Emergency! Emergency! Java 7 Could Kill You!

The people at www.us-cert.gov tell us there is a Java exploit that might allow some attacker to take over your computer (if you're insanely stupid about your browsing and email habits). They say, "Web browsers using the Java 7 plug-in are at high risk."

Yes, it could be serious, if the attacker steals your identity and all your money. They say, "To defend against this and future Java vulnerabilities, disable Java in web browsers". Future Java vulnerabilities? Why not disable everything? In fact, you should just stay in bed.

In another story, President Obama is poised to impose an executive order that would infringe on The Constitution (the second amendment, but it really doesn't matter which), and ... (crickets). It's too bad we can't simply disable Barack Obama in our browsers, to prevent this and future threats. This is much more serious. It isn't mere trifles such as your computer, your identity and all your money; it's your life, liberty and pursuit of happiness!

Perspective, perspective, perspective...

-----Original Message-----
From: US-CERT Alerts [mailto:technical-alerts@us-cert.gov] 
Sent: Thursday, January 10, 2013 2:53 PM
To: technical-alerts@us-cert.gov
Subject: US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Awareness System

US-CERT Alert TA13-010A
Oracle Java 7 Security Manager Bypass Vulnerability

Original release date: January 10, 2013
Last revised: --

Systems Affected

     Any system using Oracle Java 7 (1.7, 1.7.0) including

     * Java Platform Standard Edition 7 (Java SE 7)
     * Java SE Development Kit (JDK 7)
     * Java SE Runtime Environment (JRE 7)

     All versions of Java 7 through update 10 are affected.  Web
     browsers using the Java 7 plug-in are at high risk.


Overview

   A vulnerability in the way Java 7 restricts the permissions of Java
   applets could allow an attacker to execute arbitrary commands on a
   vulnerable system.


Description

   A vulnerability in the Java Security Manager allows a Java applet
   to grant itself permission to execute arbitrary code. An attacker
   could use social engineering techniques to entice a user to visit a
   link to a website hosting a malicious Java applet. An attacker
   could also compromise a legitimate web site and upload a malicious
   Java applet (a "drive-by download" attack).

   Any web browser using the Java 7 plug-in is affected. The Java
   Deployment Toolkit plug-in and Java Web Start can also be used as
   attack vectors.

   Reports indicate this vulnerability is being actively exploited,
   and exploit code is publicly available.

   Further technical details are available in Vulnerability Note
   VU#625617.


Impact

   By convincing a user to load a malicious Java applet or Java
   Network Launching Protocol (JNLP) file, an attacker could execute
   arbitrary code on a vulnerable system with the privileges of the
   Java plug-in process.


Solution

   Disable Java in web browsers

   This and previous Java vulnerabilities have been widely targeted by
   attackers, and new Java vulnerabilities are likely to be
   discovered. To defend against this and future Java vulnerabilities,
   disable Java in web browsers.

   Starting with Java 7 Update 10, it is possible to disable Java
   content in web browsers through the Java control panel applet. From
   Setting the Security Level of the Java Client:

   For installations where the highest level of security is required,
   it is possible to entirely prevent any Java apps (signed or
   unsigned) from running in a browser by de-selecting Enable Java
   content in the browser in the Java Control Panel under the Security
   tab.

   If you are unable to update to Java 7 Update 10 please see the
   solution section of Vulnerability Note VU#636312 for instructions
   on how to disable Java on a per browser basis.


