Hacker Tinkering With Yahoo Stories 387
Lifter writes "A hacker named Adrian Lamo had access for three weeks to the web-based content control system for Yahoo!'s news section, according to a story at SecurityFocus. He tinkered with a couple of stories without anyone noticing, then edited an August Reuters story about Dmitry Sklyarov, so that it said that Dmitry's program raised "the haunting specter of inner-city minorities with unrestricted access to literature, and through literature, hope." He also added a quote by John Ashcroft,"They shall not overcome. Whoever told them that the truth shall set them free was obviously and grossly unfamiliar with federal law." Funny stuff in itself, but the SecurityFocus story explores the harm that could come from a trusted news site being easily hacked in these times."
URGENT NATIONAL SECURITY BULLETIN (Score:5, Funny)
- They are shy or antisocial;
- They spend a large percentage of their free time on a computer;
- They are quick to criticize the government or corporations, often
complaining about their "rights online";
- They are obsessed with privacy;
- They have a tendency to play violent computer games;
- They frequently illegally copy music, movies, or software;
- They listen to aggressive, "alternative" music;
- They have an aversion to going outside;
- They like to reverse-engineer, or "hack", anything they can
for no substantive reason;
- They use software such as Linux, which is designed by and for
hackers.
For the sake of national security, please report all potential terrorists to the NSA [nsa.gov].Flight announcement (Score:3, Funny)
"Good Afternoon, Ladies and Gentlemen, welcome to Northwest Flight 571,
service to Los Angeles continuing on to San
Diego. Before we take off, we'd like to acquaint you with some of the safety
features of this Boeing 767. You know
about the emergency exits, oxygen masks, floating seat cushions, and so on,
so we will not waste time with those. Consult the cards in your seat pocket
for information on all features of our aircraft.
"Please do pay attention to the new security features.
"In the event of midair terrorism, a panel will open alongside the window
seat, containing two lightweight automatic handguns. They are fully loaded,
and extra clips are available in velcro straps. As the flight attendants are
now demonstrating, to operate the pistol, simply draw back the slide and let
it fall forward, then aim by lining up the slot in the rear site with the
front site, centered on the middle of your targets torso. Depress the
trigger repeatedly to fire. The pistol holds 10 rounds; after the last the
slide will lock back. Depress the clip release button located above the grip
on the left side, remove the clip and slide a new one into place. Please be
careful of your field of fire, and continue firing until your target goes
down.
"Your seats backs are equipped with kevlar armor, stay well down and aim
over the top or around the side.
"Your flight attendants are all armed with compact submachine guns; please
follow their lead in directing fire.
"If you feel you are unable to perform these duties, or are a conscientious
objector, please let our attentants know so
we can reseat you in the 'cowards rows' at the rear of the plane and not
bring you drinks or peanuts.
"For your safety, the aisles are equipped with electrified strips and
computer controlled antipersonnel mines. For this
reason, please remain in your seats until the captain has signalled all clear.
"Note that the area around the cockpit is cleared of seats and marked with
contrasting carpet. Under no circumstances
should you cross this barrier during flight, various automatic devices will
be activated to protect the cockpit.
"The hatch in the floor at the back of the cabin is similarly marked and
should be avoided during flight.
"Anyone creating a disturbance, caught tampering with the pistol cases or smoke detectors in the lavatories will be apprehended and ejected via the rear floor hatch.
"Thank you, and have a pleasant flight. We know you have a choice when you fly, and we thank you for choosing Northwest..."
Re:Flight announcement (Score:1)
This is why El-Al [elal.com] employs professionals [usatoday.com] in this capacity.
Re:Flight announcement (Score:2)
And that's great, and we should too, but don't get too complacent about the competence of those "professionals."
Do you know any cops? Friends of friends who are cops? If you do, start asking them about firearms training... how often they have to go, how well they have to shoot. You will likely find that most cops consider their firearms training to be a chore... a pain in the ass, to be taken care of as quickly as possible.
A disturbing number of cops can't even pass their periodic shooting qualification tests, and they get "do-overs" and other special treatment.
When I was in my early 20s I went to the cop range in Montebello, CA... a relative was the assistant rangemaster there. I took the cop qualifying course of fire. That was the 2nd time I had handled a pistol. And I passed, and I scored in the 50th percentile.
Did you get that? New shooter that I was at the time, I still did better than HALF THE DEPARTMENT. And while I do have some small talent for pistolcraft, I am NOT a prodigy. In fact, back then I plain sucked.
The fact is hobbyist shooters will very often be better shots than the police. Hobbyists LIKE their guns. They practice because it's fun. Have you ever seen a modern tactical pistol match? The master shooters are like damn SUPERHEROES, they can shoot so well. It's really amazing.
Most cops shoot a couple of times a year, when regs force them to, and they don't take the gun out of the holster in between.
True story from the Glendale CA PD: An officer (female, not that it matters) goes in for her qualifying, which happens twice a year there if I remember right. She goes into the range, draws and fires... and nothing happens. Turns out there was no magazine in her weapon. She had removed it after her last qualifying trial, months before, and never replaced it... and never noticed. D'oh!
True story, Bell, CA: Cops are hidden behind their car, exchanging fire with a criminal. I forget the specifics. Another cop drives up, runs over to them and joins in. As he shoots, he says, "Hey guys, what are we shooting at?" (This is not a joke.)
I got both those stories from eye witnesses in the departments.
I'm a big cop supporter, so don't flame me for those illustrations. I'm just pointing out that firearms skill is not generally a big cop strength until you get to the elite units.
Those El Al cops -- I bet they are pretty good though. Israel doesn't screw around in matters martial.
Re:Flight announcement (Score:2)
Interestingly, the UK has strict gun control but a I recall their latest stats show a great increase in illegal gun use anyway. Consequently, the famous "bobbies" are often packing heat now too.
Re:Flight announcement (Score:2)
Interestingly, the UK has strict gun control but a I recall their latest stats show a great increase in illegal gun use anyway. Consequently, the famous "bobbies" are often packing heat now too.
Only armed response teams which are relatively rare, and interestingly enough, plenty of those are now refusing to carry firearms as well due to various incidents where people have been mistakenly shot.
