After the exploit code for a new vulnerability in Internet Explorer was released, a new malware that exploits the said vulnerability was discovered. Trend Micro has detected a JavaScript malware JS_DLOADER.BXR that exploits this vulnerability to remotely execute code.
As this vulnerability is unpatched, users are urged to disable ActiveScripting as described in the previous posting.
UPDATE: Trend Micro has created a detection for the newest IE vulnerability, EXPL_TXTRANGE.A.
Blogs are now fast becoming sources of information. Some companies have already grasped the impact of blogs to their companies, and so some of them are already incorporating blogs not only as a disseminator of information but also as a marketing tool.
For those who are curious about malware, several second-tier antivirus companies have blogs. Unfortunately, first-tier companies – the so-called Big Three (Symantec, McAfee, Trend Micro) – don’t have blogs. All of them has an encyclopedia of sorts (Trend Micro is more comprehensive), but try looking for a specific malware on those encyclopedias, and you’ll get what I mean. It’s like looking for a needle in a stack of needles.
Anyway, here are the blogs of two antivirus companies:
When will the Big Three catch up? Would they even blog?
The bosses of those companies might ask: why bother? Most blogs are RSS-capable; it means that news readers can access blog posts, without the user even visiting the Web site. It is a fast platform to release information. It removes the middle man when disseminating information, so there is no more constraint on the fast availability of information. No need to wait for publication, no need for press releases. And bloggers do link a lot, so you can generate buzz through blogs. There’s no need for large capital outlay, since the infrastructure is there, only the software needs to be acquired or developed.
Here’s hoping that they do so soon.
(NOTE: This is the 100th entry on this blog, though it is not actually the 100th according to the post ID.)
Yesterday, I posted an advisory about another vulnerability in Internet Explorer. Now, an exploit code that takes advantage of this vulnerability has been released, as reported in Security Focus and in SANS Internet Storm Center. This is a zero-day exploit.
Microsoft has already posted a Security Advisory on this, and has made several suggestions on how to mitigate this problem while a patch is being prepared.
The best workaround is to disable ActiveScripting in the meanwhile; you also set the browser to prompt the user before running ActiveScripting, if you don’t want to disable it:
1. In Internet Explorer, click Internet Options on the Tools menu.
2. Click the Security tab.
3. Click Internet, and then click Custom Level.
4. Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.
5. Click Local intranet, and then click Custom Level.
6. Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.
7. Click OK two times to return to Internet Explorer.
Since this vulnerability allows for a remote code execution, IE users are advised to be careful about browsing, and to apply the suggested mitigation until a patch is released.
A new vulnerability in the ubiquitous Web browser Internet Explorer has been discovered. Secunia rates the vulnerability as highly critical, since successful exploitation of this may cause remote code execution. As of now, no patch is available from Microsoft.
Another zero-day exploit in the making? Who knows?
Maybe that’s why they are delaying the release of Vista. They wanted to make sure that the OS will not have any security holes that anyone can exploit. Remember Sasser? Blaster? Slammer?
I was researching on philosophies regarding man and the state, and social contract is the most prominent among them; in fact, most democracies are based on this theory. Three individuals stand out in theorizing this social contract – Thomas Hobbes, John Locke, and Jean Jacques Rousseau. This post will be a part of a series of musings on the social contract theory. This is an amateur attempt; there will be deficiencies and logical holes, and thus the series will be continuously evolving.
John Locke was a contemporary of Thomas Hobbes. He too rejected the divine rights theory, and he also used the State of Nature to explain why men entered into a social contract. His idea of the social contract differed also with that of Hobbes.
According to Locke, the State of Nature is the natural state of perfect and complete liberty, which Hobbes holds as true. However, Locke says that this complete liberty does not give man a state of license. While there is no Sovereign nor government in the State of Nature, it is a state guided by morality. Every person is governed by the Law of Nature, which commands man not to harm one another. The State of Nature is the state of perfect liberty that is bound by the Law of Nature.
