Spam In Unexpected Places

Almost as soon as I posted the last item about Boeing and their plans to equip their new 787 with internet capabilities, this item popped up. It seems a security manager in the financial industry has just managed to find a way to send spam from the internet directly to a network printer. And, believe it or not, the news actually gets worse.

By using a little-known capability found in most Web browsers, Weaver can make a Web page launch a print job on just about any printer on a victim's network. The Web site could print annoying ads on the printer and theoretically issue more dangerous commands, like telling the printer to send a fax, format its hard drive or download new firmware.

Weaver, a security manager in the financial industry, based in Pottstown, Pennsylvania, described what he calls "cross site printing" in a research paper published Tuesday on the Ha.ckers.org Web site.

For a cross-site printing attack to work, a victim would have to visit either a malicious Web site or a legitimate page that suffers from a cross-site scripting flaw, which is a common type of Web programming error. The hacker would then send JavaScript code to the browser that would guess the location of the victim's printer and send it a print job.

Weaver has launched the attack successfully with both the Internet Explorer and Firefox browsers. Because the attack works only on network printers, a printer plugged directly into a PC would not be vulnerable.

The attack is possible because most browsers can connect to the networking port used by most printers to look for new print jobs. So by using the browser as a stepping stone, attackers are able to connect with something they should never be able to reach: a printer on the local area network. (Emphasis added.)

Now, doesn't that just give you a warm, fuzzy feeling about Boeing's iron-clad assurance that the 787's aviation electronics "are not connected in any way to the Internet."

Hacking The Airplane

The Federal Aviation Administration is requiring Boeing to prove that their new 787 aircraft is hacker safe. They say it is, computer security experts are saying that Boeing may have made their internet connection hack-proof. But if they did, it would be the very first time in history.

Boeing claims it has engineered safeguards to shut out unauthorized users, but some security analysts worry navigation and communications systems could be vulnerable.

"The odds of this being perfect are zero," said Bruce Schneier, chief technology officer at the security services firm BT Counterpane. "It's possible Boeing can make their connection to the Internet secure. If they do, it will be the first time in mankind anyone's done that."

But Boeing spokeswoman Lori Gunter said 787's aviation electronics "are not connected in any way to the Internet."

Boeing has designed the 787 to allow airlines to offer passengers more in-flight entertainment and Internet options than previous planes have allowed.

Those new features and other aspects of 787's computer network go beyond the scope of existing regulations, so the Federal Aviation Administration is requiring Boeing to show the new technology won't pose a safety threat.

In a "special condition" the FAA has ordered Boeing to satisfy, the agency notes that the 787 "allows new kinds of passenger connectivity to previously isolated data networks connected to systems that perform functions required for the safe operation of the airplane.

"Because of this new passenger connectivity, the proposed data network design and integration may result in security vulnerabilities from intentional or unintentional corruption of data and systems critical to the safety and maintenance of the airplane."

The new iPhone was hacked in what, a few days? Likewise the security of the high-definition DVDs. The hackers have even cracked into the MacBook. I honestly don't care if some passengers want internet access on the airplane - I would rather not be the test case for Boeing's security. Stunningly bad idea. Any security can be broken, often in unforeseen ways (as with the MacBook hack.)

Bill Richardson Drops Out

The Associated Press has a very short breaking news update out that Bill Richardson has decided to drop out of contention for the Democratic nomination. Big surprise there, eh?

MERRIMACK, N.H. (AP) - New Mexico Gov. Bill Richardson ended his campaign for the presidency Wednesday after twin fourth-place finishes that showed his impressive credentials could not compete with his rivals' star power.

He was almost the invisible man to the press.

UPDATE: MSNBC reports that the Richardson campaign is denying the AP report.

Well, They Can’t Make ‘Em Fly Yet

But they can make pigs glow in the dark. A fluorescent pig developed by Chinese Scientists has successfully passed the genetically modified genes that cause the fluorescence to its offspring. They now have second generation glowing bacon.

BEIJING - A cloned pig whose genes were altered to make it glow fluorescent green has passed on the trait to its young, a development that could lead to the future breeding of pigs for human transplant organs, a Chinese university reported.

Two of the 11 piglets glow fluorescent green from their snout, trotters, and tongue under ultraviolet light, according to Northeast Agricultural University, located in the city of Harbin.

Their mother was one of three pigs born with the trait in December 2006 after pig embryos were injected with fluorescent green protein.

"Continued development of this technology can be applied to … the production of special pigs for the production of human organs for transplant," Liu Zhonghua, a professor overseeing the breeding program, said in a news release posted Tuesday on the university's Web site.

