Angel_F @ AHAcktitude, Nov. 27-29 2009, Milan

Artisti-attivisti, hacker artistici, attivisti socio-artistici, chiamateli come volete. I 600 iscritti alla lista AHA sono solo una parte di tutte quelle persone che, in Italia e nel mondo, sanno che il mezzo non è solo il messaggio, ma anche il massaggio e il mixaggio. Che non basta lamentarsi della tv (generalista, comunitaria o di nicchia), e neanche blaterare sulla comunicazione alternativa, e che occorre costruire esperienze, perché la comunicazione senza i corpi comunica solo i messaggi preconfezionati, e il corpo senza intelligenza produce solo manipolazione.

Per questo dall’anno scorso gli iscritti di AHA si incontrano di persona periodicamente, ogni volta in una città diversa, per aprire le scatole nere, per mettere le mani dentro i dispositivi della tecnologia, della comunicazione e dell’immaginario, per decostruire i saperi ufficiali e condividerne di nuovi, per lavorare all’intelligenza collettiva dei corpi e non a quella del capitale, per allargare la resistenza alla globalizzazione delle multinazionali e dei poteri costituiti.

AHAcktitude sarà una tre giorni di attività e di attivismo, di allegria e di condivisione, di studio e di divertimento. Tecnologia, musica, internet, letteratura, telecomunicazioni, marketing, social network: tutto sarà declinato all’insegna dell’open source e della messa in comune. Modi, approcci, atteggiamenti diversi ma comunicanti di esplorare, interpretare, agire la nostra condizione di esseri tecnologicamente modificati.

Perché gli esseri umani valgono più della merce, e non saremo soddisfatti finché la vita di chi ha qualcosa vale più della vita di chi non ha nulla.

AHA : Activism-Hacking-Artivism, è una mailing list nata nel 2002 all’interno del progetto AHA fondato nel 2001 da Tatiana Bazzichelli, aka T_Bazz. AHA vuole promuovere il networking, cioè la cultura di rete, soprattutto nella versione che lega le pratiche artistiche all’attivismo politico e sociale (“artivismo„).

Os principais conceitos do projecto AHA são o Activismo: activismo político, Hacking: activismo tecnológico, Artivismo: activismo artístico.

O Activismo Artístico compreende qualquer forma livre e aberta de criatividade, que promova a ideia do uso crítico dos media, para estimular uma experimentação conscenciosa na forma de expressão ou linguagem expressiva  sem qualquer tipo de censura.

Desde 2001, o projecto AHA segue um caminho colectivo, como resultado dum movimento italiano que desde o princípio dos anos 80 que luta por um uso independente e gerido individualmente dos mass-media (vídeo, computador, radio e texto escrito). Hoje, mais do que nunca, este movimento está a demonstrar ser uma das mais válidas alternatives para informação oficial em Itália.

Em Itália, o activismo tecnológico, artístico e político estão interligados muito de perto numa rede comum espalhada por todo o país consistindo de colectivos, activistas e artistas. O seu denominador comum é o querer dar vida a um modo alternativo e independente de produzir informação, consciência cultural e comunicação.

As principais actividades do projecto são a organização de exposições/eventos sobre a net-arte italiana e “hacktivismo”, a difusão de projecto do colectivo de artista italianos dentro do âmbito dos festivais de arte e media ou convenções e o desenvolvimento de uma mailing list internacional sobre o activismo artístico e artivismo, aha@lists.ecn.org. Este é um espaço colectivo virtual que advoga o uso livre de arte e software. Na mailing list do AHA estão cerca de 600 subscritores. A lista AHA faz parte da mailing list neighbourhood of nettime.

O Activism-Hacking-Artivism é também um projecto de experimentação artística que usa a tecnologia nas suas mais vitais manifestações, necessáriamente incluindo o uso crítico e gerido invididualmente dos mass-media. Não objectos artístico per se mas processos de rede (network), não originalidade mas reprodutibilidade, não representação de uma singularidade mas uma acção colectiva. Desde 2002 até agora, o projecto AHA já apresentou muitas exposições em diferentes cidades italianas e, desde 2004, também na Alemanha e Dinamarca.

_Um vídeo sobre o projecto, apresentado por Tatiana Bazzichelli

_Sobre este projecto e sobre este assunto bem como assuntos relacionados, o livro de Tatiana Bazzichelli, Networking, The Net as Artwork.

_links Alguns dos projectos desenvolvidos pelo colectivo estão nas páginas de eventos e de exposições.

Alguns dos projectos mais recentes:

Orgasmatic – “Orgasmatic Implosion is a video realized during the Peenemuende [xxxxx] workshop and shown at Transmediale 2008. An intense, conspiratorial two day long working group/workshop at a key historical location.”

Openness & Do-It-Yourself in the Social Networks – “Since the 80s, the platforms of networking have been an important tool to share knowledge and experience to create works of net art. The concepts of “Openness” and “Do-It-Yourself”, today more and more relevant with the diffusion of Social Networks, have been the starting point for the development of punk culture and hacker ethic.
Tatiana Bazzichelli reflects on these topics with a video contribution”

After the very commented rant against my university for it’s triple moral, I’d say it’s fair to flame everyone doing alike, even if that means flaming people from my own community, or my own friends (otherwise I would have a double moral too). So here I go:

By taking a look at di3go’s blog, you can tell by the widget he posted a few months back that he’s supporting the Windows 7 Sins campaign. What you can’t tell from that info is that he is actually a Windows 7 user. Why? Because there are some games that require Windows 7 to run (Post edited because of comment #2). Is that enough reason to install a systems that actively harms users’ freedom and stands against everything Free Software stands for? Well, certainly for him it is, and honestly, I don’t blame him for that as I strongly believe everyone is free to price it’s own freedom: if I had a legal copy of Mathematica that would only run on Windows 7, I myself would think twice before rejecting the idea of installing it. Yet if so was the case, I wouldn’t be posting widgets against Windows 7 just to look nice in front of the Free Software Communities that check my blog. Free Software Hacktivism is not about posting widgets: If the Free Software Foundation was to convince every Windows or Mac OS user to post an FSF widget on their personal pages, that wouldn’t mean the fight for Software Freedom would be over, because they would still be using proprietary software. Campaign Hactivism against a particular Software is about actively rejecting it, yet installing it is far from the cause, even if it’s done by means of an illegal copy because, as everyone in the IT business knows, it still benefits the company, and someone that is not up to that sacrifice for whatever reason (I know lots of people that have affinity with the Free Software movement but are forced to use Proprietary Software at their jobs or for their studies) should stay out of the campaign and maybe help Free Software in other aspects.

