Adam Victor Brandizzi

In 2013, a document leaked by former National Security Agency contractor Edward Snowden illustrated how a specially modified USB device allowed spies to surreptitiously siphon data out of targeted computers, even when they were physically severed from the Internet or other networks. Now, researchers have developed software that goes a step further by turning unmodified USB devices into covert transmitters that can funnel large amounts of information out of similarly "air-gapped" PCs.

The USBee—so named because it behaves like a bee that flies through the air taking bits from one place to another—is in many respects a significant improvement over the NSA-developed USB exfiltrator known as CottonMouth. That tool had to be outfitted with a hardware implant in advance and then required someone to smuggle it into the facility housing the locked-down computer being targeted. USBee, by contrast, turns USB devices already inside the targeted facility into a transmitter with no hardware modification required at all.

"We introduce a software-only method for short-range data exfiltration using electromagnetic emissions from a USB dongle," researchers from Israel's Ben-Gurion University wrote in a research paper published Monday. "Unlike other methods, our method doesn't require any [radio frequency] transmitting hardware since it uses the USB's internal data bus."

The software works on just about any storage device that's compliant with the USB 2.0 specification. Some USB devices such as certain types of cameras that don't receive a stream of bits from the infected computer, aren't suitable. USBee transmits data at about 80 bytes per second, fast enough to pilfer a 4096-bit decryption key in less than 10 seconds. USBee offers ranges of about nine feet when data is beamed over a small thumb drive to as much as 26 feet when the USB device has a short cable, which acts as an antenna that extends the signal. USBee transmits data through electromagnetic signals, which are read by a GNU-radio-powered receiver and demodulator. As a result, an already-compromised computer can leak sensitive data even when it has no Internet or network connectivity, no speakers, and when both Wi-Fi and Bluetooth have been disabled. The following video demonstrates USBee in the lab:

USBee is the brainchild of a research team led by Mordechai Guri, head of research and development at Ben-Gurion's Cyber Security Center and the chief scientist officer at Morphisec Endpoint Security Solutions. Three weeks ago, they demonstrated a separate technique for bridging so-called computer airgaps that covertly transmits data in hard-drive noise. Similar airgap-jumping attacks from the same team include AirHopper, which turns a computer's video card into an FM transmitter; BitWhisper, which relies on the exchange of heat-induced "thermal pings"; GSMem, which relies on cellular frequencies; and Fansmitter, which uses noise emitted by a computer fan to transmit data.

In 2013, researchers with Germany's Fraunhofer Institute for Communication, Information Processing, and Ergonomics devised a technique that used inaudible audio signals to covertly transmit keystrokes and other sensitive data from air-gapped machines.

As Ars has noted in previous coverage, the techniques are theoretically effective, but their utility in real-world situations is limited. That's because the computers they target still must be infected by malware. If the computers aren't connected to the Internet, the compromise is likely to be extremely difficult and would most likely require the help of a malicious insider, who very well may have easier ways to obtain data stored on the machine. Still, in certain cases, the air-gap jumpers could provide a crucial means to bypass otherwise insurmountable defenses when combined with other techniques in a targeted attack.

USBee works by sending USB drives a sequence of "0" in a way that causes the devices to generate detectable emissions at frequencies between the 240 megahertz and 480 Mhz. By carefully controlling the sequence, the electromagnetic radiation can be forced to carry modulated data that can be received and demodulated by a near-by receiver. The software requires no special privileges on the USB device. The radio receiver requires about $30 worth of hardware to work.

The growing body of airgap research highlights how important it is to develop special policies that go well beyond physically severing network connections when securing computers deemed highly sensitive. Such computers should, among other things, also be kept in restricted areas free of unauthorized electronic equipment, include antivirus or intrusion prevention systems that detect anomalous behavior, and be shielded from electromagnetic emissions.

Again, a tool like USBee is highly specialized and useful only in the rarified world of state-sponsored spies and high-stakes corporate espionage. But as the revelation of CottonMouth three years ago demonstrated, the NSA pursues such attacks. Given the low cost of USBee and its ability to work on most USB-based storage devices, it's a fair bet something like USBee has been available to the intelligence gatherers for a while now.