I'm not sure I follow the logic here. While one has to admit that there are some people who would look better (or at least funnier) with a glowing pig grafted to them, that market seems limited. On the other hand, you wouldn't need a night light.

Gitchie, Gitchie, Ya Ya Here

So a guy walks into a brothel and asks his wife what she's doing there. Really.

WARSAW (Reuters) - A Polish man got the shock of his life when he visited a brothel and spotted his wife among the establishment's employees.

Polish tabloid Super Express said the woman had been making some extra money on the side while telling her husband she worked at a store in a nearby town.

"I was dumfounded. I thought I was dreaming," the husband told the newspaper on Wednesday.

One could ask the obvious question here: what was the guy doing in the brothel in the first place? The couple are getting a divorce, by the way. (Ed Morrisey also posted about this item this morning, invoking the Pina Colada Song. Which I loathe, but Ed has the right idea. I thought Lady Marmalade was a good fit. Billie Holiday's Love for Sale would have fit nicely, too.)

Since we're on the subject of somebody being where they aren't supposed to be, there is also this item: Several women jumped a fence and violated the 1,000 year ban on females from the Mount Athos monastic community in Greece. They were protesting as part of a land dispute.

The Greek Orthodox community of 20 monasteries on the Mount Athos peninsula in northern Greece has been off limits for women since it was set up more than 1,000 years ago and is regarded as Orthodox Christianity's spiritual home.

"About 10 women jumped the fence marking the border of the community on Tuesday and spent some 20 minutes on the monks' territory in a symbolic move," Litsa Ammanatidou-Paschalidou, an MP who took part in the protest, told Reuters.

"I felt the need to join them and I did," she said.

The demonstrators, some 1,000 in total, were opposing claims by five of the community's monasteries to some 20,000 acres of land on the nearby Halkidiki peninsula, among the most popular tourist destinations in Greece.

The demonstrators, among them local mayors, deputies and residents of various Halkidiki villages, say the land belongs to their villages and not to the monasteries.

It isn't the first time I've posted about Mount Athos, by the way. They held a Christmas Brawl there back in 2006.

iZap!

The makers of the Taser have a new consumer offering coming out. Already being called the "iTaser" it combines a 50,000 Volt Taser with, wait for it, an MP3 player. No, really, it does.

The taser, which is being unveiled at the annual Consumer Electronics Show (CES) in Las Vegas this week, also comes in "fashion" pink, "red hot" red and leopard print designs in a bid to make it more fashionable.

Arizona-based Taser International is hoping its latest product will be a particular hit with women who would not usually consider buying a taser because it is too ugly.

Company spokesman Peter Holran said: "Women want whatever they're carrying - from a lipstick case to their eyeglass case to their Taser - to look nice and be something they won't mind if it falls out of their purse."

The company produced the "iTaser" because it wanted to make it easier for people to integrate it into their lives.

Mr Holran said: "If people buy the C2 Taser and leave it in a drawer or under a shelf, it does them no good when they need it."

Gee, if it's a big hit, will Smith & Wesson come out with the "iMagnum?" That will give a whole new meaning to "with a bullet" in the trade rags!

More Christmas Festivities At The Bottom Of The World

I posted about the unofficial title fight held over Christmas at the South Pole. In that incident, two contract workers duked it out in a drunken brawl, resulting in one man being medivaced with a broken jaw. The "winner" of the fight ended up losing his job over that one. But it seems Christmas at the bottom of the world was even more festive than just that. The were other incidents as well, including a Santa-groper and drunken joyriding.

Complaints of "inappropriate touching" were made against a Santa who had posed for photographs on a decorated snowmobile at the U.S. McMurdo station, on the edge of the continent, a New Zealand newspaper reported on Wednesday.

That incident was followed by another in which a U.S. staff member, suspected of drunk driving, raced along an icy road in a four-wheel-drive vehicle chased by a fire engine before she was intercepted, said Christchurch-based The Press newspaper, without citing sources.

There would appear to be some sort of breakdown in the personnel selection process. Who knew Antarctica was such a lively place? (It does make one wonder what goes on down there that is not getting reported, doesn't it? Is it like Peyton Place with penguins?)

In Chicago, The Dead May Vote…

…But in New York City, they cash checks. Two men have been arrested for wheeling the dead body of a roommate to a local check cashing store and trying to cash the dead man's Social Security check. Oh, and they used an office chair to do so.

David J. Dalaia and James O'Hare pushed Virgilio Cintron's body from the Manhattan apartment that O'Hare and Cintron shared to Pay-O-Matic, about a block away, spokesman Paul Browne said witnesses told police.

"The witnesses saw the two pushing the chair with Cintron flopping from side to side and the two individuals propping him up and keeping him from flopping from side to side," Browne said.