So for someone like di3go, who is well known for calling other Linux starters “Linux Wannabes”, it’s very low to both post a Windows 7 Sins widget and installing Windows 7 as that would turn him into what I’d call a “Campaign Hacktivist Wannabe”, which is a lot worst than being a “Linux Wannabe” as it insults real hacktivists like those in Boston fighting at the courts and writing open letters to companies (see the campaign’s web site for more information). And once again, this is certainly not about using Windows 7 (I myself have an install of Windows XP for reasons I’m no longer sure of), but about hypocrisy which is something I already said I openly reject. As for me, I removed my link to his blog at least temporally, as I don’t want to be part of that mock-up.

O que é  Hacktivism (hack+activism)?

“the nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development.” (1)

É normalmente percebido como a escrita de código para promover ideologias políticas – liberdade de expressão, direitos humanos ou ética da informação- Estes actos de “hacktivismo” são feitos com a convicção que o uso correcto do código seja capaz de produzir resultados similares àqueles produzidos pelo activismo normal ou desobediência civil.

O hacktivismo surgiu com o grupo Cult of the Dead Cow; as suas crenças incluem o acesso à informação como direito humano básico. Os 1984 network liberty alliance, uma rede de programadores, artistas e militantes radicais estão mais preocupados com assuntos como a liberdade de expressão, vigilância e privacidade numa era de vigilância tecnologicamente avançada.

Hacktivismo é um termo controverso. Alguns dizem que vem do descrever como acção electrónica directa pode funcionar para se atingir uma mudança social combinando skills de programação com pensamento crítico. Outros usam-no praticamente como um sinónimo para actos maliciosos, destructivos que prejudicam a segurança da internet como uma plataforma técnica, económica e política.

Essencialmente, a controvérsia reflecte duas correntes filosóficas divergentes dentro do movimento hacktivista. Uma corrente toma como forma de acção aceitável os ciber-ataques maliciosos. A outra corrente diz que o protesto deve ser pacífico abstendo-se da destruição.

(1)- Samuel, Alexandra (August 2004), Hacktivism and the Future of Political Participation

_palavras-chave

hacktivism, terrorismo, programadores, artistas, malicioso, destructivo

_notas

Um dos mais notório exemplos de hacktivismo foi a modificação de websites indonésios com apelos à libertação de Timor, em 1998 por hackers portugueses, link

Tatiana Bazzichelli wrote the book Networking, The Net as Artwork in Italian in 2006. The book has also been translated in English, and that’s how I got in touch with it. During classes at the University of Amsterdam our New Media Practices teacher distributed a big pile of books which had in different ways something to do with new media. There was a lot about art, and also about politics but I immediately decided to take this book with me. Maybe because it has been written by a compatriot, maybe because it focuses on the Italian political and informational context, or just because it has a pink cover. Anyway, the author not only published the book on paper but created a website for it, http://www.networkingart.eu/ where a .pdf version of the Italian book is available for free. And this is for me an extra motivation to read the book, because I get the idea that the author really cares about spreading her ideas around on the Internet without forcing people to pay for it.

[FACT comments: FACT wants Thailand’s Computer-Related Crimes Act repealed, pure and simple. It is a repressive law outlawing freedom of expression passed by a military puppet legislature. The CCA is too broken to be amended; let’s start over. However, know thy enemy is good advice so plan to attend.]

สำหรับเผยแพร่  (ENGLISH FOLLOWS)

เครือข่ายพลเมืองเน็ต ด้วยการสนับสนุนจาก Media Legal Defense Initiative (MLDI) และ Electronic Frontier Foundation (EFF) 

ขอเชิญร่วมสัมมนา เรื่อง กฎหมายเกี่ยวกับอาชญากรรมทางคอมพิวเตอร์: มุมมองจากสากลและหลักปฏิบัติ

วันจันทร์ที่ 27 กรกฎาคม 2552 ณ โรงแรมโนโวเทล ห้องโมเน่ต์ – พิซซาโร่ ชั้น 4

09.00 – 11.00 น. บรรยาย “กฎหมายเกี่ยวกับอาชญากรรมทางคอมพิวเตอร์: มุมมองจากสากลและหลักปฏิบัติ”

• “ภาพรวมกฎหมายเกี่ยวกับอาชญากรรมทางคอมพิวเตอร์จากทั่วโลก” โดย Eddan Katz ผู้อำนวยการฝ่ายกิจการต่างประเทศ EFF
• “การ วิเคราะห์เชิงเปรียบเทียบ กฎหมายเกี่ยวกับอาชญากรรมทางคอมพิวเตอร์ในต่างประเทศและในประเทศไทย” โดย ทศพล ทรรศนกุลพันธุ์ คณะนิติศาสตร์ มหาวิทยาลัยเชียงใหม่
• “มุมมองจากเจ้าหน้าที่รัฐ” โดย ตัวแทนกระทรวงเทคโนโลยีสารสนเทศและการสื่อสาร หรือ กระทรวงยุติธรรม*

11.00 – 11.30 น. พัก

11.30 – 12.30 น. ถามตอบ ดำเนินโดย สุภิญญา กลางณรงค์ กรรมการเครือข่ายพลเมืองเน็ต

12.30 – 13.30 น. อาหารกลางวัน

13.30 – 15.00 น. อภิปราย “เสรีภาพบนอินเทอร์เน็ตทั่วโลก: ก้าวหน้าหรือถดถอย” ร่วมอภิปรายโดย

• Danny O’Brien ผู้ประสานงานนานาชาติ EFF,
•  ผศ.ดร.พิรงรอง รามสูต รณะนันทน์ คณะนิเทศศาสตร์ จุฬาลงกรณ์มหาวิทยาลัย,
•  สฤณี อาชวานันทกุล กรรมการเครือข่ายฯ

15.00 – 16.30 น. อภิปราย ดำเนินโดย อิสริยะ ไพรีพ่ายฤทธิ์ ที่ปรึกษาฝ่ายเทคโนโลยีสารสนเทศ SIU

16.35 น. แถลงข่าว “ข้อเสนอต่อการบังคับใช้พระราชบัญญัติว่าด้วยการกระทำผิดเกี่ยวกับคอมพิวเตอร์ พ.ศ. 2550” โดย คณะกรรมการเครือข่ายพลเมืองเน็ต 

*วิทยากรอยู่ในระหว่างการติดต่อ

เนื่องจากที่นั่งมีจำนวนจำกัด ขอความกรุณาท่านที่สนใจ ลงทะเบียนในกล่องด้านล่างภายในคืนวันที่ 23 กรกฎาคม 2552

www.thainetizen.org 

[THAI ABOVE]

Thai Netizen Network with support from Media Legal Defense Initiative (MLDI) and Electronic Frontier Foundation (EFF) would like to invite you to a seminar on

Cyber-Crime laws: Global perspectives and Legal practice

Monday 27 July 2009 at Monet & Pissarro room, 4th floor, Novotel Hotel, Siam Square, Bangkok

09.00 – 11.00 Public lecture “Cyber-crime laws: Global perspective and Thai’s legal practice.”