This post originated on Ars Technica

Let's block ads! (Why?)

Earlier this summer, the team at Inversoft published a comprehensive and sophisticated guide to user data security. The guide spans from hardening servers from provisioning, up through the IP and SSH layers, and all the way to application-level techniques for password hashing, SQL injection protection, and intrusion detection. As proof that they stood behind their advice, the Inversoft team provisioned a pair of Linode hosts, a web server and database server, and gave them the hardening treatment. Inversoft offered up a fully-loaded MacBook to anyone who could break in, taunting all comers by naming the hardened web server hackthis.inversoft.com.

Game on.

False Attempts

So one morning I started poking around. It only took a few minutes to verify that the target servers were hardened just as described in the whitepaper; SSH access via public keys only, no additional ports open other than HTTP/HTTPS. Fingerprinting the web-facing host with nmap showed that it was running the latest Ubuntu version, and revealed nothing about the HTTP server running (though I knew from the whitepaper that it was a recent version of Express).

Darkness washed over the Dude, as I realized that there would be no easy way in. I didn’t have high hopes for a SQL injection attack, so instead I spent some time trying various XSS payloads on their basic web app, all to no avail. I didn’t spend too much time on this vector; even if I were able to get an XSS working, it would at best allow me to read data from other users; a real security issue to be sure, but insufficient to win the coveted MacBook.

The user database under protection was Inversoft’s Passport product, so as my next approach I decided to read a little bit more about it, particularly its API docs. What’s that, hiding behind that last link? The API docs (as well as the documentation for Inversoft’s other products) live in a Confluence wiki. If Inversoft uses Confluence so heavily for customer-facing docs, I wondered, maybe they keep important internal information there as well?

New Avenues

I spent a few minutes gathering usernames from the public-facing Confluence pages and guessing at passwords to no avail. Knowing that Confluence is complicated self-hosted software that often goes un-updated, I looked at the version in a CVE database. There’s something! CVE-2015-8399 allows unauthenticated users to browse and read files from disk that are accessible to the Confluence user, and docs.inversoft.com was vulnerable to it. I spent quite some time looking at basically every file accessible to Confluence, but the team had managed to keep any secrets out of the various Confluence configuration files. I was hoping to snag database credentials or an administrator password, but neither were to be found.

Speaking of database credentials, where was Confluence storing its wiki data? I went back to nmap and took a look at docs.inversoft.com. This was much more interesting; several HTTP servers (mostly Java / Tomcat), Postgres and MySQL databases, Elasticsearch, and some unknown services, as well as SSH, were listening for connections on this host. I determined with a little more digging that this machine was also the host for www.inversoft.com, and a number of internal and external services. I had a lot more to explore now.

I started trying to fingerprint and otherwise gather version information for the services on this host. The server was running an old version of Ubuntu (12.04), but it seemed to be fully-patched (I verified later that it was). The Elasticsearch version running on the server, however, was old enough to be vulnerable to CVE-2015-1427. Go take a look at that link, as it contains any security researcher’s three favorite letters:

R. C. E.

Elasticsearch, it seems, allows API users to specify custom scoring functions that can be used to rank results. Those scoring functions can be written as Groovy code. Elasticsearch implements a sandbox that attempts to prevent any malicious code, but the sandboxing has multiple flaws, and it’s relatively trivial to send a “scoring function” that in fact calls Runtime.getRuntime().exec() with arbitrary shell commands. Given that the Elasticsearch port was open to the world, and no authentication was required to run one of these custom-scored searches, I had all the ingredients I needed to run shell commands. Actually putting together a working PoC and a working reverse shell (connecting out to a new EC2 box I provisioned) took some grunt work, but I ultimately succeeded and found myself staring at a command prompt.

whoami

What could I do with my new shell? First, I determined that I was not running as root, but instead as an application user, conveniently named inversoft. This user could of course read anything that Elasticsearch could, but it turned out there was no useful information in the Elasticsearch cache. I turned my attention back to Confluence; conveniently, it was also running under the inversoft account. With this information, it didn’t take long to find the database credentials used by Confluence to talk to Postgres, and start pulling a full database dump of the Confluence DB for offline perusal. There was a massive amount of data, and I called in my colleagues to help me sift through and look for anything useful.

