There was a big debate some months ago on the security blogs about bullet-proof designer clothes, which started a thread on whether helmets could stop bullets effectively.

I guess the answer is a definite yes, if you include the ability to deflect force and protect the user against harm.

This harrowing story from Iraq suggests that the troops find the latest technology in helmets heavy and cumbersome, but that it undeniably lowers their vulnerability. Although I understand that the story is meant in part to reassure soldiers to keep their lid on, I couldnt’ help but notice there is no mention whether the prior helmet model would have failed or done a similar job:

The round, most likely a 7.62 mm from a sniper rifle, ricocheted off the upper left side of the helmet, shredding the outside and slightly cracking the inside.

I’ll take two.

This news story is quite sad. A high school student discovers that enough people pressing the F5 key while on the school website causes a Denial of Service (DoS) condition, perhaps even on the school’s “system”. Alas, being a typical high school kid, he tells all his friends to give it a try at the same time.

What’s the response?

“It’s a crime and it is important we take this seriously … especially for school officials … it could have done a tremendous amount of damage,” said Canton City Prosecutor Frank Fronchione.

Ok, but let’s be Frank about this. I bet the prosecutor probably broke the speed limit on the way to work that morning, which also could have done a tremendous amount of damage, but mild speeding has not been established as a felony (yet?). So what’s the “reasonable” level of damage and the “reasonable” response? Can Frank explain the risk calculation that has been used to suggest that a “tremendous amount of damage” is even remotely likely, or that the remediation of the hole would cause duress? I’m not defending the student, just wondering if some of the key details of the story are missing.

My guess, based on the over-reaction of the school to the attack, is that this is one of those cases where the kid was already marked as some kind of trouble-maker with a prior record and the school has just been looking for the right function to get him out of their hair. But the details are sketchy and prosecutors are known to blow things out of proportion in order to establish a favorable bargaining position for their client.

Apologies for the puns…

Great news. At 2PM today Microsoft will officially release its patch for the latest WMF exploit, which is nice of them to do ahead of time. It’s already available here:

http://www.microsoft.com/technet/security/Bulletin/ms06-001.mspx

Microsoft will hold a special Web cast on Friday, January 6, 2006, to provide technical details on the MS06-001 and to answer questions. Registration details will be available at http://www.microsoft.com/technet/security/default.mspx.

We’re actually reviewing deployment details now, as well as moving further ahead with the other preventive/detective measures already underway.

Incidentally, 4PM (-8 GMT) is the anticipated Sober explosion, but I’ve watched an incredibly exponential spike (2000%) in sober payload since Dec 28th, suggesting that the two issues may be closely related…all the more reason to get things under control right now.