• Overview on global perspectives on cyber-crime laws by Eddan Katz, Electronic Frontiers Foundation www.eff.org
• Comparative analysis of cyber-crime laws: Global and Thai practice by Tossapol Tassanakulpan, Faculty of Law, Chiangmai University
• Perspective from Thai authority by the representative from the Ministry of ICT or Ministry of Justice*

11.00 – 11.30 Break

11.30 – 12.30 Q&A, discussed and moderated by Supinya Klangnarong, Thai Netizen Network

12.30 – 13.30 Lunch

13.30 – 15.00 Panel discussion “Internet freedom worldwide: moving forward or backward?”

• Danny O’Brien, EFF’s international outreach coordinator, 
• Assist. Prof. Pirongrong Ramasoota Rananand, Faculty of Communication Arts, Chulalongkorn University, and
•  Sarinee Achavanuntakul, Thai Netizen Network

15.00 – 16.30 Discussion, moderated by Isriya Paireepairit, Siam Intelligence Unit

16.35 Press conference on the proposal for Computer-related Crime Act 2007 by Thai Netizen Network committee

* Speaker awaiting confirmation

Atul Dwivedi, an Indian hacker paid a visit to the Royal Australian Air Force (RAAF) last Monday by defacing their website.

This accident comes amid a raise in violence targeted towards Indian native in Australia and apparently Dwivedi protested this situation by leaving a message on the website:

“This site has been hacked by Atul Dwivedi. This is a warning message to the Australian government. Immediately take all measures to stop racist attacks against Indian students in Australia or else I will pawn all your cyber properties like this one.”

Racist incident in Australia against Indian students has increased in the last months

This site is now up and running as per normal. Of course the webserver wasn’t connected to any internal network and didn’t contain any classified information according to a spokewoman:

“No sensitive information was compromised as the air force internet website is hosted on an external server and, as such, does not hold any sensitive information,¹“

Microsoft products are used in pretty much every Western armed forces. So it’s save to assume the webserver used by the RAAF is probably running IIS. Of course, IIS implies as Windows machine and a Windows Server machine means that everything is almost certainly all Microsoft based. Of course we can now verify those claims and according to David M Williams from ITWire² the website is hosted through Net Logistics, an Australian hosting company. The aforementioned article tries to explain the hack with the use of exploits. Which might have been the way Dwivedi did it, but the analysis is quite simple and lacks depth. The site still has an excellent link to a blog detailing the WebDAV exploit, see below for the link.

It’s not impossible to think that Dwivedi might have tricked someone into giving out too much information also. Social engineering can do lots and is usually easier than technical exploits. The Art of Deception by Kevin Mitnick should convince most people of that. Someone could look up on Facebook or another social networking site for some people in the RAAF and then try to pose as them and pose as them.

Then also, why not look for the FTP server? And God knows what else the server is running; maybe a SMTP server also (and probably it does). Now I wouldn’t suggest doing this, but running a port scan would probably reveal a lot of information. Moreover, using web vulnerability tools like Nikto could help find misconfigured settings in ASP or forgotten test/setup pages/files. Up to there, only two things are important: information gathering and imagination.

See also:

“Hacker breaks into RAAF website”, AAP, Brisbane Times, July 16, 2009, http://news.brisbanetimes.com.au/breaking-news-national/hacker-breaks-into-raaf-website-20090716-dmrn.html accessed on 2009-07-17

“WebDAV Detection, Vulnerability Checking and Exploitation”, Andrew, SkullSecurity, May 20, 2009, http://www.skullsecurity.org/blog/?p=285 accessed on 2009-07-17

Given the increasing number of countries and corporations that are seeking to censor or control the internet, it is fantastic to see an initiative to establish a community-based wireless mesh network as a free alternative. Introducing the autonomous internet, or auto-net:

How? Advances in wireless technology such as ubiquitous wireless routers, community mesh networks which are easily expandable and self-healing as well as long range wireless efforts such as HPWREN indicate a possible future for a community based internet free of the centralized control of telephone corporations and governments. While this is definitely a fork, more forks are to come and we can only hope that a few networks will emerge which can be broad enough to span most of the globe.

Imagine if all of the hacker spaces around the globe started contributing to this?

Read more about it. Sign up to support it.

(Via HackBloc)

Vielleicht erinnert sich noch der eine oder andere Leser an einen der ersten Cyberwartipps, die in diesem Blog vorgestellt wurden: Das Einrichten von Proyservern für geblockte User in Iran. Der Mann hinter der Idee, Austin Heap, hat es nicht dabei bewenden lassen, sondern gemeinsam mit anderen Hackern  Haystack entwickelt, ein Programm, das die iranische Überwachungssoftware austricksen und den Menschen so wieder ungehinderten Zugang zum Internet verschaffen soll. Erste Tests scheinen erfogreich verlaufen zu sein. Diesmal gibt es nicht viel zu tun für uns Dummies, außer ein bisschen Kohle für Austin und sein Projekt rüberwachsen zu lassen. Tor-Server sollte man deswegen aber nicht abschalten, denn es ist immer besser, wenn mehrere Kanäle offenstehen. Nerds – gut dass es sie gibt! (Hier fairerweise ein echtes Bild von Austin Heap).

I’ve been slowly getting things up on Etsy.  I want everything to be perfect.  That means taking pictures, cropping, editing, and all the while writing down ideas that come from the air whenever something creative is going on.

If you want to see the etsy page with just two items listed, it’s here:  Ballew Family Artisans

I have tissue packs that say “Do not open unless for tears of joy” that need to be photographed and put up next.  Then I have some vintage toys and jewelry…  you know how it goes.

I’m also getting antsy now that the summer break is half over.  Soon, the kids will be back in school and me and E-man will have the day to ourselves while I’m not driving the taxi.  LJ and A won’t be going to the same school, so it will be quite the taxicab.