Of course, I also had to think about detection here. I wasn’t yet to my goal, nor did I have a clear path to it, but I was disrupting two services (Elasticsearch and Postgres) with my activity, and probably starting to leave fingerprints. I determined that, as far as I could tell, I wasn’t harming any production resources or over-taxing their servers with my exploration, and I continued to proceed with caution.

The Confluence database seemed, for a minute, to be the promised land. It was used for internal documentation; not just docs, but also various shared secrets, passwords, and other keys! Best of all, I found a username and password for a Linode account! I knew from the original whitepaper that the “HackThis” machines had been provisioned with Linode, so I signed in and prepared to claim my reward.

It was the wrong Linode account. A real one, with real servers, but not the servers that would win me my prize.

A Plan Emerges

Could there be multiple linked Linode accounts? Might the other account use the same password, or a variant? No, and no. I was able to recover the username of the Linode account I was targeting from the original whitepaper’s screen shots, so I tried several other passwords found in the wiki, and none worked.

I hadn’t yet succeeded, but I could see the way forward. Gain access to the Linode account, and use the web-based console to get root on the target servers. I just needed a password.

How would I get it? I spent some time looking at the postfix server also running on the machine I had reached; could I intercept a password reset email from Linode? Nope, the postfix server wasn’t in use; the team used Google Apps for email. Could I fashion a convincing phishing attack using my privileged position? I couldn’t think of a clever way to do it, and I knew the Inversoft team would be on high alert given the challenge they had issued. I spent some time trying to elevate my privileges to root at the shell (for no good reason) but found that the team had religiously applied Ubuntu’s LTS patches and none of the Linux elevation tricks I could find would work on their kernel.

I continued to browse around the filesystem, searching for any lead. I finally found the way forward in the first place I should have looked; the inversoft user’s home directory. It turns out that not only was this account used to run several services on the box, but it was also used by humans as a shared account for various projects and one-offs. And one of those projects was provisioning the HackThis machines. There, in ~inversoft/.linodecli/config? A Linode API key.

A call to the “list hosts” API in Linode revealed the exact two hosts I had in my sights, and confirmed that now I had the correct key. Time to get a root console, right? Nope. You can do all sorts of things with the Linode API, but getting a console is not one of them; you can only do that on the web with a regular username and password, and I still didn’t have one of those. The next thought was to try and export the disk image from one of the Linode machines, but the API does not provide an “export” function.

Smash and Grab

After lots of messing around with APIs, my colleague Anton had an idea; what if we spin up a new, “intruder” machine in the Linode account with a root password that we know and then connect the target application server’s disk to our intruder server instead? Looking through the API docs, this seemed like it would be a working plan, but it would also be obvious and destructive; our intruder machine would appear on the Linode dashboard, and as soon as we unmounted the volume, the machines we were targeting would start failing.

To pull this off, we’d have to grab the MySQL credentials and exfiltrate the DB as quickly as possible, before the Inversoft operators could detect us and shut us down. Since we were so close to the prize, and since the machines weren’t “real” production machines, rather honeypots designed to be hacked, we decided this was a reasonable and ethical course of action. At this point it was about 8pm local time at the Inversoft offices in Denver, so we hoped nobody would be at their desks, potentially buying us a few extra minutes.

With me at the shell of the intruder host, Anton used the API to attach the application server disk image to my machine, from which I quickly retrieved the Passport API keys and the MySQL credentials to the other host. Anton started enumerating all the data he could from Passport using our API key while I triggered a mysqldump to geth the DB - but I couldn’t connect! We should have seen this coming; the MySQL server had a firewall rule that permitted access only from the application server; this was one of the hardening measures from the whitepaper.