Re:UK and guns (Score:2)
And the Gestapo, and the KGB, and the Ministry of Love... Sure, there are some very vocal anti-gun organizations in American, but generally we love our guns over here; just watch our movies and you'll see what I mean. Why? Well, part of it is no doubt just cultural and some people don't even think about it. Part of it is that we are a free people, and we have grown to like that feeling. By saying "free" I don't mean that a bunch of people in the gov't have decided that they will "let us have freedom," because in that case your freedoms are based on the trustworthiness of your gov't*. No, I mean that we are free in the sense that the gov't doesn't "let us have" anything; we dictate to the gov't what we want, because unlike most industrial nations most people (even in the gov't) believe that "we the people" could kick the government's @$$ if it were necessary. "We the people" are masters of our destiny and are free because we say so, not because of the good nature of some generals or politicians. I don't know if most pro-gun people would explain it that way, but I think deep down we like the feeling of being masters of our own destiny; the feeling is intoxicating. If the historians are right in saying that over the long term a government will only be stable when the distribution of political power and military power are along the same lines (otherwise the group with the military power could eventually realize that they can "veto" all the other groups with force), then there are very few nations that can claim to be "naturally democratic." We are one of them, and people don't want to it up.
It isn't that we don't care about the kids who get shot any less than other nations; but we also think about the kids two, three, or maybe even ten generations from now when America may be beset by some horrible political or military crisis that we cannot even imagine yet. We don't want that future generation of Americans to be defenseless before their oppressors or invaders because we in this generation wanted to feel safer.
Unfortunately oppression is not likely to come as in Red Dawn, or by some president just announcing "screw this democracy thing, I'm going to be King!" It will come subtly. It will tell the people that they would be much safer if society would just restrict the power of the individual. Cryptography, firearms, etc. are dangerous and we should get rid of them "for the safety of the children." In reality, by the time the brown-shirts and the Gestapo show up and we realize what we have done it will be too late. Hopefully that will not happen here.
Also, firearms are generally democratic. With them an 80 year old person in a wheelchair or a dainty 100lb. woman is capable of killing the strongest attacker. In a primitive society, the strong may have power over the weak. But the gun is an invention that is relatively inexpensive, fairly easy to learn to operate, and will "level the playing field" between the weak and the strong. As the saying goes "God made man, but Samuel Colt made them equal." It is nice to know that even though you are not Steven Segal or Chuck Norris you do have the capacity to defend yourself and your family from attack, and don't have to wait on someone from the alarm company or the police dept. to come help you (very important in rural areas where that can be a long wait). That feeling, too, is intoxicating and people naturally don't want to give it up.
Sure, I suppose there might be a few pro-gun people who simply base their position on the argument that the number of people who's lives are saved by having guns is larger than the number of people killed by having one, but I have never met one. The vast majority of us believe in that oft quoted (on this site) Ben Franklin saying about the dangers of trading freedom for a little, temporary security. We know instinctively what Mao had to teach his followers: Power flows from the barrel of a gun. "We the people" have tasted power. We like it. And we are loath to give it up. Is that bad? I'll leave that for you do decide for yourself. I'm sure there are some people who would argue it is.
"but just arming everybody with more and more guns seems to be increasing the problem rather than solving it."
SEEMS is the operative word here. If it were just guns, then places like Switzerland (another free nation) would be killing fields; but they aren't. If gun control worked then places in American that do have strict gun control, like Washington D.C., would have less violent crime, not more. Your opinion that guns SEEM to be the problem is probably about as informed a decision as 72% of the nation thinking that "back doors" on encryption technology would prevent terrorist attacks. In reality, proving the exact effect of gun ownership and gun concealed carry permits on crime is a statistical exercise that is a little more complicated than forming opinions and vague feelings from what you see on the evening news. If you are serious enough in your "feelings" on guns that you want to take away people's ability to defend themselves; I suggest you do a little reading on the subject. My recommendations would be Guns : Who Should Have Them? by David B. Kopel (a fairly moderate but pro-gun conclusion) and More Guns, Less Crime : Understanding Crime and Gun-Control Laws (Studies in Law and Economics (Chicago, Ill.).) by John R., Jr. Lott (you can guess his conclusion from the title). Perhaps some anti-gun people could suggest books that interpret things differently so you could hear both sides of the argument about just how much security we are giving up for that liberty and power I mentioned earlier.
*On such big issues, most politicans are actually trustworthy. Most politicians (in this nation at least) would not set themselves up to be King even if they could. Most.
of Guns, Newspapers, and Volunteers (Score:2)
I have not heard any information on the source of guns used in crime, so I will have to take your word for that. If criminals could not steal guns from people, I guess they'd have to get them from somewhere else. Maybe they could smuggle them into the country hidden in the tons of cocaine they already smuggle.
"most people end up getting shot with their own hand gun"
That is such a ridiculous statement that I don't even feel the need to disprove it. Even assuming you meant to say "most hand gun owners" or "most murder victims" instead of "most people" that is still a fantastic claim, and I would like to know the source (and methods) for where this bizarre statement comes from.
"Show us one example in the news where some crime was thwarted because someone had a hand gun"
O.K. I'll try to make it something local (to me) and recent. The Fayetteville Observer has reported two such incidents so far this year that I can think of. One was Spiro Poulos's pizza shop robbery (1/17/01) and the other was Rastus Hudson up in Dunn (6/26/01). You asked for ONE, so I'll just relate the story of Mr. Hudson because it illustrates my point about guns giving the weak or elderly a chance to fight back against stronger opponents.
-- begin quote --
A Dunn, NC, man and his wife were awakened about 2am by the sounds of someone beating on their back door. Two armed men then kicked in the front door and entered the living room. The suspects allegedly threatened to kill the homeowners. "I begged them not to kill us," said Rastus Hudson, 61. "I told them I'd give them anything we had." Under the pretense of retrieving his wallet, Hudson pulled his handgun from under a mattress and started firing, trying to scare the men away. They did not leave until Hudson shot one of the home invaders in the shoulder. Maj. Steve West of the Harnett County Sheriff's Dept. said that Hudon "has the right to protect his home and his family."
-- end quote --
That is as reported in The Fayetteville Observer of 6/21/1. Any typos are probably my mistakes in transcribing the quote. I'm sure some people will say that it is entirely possible that the invaders would have upheld Hudson's plea not to kill them; but we'll never know for sure. We do know that they left after Hudson used his firearm to protect his home and family. This is what I was talking about when I mentioned that guns allow people to be "masters of their own destiny." Up until Mr. Hudson pulled the gun out and used it his fate was in the hands of his assailants. They were in a position to show mercy or not. By taking action, Mr. Hudson put his own destiny in his hands. There was no doubt still a chance that he could die when he reached for that gun, but he choose to meet his fate standing and fighting instead of hoping others would show him mercy. A lot of people like the feeling of being able defend themselves, even into their old age. Like I said, power over your own destiny is an intoxicating feeling. That is why a lot of people like to own guns; even if they couldn't explain it that simply.