I’ve been a SAHM for over a year now and it’s freaky.  It’s good, it’s just abnormal.  I’ve never been without a job for so long.  Like a job where I got to get in the car and go somewhere else for several hours at a time.  It’s nice because I can do things around here the way I like them, but when it comes down to it, I’m not good at the home-ec stuff.  If I can’t program it or hack it, then I’m not good at it.  I can’t garden worth a shit.  I can’t sew or knit or any of that.  I’m a halfway decent cook but I really dislike cooking.  I’m decent at cross-stitch but that’s only because you can count it out a like little pre-computer ASCII art project.

And now we’re back to the idea of work.  I need SOMETHING to keep me from going brain-dead and I also don’t want industry to run off without me while I’m playing at home-ec.  Really, I just want the kids to have a mom at home when they are.  They may not want to be close to me all day, but they like the freedom of playing in their rooms or reading or beating the new DS game.  I like it too – I always learned more when I had time just to screw around.

So I joined Etsy and I signed up on LinkedIn.  I already have a Facebook page and a Myspace page I never, ever log in to.  LinkedIn is a strange site.  It’s not built… to be user friendly.  It’s like a technology test to see if you’re astute enough to actually use it because none of the buttons are in places you’d think to put them and all the links are vague.  Plus, they want you to pay to see other people’s profiles.  Um, no.  I’ll put it up there so I have a consistent web presence, but I’m not going to pay to see other people’s consistent web presence.

Seriously – Google me.  There are two Cynthia Dollins in the entire US of A.  I’m the one that DIDN’T write the book on academics and I’ve never been a professor of anything.  I’m the one that wrote the professional learning techniques article and the one that wrote the spiritual oneness article that shows up on all the pagan webpages.  (Which I think is very odd and very cool at the same time.)

Social networks make you define yourself in new and masochistic ways.  What is my specialty?  Um.  Being a geek.  You can’t get up on the web and claim to be a hacker because people think that’s illegal.  They’re thinking that you bust internet security.  No, crackers break security.  Hackers build shit from shit that used to do different shit.  Also, saying anything about hacking or modding anything brings tons of little punk ass teenagers who want to talk about your notoriety or what programming languages you use.

*sigh*

So what do I do?  Um… I solve problems.  Don’t ask me how because I don’t know yet.  First you have to have a problem.  Then I need the context around your problem and access to your system.  Then I need some coffee and some chocolate and some alone time.  I’ll let you know if I need something else.

Really, that’s all I do.  I make people’s lives easier.  That’s a good one, but again, hard to define.

Let’s see.  I have to be more skilled than that.  Oh, I know:  I’m great at pissing off developers.  I’m not a code monkey – I don’t care if it’s beautiful and poetic behind the user-interface.  I want it to actually fucking work.

If I click this, it’s supposed to do that.  If it does that by doing this other thing, turning that date code to zero, and fucks up all my reports, you are going to have a problem. When it comes to software engineering – you should always expect one fix to cause at least seven other problems.  The artistry comes in making the fix not trigger those other grenades.  It’s possible, it just may not be pretty.

I don’t want to form a meeting of all the beta testers and their supervisors and the developers and their supervisors so I can tell you your link is screwed.  I want your little pale ass to come over to my computer station (or link up with me on a web conference) and see what happens when you click the link.  This way, I can with my finger point at the computer screen and go THAT ONE. This is so that you, as a developer, don’t go and break a link that worked just fine because the naming convention was off.

Um, I also translate geek to human and then from human to sales.  That’s talent, right there!  You could not count the number of times I’ve been pulled into offices to translate.  Developers, project managers, BIS, analysts, middle management, service personnel, sales personnel, and upper management all have different languages.  They’re all talking about the same thing but with the lingo, they don’t know it and suddenly there’s a huge fight and everyone is mad and doubts the other folk’s intellect, and managers are being called and it’s a big cluster fuck.  This is where I come in.  You tell me what you want.  Now you, and then you.

Here’s a way you can all understand it and who is doing what.  *everyone nods*  Here’s what’s going to happen in two weeks.  Here’s what’s going to happen in the mean time.  Here’s who does NOT need to be involved.  Once everyone is happy and shaking hands, my work is done.

How do you define that?

I think in another year, I’ll be ready to head back into the fray.  Right now, I’m still a little too hot about it.  I only got mild heartburn while recalling the events above.  I feel things a little too strongly and my main value is in diffusing high stress situations but adrenaline can only take you so far.  If you keep going after burn-out, alcohol, drugs, and other misguided decisions lay on the other end of the spectrum. You don’t believe me?  Ask people who look 10 or 15 years older than me how old they are.  What?  Only 5 years?  Yeah, buddy.  Hard living shows on your body.

Everyone knows how to define a burn-out.

And no one is going to admit to it on social networking sites.

Das niedliche Kerlchen auf dem Bild ist ein Plumplori (engl. Slowlori), seines Zeichens nachtaktiver Primat aus Südostasien. Diese possierlichen Tierchen sind zwar nicht in Iran heimisch,  sollten aber in Massen dorthin geschickt werden – allerdings nur in virtueller Form. Aber der Reihe nach. Vor einigen Wochen veröffentlichte der Hacker rsnake ein Programm namens Slowloris, das mit einer langsamen DDoS-Attacke Websites abschießt. Das trifft sich gut, denn immer wieder kommt von iranischen Twitterern die Aufforderung, Seiten wie diese zu attackieren, auf der Denunzianten Fotos von Demonstranten identifizieren können. Der Nachteil an der Sache wurde hier bereits diskutiert. Kurz gesagt bringt das Überschwemmen mit Anfragen bzw. Mails zwar die fraglichen Seiten zum Absturz, frisst aber auch Bandbreite und belastet das gesamte iranische Netz, das vom Regime ohnehin schon arg gedrosselt und verlangsamt wird. Das Gute an Slowloris ist, dass dieses  Programm diesen Effekt nicht hat. Es attackiert gezielt den fraglichen Server und verschont den Rest. Und es wird noch besser: Bei Slowloris reicht theoretisch ein Rechner aus, um einen ganzen Server lahm zulegen. Anstatt wie bei einer gewöhnlichen DDoS-Attacke mit Kieselsteinen zu schmeißen, die dann in der Masse ihre Wirkung entfalten, wirft man mit Slowloris gleich einen Molotowcocktail in die Bude. Wie das geht?

“Es sendet unvollständige HTTP-Request-Header an einen Apache-Server, der daraufhin in der Standardeinstellung fünf Minuten wartet, dass der fehlende Teil des Headers gesendet wird. So lange bleibt die TCP-Verbindung auf dem Apache-Server geöffnet.”