For most attackers, this bit of defense-in-depth would have been a dead-end, but thinking quickly and using our superpowers (Linode API keys), we performed a private IP swap between the application server and our intruder server. Rebooted the intruder server to get the new IP and it was all over: mysqldump connected, the data was SCPed off to my machine, and we had beaten the challenge. Our haste was warranted; once we reported the attack to Inversoft, they let us know that they had received notification emails for every Linode action we had taken (create server, connect disk, swap IP, etc), and had already started investigating just as we had finished downloading the database dump.

The Recap

After discovering an unpatched, unfirewalled Elasticsearch instance using nmap, we gained shell access on a utility server used for various functions at Inversoft. On there, we found API keys for Linode left behind by a human operator. Those keys allowed us to detach disks from running servers and attach them to servers we controlled, stealing sensitive user data (all to win a prize).

What could Inversoft have done differently to prevent this? Their hardening guide was and remains correct; there was no way we were getting through the front door of their servers (SSH or HTTPS). The course we took was a common one in targeted attacks; gain access to secrets used by humans, sometimes in ancillary systems, and use that access to bypass security via operator consoles or other magic. The most frequently seen version of this in the wild is to steal access to an email inbox that can be used to reset a password, and although this attack was slightly different, it’s a great reminder that attackers are far more likely to go around your defenses than through them.

The other weakness was the “jack-of-all-trades” Elasticsearch server that we discovered and exploited. It’s an example of a utility box that runs various random services - maybe acts as a bastion host or testing ground - and nobody quite manages it or knows what it is used for. This server is as weak as its weakest service; and because it is not purpose-managed, it can be difficult to keep track of what is running on it and ensure all services are patched and secured. If you have one of these servers floating around somewhere, you might want to think twice about keeping it - it may very well be the chink in your armor.

Thanks to Inversoft for the effort they put in to writing their security guide and sponsoring the “HackThis” challenge, and of course the prize of a MacBook (which they quickly delivered). Their security guide remains an excellent resource, and we hope the practical lessons learned from this post will help your organization identify less obvious risks risks and secure your infrastructure.

Bradley Buda is a Managing Partner at Polynome and previously the co-founder and CTO at Meldium.

Let's block ads! (Why?)

Last week the British university system offered a record number of places. That sounds like good news — but do we really need more people to go to university? For that matter, does the world need more universities?

My own personal bias is strongly in favour both of going to university, and of simply having universities around. Since the main skill I learnt at university was to write about economics, and I use that skill every day of my professional life, even an abstract education seems practical to me.

But these are samples of one. Many people do not find themselves using the skills and knowledge they accumulated at university. And Oxford’s dreaming spires aren’t terribly representative of global universities as a whole. New York University is a fine institution but, according to TripAdvisor, it’s the 263rd most interesting attraction in New York City. (Nine of Oxford’s top 10 attractions are university-related.) If the London School of Economics were to be bulldozed and replaced by a hotel and apartments, social science would feel a grievous loss but I am not sure that many Londoners would notice the difference. Warwick University is a superb seat of learning but it attracts no visitors to Warwick, since it is neither attractive nor in Warwick.

So the case for building more universities needs to rest on more prosaic grounds. A recent research paper by Anna Valero and John Van Reenen of the LSE takes a statistical look at universities around the world, asking whether they seem to boost their regional economies. (Examples of a “region” include Quebec, Illinois, Wales, and New Zealand’s North Island.)

There are several reasons that they might. Universities produce well-qualified young people, many of whom stay in the area when they have finished their studies. Universities often produce useful inventions. Some innovations are borderless — penicillin was discovered in London, developed in Oxford and is available anywhere — but many research ideas stay local, at least for a time. Silicon Valley grew up around Stanford, and it hasn’t moved. And there’s the simple fact that universities funnel central government money through staff salaries, student loans and other sources of local spending.

Valero and Van Reenen find that universities do indeed seem to boost the income of their region. Double a region’s count of universities — say from five to 10 — and GDP per person can be expected to rise by 4 per cent. Double the university count again, from 10 to 20, and that’s another 4 per cent on GDP per person. Neighbouring regions also benefit. This is not a trivial effect.

Valero and Van Reenen are fairly confident that causation doesn’t run the other way — it’s not simply that regions build universities because they expect future growth. But they can’t be sure that there isn’t some third factor at play: perhaps, for example, strong and capable regional governments produce both prosperity and universities.