References

 * Vulnerability Note VU#625617
   

 * Setting the Security Level of the Java Client
   

 * The Security Manager
   

 * How to disable the Java web plug-in in Safari
   

 * How to turn off Java applets
   

 * NoScript
   

 * Securing Your Web Browser
   

 * Vulnerability Note VU#636312
   


Revision History

  January 10, 2013: Initial release

 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to  with "TA13-010A Feedback VU#625617" in
   the subject.
 ____________________________________________________________________

   Produced by US-CERT, a government organization.
 ____________________________________________________________________

This product is provided subject to this Notification: 
http://www.us-cert.gov/privacy/notification.html

Privacy & Use policy: 
http://www.us-cert.gov/privacy/

This document can also be found at
http://www.us-cert.gov/cas/techalerts/TA13-010A.html

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBUO83IXdnhE8Qi3ZhAQLdxQf6A2LhLrArDieg41fxTuIViOXbgH6fZrDt
6bODaZIeTcvQfMMURbUb8MnTQEe7ogNbytb+XQaEzXE6A0YMdWp+93TxFy80wUI0
VpF0lBDwNyeAlwtzicLSQa5oa5Me0k5KPVUn9/mFJZh5Ff0cYjW1dt8dfXJUbH9/
OZ6ZJsnJchymJFlVax3Y87yZh9fPQC4n6dJ86CdLXqC9GaBihgBd1DUpborfWYoR
njvrtbcX+7iy+J8fS2C8/JtnQ5M+uilvqxrdU/Z9SdmebIF5HQjafLae9OmwH7Te
nxUcwwmuNqIA1Y9aN2DrStv+HnTi121DIxyaVgNOKjPnO/t5mDPKlw==
=xi3d
-----END PGP SIGNATURE-----

Toys for Boys, or Tools for Patriots?

Amendment II -- A well regulated militia being necessary to the security of a free state, the right of the people to keep and bear arms shall not be infringed.

There are a lot of people saying that we're about to cross a line here, to which I have to ask, "what part of infringed do you not understand?" The word means weaken, destroy, violate, encroach. Folks, we crossed that line a long time ago!

Here's my concern: I have always said that The Constitution of the United States is still the official specification for the US government; the binding contract between We the People and our government. Any regime that distorts, deconstructs or disregards it is untrustworthy and dangerous. If we crossed that line a long time ago, what does that say about the regime? What does that say about We the People, for tolerating it?

By the way, it isn't just the second amendment at risk here. In 1913, congress abrogated its responsibility to regulate the money supply, and created The Federal Reserve System. We did nothing. In 1935, the regime imposed a mandatory retirement plan called Social Security. We did nothing. In 1965, the regime imposed a mandatory health care plan called Medicare. We did nothing. In 2011, the regime imposed a mandatory health care plan called ObamaCare. We re-elected them! It may be debatable whether these are great services, but they are "feature creep" -- grotesque usurpations of power, to name just a few, but we tolerate them. So, what does that say about us, indeed?

Dear reader, this is where the rubber hits the road: are we going to allow our government to infringe on our constitutionally guaranteed rights, or not? If not, what are we going to do about it? This is a scary question that separates the men from the boys. It's a deadly serious question. It isn't a radical question; it is the most conservative, liberal (in the truest sense of the words), question there is. Think carefully.

An article entitled, If They Come for Your Guns, Do You Have a Responsibility to Fight? has gone viral on the web. It's the kind of stuff that gets people labeled as extremists. But is it extreme to demand that government live by its own rules? If government won't, isn't it up to We the People to force it to? The author makes some provocative arguments. You should go read it. I'll wait here.

The Constitution has been so effective at constraining government for the first 150 or so years, that we have become too complacent, too trusting of our government. As a culture, we have forgotten how easy it is to lose our freedom. Thomas Jefferson noted in The Declaration of Independence, 

Prudence, indeed, will dictate that governments long established should not be changed for light and transient causes; and accordingly all experience hath shown that mankind are more disposed to suffer, while evils are sufferable, than to right themselves by abolishing the forms to which they are accustomed. But when a long train of abuses and usurpations, pursuing invariably the same object evinces a design to reduce them under absolute despotism, it is their right, it is their duty, to throw off such government, and to provide new guards for their future security.

