Salary controls for all? And, keep on not asking

According to “sources,” the White House is considering salary controls for “all financial institutions” and “publicly traded companies,” not just those receiving “federal bailout money.”

In other news, another broken campaign promise:

Gay and lesbian rights advocates expressed chagrin Sunday at the lack of urgency President Obama seems to be treating his campaign promise to overturn the ban on gays and lesbians serving openly in the armed forces.

Defense Secretary Robert Gates acknowledged on Fox News Sunday that funds have been allocated for the 2010 budget to enforce the “Don’t Ask/Don’t Tell” policy.

If 2010 buget has been allocated for enforcing it, with the budget in as bad shape as it is, it sounds like that’s another campaign promise Obama doesn’t intend to keep any time soon.

Earlier this month, White House spokesman Tommy Vietor issued a statement claiming that President Obama supports changing the law.  “As part of a long standing pledge, he has also begun consulting closely with Secretary Gates and (Joint Chiefs) Chairman (Admiral Mike) Mullen so that this change is done in a sensible way that strengthens our armed forces and our national security.”

But Gates said that the “dialogue” about overturning the ban “has really not progressed very far at this point in the administration.  I think the president and I feel like we’ve got a lot on our plates right now, and let’s push that one down the road a little bit.”

After all, what’s another two years?

Richest 419 Ever

Looked at Dspam’s status to clear out my spam quarantine from overnight...  I call your attention to the highlighted message.

( wide image is wide )

PSA: Conficker SCANNER released

I remind you that the Conficker worm is scheduled to activate on Wednesday.  That event is now less than 48 hours away.

In a very timely move, the Honeynet Project has managed to find and exploit a flaw in Conficker, which they have used to develop a network scanner that can detect Conficker-infected Windows machines.

The Honeynet Project is very excited to announce a new scanning tool for detecting Conficker and an upcoming Know Your Enemy paper detailing how to contain Conficker.  Both the paper and the tool have been developed by Honeynet Project members Tillmann Werner and Felix Leder.  The tool was developed over the weekend, in co-ordination with Dan Kamisnky, and this tool is now publicly available and is in the process of being integrated into most major vulnerability scanning tools, including Nmap.  The Know Your Enemy paper describing in far greater detail how to contain Conficker and the tool itself, will be released in the next forty-eight hours.  Both the scanning tool and the paper have been developed and coordinated with the efforts of the Conficker Working Group.  We would like to thank them for their tremendous support, guidance and input on this research.

From the referenced Doxpara page:

We may not know what the Conficker authors have in store for us on April 1st, but I doubt many network administrators want to find out.  Maybe they don’t have to:  I’ve been working with the Honeynet Project‘s Tillmann Werner and Felix Leder, who have been digging into Conficker’s profile on the network.  What we’ve found is pretty cool:  Conficker actually changes what Windows looks like on the network, and this change can be detected remotely, anonymously, and very, very quickly.  You can literally ask a server if it’s infected with Conficker, and it will tell you.  Tillmann and Felix have their own proof of concept scanner, and with the help of Securosis’ Rich Mogull and the multivendor Conficker Working Group, enterprise-class scanners should already be out from Tenable (Nessus), McAfee/Foundstone, nmap, ncircle, and Qualys.

We figured this out on Friday, and got code put together for Monday. It’s been one heck of a weekend.

The technical details are not complicated -- Conficker, in all its variants, makes NetpwPathCanonicalize() work quite a bit differently than either the unpatched or the patched MS08-067 version -- but I’ll let Tillmann and Felix describe this in full in their “Know Your Enemy” paper, due out any day now with all sorts of interesting observations about this annoying piece of code.  (We didn’t think it made sense to hold up the scanner while finishing up a few final edits on the paper.)

Every non-trivial body of code has vulnerabilities.¹  Think about that.  Every one.  Including malware.  No matter how carefully you audit a body of code, you can never be certain that you have found and corrected every potential vulnerability; so make that your basic underlying assumption:  “Every non-trivial body of code has vulnerabilities.”  It’s just a question of finding them — for good or ill.

In this case, Conficker exploits a flaw in Microsoft code to infect Windows systems; and now the Honeypot Project and friends are exploiting a flaw in Conficker’s code to remotely detect its presence.  The wheel turns.

[1]  I’ll grant it is hypothetically possible to have a body of code that you know contains no vulnerabilities.  To have that knowledge, though, you have to be able to mathematically prove that the complete design of the code itself, every other piece of code that it relies upon, and the entire hardware system that they all run on are all completely correct.  If you are unable to prove the correctness of any one of those elements, you cannot be completely certain that you have eliminated all potential vulnerabilities.