"And don't give me the line that the Constitution says we can own guns
So nice to see that you don't think I have a right to own firearms. Fortunately you aren't Emperor of the World, so unless you have an army marching into my town soon I can pretty much ignore your opinions of what my rights are and aren't. For the record, the constitution says "the right of the people to keep and bear arms, shall not be infringed." I am a people. (The grammar checker had a fit with that sentence.) So, even though it does mention the necessity of a militia, it does not say that only the militia can keep and bear arms. Of course it doesn't matter what I think (unless I am willing to rebel against the gov't for it, which I have no plans to do so... that is a very expensive hobby that I have no interest in). It doesn't matter what anybody thinks other than the Supreme Court. The Supreme Court has not ruled directly on this issue, and both sides of the debate have avoided pushing The Court to do so (if they ever did rule definitively, it would put both the pro and anti gun lobbyists out of a job). The Supreme Court has specifically mentioned the right to keep and bear arms as being an "individual right" and not a "state right" in majority decisions; but it did not specifically refer to the 2nd amendment when doing so, so it is possible that these references could be construed to refer to the many state constitutions which give their citizens the right to keep and bear arms. The closest any ruling has come to addressing this issue was U.S. vs. Miller back in the 30s. Unfortunately that was a very confusing and contradictory ruling that actually misquotes other cases (you don't have to take my word for it, you can wade through the decision yourself at www-2.cs.cmu.edu/afs/cs/user/wbardwel/publi c/nfalist/miller.txt, watch out in case
""well organized militia" i.e. the National Guard, or Police"
Obviously you don't understand what a militia is. The police are NOT a militia unit, although some individual policemen may be in the militia. The National Guard can be construed as militia... until they are federalized. Technically I am in the militia (as are almost all able bodied men in the United States, I forget the age cutoff right now but I think it is 17 to 67 or something like that), but that is mostly an academic point and even in light of recent attacks I cannot foresee Congress calling on the general militia to fight a war in my lifetime. Just to be philosophically consistent I do wish that Congress would make the symbolic gesture of passing an updated Militia Act that extends it to able bodied women as well (only women in unfederalized national guard units are included now), since we did give them the right to vote and all. There ARE real "organized militia" units still in existence. I'm not talking about "special militias" that are not affiliated with any government or even the National Guard. I mean real state militias whose officers are appointed by state governors. For example the Tennessee State Guard still exists and consists of a light infantry division (my home state didn't earn the nickname "Volunteers" for nothing). The organization traces its roots back to the Revolutionary War; Tennessee State Guardsmen crossed the Appalachian Mountains to fight the British in North Carolina, culminating in the Victory of King's Mountain in 1780. Most recently the State Guard was activated from 1941 to 1947 to guard dams, bridges, and other vital sites in the state from sabotage when the federal government nationalized the state's National Guard units (the State Guard cannot be nationalized). They were reorganized and changed to the Tennessee Defense Force in 1985, but I guess that didn't sound as cool so they have recently been renamed the Tennessee State Guard again. More information on them is available at: http://home.att.net/~dcannon.tenn/TNSG.html . Many other states have their own state militia units but since I was raised in TN, I know its history best.
Re:Flight announcement (Score:2)
Re:Flight announcement (Score:2)
Re:Flight announcement (Score:2)
Re:Flight announcement (Score:2)
The bends occurs when "dissolved" (can't remember the correct term) nitrogen in the bloodstream reverts to gaseous form upon pressurization.
That (and nitrogen narcosis) is why it's smart to use oxygen-helium going below about 200ft.
Re:Flight announcement (Score:2)
Bends occur when the depressurization rate is faster than what the bloodstream and tissues (biologically inert gases dissolve throughout the whole body, from the bloodstream, nerves, muscles, organs to even the bones) can restitute the dissolved gases which then forms bubbles who have an adverse pathological effect.
The reason why gas mix are used is to decrease the oxygen partial pressure (remember Dalton's law! [aquaholic.com]), because oxygen becomes a violent neurotoxic at over 2 atmospheres (10 meter depth=1 extra atmosphere).
Roughly, air is 20% oxygen, so it would become toxic at 100 meters deep. But the problem is that well above that depth, nitrogen introduses narcosis (which feels mightly good, except that you stop thinking straight and might you do foolish things).
For this, custom gas mixes are used either to prevent narcosis (for deep dives - the record is, I believe, 600 meters with a mixture of about 4% oxygen and 96% hydrogen - yikes!!!) by replacing nitrogen, or to prevent the risk of bends in shallow dives (like 60% nitrox, that is 60% oxygen and 40% nitrogen, which would be toxic at 30 meters).
Re:Flight announcement (Score:2)
Military jumpers sometimes make HALO (High Altitude Low Opening) jumps from 36K ft with O2 masks (maybe higher). The temps up there are arround -45 degrees F but the low pressure causes evaperative heat losses to. I remember that at the Guinnes record was something like 33Kft for surviving a fall from an aircraft w/o a cute and surviving, the guy alnded on the edge of a steep, snow-cover revine but broke about everything.
As for the topic Lamo should get a medal and Yahoo should have to write "Terrorist love steganography one thousand times".
Re:Flight announcement (Score:2)
10 meters is about 30 feet, your diver 15 feet down would get 1.5 bar of pressure (don't forget about the whole atmosphere above the water surface!!!), which is well below the gradient for being bent...
Re:Flight announcement (Score:2)
It depends very much exactly what gets damaged in the process. Aircraft don't fly too well without flight controls.
Combat Bomber similar to Airliner (Score:2)
The semi-monocoque construction of such strategic bombers is the same type of construction used in civilian airliners, as are the materials used.
Because the bomber was expected to take fire, and it was a 1st generation pressurized design, it did probably have a greater factor of safety in the thickness of the skin and structure. This would have made it harder to penetrate the skin, but once penetrated the crack propogation characteristics should be similar enough for our purposes. On the other hand, modern airliners are designed with multiple load paths specifically to make them more tolerant of damage and less likely to fail catastrophically. So if a crack from a penetration did propogate it would likely have done MORE damage to the old bomber than to a new airliner. The modern airliner is probably also manufactured to a higher quality standard than the old bombers, so that too would make the airliner actually more tolerant of damage than the bomber.