Keine Ahnung was das heißt, aber das macht nichts, denn fachlich deutlich versiertere Blogger als ich loben slowloris als sehr effektiv. Weil es so neu ist weiß auch noch niemand, wie man einer solchen Attacke entgehen kann. Das Schönste habe ich mir für den  Schluß aufgehoben: Anstatt umständlich Active Perl runterzuladen (auf dieser Programmiersprache basiert das Programm) und dann Slowloris zu installieren hat ein engagierter Cyberkrieger die Sache hier so aufbereitet, dass ein paar Clicks genügen, um  gemütlich vom heimischen Laptop aus den Mullahs tierische Grüße zu schicken.

crossposted auf fdog

Persepolis 2.0 describes Iran’s post-election uprising and spreads the word about Iranians’ historic struggle against repression. Based on the graphic novel by Marjane Satrapi and edited by two Iranians living in Shanghai.
http://www.spreadpersepolis.com/

If you have been following #iranelection like I have, you might have heard about the distributed denial of service (DDoS) attacks that the opposition has used against government web sites.  On the SANS Internet Storm Center, Bojan Zdrnja includes some details of the attacks.

In last couple of days we posted two diaries (http://isc.sans.org/diary.html?storyid=6601 and http://isc.sans.org/diary.html?storyid=6613)  with information about Slowloris, a tool that was released last week that performs a resource exhaustion DoS attack on Apache web servers.

There has been a lot of chat about the tool on the web, so it was just a matter of time when we would see it using in real DoS attacks. Last week I posted a diary about two groups launching DDoS attacks on Iranian web sites (http://isc.sans.org/diary.html?storyid=6583). Both of these attacks were relatively simple and used existing, old tools for performing DoS attacks.

However, over the weekend some forums and web sites asking people to run DDoS attacks “expanded” their selection of tools by including Slowloris – nothing we didn’t really expect to see.

If you follow the links in the post, there is a lucid explication of the tools and methods behind the attacks. Even if you are not a technophile, the “nuts and bolts” of a DDoS is pretty interesting stuff.

I can always tell that I’m behind in updating this thing by how many tabs I have open in my browser. I seriously have over 100 tabs open right now, which is just ludicrous. Some of these tabs have been open for weeks. So time to catch up on my reading and blogging!

New issues of two recommended PDF magazines came out … umm, recently:

• Humanity Plus
• Hack This Zine

Both look interesting, though I haven’t had the time to fully absorb them yet. Possibly expect some commentary on them later.

Unlike most of us, it looks like @Patrick Meier knows what he’s talking about. He should, considering he’s doing a Phd at Harvard on “The Impact of the Information Revolution on Authoritarian Rule and Social Resistance: From Information Revolution to iRevolution?”

Patrick has an excelent guide on How To Communicate Securely in Repressive Environments. He keeps it up to date based on his studies and input from readers, and will provide a more detailed guide on request (my guess is that not all requests will be handled equaly).

You should really read it there. If you’re a Farsi speaker, please translate it and email me, I will post it here (or maybe Patrick will want to post it next to the original).

If you’re in a rush, here are a few practical tips. Again, better to refer to the original as it will change over time.

These tactics are listed below along with a number of other important ones. Please keep in mind that tactics are case- and context-specific. They need to be adapted to the local situation.

• Mobile Phones
  • Purchase your mobile phone far from where you live. Buy lower-end, simple phones that do not allow third-party applications to be installed. Higher-end ones with more functionalities carry more risk. Use cash to purchase your phone and SIM card. Avoid town centers and find small or second-hand shops as these are unlikely to have security cameras. Do not give your real details if asked; many shops do not ask for proof of ID.
  • Use multiple SIM cards and multiple phones and only use pay-as-you go options; they are more expensive but required for anonymity.
  • Remove the batteries from your phone if you do not want to be geo-located and keep the SIM card out of the phone when not in use and store in separate places.Use your phone while in a moving vehicle to reduces probability of geo-location.
  • Never say anything that may incriminate you in any way.
  • Use code.
  • Use Beeping instead of SMS whenever possible. Standard text messages are visible to the network operator, including location, phone and SIM card identifiers. According to this recent paper, the Chinese government has established 2,800 SMS surveillance centers around the country to monitor and censor text messages. The Chinese firm Venus Info Tech Ltd sells real-time content monitoring and filtering for SMS.
  • Use fake names for your address book and memorize the more important numbers. Frequently delete your text messages and call history and replace them with random text messages and calls. The data on your phone is only deleted if it is written over with new data. This means that deleted SMS and contact numbers can sometimes be retrieved (with a free tool like unDeleteSMS. Check your phone’s settings to see whether it can be set to not store sent texts messages and calls.
  • Eavesdropping in mobile phone conversations is technically complicated although entirely possible using commercially available technology. Do not take mobile phones with you to meetings as they can be turned into potential listening/tracking devices. Network operators can remotely activate a phone as a recording device regardless of whether someone is using the phone or whether the phen is even switched on. This functionality is available on US networks.
  • Network operators can also access messages or contact information stored on the SIM card. If surveillance takes place with the co-operation of the operator, little can be done to prevent the spying.
  • Mobile viruses tend to spread easily via Bluetooth so the latter should be turned off when not in use.
  • Using open Bluetooth on phones in group situations, e.g., to share pictures, etc., can be dangerous. At the same time, it is difficult to incriminate any one person and a good way to share information when the cell phone network and Internet are down.
  • Discard phones that have been tracked and burn them; it is not sufficient to simply destroy the SIM card and re-use the phone.

• Digital Cameras
  • Keep the number of sensitive pictures on your camera to a minimum.
  • Add plenty of random non-threatening pictures (not of individuals) and have these safe pictures locked so when you do a “delete all” these pictures stay on the card.
  • Keep the battery out of the camera when not in use so it can’t be turned on by others.
  • Practice taking pictures without having to look at the view screen.

• Computers/Laptops
  • Use passphrases for all your sensitive data.
  • Keep your most sensitive files on flash disks and find safe places to hide them.
  • Have a contingency plan to physically destroy or get rid of your computer at short notice.

• Flash disks
  • Purchase flash disks that don’t look like flash disks.
  • Keep flash disks hidden.

• Email communication
  • Use code.
  • Use passphrases instead of passwords and change them regularly. Use letters, numbers and other characters to make them “c0mpLeX!”. Do not use personal information and changer your passphrases each month. Do not use the same password for multiple sites.
  • Never use real names for email addresses and use multiple addresses.
  • Discard older email accounts on a regular basis and create new ones.
  • Know the security, safety and privacy policies of providers and monitor any chances (see terms of service tracker).

• Browsers and websites
  • Turn off java and other potentially malicious add-ons.
    