The men left Cintron's body outside the store, went inside and tried to cash his $355 check, Browne said. The store's clerk, who knew Cintron, asked the men where he was, and O'Hare told the clerk they would go and get him, Browne said.

A police detective who was having lunch at a restaurant next to the check-cashing store noticed a crowd forming around Cintron's body, and "it's immediately apparent to him that Cintron is dead," Browne said.

The detective called uniformed New York Police Department officers at a nearby precinct. Emergency medical technicians arrived as O'Hare and Dalaia were preparing to wheel Cintron's body into the check-cashing store, Browne said. Police arrested Dalaia and O'Hare there, he said.

Cintron had died of natural causes. This reads like something out of a Monty Python skit - or a National Lampoon Vacation movie.

Bad Polling, Part Two

Gary Langer, director of polling for ABC News, is not at all happy with the breakdown in the New Hampshire polls. He is calling for a serious look into what went wrong by all of the various polling outfits. Because something surely did go wrong.

But we need to know it through careful, empirically based analysis. There will be a lot of claims about what happened - about respondents who reputedly lied, about alleged difficulties polling in biracial contests. That may be so. It also may be a smokescreen - a convenient foil for pollsters who'd rather fault their respondents than own up to other possibilities - such as their own failings in sampling and likely voter modeling.

There have been previous races that misstated support for black candidates in biracial races. But most of those were long ago, and there have been plenty of polls in biracial races that were accurate. (For more on past problems with polls in biracial races, see this blog I wrote for Freakonomics last May.) And there was no overstatement of Obama in Iowa polls.

On the other hand, the pre-election polls in the New Hampshire Republican race were accurate. The problem was isolated to the Democratic side - where, it should be noted, we have not just one groundbreaking candidate in Barack Obama, but also another, in Hillary Clinton.

A starting point for this analysis will be to look at every significant Democratic subgroup in the New Hampshire pre-election polls, and see how those polls did in estimating the size of those groups and their vote choices. The polls' estimates of turnout overall will be relevant as well.

Langer calls the results in New Hampshire a fiasco. The fact that the Republican polls were dead on while the Democratic ones were a disaster does indicate that something went very badly wrong. But, as Langer also points out, we may never know exactly what. Was it a late break for Clinton or an overstatement of intent to vote by Obama supporters? There will be a lot of finger-pointing in the next few days, but we may never really know.

Bad Polls?

As frequent commenter feeblemind points out in comments, the polls predicting a Clinton defeat in New Hampshire were - virtually across the board - wrong. Spectacularly wrong, in fact. Clinton pulled off a victory by about 3% instead of losing by double digits. Why were the polls so wrong? Sorry, I have no clue. Something was wrong, as I said, in almost every poll. The media is scrambling right now trying to figure out what went wrong. The Washington Post looks at the breakdowns in the numbers this morning:

Clinton benefited from a large gender gap, one that never materialized in Iowa. In New Hampshire, exit polls showed that 57 percent of the electorate was female and that she won the group by 12 percentage points; she lost women in Iowa by five points.

Clinton also picked up 28 percent of voters younger than 30, after getting only 11 percent of young caucusgoers in Iowa. In another big switch, Clinton got 28 percent of voters prioritizing "change," up 9 percentage points from Iowa.

A different mix on the issues also helped her. Among Democratic voters, the economy was the top issue, and she had a nine-point edge among these voters after losing them by 10 points in Iowa. Independents favored Obama, breaking for him by more than 10 percentage points. First-time voters also tilted toward Obama, though they were not as large a factor as they were in his Iowa victory. And as in Iowa, there was a generational divide: Obama pulled 51 percent of voters younger than 30, compared with 28 percent for Clinton, while Clinton won 4 percent of voters older than 65, compared with 32 percent for Obama.

Not apparent in the numbers was any evidence that Clinton had benefited from a moment on Monday when she choked up while describing how personal her campaign had become. Still, the flash of emotion shifted the dynamic of her campaign, suggesting that Clinton had cast aside caution in order to show a more human side.

Turnout in New Hampshire soared to more than 500,000 voters overall, including 276,000 who participated in the Democratic contest, up from 220,000 four years ago. The Obama campaign puzzled over the returns throughout the evening. The candidate and his wife, Michelle, had dinner at their hotel near the rally site, waiting for the race to be called, and held out hope that college towns reporting their returns late would swing the race in his favor.

I wrote just yesterday that I did not believe the Clinton campaign was anywhere near dead. Obviously, that is even more true now that she pulled off this upset in New Hampshire. I'm not at all sure the demographics of her win look real good for the general election, though. She isn't doing all that well with younger voters and it is not apparent that those who did vote for Obama will turn around and support Clinton. But the race is far from over at this point.