Re:Flight announcement (Score:5, Funny)
Re:Flight announcement (Score:3, Insightful)
I also think the safety briefing should include a warning to only use the airline-approved frangible ammunition for the guns; otherwise some idiot with a few FMJ rounds in his pocket is likely to stick them in the gun and decompress the plane during the firefight. Other than that, I think that is a good briefing.
Re:Flight announcement (Score:2)
Also, the proposed humorous flight announcement clearly indicated that access to the guns would only be released in the event of a skyjacking.
Re:Flight announcement (Score:2)
Perhaps to make the foreigners feel more comfortable, we should add a pair of little tin badges in the panel and have part of the fine print on everyone's boarding pass instantly deputize (or conscript) them in the event that the captain presses the "terrorism" button that releases access to the guns. That way they can feel all warm and fuzzy inside as the passenger compartment fills with lead and shrapnel. Hey, it is no more insane than some of the fine print on software licenses...
Re:Flight announcement (Score:2, Funny)
counter: "has anyone unknown to you...."
passenger: "no"
counter: "are you familiar with the operation of firearms?"
passenger: "what kind of firearms?"
counter: "revolvers"
passenger: "yes"
counter: "In the event of an onboard terrorist event, would you be willing to use deadly force to save the lives of your fellow passengers?"
passenger: "yes"
counter: "place your hand in this device, sir.
passenger: [places hand in countertop box that writes a smart chip that will only enable the gun for his fingerprint, and cross-links the print to FBI national fingerprint database]
counter: [puts chip in revolver. Revolver is a 6-shot
Re:Flight announcement (Score:2)
Cheap, easy, 100% effective and the airlines save money on drinks, peanuts and in-flight movies.
Re: Flight announcement - Explosive Decompression (Score:4, Informative)
What happened with the Comet was a result of crack propagation and stress concentration.
Stress concentration (for those who don't already know) is a phenomenon that occurs when you have a discontinuity in a load bearing structure. Imagine a plate with a hole in it which is under load. The area of the plate away from the hole has a fairly constant stress that can be calculated with your "ideal" equations. As you get near the hole, however, the stress in the material increases; it is as if the hole literally concentrates the stress into that area, hence the name "stress concentration." The smaller the radius of the hole, the greater the stress concentration. In order to keep the stress in the material low, engineers will design things so that they have as large a radius as possible anywhere the geometry changes. Square corners are avoided, because at a perfectly sharp corner you have an infinitely small radius and therefore an infinite stress concentration. Take a look at the rounded corners and stress reliefs on some items around your home or office. The material around a sharp corner will fail under almost any load. At the point of cracks or tears you also have one of these "near infinite" stress concentrations. That is how the little sharp cut at the "tear here" location of potato chip bags and ketchup packets works.
Well, the engineers who made the Comet put in square windows, with those wonderful stress concentrators in the corners. As the aircraft was pressurized and depressurized it stressed the material and in the area around the corners of the window the stress was highly concentrated and the material failed... it cracked. And the crack is also as stress concentrator, so the crack grew with every cycle of pressurization and depressurization until the structural integrity of the airplane was compromised and the force caused by the pressure difference between the inside and outside of the aircraft "unzipped" it like someone opening a bag of chips. Cracks in aircraft structures still cause problems, but it doesn't cause the airplane to "explode" like something out of the movies. One or two sections of the skin may be peeled off, and the airplane decompresses "suddenly" (which is why it is called explosive) but the airplane doesn't just detonate. Some of you may remember back in the 1980s this happened at the intersection of a structural support and skin to a 737 headed to Hawaii and it lost 18 ft. of skin (and a flight attendant).
Could a bullet hole cause similar rapid crack propagation and sudden decompression? Not a clean one, the radius is too big. I suppose little star cracks could exist around the hole that could propagate, in theory; but I doubt the damage would ever be worse than that experienced by the aforementioned 737. I am familiar with aircraft conceptual design, but am not an expert on aircraft survivability so IANAEOAS, however I have never heard of any survivability enhancement programs that focus on preventing structural failure from projectile or fragmentation damage to the skin of pressurized aircraft. Structural failure is one of the rarest causes of military aircraft loss(fuel and propulsion systems are the big problems), and is not usually a high priority on increasing aircraft damage tolerance. Civilian aircraft structures are not sufficiently different to negate the usefulness of this historical data. Of the 34 modern airliners that were subjected to in-flight bombings, 56% survived; of those only 10 crashed because of structural failure. If anyone is interested in the effects of aircraft pressurization on enhancing damage can take a look at http://www.dtic.mil/ndia/aircraft/21.pdf. It is significant, but not what I suspect most people would imagine. My best guess, is that any shot which punctures the skin will cause pressure loss. It would take a lucky shot in an older aircraft to unzip a portion of the skin, even then aircraft would likely not be lost. A modern airliner with multiple load paths would be even harder to "unzip," maybe impossible without multiple penetrations. As I said, though IANAEOAS, so if anyone does have specialized knowledge to the contrary I'd certainly like to see it. If no one does have any data or specilized knowledge in this area that contradicts this, then lets please stop rehashing this "bullets vs. aircraft" debate. Of course the smart thing would just be to use frangible bullets that won't penetrate.
Re:URGENT NATIONAL SECURITY BULLETIN (Score:3, Funny)
Re:URGENT NATIONAL SECURITY BULLETIN (Score:2, Funny)
hey - MS Flight Simulator isnt violent
the sad part (Score:2)
We're in for some rough times...
Uhm Duh? (Score:1)
all this text is here to bypass the lameness filter because it stinks
Maybe other sites were hacked as well? (Score:1)
Re:Maybe other sites were hacked as well? (Score:2, Funny)
Re:Maybe other sites were hacked as well? (Score:2)
humorous (Score:1)
but at the same time, I can't help but find
the humor in it.
Does anybody have any links to a copy of the original Yahoo article?
Yahoo (Score:1)
Re:Yahoo (Score:1)
The problem is that people still trust everything they read, despite what all of our mothers told us.
How do we know? (Score:5, Funny)
Re:How do we know? (Score:1)
And how exactly do we know that your post was not altered? Its a CONSPIRACY I tell you!!!
Re:How do we know? (Score:5, Funny)
Re:How do we know? (Score:3, Funny)
Hmmmm... (Score:1)
How do we know that this story wasn't altered by a hacker that has access to slashdot?