Unlike Hobbes’ State of Nature, Locke’s State of Nature is not a perpetual state of war. It can turn into a state of war when man declares war against each other. Since there is no mechanism where a man can turn to when things go wrong, and since the Law of Nature allows man to defend himself, a man may resort to force to counter the force that another man may impose on him. Locke believes that man must abandon the State of Nature to avoid this conflict.
Locke’s social contract is based on the premise of property. According to him, when a man uses raw materials with his labor, he creates private property.The Law of Nature limits what one man can own; since resources are limited, man is not allowed to make property more than what he needs, so that others can survive, too. It is the protection of their property, Locke argues, that men left the State of Nature.
Locke’s State of Nature is different from Hobbes’, where the state is populated by man. Rather, according to Locke, it is populated by a “conjugal society” – parents and children. The men, representing their families, agree to give up control and hand over that power to an entity called government. Since they have submitted to this arrangement, they have become subject to the will of the many, they have become members of a body. One can only join that body through his explicit consent. That body gave them what they did not had in the State of Nature: law, men to adjudicate laws, and men empowered to enforce these laws. Every man gives over the power to protect his property to the body that was created.
Men entered this social contract to preserve their property, lives, and liberty. When the persons designated to enforce laws abused their powers, the result is that the persons in power return to the State of Nature, and at war with those who appointed them. Since their property is threatened, and the powers-that-be act against the interests of the people, they have the right to resist the authority that they gave to the powers-that-be. The social contract is then dissolved and a new social contract is entered into.
(You may download the Second Treatise of John Locke at Project Gutenberg. Most of the data here are taken from the Internet Encyclopedia of Philosophy.)
Hobbes and Locked differed on two things: (1) on the State of Nature; and (2) on what happens if the social contract is violated. Hobbes’ State of Nature is one of perpetual chaos, where every man fends for himself, and looks after his own interest. As for Locke, the State of Nature is one of possible chaos, since man is governed by the Law of Nature, and only by violating the Law, and the lack of an authority where man can seek redress, will the State of Nature turn chaotic.
Both agreed that men left the State of Nature to form a body with its members bound by a social contract, where every one agreed to submit themselves to an authority that they will designate. This body is the government – which a part of it can make laws, another part enforces them, and another part interprets them in case of disputes. When this social contract is violated, the two thinkers parted in opinion: Hobbes believe in the absolutism of the contract – there is no turning back. To Locke, once the government has exceeded its grip and threatens the people, the people has the right to dissolve the contract (which means dissolving the government) and enter into another one.
John Locke saw certain conditions wherein possible violations of the social contract may happen, and he thought of a way for the people to get out of those conditions. His ideas inspired democratic revolutions, most notably the American Revolution. And to me, this is one justification why EDSA had to happen in 1986.
Maybe Gloria Arroyo is reading the Philippine Commentary and Philippine Politics 04.
Both bloggers, most notably DJB (of Philippine Commentary), are logically arguing that EDSA 2 was a planned coup d’ etat that turned into a mutiny that was legitimized by the Davide Supreme Court. For a sample of their comments, read: Davide Supreme Court Legitimized Military Mutiny As A Basis for 2001 Regime Change, What GMA said before COPA members back in Feb. 21, 2001, and NEWS FLASH: MILITARY COUP TOPPLES PHILIPPINE PRESIDENT (with help from Communists and Leftists).
Then read the news: Arroyo rues her liaison with militants, Ghost of Edsa past haunts Gloria, and 4 militant lawmakers accuse Arroyo of conspiracy.
Now, to connect the two: Gloria Arroyo is now – slowly but surely – killing the concept of EDSA as an instrument of change. First, she proclaimed a state of emergency, ironically in the 20th Anniversary of EDSA 1, ostensibly to stop an impending “coup”; most thinkers believe she did it so that she can disperse all rallies that could potentially turn into an EDSA crowd. Second, military officers who had intention of “withdrawing support” (which is another term for mutiny, as DJB says) or who are believed to be unreliable are tagged as coup plotters. Third, she had party list congressmen arrested for charges of rebellion. The three elements of EDSA2 – the military, the Leftists, and the crowd – she had CPR’d.