  • Learn IP addresses of visited websites so that history shows only numbers and not names.
  • When browsing on a public computer, delete your private data (search history, passwords, etc.) before you leave.
  • When signing up for an account where you will be publishing sensitive media, do not use your personal email address and don’t give personal information.
  • Don’t download any software from pop-ups,  they may be malicious and attack your computer or record your actions online.
  • Do not be logged in to any sensitive site while having another site open.

• VoIP
  • Just because your talking online doesn’t mean you are not under surveillance.
  • As with a cell or landline, use code do not give salient details about your activities, and do not make incriminating statements.
  • Remember that your online activities can be surveilled using offline techniques.  It doesn’t matter if you are using encrypted VOIP at a cyber cafe if the person next to you is an under-cover police officer.
  • When possible, do not make sensitive VOIP calls in a cyber cafe.  It is simply too easy for someone to overhear you. If you must, use code that doesn’t stand out.

• Blogs and social networking sites
  • Know the laws in your country pertaining to liability, libel, etc.
  • When signing up for a blog account where you will be publishing sensitive content, do not use you personal email address or information.
  • In your blog posts and profile page, do not post pictures of yourself or your friends, do not use your real name, and do not give personal details that could help identify you (town, school, employer, etc.).
  • Blog platforms like wordpress allow uses to automatically publish a post on a designated date and time. Use this functionality to auto-publish on a different day when you are away from the computer.
  • On social networks, create one account for activism under a false but real-sounding name (so your account won’t be deleted) but don’t tell your friends about it.  The last thing you want is a friend writing on your wall or tagging you in a photo and giving away your identity.
  • Even if you delete your account on a social networking site, your data will remain, so be very careful about taking part in political actions (i.e., joining sensitive groups) online.
  • Never join a sensitive group with your real account.  Use your fake account to join activism groups. (The fake account should not be linked to your fake email).
  • Don’t use paid services.  Your credit card can be linked back to you.

• File sharing
  • Use a shared Gmail account with a common passphrase and simply save emails instead of sending. Change passphrase monthly.
  • For sharing offline, do not label storage devices (CDs, flash drives) with the true content.  If you burn a CD with an illegal video or piece of software on it, write an album label on it.
  • Don’t leave storage devices in places where they would be easily found if your office or home were searched (i.e., on a table, in a desk drawer).
  • Keep copies of your data on two flash drives and keep them hidden in separate locations.
  • When thinking of safe locations, consider who else has access. Heavily-traveled locations are less safe.
  • Don’t travel with sensitive data on you unless absolutely necessary.  If you need to, make sure to hide it on your person or “camouflage” it (label a data CD as a pop music CD). See Sneakernet.

• Internet Cafes
  • Assume you are being watched.
  • Assume computers at cyber cafes are tracking key strokes and capturing screenshots.
  • Avoid cyber cafes without an easy exit and have a contingency plan if you need to leave rapidly.

Digital Security Technologies

When combine with the tactics described above, the following technologies can help you stay safe and keep your data relatively more secure.

• Mobile phones
  • Use CryptoSMS, SMS 007 or Kryptext to text securely (this requires java-based phones).
  • Use Android Guardian as soon as it becomes available.
  • Access mobile versions of websites as they are usually not blocked. In addition, connecting to mobile websites provides for faster connections.

• Digital cameras
  • Use scrubbing software such as: JPEG stripper to remove the metadata (Exif data) from your pictures before you upload/email.
  • Have a safe Secure Digital Card (SD) that you can swap in. Preferably, use a mini SD card with a mini SD-SD converter. Then place the mini SD into a compatible phone for safekeeping.

• Computers/Laptops
  • Use an effective anti-virus program and ensure it updates itself online at least once a day: TMIS, McAfee, Symantec/Norton, AVG, Avira, NOD32, Kaspersky.
  • Do not use illegal, cracked, hacked, pwned, warez software.
  • Keep your software programs (operating systems, productivity suites, browsers) up-to-date with the latest software updates.
  • Use software to encrypt your hard drive: Bitlocker, TrueCrypt, PGP Whole Disk Encryption, Check Point, Dekart Private Disk.
  • Use a different file type to hide your sensitive files. For example, the .mov file extension will make a large file look like a movie.
  • Mac users can use Little Snitch to track all the data that goes into and out of your computer.
  • From a technical perspective, there’s no such thing as the delete function. Your deleted data is eventually written over with new data. There are two common ways to wipe sensitive data from your hard drive or storage device. You can wipe a single file or you can wipe all of the ‘unallocated’ space on the drive. Eraser is a free and open-source secure deletion tool that is extremely easy to use.

• Flash disks
  • StealthySurfer USB Flash Drive
  • The secure browsing Tor software can be installed on flash disk.
  • Using a USB watch calls less attention as do the USB ear rings and this credit card USB flash disk.

• Email communication
  • Use https when using Gmail.
  • Use encrypted email platforms such as Hushmail and RiseUp.

• Browsers and websites
  • Use Firefox and get certain plugins to follow website tracking such as ghostery and adblock, adart to remove ads/trackers.
  • User Tor software or Psiphon to browse privately and securely.
  • I shan’t list access points for secure browsers, Proxy servers and VPNs here. Please email me for a list.
  • Always use https in “Settings/General/Browser Connection.”

• VoIP
  • Use Skype but not TOM Skype (Chinese version). Note that Skype is not necessarily 100% secure since no one has access to the source code to verify.
  • Off The Record (OTR) is a good encryption plugin. For example, use Pidgin with OTR (you need to add the plug-in yourself).
  • Gizmo offer encryption for voice conversations, and then only if you are calling another VoIP user, as opposed to a mobile or landline telephone. However, because neither application is open-source, independent experts have been unable to test them fully and ensure that they are secure.
  • Adium is a free IM application for Macs with built-in OTR encryption that integrates most other IM applications.

• Blogs and social networking platforms
  • There are no safe social networks.  The best way to be safe on a social network is fake account and a proxy server.
  • The anonymous blogging platform Invisiblog no longer exists, so the best bet now is WordPress + Proxy (preferably Tor) + anonymity of content.
  • Log out of facebook.com when not using the site.

• File sharing
  • Use Drop.io to create a private, secure media sharing site.
  • Use BasecampHQ with secure/SSL option to create more specific usernames and passwords for each user or remote site.

• Internet Cafe
  • Tor can be installed on flash disk and used at Internet cafe and also used from LiveCDs if flash drives are not allowed.

• Other potential tech
  
  • LiveScribe (see explanation here).
  • FreedomFone

Conclusion

The above material was collected in part from these sources:

• Tactical Tech’s Mobiles-in-a-Box and Security-in-a-Box;
• MobileActive’s Mobile Security
• FreeBeagles;
• FLOSS Manuals;
• Feedback from DigiActive and Digital Democracy;
• Personal experience and that of other colleagues in the field.