A more sceptical view comes from Bryan Caplan, an economics professor who, ironically, is the author of a forthcoming book The Case Against Education. Caplan points out — not unreasonably — that many students seem to learn nothing of any obvious relevance to the workplace but, on graduation, they’re rewarded with much better career prospects than non-graduates. Why?

Caplan’s answer is that education is a signal. If employers have no way to tell who is smart and diligent, a student can prove that she fits into that category by excelling in, say, Latin. The Latin is like a peacock’s tail: costly and useless in its own right but a necessary investment.

To the extent that Caplan is right, undergraduate degrees have no value to society: they enable employers to pay higher wages to smarter workers, but lower wages to everyone else — and in order to enjoy these higher wages, smart people must waste time and money going to the trouble of acquiring a degree. Everyone might be better off if the whole business was abandoned.

Who is right? My heart is with Valero and Van Reenen. But Caplan strikes an important note of discord. Collectively, we have allowed university admissions and examiners to become gatekeepers for a successful career. Is that really wise?

The other day I needed to know how many people were killed by chairs, and while searching I came across the Washington Post’s You’re More Likely To Be Fatally Crushed By Furniture Than Killed By A Terrorist. It argues that worrying about terrorism is irrational, because terrorists kill fewer people each year than falling furniture, and nobody cares about that:

Consider, for instance, that since the attacks of Sept. 11, 2001, Americans have been no more likely to die at the hands of terrorists than being crushed to death by unstable televisions and furniture […] What accounts for the fear that terrorism inspires, considering that its actual risk in the United States and other Western countries is so low? The answer lies in basic human psychology.

I once saw the perfect response to this kind of argument on Twitter, but I forgot to screenshot it, so I’ll have to try to draw it from memory here.

One person posted a graph that looked something like this:

And somebody else edited it to look like this:

And whoa I had never realized before how sketchy it is to start your interval for recording the average number of terrorist attacks the day after the last major terrorist attack.

I mean, I know why people do it. It’s because September 11 was an “outlier”, and outliers should not be counted. Problem is, depending on your distribution, sometimes “outliers” are the only thing that matters.

Let me give an example. Suppose I’m trying to make an argument that earthquakes are totally not a problem for Haiti at all, that there’s no need to invest in earthquake preparedness, and that Haitian people who worry about earthquakes are stupid. I make a graph showing that since January 13, 2010, fewer Haitians have died per year from earthquake-related causes than from crazy furniture-related mishaps. This is totally 100% true. Look at those stupid Haitians, worrying about something that on average never hurts anybody!

(the Haitian earthquake of January 12, 2010 killed about 100,000 people)

I’m sure there are a zillion small Richter 1.0 and Richter 2.0 earthquakes in Haiti all the time. I’m sure our monitoring interval of January 13, 2010 to present picked up lots of these and correctly noted that they don’t kill anybody. The only Haitian earthquakes anyone needs to worry about are the outliers.

If you start your monitoring interval on January 13, earthquakes kill 0 people/year. If you start it on January 11, earthquakes kill 20,000 people a year. Neither of these is entirely fair – one is purpose-designed to maximize casualties, the other to minimize it. I don’t think there’s an obvious fair way to do things – the best solution would be extend the interval back to infinity, but then you get into problems like Haiti having fewer people back in the day, or Haiti not having risen out of the sea yet back in 4,000,000,000 BC. Maybe the best solution is to pick an arbitrary block of time like “the last fifty years”, or to do something very complicated like using the remote historical record to produce earthquake numbers and then combine it with modern populations to produce expected casualties.

The same is true of September 11. Start the interval September 12, and you get 5-10 terrorism deaths/year. Start it September 10, and you get 200. I don’t know when the best time to start it would be. If I had to choose something, I would say maybe 1985, when jihadist terrorism got started after the Soviet invasion of Afghanistan. But someone else could choose 1776, or 2000, based on similarly arbitrary criteria. And it would all be irrelevant – September 11 either made terrorists more ambitious, made security forces more watchful, or both, and so probably changed the calculus for good.