Kinda funny (Score:1)
We need more people like this (Score:3, Insightful)
Consider it freedom of speech, and of the press, and of petition for redress of grievances, updated for the modern age
Re:We need more people like this (Score:2)
i do feel sorry for these guys though (if it's real)
wired coup [cuntbubble.com]
Re:We need more people like this (Score:3, Interesting)
I have to see something several different places (which are not obviously merely copying one another) before I'll start to seriously give it much consideration as fact--and even then, realize that large parts of the story will be missing or incorrect for other reasons.
One of the best things about last week, though, was that in the middle of all the chaos and speculation, there were a lot of private individuals who just took some time out and posted up pictures they had taken or things they had seen with their own eyes. Put enough of those things together, and you have a far more accurate story than what a single reporter can do in the same amount of time.
Re:We need more people like this (Score:2)
e.g. the U.S. government -- aren't relying on Yahoo! News for information.
Good news: The U.S. government doesn't rely on Yahoo! News as its primary source of information.
Bad news: The U.S. government is strongly influenced by the U.S. general population, many of whom do rely on news sources as reliable as Yahoo! News
Re:CIA might use Yahoo! News. (was Re:We need more (Score:2)
Yeah, I'm pretty sure they check against Fox News too.
Security? (Score:5, Insightful)
Now in the company where you work, how hard would it be for a person in the general public to walk-in and act like a new client or staff member and gain access to sensitive information?
The problem with computing security in general is that it is more often exploited than flaws in physical security. IT departments don't know how to read www.microsoft.com/security and RedHat's update/errata page. They find security too difficult and do not place it high on their priority lists.
- x-empt
Re:Security? (Score:2)
Of ALL the organizations I've worked in, both in England and the US, only one has impressed me on the level of security, and that was the SERC Daresbury Laboratory.
Hey, sure, it wasn't brilliant, but it was hardly intended to be. For what it was designed to do, it did its job magnificently. And that's all any security is supposed to do.
(Passwords were strong, dial-in lines were call-back & manually authenticated, etc. Physical security was via electronic locks.)
The weakest I've seen has to be at, well, just about any University I've worked at or studied at. NASA wasn't too hot, either, which surprised me. For such intelligent people, they could do some amazingly stupid things.
(Sendmail 2.6 should not be considered the safest piece of software in the Universe. Yet I've seen plenty of machines, open to the world, -still- running this museum relic. There are even copies of GateD 3.0 in active use, on desktop Unix boxes. I'm sorry, but you can't blame the mice for feeding, if you're handing them swiss cheese.)
All in all, I'd love to see organizations fined for encouraging computer-related crime, when they actively make themselves vulnerable.
(This is very different from when computers are vulnerable, either because there is a genuine reason for the vulnerability to be present, OR because the vulnerabilty was not public knowledge at that time. Organizations have a responsibility to be responsible, not gods. No human is omnipotent, omnicognent and omnipresent, and should not be penalized for not being something they could never be.)
Re:Security? (Score:2)
With the anti-encryption hype in congress, soon we may not have good security at any level. It's bad enough today when things aren't kept upto date, but how much worse will it be when you aren't allowed to be secure?
I find it so fitting that this story came directly after the story on public distrust of secure encryption.
Re:Security? (Score:2)
I think the better way to help security is to make it less necessary. If the systems, on a low level, don't allow destruction then the hacker will only be able to fiddle. Better, more wide-spread version control would be good, for instance. That protects against not just maliciousness, but unintentional mistakes as well (which are more common).
Of course, better security is always better. But more locks are a pain, and every lock needs a key (or probably twenty of them). Every key is a potential hole. We need less boats and more intertubes.
Re:Security? (Score:2)
This is very very dangerous - it's a lot better for a hacker to destroy than to fiddle (ObOntopic: as per the Yahoo stories). If the story is gone then you know something is wrong, but if the details are subtly changed, who is to know?
Better, more wide-spread version control would be good, for instance. That protects against not just maliciousness, but unintentional mistakes as well (which are more common).
Version control is better, but you still have to notice that the malicious change has been added, and then find who did it (or at least who the attacker was pretending to be) and remove it.
To use CVS as an example - if somebody has made a malicious change at -r1.4, you have to check out -r1.3 and also take a diff from -r1.4 and -rHEAD, then apply that diff to -r1.3 and hope nothing breaks, if it does then you have to work out what was depending on the malicious code, and hope that they didn't hide the malicious code along with a bunch of architectural changes that everyone assumed were legit because they helped.
(in which case you need to reverse engineer their changes and throw out the bad bits).
This takes a lot of time with code, and is almost impossible for things like masses of data with only occasional bits modified, and that within parameters.
Can you imagine what would happen to a mining company if someone managed to change their survey data so they dug a mine in the wrong place? Not a massive change probably (low order bits on GPS data or similar), but enough to cost millions of dollars.
On the other hand if the data is deleted then you know it's gone and can try to recreate from backups.
The biggest danger is that small changes will go un-noticed until the backup loops are over-written and there's enough real work done since the last clean offsite backup (surely everyone keeps at least one every few months) that it takes more work to recreate everything than to throw it away.
new laws need to be passed to prevent this (Score:1, Funny)
so how is that a hack? (Score:1)
I don't know how many times dipshits here in my office have suggested that parts of our app were sucure b/c "how would anyone ever figure out that url" - duh - so I showed them.
what pisses me off is these people are everywhere and don't get fired and are still allowed to make these retarded design decisions.
Re:so how is that a hack? (Score:2, Interesting)
From the article (which you might consider reading...)
Proxy problems
Yahoo! declined to comment on the specifics of the hack, but as described by Lamo, modifying the portal's
news stories didn't require much hacking. He made the changes using an ordinary web browser, and didn't
need to do so much as enter a password.
The culprit in this case was a trio of proxy web servers that bridged Yahoo!'s internal corporate network to the
public Internet. By configuring a web browser to go through one of the proxies, anyone on the Internet could
masquerade as a Yahoo! insider, says Lamo, winning instant trust from the company's web-based content
management system.
Hrrm, if he cracked /. (Score:1)
Donations! (Score:1)
If malicious hacking has to exist, it should certainly be in the style of The Onion [theonion.com].
Re:Donations! (Score:2)
Not sure, but I bet you will be able to write to him shortly c/o Dept. of Corrections.