As mentioned above, please send suggestions and/or corrections as well as updates. And again, please do check the comments below. Thanks!

Patrick Philippe Meier

Hacktivism är ett begrepp som inte har fått så stort genomslag ännu. Förhoppningsvis kan The Pirate Bay och andra pirater ändra på det nu.

Den senaste tidens händelser i Iran, med protester mot vad många anser vara valfusk, har lett till att den iranska regimen blockerar allt fler tjänster på internet. Facebook, Twitter och andra sociala nätverk går inte längre att nå från Iran.

Hoppet är dock inte ute. Genom insatser från The Pirate Bay och flera andra hoppas man att kunna kringgå de blockeringar som finns och dessutom att kunna anonymisera användarna så att regimen inte vet vem som skaffat sig åtkomst till tjänsterna.

Denna typ av aktivism på nätet är vad som kallas hacktivism.  Internet blir ett helt nytt verktyg i kampen mot förtryck och ger möjligheter till en helt ny slags aktivism. Den stora vinsten här är att man kan hjälpa demokratikämpar och andra aktivister i länder som styrs av diktaturer som censurerar alla medier som de inte själva kontrollerar. Genom att hjälpa människor att kringgå denna censur skapar man möjligheter för förändring i landet. Dels genom att man ger oppositionella en säker kanal för kommunikation och därmed möjlighet att organisera sig. Dels genom att fri information kan upplysa fler medborgare om de brott regimerna begår och på så sätt skapa opinion mot förtrycket.

Jag hoppas att det här bara är det första exemplet på lyckad hacktivism och att vi kan få se början till förändring i diktatur efter diktatur tack vare deras insatser.

Intressant?

Update, June 16

Important! read #iranelection cyberwar guide for beginners

and How to setup a proxy for Iran citizens (for Windows!)

I’ve removed the gadget from my sidebar.

Original post

Iranian protesters are using any means possible to co-ordinate actions, gather and share intelligence, and provide the world with a constant stream of documented real-time information. They are twittering live from the clashes in the student halls and the protests on the street, posting images and videos of events as they unfold.

The Iranian authorities are doing all they can to block communications. SMS is blocked, websites hacked or firewalled, TV and Radio are obviously useless.

The protesters need constant supply of proxy servers. These servers are used to bypass the government blocks on Internet sites and messaging services. Of course, once the addresses of these servers are made public, its only a matter of time until the government blocks them. So its a constant race. There’s a chicken & egg problem here, in order to get the proxy server addresses you need to have an open communication channel.

Many people are using twitter to share the addresses of proxies as they emerge. What we need is a mechanism which would allow mass sharing of these numbers. Here’s a simple scenario: someone sets up a service which collects proxy server announcements from twitter and posts them on a site, with an outgoing RSS feed. that feed can then be syndicated and embedded in any site around the world, thus replicating the information and making it hard for the goverment to block it.

Should be easy for someone with the right skills & infrastructure, no?

UPDATE

I just posted this idea on twitter, and within 2 minutes got a response:

@yishaym Would this search/feed be useful to you:

iran proxy OR proxies – Twitter Search

#iranelection

thatalias

Update 2

@PsiphonInc says:

#Psiphon proxy node for #iranelection http://digg.com/u15jQN No download Just click&surf w/out #censorship

99% of the time twitter is TWOTer (Total Waste of Time). Then comes #cairospeech or #iranelection.

The Daily Dish reports that the Iraninan regime has locked down all other communications, but Twitter is live.

Follow the events on #iranelection

And on http://iran.twazzup.com/

renjie has a list of Twitterers posting from inside Iran (via Reddit)

follow them. show them that they are not alone.

Originally Posted on Google Blogger 02/24/2008

Using the definition above as a guide, I can say that: The Army of Davids is a group of individuals banding together to disrupt the on-line activities of individuals, groups, and organizations that support terrorism. We believe the use of legally ambiguous digital tools and electronically unethical methods is a justified means of fighting terrorism. The Army of Davids does not support the use of physical violence or illegal activities as a viable means to obtaining our goals.
 
Over the next several weeks, I’ll introduce you to the specific methods The Army of Davids will use to disrupt the on-line activities of individuals, groups, and organizations that support terrorism. These methods will include virtual sit-ins, domain/site adoption, electronic disturbances, direct interception/provocation, public awareness campaigns, and web site parodies. You will learn what to do, how to cover your tracks, the legal risks (both criminal and civil), and things to avoid. I’ll also include examples of others who have successfully (and some not-so-successfully) pulled off similar actions. Then I’ll let you know if The Army of Davids will be using that method and why.

After that, I’ll begin to post initial Operations. Operations are “plans to employ specific actions and activities towards specific targets”. The following template will be used for each operation:

• Operation Name: Everything has got to have a name so we can communicate about it.
• Operation Dates: The date the Operation will occur. Operations can be one day or many months long.
• Operation Contact: Contact information for the person who will be directing the Operation.
• Method: The method being used for the Operation. There may be one or more methods used.
• Criminal Risk: What is the risk that someone will bring criminal charges against an Operation’s participants?
• Civil Risk: What is the risk that someone will bring civil suit against an Operation’s participants?
• Reprisal Risk: What is the risk that the Target will employ illegal means to seek revenge against an Operation’s participants?
• Prerequisites: Essentially anything that needs to be done to (1) limit risks (2) maintain anonymity, and (3) ensure successful completion.
• Target: Self-explanatory.
• Background: Why? Why is this individual, group, or organization a Target? What info supports them being a viable Target? Where did I get my background info from? I’ll give you all the info you need to come to the same conclusion I did. And I’ll give you plenty of time to do your own research beforehand.
• Footprint: Information about the Target’s electronic footprint. You’ll understand this one when you see it.

Thanks to everyone who has sent tweets and emails about The Army of Davids. Thank you for being interested in standing up and doing something about terrorism. And thank you for being supportive. We are individuals. But if we work together, we can slay the dragon. I just know we can!

I see smart people who have decided to use technology to do something about terrorism!

Originally Posted on Google Blogger 02/09/2008

A few days ago I sent a cryptic tweet that said “the first Army of Davids Event is coming soon”. I realized that, before creating the event, I might need to explain it to everyone. And that is the purpose of this post.

In 2007, Glenn Reynolds wrote an interesting book titled An Army of Davids: How Markets and Technology Empower Ordinary People to Beat Big Media, Big Government, and Other Goliaths. The title of the book adequately conveys its message, so I don’t feel the need to go into that detail here.

