The Chinese might have responded with too much haste to the most recent accusations by Google. The English news from Xinhuanet has made some amusing and unfortunate errors. This one is probably my favourite:

In fact, individual criminals, rather than states, are the major treat to Internet safety, as some U.S. experts say.

I would like to know which experts say this. Criminals are a major treat? Do these treats leave a sour taste?

The next one makes me think that the Chinese editors might have relied too much on Google translate.

The chimerical complaints by Google have become obstacles for enhancing global trust between stakeholders in cyberspace.

If only Google had known that their language engine would be used to draft the letter against them. Oh, the fun they could have had.

Although China does not identify the experts it cites, mentioned above, they don’t seem to mind accusing Google of failing to identify theirs. Double standard?

Then unidentified American security investigators said, they traced the attackers to computers at Chinese Shanghai Jiaotong University and Lanxiang Vocational School, according to the New York Times.

And then they try for some humour.

The report amused many Chinese at that time since Lanxiang Vocational School enjoys a good fame at training chefs for local restaurants.

But the American investigators suggested that the school had the capacity to stage the cyber attacks and made the world’s No. 1 search engine suffer. It is really hard for people with common sense to understand.

Well, actually, I don’t know about that since security experts in America often tout their culinary skills. I know one who brags about his “short-order cook” training, another who writes guides to restaurants, and another just retired to start a chocolate company.

It could just be that Americans think very highly of culinary skill while the Chinese…well, apparently common sense to them is you don’t want to eat the food made by graduates of the Lanxiang Vocational School. Americans who saw the school’s name might have thought “good fame at training chefs” meant something like Culinary Arts instead of “do you want fries with that”.

Never mind the messenger(s). The historic trend of attacks has been away from states and towards groups/individuals, away from clear definitions of victory and towards mixed levels of compromise. That was a large point of my Dr. Stuxlove presentation earlier this year. Google might believe it knows reasons why China is sponsoring or even supporting attacks but the company has yet to provide anything even close to a proof.

It is hard not to wonder about the timing and the reason they chose to announce this breach. Does Google make a major news announcement every time they think someone not in China is responsible for breaching their security?

A source familiar with the incident said this was not the first time a Google employee has been dismissed as the result of a privacy breach

I am reminded of a comment I made on Bruce’s blog the other day about the US intelligence community’s recently published review on McCarthy-ism. I ranted a bit but the follow-up comments by Eric and Dirk are excellent. Definitely worth checking their perspectives out if you have a moment.

Speaking of Bruce, he declares this whole flap non-newsworthy but I know he is into good food and I bet he hasn’t taken into account the criminal treats.

The US government has announced it is replacing the infamous pyramid of food with a pie. Oh, wait, I mean a plate cut up into pieces that look like pie.

Eating healthy never looked so good.

However, I am a bit confused by the text they have below their new illustration.

Switch to fat-free or low-fat (1%) milk.

First, what? Switch from pie to milk? I just adopted the new pie diet and already they are asking me to switch?

Second, if I’m going to drink any milk at all, I’m going to drink healthy milk — whole raw milk — and not some rehydrated reconstituted dried lint from dirty socks blue-tinted water low-fat milk substitute. I’d drink camel milk long before I would agree to poison myself with the stuff left over when you remove the milk (fat) from milk.

Research clearly shows [http://www.ncbi.nlm.nih.gov/pubmed/18831752] that whole milk causes more lean body mass gains than non fat milk. Which proves fat doesn’t make you fat [http://stronglifts.com/the-4-most-popular-fat-myths-debunked/]. Excess calories do. As long as you have a caloric deficit, it doesn’t matter if you drink non fat or whole milk.

It doesn’t matter as long as you know the risks from the process used to make milk non fat and what you are missing.

Michele Orru just presented “Dr. Strangelove or: How I Learned to Stop Worrying and Love the BeEF” at the 2011 CONfidence in Krakow.

What will you do during a pentest if you should get access to some target internal resources while having no exploitable external ones for the escalation? Well, there could be many responses on this provocative sentence, starting from Social Engineering techniques to the exploitation of victims browser inside the target.

We will see how BeEF can help resolving almost impossible pentest situations while directly exploiting the victims inside the target, using their machines as pivot to gather access to internal as well external resources, and how it’s much easier now to extend BeEF functionality writing your own modules to suit your needs.

Great stuff, and not just because every conference should have at least one presentation modelled after Dr. Strangelove. This could actually spark a contest that spans security conferences — each one gives an award for best Dr. Strangelove security talk.

Although I’m obviously biased I would like to think my comparison to Stuxnet hysteria I presented earlier this year was more historically aimed and made more sense as a threat analysis.

Is anyone, and I mean anyone, really so worried about the Browser Exploitation Framework (BeEF) that they are proposing changes to national security? I don’t see it. Seems to me more of the opposite reaction to the BeEF — browser exploits are out there, and BeEF is doing what BeEF does…mooing and grazing and dumping excrement (filling logs).

If it were my choice I might have tried “BeEF, the other pentest meat”, “BeEF, it’s what’s for pentests”, “What’s on your (zombie) grill?” or even “Ground BeEF: Cutting the legs off a browser”.

But on the other hand I admit I’m still in favour of as many presentations using Dr. Strangelove as possible to drive the message. The more Strangelove the better.

In related news, the presentation talked about the effort to port BeEF from PHP to Ruby. I vote they rename the new Ruby version “DeCalf” (e.g. not written in Java).

A beer company in Italy has created a heat-activated coaster-sized sticker that fits in urinals for men. If they pass more than a pint’s worth of liquid the sticker reveals a message that says they should call a cab.

…after 25 seconds of pee – a length of time at the urinal that would only occur if the person relieving themself had drunk more than one pint of beer (the Italian drink-drive limit).

I am sure bars also like it because it reduces the cost of cleaning the men’s toilets.