Our government has the might to take, or control our guns any time it wants. It can do it illegally, as it is doing now, or it can do it legally. If there wasn't a danger that government would abuse its power, we wouldn't need the Bill of Rights -- the first ten amendments to The Constitution. But We the People can decide as a nation that the second amendment is obsolete, and repeal it. Then it would be legal for government to attempt to regulate guns out of existence, if anyone really believes that is possible. However, before we throw the baby out with the bath water, we should note that freedom is very empowering. But with great power, comes great responsibility. Freedom is risky. 

For example, the founders put the freedom of speech in the first amendment, to prevent government from persecuting people who discuss politics openly and question the authority of government. That is the benefit. The risk is that people will be irresponsible, and abuse that right. Pornography is a result. Shouting, "fire" in a crowded theater (when there is no fire) is a result. 

Similarly, the second amendment exists for a variety of reasons: hunting, self-defense against wild animals (including humans), and not to put too fine a point on it, to give would-be tyrants and oppressors something to think about. That's the benefit. The risk is that people will be irresponsible, and abuse that right. Gun related crime is a result. Opening fire in a crowded theater (when there are no oppressors) is a result. 

I know that gun ownership isn't for everyone. People focus on the lives lost to gun violence, but can't account for all of the violence that doesn't happen because the bad guys have to guess which good people carry. Responsible gun owners can protect those who choose not to be -- in the vast majority of cases, with nary a gun in sight, nor a shot being fired. 

The illusion is that we can live in a world without risk. The illusion is that government can provide security without abusing the power it would need to provide it. Responsibly equipped, I'd rather take my chances with a few deranged individuals, than I would with a renegade regime that distorts or disregards its constitution in order to provide the illusion of protection and the reality of oppression.

The Trouble With Science

Anthony Watts (Watts Up With That?) posted an article entitled Aliens Cause Global Warming: A Caltech Lecture by Michael Crichton. Crichton presented the lecture on January 17, 2003 -- a decade ago. Watts posted the article in 2010, but I just discovered it. I'm posting this here now because it explains so well the objections I have had to junk science being used to drive faulty public policy and governmental malpractice.

Michael Crichton is of course a well known science fiction writer, known for Westworld, The Andromeda Strain, Jurassic Park, and many others. But he is also a strong critic of junk science and the devolution of science for political ends. He presented many lectures in support of good science. Crichton attended Harvard Medical School, and was a medical doctor. 

Joy To The World -- Part 2

In Joy To The World -- Part 0, I noted that the opposite of Joy isn't sorrow or sadness, joy is the absence of fear.

Two of the most joyous stories in history -- of lasting joy -- are the story of Christmas, and the story of liberty and freedom. I celebrated the story of Christmas in Joy To The World -- Part 1. This is the story of Freedom.

Thomas Jefferson may have said it better than anyone before or since, in The Declaration of Independence:

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.

That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed, That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness. Prudence, indeed, will dictate that Governments long established should not be changed for light and transient causes; and accordingly all experience hath shewn, that mankind are more disposed to suffer, while evils are sufferable, than to right themselves by abolishing the forms to which they are accustomed. But when a long train of abuses and usurpations, pursuing invariably the same Object evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such Government, and to provide new Guards for their future security.

This passage in The Declaration of Independence represents some of the fundamental principles from The Age of Enlightenment, but in itself does not specify any particular form of government. That came later.

Prior to the implementation of The Constitution of the United States, few governments had any written specification that enumerates the powers of government, nor any Bill of Rights. Subjects lived in fear of what the government might do to them (so rarely do they think of what the government might do for them). The constitutionally enumerated powers is the list of things the government does for us -- because we authorize it (or ask it) on our behalf, so that we can mind our own business. The Bill of Rights lists a few of the things that no good government would ever do to us. 

The Constitution represents one of the first attempts to standardize liberty and justice for all. Being written down in the form of a contract, in plain English, any literate citizen can read and understand what it says, and what it means. Consisting of 4543 words, a person can read it in one evening. ObamaCare, by contrast is approximately 2.8 million words, and counting. Do you have any fear that some of those words might affect you adversely? It certainly does not fill me with joy!