MD5/PGP Signing could prevent this. (Score:5, Insightful)
Re:MD5/PGP Signing could prevent this. (Score:2)
Re:MD5/PGP Signing could prevent this. (Score:2)
Re:MD5/PGP Signing could prevent this. (Score:2)
Re:MD5/PGP Signing could prevent this. (Score:2)
And you're right, strictly speaking, having certificates does not require strong encryption. But if you've got them, there's not much you can actually do with them that doesn't require strong encryption.
Re:MD5/PGP Signing could prevent this. (Score:3, Informative)
MD5 signing CAN be very useful (Score:2)
Re:MD5 signing CAN be very useful (Score:2)
Re:MD5/PGP Signing could prevent this. (Score:2)
Re:MD5/PGP Signing could prevent this. (Score:2)
Well, for one thing is the media we're talking about, expecting them to have a clue is wishing thinking. Also, how many people would bother verifying them? You and I, perhaps, but certainly not the public in general. And certainly not one that favors backdoors in crypto [slashdot.org].
Re:MD5/PGP Signing could prevent this. (Score:2)
A distributed system like that is harder to secure. So you have a PGP signature... do you give every priviledged person the private key? No, that doesn't work at all, since people come and go, and probably don't keep good personal security anyway.
So now Yahoo needs it's own certification -- not just a key chain, since a person who's priviledged at one point may not be in the future. Now it's a matter of breaking into the certification and adding your certificate. Maybe harder, but when you consider how much extra work Yahoo would have to do to even get to that place...
And then, who's really going to check those keys? People? No one would bother. The system? Well, hack the checking system.
Security is a system. Signatures are no silver bullet, and they are a PITA to manage and use.
OTOH, sending notification to original editors/authors when the article is modified is not only useful for security, but generally useful. Keeping good version information would be good too. So that might work well (though of course you could always hack the notifying system).
Re:MD5/PGP Signing could prevent this. (Score:2)
Anyway all you'd have to do is 0wn the signature machine, break enough signatures that they turn the alarm off, and the rest of the site is yours. Social engineering is often the most effective attack.
-jhp
Re:MD5/PGP Signing could prevent this. (Score:2)
Re:MD5/PGP Signing could prevent this. (Score:2)
I would doubt that a site that receives as many hits as Yahoo would deliver their news stories "served up dynamically". More reasonable to assume is that this "web-based content control system" is some sort of template which allows the news editors, or journalists the ability to pull up a web page, and submit or edit their stories via a web form.
The original directory was completely dynamic, but it used a proprietary server which they wrote themselves. Dynamic content is not necessarily any slower or more intensive than static content. If done properly it can actually be faster (since smaller disks have faster seek times, for instance).
In related news... (Score:1)
http://bbspot.com/News/2001/09/surrender.html
Has anyone else been getting Yahoo spam today? (Score:1, Offtopic)
Here's the entirety:
Click these links to see recent news and up to the minute stats:
Current link
http://finance.yahoo.com/q?s=ivoc.ob&d=v1
52 week link
http://finance.yahoo.com/q?s=ivoc.ob&d=c&k=c4
Please FWD this email to your associates of similar interests..... Sorry for any
intrusions.
Disclaimer: Neither Corporate America nor the writers of this communique makes
specific trading recommendations or gives individualized market advice.
Information contained in this newsletter is provided as an information service
only. Corporate America recommends that you get personal advice from an
investment professional before buying or selling stocks or other securities. The
securities markets are highly speculative areas for investments and only you can
determine what level of risk is appropriate for you. Although Corporate America
obtains the information reported herein from sources that it deems reliable, no
warranty can be given as to the accuracy or completeness of any of the
information provided or as to the results obtained by individuals using such
information. In no way should this be construed as a recommendation to buy or
sell a particular security.
Not Interested: http://www.cyberxworld.com/cleanlist.html
I dunno... (Score:3, Insightful)
Seriously, though, disinformation and "information terrorism" may not be as lethal as 110 floors of concrete dropping on you, but for precicely that reason, it's much more insidious, with an impact that no amount of bulldozing can ever clear away.
It's also much more common. AFAIK, only two buildings of that size have ever been felled through malice. On the other hand, virtually every political and commercial organization has at least one "spin-doctor" - the popular name for info-terrorists.
If the US is serious about its war on terrorism, it should first prove itself, by eliminating all spin-doctors from the Government, and demanding rigorous honesty and accountability within all sectors not directly tied to national security.
Yes, NS has to be an exception. Otherwise you get into some, ummm, interesting situations:
Passport Control Officer: Are you a foreign spy?
Foreign Spy: Yes. I'm here to learn all your secrets.
Passport Control Officer (into microphone): Psychiatric Unit to Gate 4, please.
Re:I dunno... (Score:2)
Re:I dunno... (Score:2)
text of the article (Score:1, Informative)
Here's the original article. (Undoctored I promise
Yahoo! News hacked
Hacker tinkers with with news articles undetected.
By Kevin Poulsen
September 18, 2001 4:25 PM PT
In a development that exposes grave risks of news manipulation in a time of crisis, a hacker demonstrated Tuesday that he could rewrite the text of Yahoo! News articles at will, apparently using nothing more than a web browser and an easily-obtained Internet address.
Yahoo! News, which learned of the hack from SecurityFocus, says it has closed the security hole that allowed 20-year-old hacker Adrian Lamo to access the portal's web-based production tools Tuesday morning, and modify an August 23rd news story about Dmitry Sklyarov, a Russian computer programmer facing federal criminal charges under the controversial Digital Millennium Copyright Act (DMCA).
Sklyarov created a computer program that cracks the copy protection scheme used by Adobe Systems' eBook software. His prosecution has come under fire by computer programmers and electronic civil libertarians who argue that the DMCA is an unconstitutional impingement on speech, and interferes with consumers' traditional right to make personal copies of books, movies and music that they've purchased.
Lamo tampered with Yahoo!'s copy of a Reuters story that described a delay in Sklyarov's court proceedings, so that the text reported, incorrectly, that the Russian was facing the death penalty.
The modified story warned sardonically that Sklyarov's work raised "the haunting specter of inner-city minorities with unrestricted access to literature, and through literature, hope."
The text went on to report that Attorney General John Ashcroft held a press conference about the case before "cheering hordes", and incorrectly quoted Ashcroft as saying, "They shall not overcome. Whoever told them that the truth shall set them free was obviously and grossly unfamiliar with federal law."
