January 11, 2002



CITY-TV, a major station in the Toronto area and elsewhere in Canada, is reporting inaccurate information about Mirabilis ICQ software, it seems. In this piece reporter David Onley quotes the anti-virus site securityfocus.com as saying ICQ users are vulnerable to hacking, whether they have a firewall or not, and whether you're logged in or not:

A leading online security is warning... hackers could take over your computer. The only option: uninstall ICQ from your computer and wait for them to issue notice of a patch.

Onley quotes Carolyn Burke of FSC Internet Corporation:

All you need to have is ICQ running on your computer. You don't even need to be logged in... They could do whatever they wanted with your computer, including getting your financial information. We're recommending that people turn off ICQ and uninstall ICQ until an upgrade comes by that allows you to run this application without vulnerability, don't use it... Corporate users... are also vulnerable, even if there's a firewall in place.

Well, being a skeptical old fart, and an ICQ user, and having difficulty understanding why uninstalling would be necessary, I checked out what securityfocus.com really said:

A buffer overflow exists in ICQs handling of specially formatted communications. A maliciously constructed packet with a TLV (type, length, value) type of 0x2711 may overwrite data on the stack, including a return address. This can easily cause the ICQ client to crash, and it may be possible to remotely execute arbitrary code.

So we're talking yet another buffer overflow problem: that's nothing new, reports of overflow-type security flaws have been popping up in all the instant messaging programs for months. Even better, according to securityfocus.com's own writeup, and also the corroborating writeup on xatrix.org, this is a security flaw specific to ICQ 2000. The current product is ICQ 2001b: so people who follow Onley's advice might be waiting for that patch a long time. Even Xatrix only recommends that ICQ 2000 users limit their non-message traffic (ie, file transfers) to people they know. Well, duh.

This kind of freakout is no doubt going to cause a whole lot of companies in the Toronto area to clamp down on ICQ use in the office. Too bad... it's still an infinitely better piece of software than AIM or MSN. A responsible reporter would have said that ICQ users should consider upgrading, and be careful who they share their files with. An irresponsible reporter would have said turn ICQ off, uninstall the program, turn the power switch off, unplug the computer, take it outside and set fire to it, to be extra, extra safe... and don't forget to wash your hands afterwards. Guess which kind David Onley is? And Ms. Burke from FSC has no excuse. She and that company should be ashamed of themselves for taking part in promulgating this kind of hysteria.

Posted by BruceR at 09:25 PM



The real problem with Salon magazine, I've concluded, is the readers. I came to this epiphany reading the letters about two of their recent film reviews, A Beautiful Mind and Black Hawk Down:

Although I appreciate Charles Taylor's well-rounded knowledge of the life of John Nash, I believe he's missed the mark of the film. If Ron Howard had decided to be more true to the details of Nash's life, the film would have become a weak whitewash of an extraordinary existence... [This is] a film, after all, not a documentary.

If the filmmaker had told the truth, that would have whitewashed the truth? What? Does that make sense to anyone?

Had the book simply been turned into a screenplay, it would have found audiences only within the realms of academicians already familiar with Dr. Nash. While not disparaging them, I think a more mainstream approach is necessary for the general public.

We want the truth? We can't handle the truth!

Last I looked, the real John Nash was still alive. Any movie that purports to by a biography of the real live person and glosses over his fundamental character in the name of art IS A LIE. If the filmmakers wanted to make a movie about a guy kind of like John Nash, a fictional, schizophrenic Nobellist but without all of Nash's less cuddly character traits, well then they could have changed their character's goddamn name. But no... they wanted to get the cachet of reality without the work involved. As Jeff Goldblum's character in Jurassic Park says about a very similar kind of malfeasance: "You didn't earn the knowledge for yourselves, so you don't take any responsibility for it." The idea that the real John Nash (you know, the guy who actually advanced the field of mathematics?) is the "weak whitewash" and Russell Crowe's caricature of him is the real "extraordinary existence" is unfathomable.

On Ridley Scott's blood-epic:

Mr. O'Hehir [the reviewer] would perhaps like the battle to have the clarity and purpose of the storming of Normandy. While that might have given him more enjoyment, it would have been utter fiction... The tragedy, and thus the compelling human element of the film and story, is the idea that, regardless of the political or even logical reasons, U.S. soldiers, human beings with loved ones and families, follow orders and often die gruesome deaths in faraway places...

Look, Black Hawk Down (loved the book, BTW) is a genre film, akin to Zulu or The Wild Geese. Bunch of whites go to Africa, fight off hordes of nameless black savages, and leave having learned once again how heavy the white man's burden really is. (People got turned off those movies for a time, because of that latent racism, and so the genre moved out into space where you didn't need to inject any sympathy for the Bad Guys: see also Aliens) O'Behir raised the completely valid point that a return to that view of Africans as mindless black hordes is not constructive today... especially when we're talking about a recreation of current events and a battle from only eight years ago, for pete's sake. Are only white guys entitled now to "compelling human elements" like "loved ones and families?" It's not a question of giving the events a Normandy-like significance... it's extending to the black bad guys at least as much understanding and fleshing out as we do automatically for other movie villains: even Nazis (see also Saving Private Ryan, The Longest Day, A Bridge too Far).

Posted by BruceR at 02:26 PM



From USA Today, Jan. 11:

The number of U.S. ground troops in Afghanistan has grown to an estimated 3,500 to 4,000 in a widening search for terrorist leader Osama bin Laden and members of his dispersed al-Qaeda network.

From Flit, Jan. 7:

The Canadian announcement also confirms the Americans are increasing their strength on the ground, at least slightly... It still means the non-Special Forces contingent in Afghanistan proper is increasing its footprint by at least 50 per cent starting in February.

Have you had your daily dose of Flit, yet?

Posted by BruceR at 11:09 AM