Case in point is the jury trial of Julie Amero, a schoolteacher who was charged with felony for allegedly showing porn to her class–when in fact the porn sites were popups caused by malware on the classroom computers that popped up while she was teaching:

a series of incompetent computer experts and overzealous prosecutors tried to claim that the pornography that appeared on the school computer browser was deliberately viewed. In reality the computer was infected with a browser hijack or other form of malware nastiness that launched a flood of porn pop-ups. There was an outpouring of support and some technical folks like Alex Eckleberry, who led an effort to prove that Julie was innocent of the charges

After a long trial, Amero has finally been vindicated. But she has still lost those years of her life spent on the case, her teaching credential, and is being charged a $100 fine. While her trial might be over, her personal troubles aren’t.

Citing sources within the aviation industry, ABC News reports an overzealous TSA employee attempted to gain access to the parked aircraft by climbing up the fuselage... reportedly using the Total Air Temperature (TAT) probes mounted to the planes' noses as handholds.

"The brilliant employees used an instrument located just below the cockpit window that is critical to the operation of the onboard computers," one pilot wrote on an American Eagle internet forum. "They decided this instrument, the TAT probe, would be adequate to use as a ladder."

They harass innocents:

James Robinson is a retired Air National Guard brigadier general and a commercial pilot for a major airline who flies passenger planes around the country.

He has even been certified by the Transportation Security Administration to carry a weapon into the cockpit as part of the government's defense program should a terrorist try to commandeer a plane.

But there's one problem: James Robinson, the pilot, has difficulty even getting to his plane because his name is on the government's terrorist "watch list."

It's easy to sneak by them:

The third-grader has been on the watch list since he was 5 years old. Asked whether he is a terrorist, he said, "I don't know."

Though he doesn't even know what a terrorist is, he is embarrassed that trips to the airport cause a ruckus, said his mother, Denise Robinson.

[...]

Denise Robinson says she tells the skycaps her son is on the list, tips heavily and is given boarding passes. And booking her son as "J. Pierce Robinson" also has let the family bypass the watch list hassle.

And here's how to sneak lockpicks past them.

So automated software review is dangerous now? Perhaps that bullet should read “modifying code you don’t understand is dangerous.”

Below is a screenshot of some of the user-generated comics that can be viewed. I’ve magnified the last pane of one of the strips using Flash’s “Zoom In” feature. Notice anything interesting?

Yep, it’s our old friend URL encoding, commonly used by web browsers to include non-alphanumeric characters into an HTTP request. Just interpret the %XX as a hex number, so %20 is the space character (decimal 32), %21 is an exclamation point (decimal 33) and so on. But why is it showing up in a Dilbert mashups?

My first thought was that someone must be poking around the Dilbert site looking for security holes. But then I noticed that it wasn’t just the one strip; a lot of them had the same problem. And it seemed unlikely that there were that many security-minded people messing with the site relative to the rest of the cubicle dwellers trying to come up with funny things for Dilbert to say.

My next thought was just that some developer just forgot to call urlDecode() — or whatever the Flash equivalent is — on the user-supplied punch line. Except that’s an oversimplication because: 1) it doesn’t happen on every strip, 2) the web server usually strips off the first layer of URL encoding so the backend wouldn’t see it unless it was double encoded (e.g. %2520), and 3) if you click on one of the thumbnail comics with the URL encoding anomaly, the full-size rendered version of the comic looks fine:

So clearly the “preview” code and the “full-size render” code are doing slightly different things with the same data, which may or may not have been properly decoded prior to being inserted into the database.

Any thoughts, readers? The pen tester in me wants to get to the bottom of this, but unlike some of the web app security people out there, I tend to be more conservative about hacking stuff without a signed contract. Also, I don’t think I can stand to read any more un-funny punch lines. But my gut tells me there is something fairly interesting going on behind the scenes here.

Oh finally, here’s a tip from Scott Adams himself on avoiding the Flash navigation and viewing the daily comic as a plain ol’ GIF.

The brilliant xkcd comic takes it to the next step: Wireless zero config? Try overzealous wireless config.

Microwave oven may have disrupted reader's Wi-Fi: Rob Pegoraro over at the Washington Post notes that a friend of his discovered through the process of elimination that his microwave oven was acting as a big interferer with his Wi-Fi network. The oven in question eventually started smoking and burned itself out, and its removal resulted in the network working fine. All microwave ovens produce low-intensity 2.4 GHz radio waves when in use; they don't leak the high-intensity signals that are reflected to agitate water molecules and heat food. But Wi-Fi uses such low signal strength to encode data that microwave ovens can be enough of an interferer to slow networks down. They won't cook you though, unless you crawl inside and close the door.

However, the government's files hint at a tantalizing mystery: In the middle of the war game, someone quietly attacked the very computers used to conduct the exercise. Perplexed organizers traced the incident to overzealous players and sent everyone an urgent e-mail marked "IMPORTANT!" reminding them not to probe or attack the game computers.

"Any time you get a group of (information technology) experts together, there's always a desire, 'Let's show them what we can do,'" said George Foresman, a former senior Homeland Security official who oversaw Cyber Storm. "Whether its intent was embarrassment or a prank, we had to temper the enthusiasm of the players."

See also this. CyberStorm report here.