It's more difficult to get into their advertising reporting statistics than their news production tools.
Lamo says he's had the ability to change Yahoo! News stories for three weeks, and made minor experimental changes to other stories that have since cycled off the site.
The hacker provided SecurityFocus with a screen shot showing an August 10th Reuters story about a Senate committee?s report on the National Security Agency. The screen shot shows the story on Yahoo! News with a false quote attributed to the report: ?Rebuilding the NSA is the committee?s top priority. In partnership with AOL Time Warner, we fully expect to bring you a service you can?t refuse.?
According to Lamo, the NSA story remained on the portal for three days, before being cycled off.
He says he deliberately chose an old story Tuesday so it would be seen by few readers, while still demonstrating the vulnerability.
"Yahoo! takes security across its network very seriously, and we have taken appropriate steps to restrict unauthorized access to help ensure that we maintain a secure environment," said Kourosh Karimkhany, senior producer at Yahoo! News, in a statement. The company declined further comment.
'Subversion of Information Attack'
The hack highlights a risk that's troubled security experts since 1998, when a group called "Hacking for Girlies" defaced the web site of the New York Times, replacing the front page with a ramshackle tirade that criticized a Times reporter, and defended then-imprisoned hacker Kevin Mitnick.
"There's always been a concern that somebody would gain access to a news site and make more subtle changes," says Dorothy Denning, professor of Computer Science and director of the Georgetown Institute for Information Assurance at Georgetown University.
One year ago hackers modified a news story on the California Orange County Register web site to report that Microsoft founder Bill Gates had been arrested for hacking into NASA computers.
Experts warn that malicious corruption of content at a respected news source -- sometimes called a 'subversion of information attack' -- could have serious consequences during a crisis.
In the hours following the September 11th terrorist attacks on New York and Washington, millions turned to the Internet for information. Top news sites reported as many as 15 million unique users. Yahoo! reportedly had double the traffic that it received for the entire month of August.
"You can imagine someone changing lists of people who were on the planes, or reported missing, or all kinds of things that could cause a lot of grief," says Denning. "Or posting stories attributing attacks to certain people."
Lamo agrees, and says he's troubled that he had the power to modify news stories that day.
"At that point I had more potential readership than the Washington Post," says Lamo. "It could have caused a lot of people who were interested in the days events a lot of unwarranted grief if false and misleading information had been put up."
Proxy problems
Yahoo! declined to comment on the specifics of the hack, but as described by Lamo, modifying the portal's news stories didn't require much hacking. He made the changes using an ordinary web browser, and didn't need to do so much as enter a password.
The culprit in this case was a trio of proxy web servers that bridged Yahoo!'s internal corporate network to the public Internet. By configuring a web browser to go through one of the proxies, anyone on the Internet could masquerade as a Yahoo! insider, says Lamo, winning instant trust from the company's web-based content management system.
The hacker criticized the web giant for not prioritizing security on the systems that allow editing and creation of news stories.
"There are more secure parts of their network," says Lamo. "It's more difficult to get into their advertising reporting statistics than their news production tools."
The hacker has a history of exposing the security foibles of corporate behemoths. Last year he helped expose a bug that was allowing hackers to take over AOL Instant Messenger (AIM) accounts. And in May, he warned troubled broadband provider Excite@Home that its customer list of 2.95 million cable modem subscribers was accessible to hackers.
Lamo's hobby is a risky one. Unlike the software vulnerabilities routinely exposed by 'white hat' hackers, the holes Lamo goes after are specific to particular networks, and generally cannot be discovered without violating U.S. computer crime law. With every hack, Lamo is betting that the target company will be grateful for the warning, rather than angry over the intrusion.
"I can't give you an exact answer why he does that," says Matthew Griffiths, a computer security worker and a long-time friend of Lamo. "He's kind of a superhero of the Internet."
"I agree that it's not the safest thing I could be doing with my time," says Lamo. "If they prosecute me, they prosecute me."
Other Adrian Lamo "Exploits" (Score:2, Interesting)
AIM users prone to name hijacks [zdnet.com]
Re: (Score:1)
Re:Not dangerous. No wait... (Score:2, Insightful)
Becuase we tend to adjust for this based on previous experiences, personal bias, etc., and unexpected content from some interloper can exploit reader expectations. Everyone trusts somebody to tell us the "truth", and will be unlikely to question that entity even when fed disinformation. Imagine how Yahoo's readership could have been confounded by a fake story on the morning of September 11 about any of the following topics:
- Threats of a new airborne attack in another city, or of lots of unaccounted-for planes in the air
- Release of biological agents in the water supply
- False reports of the demise of public figures
- Widespread shortages of food, water, etc.
Would the bulk of Yahoo's readers question these statements? Would those who did be questioned themselves? Remember, terrorists want to sow FUD. This sort of hole provides an ideal opportunity to do so; planting a critical fake fact in a widely read story won't necessarily create a lasting big lie, but it will create a certain amount of confusion and doubt. (Bear in mind that this effect is exacerbated by the tendency of news giants to report each other's stories, sometimes without checking every fact first...)Wit (Score:4, Insightful)
My jaw is left gaping.... Oh, I wish all crackers were this smart! Thank you for restoring my faith in human sarcasm
Re:Wit (Score:2)
--"Emanuel Goldstein," 1984, by George Orwell
Re:Wit (Score:2, Insightful)
"If leisure and security were enjoyed by all alike, the great mass of human beings who are normally stupefied by poverty would become stupefied by mindless mass entertainment and extra-large servings of fatty foods; and having done this, they would hang on tightly to the priviledged minority who ensures their continued diet of mind-numbing pop culture and Super-sized SUVs."
Re:Wit (Score:2)
We prefer to be called caucasian or melanin-deficient, thank you!
trusted news outlets (Score:1)
What about a "trusted" news site spewing forth crap by itself....like oh government and corporate propaganda, misinformation, and happy stuff like that? Oh wait, they're doing it in our best interests. To reassure us that everything is ok, while our civil liberties are stripped away one by one.
Yay!
These are not the droids you are looking for. (Score:1)
It's been done. Long ago. (Score:1)
(Well, it looked much better on paper.)
This is really disturbing... (Score:1)
Scapegoat (Score:1)
advice to Adrian Lamo (Score:1)
I agree with the sentiment, however with the timing, I think there will be problems for you.
ALL news is hacked. (Score:2, Insightful)
Ot would be a good idea that all news carry this disclaimer: "For your own protection, please do not depend on a single source for news."