Granted, even when you include September 11, terrorism isn’t the worst thing, and people probably do overestimate it. So forget terrorism. On average, the flu kills something like 20,000 people worldwide each year. That’s a lot, but not apocalyptically much. If you go back year after year, the average stays at something like 20,000/year, right up until you get to 1918, when about 100,000,000 people died. So flu deaths over the last century average about 1 million/year. But three years from now, average flu deaths over the last century will average about 20,000 year. A death rate of only 20,000/year might make our current efforts to contain the flu seem excessive compared to other diseases. But a death rate of 1 million/year makes them look if anything the opposite.

Even worse: did you know that giant asteroids kill about a hundred people per year, on average? This is admittedly an odd definition of “kill” and “average” given that no human being has ever been killed by a giant asteroid. But given that giant asteroids strike Earth about every ten million years, and an asteroid strike today might kill about a billion people, on average giant asteroids kill about a hundred people per year.

Actually, un-forget terrorism. I have a friend who is very in favor of the War On Terror, and he argues that the problem with terrorism isn’t the average suicide bomber who kills three people. It isn’t even the 9-11 hijackers who killed three thousand people. It’s the group that steals a nuke and kills three million people. Just as “on average” a hundred people die each year from giant asteroid strikes, maybe “on average” thirty thousand people die each year from nuclear terrorism. All you’d need for this to be true is one nuclear attack per century. And that’s as bad as an average flu season!

The thing about falling furniture is that there’s probably not going to be a furniturepocalypse where suddenly millions of people all perish at once after being struck by a really really big desk. Furniture is constant. Terrorism isn’t. The whole point of black swans is that we pay too much attention to constant risks and ignore the outliers, especially the outliers which outlie so far that they haven’t happened yet. That’s true whether it’s terrorism, earthquakes, pandemics, or AI.

I worry that someday many years from now, terrorists are going to have some improbable victory which is even more destructive than September 11. I worry that uncounted people are going to die. And I worry that ten years later, someone is going to post on Facebook about how “From the day after ISIS nuked London through today, on average fewer people per year have died of terrorism than from hilarious accidents involving bedside dressers!”

O impeachment de 2016 não foi um golpe. Foi uma dessas coisas de república de bananas que fazemos de vez em quando.

Cinco anos de mandato para Sarney, por exemplo, ou a reeleição de FHC valendo já para ele mesmo. É o tipo de coisa que faz as pessoas acreditarem no Ryan Lochte a não ser que apareça um vídeo.

Com o encerramento do processo no Senado, editoriais sobre recomeço e uma nova fase serão vendidos às dúzias.

Há chance real de melhora econômica, até porque o impasse, em si, gerava incerteza. E a equipe econômica é mesmo boa. Mas as perspectivas políticas são ainda piores do que quando a crise começou.

O mesmo processo que derrubou o PT continua em curso: a classe política quer se recompor após o choque da Lava Jato.

Tentou fazer isso com o PT no governo, com cumplicidade de muitos petistas, mas não foi possível. Sobre isso, deixo como indicação bibliográfica "Não Sabia que Estavam Gravando", obra-prima de Romero Jucá publicada em 2016.

Tentarão agora de novo sob Temer, com mais chance de sucesso.

O sinal dos novos tempos foi dado por Gilmar Mendes, ministro do Supremo e foto do mês de janeiro no calendário dos conservadores brasileiros.

Às vésperas do impeachment, Gilmar iniciou uma ofensiva contra os esforços recentes de combate à corrupção no Brasil.

Disse que a Ficha Limpa era coisa de bêbados, que as "Dez medidas contra a corrupção" em discussão no Congresso eram "cretinas".

Quando denúncias, algo forçadas, contra Dias Toffoli vazaram, achou por bem lembrar aos procuradores da Lava Jato que "o cemitério está cheio desses heróis".

Enquanto isso, transcorre uma batalha muito mais importante do que o teatro melancólico no Senado. A jornalista Maria Cristina Fernandes denunciou que congressistas pretendem reforçar a distinção legal entre caixa 2 e corrupção.