Her attempts at the media was less successful. The media is another element of EDSA 2, and this element is what she really wanted to stop, if not control. To control the media is an Orwellian trick: when you can’t even know what the reality is. It is information that will shape opinions and actions; if you have control of information, you have control on the thinking of the people.
Mike Arroyo admitted that they conspired with the military before and during EDSA 2. They had conspired with the Leftists, as Cong. Satur Ocampo said, which Arroyo had verified implicitly when she said she rued meeting them. So she should know how to stop others from ousting her. She had done it before, and she knows it can be done against her. Hence, her pre-emptive actions. Her goal: destroy the legacy of EDSA. She is trying to prove – in a convoluted route – that EDSA, particularly EDSA 2, was wrong.
Which is being shared implicitly by those who went to EDSA in January 2001 and who now refuse to go to EDSA to unseat Arroyo. Basically, they say, yeah, we have done that, but look where we are now? Not again, they say.
I was researching on philosophies regarding man and the state, and social contract is the most prominent among them; in fact, most democracies are based on this theory. Three individuals stand out in theorizing this social contract – Thomas Hobbes, John Locke, and Jean Jacques Rousseau. This post will be a part of a series of musings on the social contract theory. This is an amateur attempt; there will be deficiencies and logical holes, and thus the series will be continuously evolving.
is the view that persons’ moral and/or political obligations are dependent upon a contract or agreement between them to form society.
Now, read both links to get an appreciation of this theory, and then think about it in the context of the situation we are in.
Thomas Hobbes believes that man protects his own self-interests; that is, he acts in accordance to what man believes is to his own benefit. While this is not an ideal aspiration, it is realistic; the seemingly apathetic attitude that the silent majority in our midst is, to my opinion, based on this. What is in it for me, they might ask.
Now, Hobbes also believes that man is reasonable. Man uses his intellect to achieve his goals efficiently; he is willing to sacrifice something if it will be a mean to his end. This is something that all of us would do; and if you scratch my back, I will scratch yours.
These two beliefs establishes Hobbes theory on man’s political obligation to the State. To quote the Internet Encyclopedia of Philosophy:
According to Hobbes, the justification for political obligation is this: given that men are naturally self-interested, yet they are rational, they will choose to submit to the authority of a Sovereign in order to be able to live in a civil society, which is conducive to their own interests.
He justified the matter through the concept of the State of Nature. In this concept, man is free to do as he pleases, being exclusively interested in one’s self-interest. Since he thinks everyone is equal, this ends in a brutal stalemate; man lives in a fear that someone will supplant him in espousing their self-interests. Since resources are limited, it’s every one for himself. In short, this self-interest boils down to self-preservation. These conditions, says Hobbes, are intolerable; it is “the state of perpetual and unavoidable war”.
To escape this infinite loop, Hobbes says that man enters into a social contract, which has the following provisions:
When we say man renounces his rights, it doesn’t mean that he loses his rights; rather, his rights, under the contract, are subsumed to the best interest of the society. He has his rights, but it is in the context of what is the best for the society.
Also, when man enters in this contract, man agrees to live together with others under common laws. The State is given the means to enforce this contract and the common laws. And the pitfall of Hobbes thinking is in this: even if the State manages the affairs poorly, “we are never justified in resisting his power because it is the only thing which stands between us and what we most want to avoid, the State of Nature.”
(Pls. read Hobbes’ Leviathan, which you can read for free, from Project Gutenberg.)
When we read or hear the arguments of the silent majority, the seemingly common thought is that “rocking the boat”, challenging the status quo is against their self-interests. This thought is best exemplified by one epistolary writer (which I think began the epistolary battle) who wrote, “We are prepared to lose our freedoms and our rights just to move this country forward.” This line is pregnant with meaning, and I think it boils down to self-interest – in the context of the social contract, the silent majority believes that the country moving forward will be to their own interests, and thus when the State believes that individual rights should be limited, members of the society, being reasonable, will not object.
Also, by the argument that there is no justification in overthrowing the instrument of State, which is the Arroyo administration, all calls and efforts to overthrow it are violations of this social contract. The silent majority, perhaps unconsciously, espouses this thinking, therefore fulfilling their obligations as stipulated in the contract.
