keeps track of the names and associates them with programs, so that any time they are called up in the browser, the appropriate software is launched.
For example AOL LLC’s instant messenger client uses the name “aim.” So clicking on a Web link that begins “aim:goim” or putting the address “aim:goim” in the browser’s address bar will open an AIM instant message window.
The problem is that software developers have rushed to enable their applications without properly thinking about how they could then be misused by attackers, McFetters said. “We’ve had a hard time with a lot of these applications understanding why these applications are registering the URI at all.”
Firefox, for example, has used the “FirefoxURL” handler so users can launch Firefox out of Internet Explorer. “I still have a hard time understanding why they registered that,” he added.
These URI issues are complicated, even for software developers. Mozilla Corp. initially thought that Larholm’s bug needed Internet Explorer in order to be triggered, but this assessment turned out to be wrong, and two weeks later the Firefox team was forced to patch the same problem. “If an organization like Mozilla is having issues with understanding how a URI handler increases the scope and the attack surface of their applications, think about how hard it is for a small development shop,” McFetters said.
Microsoft is working to educate users and developers about these security issues, but there’s only so much that it can do, said Mark Griesi, a security program manager with Microsoft.
Griesi said that he does not see any of these URI issues as something that needs to be fixed in Windows or Internet Explorer. That’s up to the individual software developers whose programs may be misused. “Security is an industry responsibility and this is certainly a case of that [principle],” he said. “It’s not Microsoft’s position to be the gatekeeper of all third-party applications.”
-
Archives
- July 2009 (3)
- June 2009 (2)
- May 2009 (1)
- April 2009 (2)
- March 2009 (1)
- February 2009 (3)
- January 2009 (9)
- December 2008 (5)
- November 2008 (4)
- August 2008 (3)
- June 2008 (5)
- May 2008 (1)
-
Categories
-
RSS
Entries RSS
Comments RSS