São mesmo duas coisas diferentes, mas, no contexto atual, o plano é claro: os empreiteiros delatores confessariam apenas caixa dois, sem deixar claro que roubalheiras os políticos ofereceram em troca do dinheiro.

Assim, as centenas de políticos envolvidos seriam denunciados por crimes menores. Se houver uma flexibilização da Ficha Limpa, nem isso será um transtorno.

Enquanto os procuradores lutavam para evitar esse desfecho, Gilmar achou por bem relembrar-lhes da inevitabilidade da morte.

No dia seguinte à entrevista, Gilmar compareceu a um evento oficial com Michel Temer.

Pouco depois, Rodrigo Maia, recém-eleito presidente da Câmara, declarou que as críticas do ministro à Lava Jato deviam ser "ouvidas com muita atenção". Como disse Gilmar, "o recado está dado".

Gilmar é ousado porque sabe que joga com cartas boas. Ocupa a presidência do TSE, e sua ocupação no momento é inventar algum malabarismo que justifique julgar as contas de Dilma e de Temer separadamente.

Se não conseguir, Temer será cassado. Muita gente inteligente teme que isso ameace a recuperação econômica, ao menos no momento atual. Gilmar não chega a ser intocável, mas criticá-lo traz, sim, um certo risco sistêmico.

Com a economia como refém, Gilmar saiu em defesa dos políticos acusados de corrupção. Acostumem-se com o padrão, vamos assim até 2018: semanalmente escolhendo entre a recuperação econômica e o combate à corrupção. Gilmar foi só a vanguarda.

Let's block ads! (Why?)

You’ll cut your heating bill when moving to Buckhorn Hill.

www.simonstalenhag.se

Arquivado em:dinâmica de bruto

Bonus Panel

The post Buying Clothes appeared first on Fowl Language Comics.

Let's block ads! (Why?)

TBT

More conversation.

Hovertext:
In economics, they're robots. In political economy, they're all jerks. In sociology, they're all misunderstood.

New comic!
Today's News:

Let's block ads! (Why?)

New comic!
Today's News:

Hovertext:
Once we bring in quantum mechanics, all actions are potentially judgeable.

New comic!
Today's News:

GEEKS OF THE BAY AREA!

Submissions for BAHFest West 2016 are open until September 9. This year is an experimental "open theme" show. Getting quality submissions is always the hardest part of the show. So, if you think you've got a neat idea but are worried about sending it in, please do!

(PS: We are also taking early submissions for the forthcoming shows in Boston and London in 2017)

In the summer of 1920, as the states were considering whether to grant suffrage to women, Tennessee became a battleground. The 19th amendment would become law if 36 of the 48 states approved it, but only 35 had ratified the measure, and 8 had rejected it. Of the remaining states, only Tennessee was even close to holding the needed votes. When the state senate voted 25 to 4 in favor, suffrage leader Carrie Chapman Catt wrote, “We are one-half of one state away from victory.” The final decision would fall to the state house of representatives, where it appeared poised to fail by a single vote.

On the morning of the vote, the General Assembly’s youngest member, Republican Harry Burn, who had been counted as a certain opponent of the amendment, received a letter from his mother:

Dear Son:

Hurrah, and vote for suffrage! Don’t keep them in doubt. I noticed some of the speeches against. They were bitter. I have been watching to see how you stood, but have not noticed anything yet. Don’t forget to be a good boy and help Mrs. Catt put the ‘rat’ in ratification.

Your Mother

When his name was called, Burn said “aye” and the measure passed. The next day, he rose to explain his vote: “I want to take this opportunity to state that I changed my vote in favor of ratification because: 1) I believe in full suffrage as a right, 2) I believe we had a moral and legal right to ratify, 3) I know that a mother’s advice is always safest for her boy to follow, and my mother wanted me to vote for ratification.”

Hovertext:
Also, everyone's just pretending Xavier is psychic.

New comic!
Today's News:

Happy National Dog Day!

More Cluster Fudge here

I gotta schedule myself that vacation I need.

bonus panel

Hovertext:
On the plus side, the afterlife plan is pretty solid.

New comic!
Today's News:

TBT