Let’s put Hobbes’ theory in context: most historians argue that Hobbes chose to justify the status quo of his times – the time of the English Civil War (1642-1648). He rejected the divine rights theory, and at the same time rejected the parliamentarian view that the Sovereign and the parliament shares powers. For a historical perspective, see here. By choosing to argue in this way, not only did Hobbes reject the two contending issues of his time, he also managed to retain a sense of status quo.
Now, what if the State is acting in violation of the social contract? John Locke and Jean Jacques Rousseau tried to answer this question. More on that on the next posts.
They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. – Benjamin Franklin
What is the best way to protest?
The so-called silent majority has lambasted ad nauseam the protest rallies, calling them useless and disruptive. Some of them are silently (as that is the only way they react) glad of CPR, for it had rid them of nuisances called rallies. If only those office workers could vote at Makati (where they work), Jejomar Binay should kiss his political career goodbye. There is truth in the assertion that rallies are disruptive; after all, rallies happen in public roads, and they cause traffic. They inconvenience a lot of people and leave loads of garbage.
Afterall, rallies are organized to get the majority’s attention. They do get the needed attention, alright, but the reaction is almost always negative. Hence, those I-am-angry-sorry-I’m-for-Gloria-letters-of-apology. Hence, CPR.
Some consider rallies as ineffective in expressing outrage and protest. New forms of protests are being tried and tested. From blog posts to forum posts to email rants, people are beginning to express what they feel. Yet, these acts are lambasted, ridiculed, attacked with ad hominem statements. These are the same people who are angry of rallyists and protesters. Now that protesters are trying new methods, the silent majority are still angry.
I’ve never read that I-am-angry-from-a-middle-class letter. I hate spam, and I delete them immediately when I see them at my inbox. They have the right to say what they want, but I do have my right to ignore them. I respect their rights; do they respect those of the protesters?
Sure, practicing your rights doesn’t mean you can inconvenience your fellow with impunity. But what is inconvenience as compared to suppression? By keeping quiet, you are condoning what is wrong; by keeping silent, you are as guilty as the oppressor. You are as guilty as that of the offender.
So I rephrase Benjamin Franklin: Those who who do not respect the freedom of expression to satisfy their sense of comfort does not deserve freedom of expression and sense of comfort.
Anyway, the flash mob protest is not new, but it is now being tested as a new form of protest here in this country. The Black and White Movement has succeeded in organizing two of them; both were derided by the silent majority as cheap gimmicks. Again, the silent majority hated rallies; now they hate flash mob protests. They want the others to just shut up.
I tell them: shut up.
(To give you a representative sample of the reactions of the so-called silent majority, try reading the comments from this entry from Paolo Manalo.)
Anyway, the third flash mob protest ended as a failure, a victim of Gloria Arroyo’s CPR policy. Here is Black and White’s statement and retelling of what had happened the night of March 17. Atty. Edwin Lacierda retells the story in the point of view of a lawyer in the scene here and here.
Again, I ask the silent majority: what is the best way to protest? Shutting up is not an option; if someone wanted to exercise his right, you don’t have the power to stop him. You hated rallies, you scorn flash mob protests, you look down forum and blog comments that do not agree with yours. Ano ba talaga, kuya?
Indeed, the government that we have is just a mirror of the society that it serves. EO 464, Proc. 1017, CPR – the silent majority wanted those. Majority rules, but that doesn’t mean I agree with them, much less believe them as right. That doesn’t mean I will just shut up. No way.
The calibrated preemptive response (CPR) is an Arroyo administration policy that replaced the maximum tolerance policy with regards to protest rallies. In CPR, rallies without permits will be dispersed.
CPR is redefined when participants in the Black Friday protest at Baywalk were barred from getting there by the Manila Police. Some of the well-known persons like Dinky Soliman and Black and White’s Enteng Romano were even arrested for alleged illegal assembly.
CPR is no longer limited to dispersing rallies without permits. CPR will now be applied even before protests begin. Now that’s preemptive, alright.
And who knows, come 2007 election campaign, rallies by opposition candidates will be dispersed because of CPR.