Could have been worse... (Score:2, Funny)
And for your daily flamebait.. (Score:4, Insightful)
One of the things that worries me greatly when I am brave enough to think about it at length, is how fantastically biased and non-independent our (USA) official news sources are. Almost every traditional media segment (TV, newspapers, radio) are as we speak undergoing a tremendous reorganization, where the vast majority of the markets are controlled by a few private companies whose major line of business isn't journalism.
For an shock for those who haven't done it already, find an international issue and compare how it is covered in the US with how it is covered by far-foreign or minority news sources. You may find the experience similar to discovering Slashdot and Kuroshin after years of Ziff Davis, especially if you read coverage that goes on for a few pages instead of paragraphs. You might not discover the truth but you'll have much better questions.
The bias is subtle to detect without a comparison, because the bias is often in what is *not* reported, or arguments that are *not* published. If you don't mind being being stoned by a flag-waving mob you can even try this experiment with last week's horrible tragedy.
So, as much as I support punishing this hacker for his illegal actions, a part of me also commends him for increasing the average distrust of mainstream news.
Re:And for your daily flamebait.. (Score:2)
You just find a different bias. And most of the indie and foreign news media is just as bad as the "mainstream" media is about sources and seperating fact from opinion (both have a place in news, but should be attributed and classified).
Both mainstream and "alternative" (i.e., outside of your country of origin, or low circulation) media have shining examples of good news... and 95% are crap. Just because you don't share a facination with Britney Spears and how Robert Downey Jr. is doing does not make People magazine a bad news source - they (used to, I haven't read the rag in years) attribute their sources, and seperate checked facts from rumors, just like the Wall Street Journal, the BBC, or Jello Biafra.
--
Evan
Re:And for your daily flamebait.. (Score:2)
Also, I think your second paragraph misses the point I was trying to make. Modern biases are often in what is *not* reported and *not* questioned. Many mainstream news sources do a good job on the issues they choose to investigate, but people should realize that there aren't others equally or even more worthy of investigation in the same sphere that are passed over.
Re:And for your daily flamebait.. (Score:3, Interesting)
Hi!
Yeah, but...
Ten years ago you were considered to be unusually well-informed if you subscribed to two newspapers--even if those newspapers mostly regurgitated national content from the Associated Press wire. Nowadays it is a trivial exercise to cross-reference stories in "new media" news sites (CNet, ZDNet) with traditional American print media (N.Y. Times, Wall St. Journal, Washington Post) as well as sites from overseas.
Here's a thought: how about a website, like SlashDot or Kuro5hin, that provides links to a variety of different angles on a given story. Pick a story or two per day and provide links (with a modicum of commentary) to coverage from a variety of sources.
Hmmm... A splendid idea to contemplate, and thus a good reason to procrastinate.
I have met this fine man on several occations. (Score:4, Interesting)
Hes an amazingly brilliant guy. I have spent a few 2600 meetings in SF with him. I hope that nothing comes of this type of "cracking" satire. However I would like to say that Adrian is a true hacker. One conversation with him and you will come to this understanding. True hacking can transend computers and into social aspects like Adrian has aparently done.
Hes cute too
Re:Yo Adrian! (Score:2)
Sorry
Geocities had hole in May (Score:2, Insightful)
For future use, send all Yahoo server e-mail to:
security-core@yahoo-inc..com
A Hacker's social responsibility. (Score:4, Insightful)
The whole problem is that people DO in fact trust the web as a source of accurate news. Dumb. The web is by it's very nature unreliable. Period. Anybody who gets upset about a little news hacking is a whiner.
It is YOUR RESPONSIBILITY to double, triple and quadruple check and cross reference any information you find on-line. That's the power of the web; for the first time in history, it is actually possible to get something approaching the whole story. But you can't be lazy. I think hackers who send chills of 'insecure feelings' down the spines of the Norms in Suburbia are doing humanity a service by repeatedly demonstrating just how unreliable the web is. By showing that you CANNOT rely on single sources of information. Such repeated hacks might even raise the awareness of people to the point where they take some personal responsibility for the information which they allow into their heads.
But what is the response? (What will be the response?)
An almost unified cry of "Kill the Hackers".
Last week, 95% of the people on this very site were pissed off when Mafia Boy, (a junior highschool kid. i.e., a CHILD!), got a wrist slap rather than capital punishment.
Shocking! -Especially since most Slashdotters fit the hacker profile to a 'T'. It is utterly dumbfounding that people were so embittered towards a 15 year old who didn't do anything more than perpetrate but a little DOD attack and make life interesting for a bunch of tech support monkeys who get paid hourly anyway.
I was even modded down for the mere suggestion that a crime which doesn't hurt anybody, hasn't damaged or removed any property, and hasn't infringed on anybody's civil rights, should rightly be considered a mis-demeanor on the same level as graffiti or vandalism. But people want blood these days.
All I have to say is, "Be careful what you wish for."
-Fantastic Lad
"Trusted News Site" is an Oxymoron (Score:2, Interesting)
This applies to all forms of media - not just the web. I's gotten worse, IMHO, starting with Desert Storm and the O.J. trial - CNN, in its zeal to feed info in bulk form with the emphasis on expediance instead of accuracy, is a case in point. The world, not just U.S., has been "spoiled" by the byproducts of the Information Age. So has journalism.
In fairness, I was up way too late two nights ago, and quickly submitted a report to /. regarding "Taliban Delares Holy War on U.S." that was on CNN (TV) prominently displayed. In this case I'm glad it was rejected. Fifteen minutes later, there was a rephrased "Taliban Warns of Possible Holy War" or something to that effect. MSNBC followed suit and misreported, then "lightened up". This also occurred on the respective websites.
So, the obvious point here is that we can trust most of what we can see, hear, and (hopefully) touch. On topic, it is a concern that Yahoo's "security through obscurity" was so vulnerable. Sure wish I could read the Security Focus article - still /.'ed - but I did read a post with the text here earlier.
I think of more concern would be the vulnerabilities of news services like AP and Reuters - the compromise of them could be a propagandist's dream come true. Hey, Wow, I just thought of something! Why don't we hack into the news "services" of our enemies? We could win the whole damn thing just by convincing the radical factions that they are already with Allah, and all is well. They can just relax and go back to making hashish, and whatever...
There was a interesting discussion of this on NPR's [npr.org] "Talk of the Nation" program [npr.org] a while back, but I can't seem to find it.