I got my first taste of the impact of social media during the Obama campaign. It was so successful that conservative republicans have galvanized on Twitter via the TCOT (Top Conservatives on Twitter) hash tag. That is supported by a TCOT website that provides social media mentoring to new members. All this – in an effort to get the conservative message to new audiences.

Next up was the Israeli Offensive in the Gaza Strip. This political hotbed generated a lot of tweeting. The #hamas, #gaza, and #israel hash tags were born in quick succession. The Israeli Consulate, the Israel Defense Forces, and other Israel position supporters began showing up on Twitter. A regular re-tweet directed supporters of Israel to a number of newly created pro-Israel websites. One of those sites even provided an aggregate of anti-Israeli news from around the world, coached supporters on how to create a proper response to negative press, and then managed who was responding to what! All this to counter the Hamas propaganda machine.

I think the use of social media to address political goals, sell a product, or gain supporters for a cause is awesome. The cause I am most passionate about is this: I’d like to make it hard for US-based websites that promote terrorism to exist.

Up to this point, I have (as an individual) located and footprinted a few of these websites. I’ve created false accounts on their forums, and posted tons of anti-terrorism messages. I know, it’s only a nuisance, but it was legal and [deeply] satisfying.

In many cases, I’ve discovered that the owner of the site is an American or is living in the US on a visa. It is disturbing to find “death to America” or “death to Americans” all over these websites – websites owned by people who are enjoying what our country has to offer.

After speaking to others about my passion and how I might disrupt these websites (i.e. become a nuisance to them so they will move along), I’ve come up with some good (and legal) ideas. Sure, they’ll just spend a few bucks and a few hours to create a new site. That’s OK – that is a few bucks they won’t have for weapons or bombs, and a few hours they won’t have to plot our demise. They create a new site and guess what? I find them again. And again. And again.

To effectively harass these sites, I will need an Army of Davids. I will need you. And this is what the Army of Davids Events are all about. I’ll send a tweet directing folks to my blog for event info. The blog will include the location of the site, the date and time of the event, and all the specifics.

What might an event be? Well, we might all decide to visit the same site at the same time. I sincerely hope the site doesn’t crash with all those visitors. You folks with FireFox need to watch your auto-refresh settings. We might camp the domain registration as it nears its expiration. Then swoop in and buy it up. We might fill up their message boards with tons of anti-terrorism posts. Or we might “out them” to the public via a coordinated propaganda campaign. There are tons of things we can do to mess up their day. Tons. Literally.

Am I supporting illegal activities? Heavens no. I am not planning on doing anything illegal. And I am not supporting illegal activities.

Will the terrorist supporters come after you? Each event will be structured to maximize your security and anonymity. All the risk is mine to bear.

When is the first event? I am currently researching several sites. Before I share anything with you I must confirm (beyond a shadow of a doubt) that the site is supporting terrorism, that the site is not a honeypot meant for terrorists, and that the site is not hosted by a third party – only then will I even consider planning the event.

Why am I doing this? Because I am sick and tired of no one doing anything about these sites. Plain and simple. If I could rid the world of these sites, I would. But I can’t. The most I can do is become an annoyance. Doing something, even a small thing, makes me feel better.

Just think of the fly that continually buzzes your face. Even though you know the fly can’t hurt you, you still desperately want it to go away.

Why should you join me? Because you are sick and tired of no one doing anything about these sites. And because maybe, just maybe, you’ll get a small measure of enjoyment out of it.

Welcome to the Army of Davids. I am CinnabarSweets, your Event Coordinator.

I see smart people who use technology to tackle big obstacles.

Originally Posted on Google Blogger 01/14/2008

The Israeli operation in Gaza is a common topic on social media networks. Sites like Twitter provide supporters of both sides the opportunity to debate the issues and express their views. Tweets reporting the latest news fuel the constant debate. Some tweets share links to websites that support either side of the debate. A recent tweet linked #gaza hashtag readers to www.boycottisraeligoods.org. This site provides lists of companies that have invested in the Israel market or do business in Israel, and Israeli products.

I learned about the site when a fellow (pro-Israel) Tweeter sent me a link and asked me to support the businesses and products on the list. I think it’s brilliant to use an anti-Israeli site, for pro-Israeli purposes! That may be the subject of a future blog. Being the curious person that I am, this blog is about what I found while investigating the origins of the site.

A quick whois search on the Public Interest Registry, provided the site’s registrant: Mazin Qumisyeh. I would post his current location info and email, but that would be unfair to him. I don’t like what I’ve read about this person, but he is a human being and his safety and privacy are paramount.

My friend (and yours) Mr. Google, provides the mother-lode of info on Qumisyeh, including:

The 2003 Yale Herald article “When Free Speech Costs a Career” covers Qumsiyeh’s downfall as a Yale Associate Professor of cytogenetic services. Qumsiyeh, “born a Lutheran in Palestine… was working as the national treasurer of Al-Awda, the Palestine Right to Return Coalition”, when he “sent an email to a Yale anti-war group listing the membership roster of the Yale Friends for Israel and labeled it a “pro-war cabal”. ” The resulting controversy surrounding Qumsiyeh’s extreme opinion, expressed so publicly, was likely the cause for Yale’s failure to renew Qumsiyeh’s contract in 2004.

Unfortunately his profile is still available on a Yale Department of Genetics website. They really should clean up their websites, aren’t they supposed to be smart?!?!

A Front Page Magazine article “A Tale of Two Palestinians” includes this summary of the Yale debacle “In May of 2003, Dr. Qumsiyeh was embroiled in an unauthorized abuse of the email system at Yale with overtones of anti-Semitism that roiled the campus for months. In November, 2004, Qumsiyeh was a prominent speaker at a memorial held in New Haven in honor of the late Palestinian terrorist leader and renowned murderer, Yasser Arafat. Last October at Duke University during a controversial Palestinian Solidarity Movement conference held there, investigative journalist Lee Kaplan heard Dr. Qumsiyeh say that “Zionism is a disease.” Qumsiyeh, according to Kaplan’s account, “denounced the Jewish state’s existence and cited texts that he claimed proved “Nazi-Zionist collaboration existed during the Holocaust.” He also stated that all Jews must leave the land of Israel while claiming to abhor nationalism of any kind.”

If you’ve ever wanted to put a face on the anti-Israeli side of the events in the Middle East, and indeed, the world…let that face be Qumsiyeh.

I see the enemy. He is in plain site – blinded by loyalty born not of reason, but of fanatical racial hatred. The enemy is an idiot.