It will be of little avail to the people that the laws are made by men of their own choice if the laws be so voluminous that they cannot be read, or so incoherent that they cannot be understood. ~ James Madison

Ya think? The sheer number of bureaucracies that will spring up to implement this ObamaCare monstrosity will dwarf the EPA, which is one of our more oppressive and unconstrained bureaucracies. 

The best way to reduce fear is to give people more options, more control over their own lives. When are we the most fearful? When things are going out of control, like stepping on the brakes on an icy road, careening towards a fiscal cliff. When are we the most joyful? When we manage to stop without flying into the abyss. Of course, there are many things in our lives that we can't control, but government needn't be one of them.

I used to think The Constitution would protect me. It will, but only if We the People insist on it. That hasn't been happening lately. The Constitution can't uphold and defend itself. The American form of government has constitutional protections on our individual rights. Having blown right past the enumerated powers, our government is now eating away at the fringes (infringing) on our Bill of Rights.

I fear that too few voters know what it means to live in a free country. In other words, they have no idea what the difference is between being a citizen and being a subject. If we hope to restore this nation to its full potential, we classical liberals must teach the next generation about the joy of self-determination and individualism.

Principled Legislators

There are still a few legislators out there who are not self-serving vote hustlers. They became legislators to serve the citizens and, swimming against the stream, restore government to its proper role of protecting our natural rights -- instead of the unauthorized role of controlling others and redistributing wealth. They deserve our thanks and support. I'm sure they'd appreciate some support; it's pretty lonely in Olympia for classical liberals.

From their Facebook page:

Making lower taxes, less government, and more freedom a reality since 2012... at the state and local level. If freedom is worth dying for it is worth voting for. Join the fight for freedom today!

Our mission is to restore a constitutional State of Washington based on the Republican form of guaranteed under Article IV, Section4 of The Constitution of the United States, so that our children and grandchildren can live in peace and prosperity and freedom.

 They have an agenda, but it's pro-liberty (unlike some other well-known agendas in the news lately) :

Lower Taxes
1. Balanced Budget Amendment
2. 2/3rds Requirement to Raise Taxes Amendment
3. Protect Small Farms and Businesses (More to Follow)
4. Relieve the Tax Burden on Working Families (More to Follow)

Less Government
5. Regulatory Reform and Fairness Act
6. Protect Private Property Rights (More to Follow)
7. Save our Homes Act (Reducing Property Tax Penalties)
8. Healthcare Freedom Act (Opt Washington Out of Obamacare)
9. Energy Freedom Act (Opt Out of Cap & Trade, Cease Membership in WCI)

More Freedom
10. Protecting the Right to Life (More to Follow)
11. Constitutional Currency Restoration Act
12. Firearms Freedom Act (CCL Expiration Notification and Location Clarification)
13. Protect Right of Conscientious Objection(More to Follow)
14. Ensure Free, Fair, Accurate Elections (More to Follow)
15. Protect Civil Liberties (More to Follow)
16. Protect Food Freedom (More to Follow)

It's a pleasure to report things like this. This is precisely what I had in mind with my New Enlightenment initiative.

Hi Mom!

The Bellingham Herald printed an article about The Whatcom Tea Party, in which this blog is mentioned. So now, even more than my immediate family will see this! Oh, and my name might have come up too. Just sharing...

For the record, I am a Citizen Journalist. This blog is in no way affiliated with The Whatcom Tea Party. If you want to know what The Whatcom Tea Party officially thinks about anything, visit their website. If you want to know what individual tea partiers may be thinking, like them on facebook.

I'm Okay! (The Asteroid Missed Me)

It turns out the Mayan calendar is just like our Gregorian calendars that end every year. Nothing happens. It's a human invention. It has relevance to us, but the universe could not care less. The good and the bad stuff that happens to us seems to occur randomly with respect to our calendars.