Suspect in brazen rape on L.A. bus arrested

The woman boarded the 217 Metro bus in Culver City at about 5 p.m., on her way home from her special education school. The 18-year-old with the mental capacity of a 10-year-old had only recently been allowed to start taking the trip on her own.

A stranger boarded behind her.

He followed her to the back of the bus, authorities said, and without warning began raping her.

The attack lasted for 10 minutes Wednesday afternoon as the bus traveled south through Baldwin Hills, making two stops as the rape continued, authorities said. There were several people on the bus when the two boarded, but some exited during the attack, possibly unaware of what was happening at the back of the bus.

The assailant only ended the attack as the bus was reaching its final stop, where he left the bus, authorities said.

The brazen crime reverberated around the sprawling Metro system Friday. Portions of the rape were captured on a surveillance camera and Los Angeles County Sheriff's Department officials arrested a suspect, Kerry Trotter, Friday morning just hours after releasing still photos of the alleged attacker.

Authorities said Trotter, 20, is a parolee and a transient who had previously been investigated on suspicion of sexual assault.

"It was a crime of opportunity," said sheriff's Sgt. Dan Scott. "Unfortunately, [the victim] was in the wrong place at the wrong time. He followed her onto the bus and assaulted her."

Metro officials were quick to note that sexual assaults and other violent crimes are relatively rare on its network of buses and rail lines. Three rapes have been reported this year on a system that recorded millions of commuter trips.

But despite the numbers, passengers said Friday that the rape left them uneasy. In a region where getting around is usually about being in a car alone, bus commuters say mass transit exposes them to all kind of people and situations, both good and bad.

Faydra Caldwell, 23, said every time she rides the bus she instinctively notes what other passengers are wearing in case she might have to report them to the police. It's a habit she has developed since her phone was snatched by another bus rider.

"You don't know what people are capable of doing," said Caldwell, a student at West L.A. College.

Another rider, John Wilson, said that a few months ago he had to shove a man off the bus because the man was patting a woman's head and making sexual remarks. No one else intervened.

"The bus driver was really angry at me," said the 54-year-old church executive. "He said, 'Don't take the law into your own hand.' I said, well, you weren't doing anything and the passengers sure as hell weren't."

In this week's incident, both the suspect and the victim got onto the bus at about 5 p.m. at the corner of La Cienega and Jefferson boulevards, near the new Expo Line rail station.

Sheriff's officials said they doubt the bus driver or the passengers on the bus knew what was happening. Scott said detectives believe Trotter was riding buses looking for potential victims.

"He immediately went to her and began the assault," Scott said. "…The suspect had his back to the front of the bus. People generally think of a rape as some kind of attack where someone's thrown down. Its not always the case."

"The victim did not scream," he added. "The victim told our detective that she was shocked, and didn't know what to do, and was in fear of her safety and her life."

Detectives are seeking riders on the bus, including one passenger they believe may have witnessed the incident, though they can't be sure. He "did not jump up and scream rape or that someone was being assaulted," Scott said.

Trotter has a history of run-ins with the law, according to records. Last year, he was convicted of drug possession. In April, he was convicted of grand theft and sentenced to a year in jail, but did not serve his full sentence. In June he was arrested again, and in September admitted to violating probation. He was released from jail Sept. 28. On Oct. 15 he was arrested again by Redondo Beach police and served 10 days in jail. Records did not include specifics on that offense.

Read More..

25 Best Horror Films of All Time (NSFW)

When it comes to horror movies, opinions are like ax holes: Nearly everybody's got one.

So Wired.com went straight to the experts for this frightful film roundup. Since 1979, horror magazine Fangoria has waltzed on the bleeding edge of the genre, dedicating itself to coverage and criticism of gore, splatter and exploitation films and the people that make them.

Just in time for Halloween, we asked four of Fangoria's savants of slash — Editor-in-Chief Chris Alexander, Managing Editor Michael Gingold, Director of Marketing Bekah McKendry and Contributing Editor Sam Zimmerman — to spill their guts on the top 25 horror films of all time.

(NSFW alert: Some photos in this gallery are not safe for work.)

Above:

Freaks (1932)

Chris Alexander: Disturbing one-of-a-kind creeper that also effectively killed director Tod Browning's career.

Michael Gingold: Let's see someone try to remake this one today.

Bekah McKendry: One of the first cinematic examples of the antihero, and a concept that was way ahead of its time. Plus, the dinner scene reminds me of most Fango staff meetings!

Sam Zimmerman: Aside from the generally disturbing qualities this film has throughout, the sheer out-of-controlness of the end reveal makes my life better.

Blowback: What’s Your Favorite Horror Flick?

Reveal your most horrifying cinematic memories in the comments below.

Read More..

Madonna fan guilty in NYC resisting arrest trial

NEW YORK (AP) — A former firefighter with a crush on Madonna has been convicted of resisting arrest outside her former New York City apartment building as he spray-painted poster boards with love notes.

A jury delivered its verdict Friday in Robert Linhart‘s trial. He could face up to a year in jail.

Defense lawyer Lawrence LaBrew tells the New York Post (http://bit.ly/ZgI4jl) that Linhart will appeal.

Linhart was arrested in September 2010. Police say he parked his SUV outside the singer’s Manhattan apartment, laid out a tarp and wrote out such messages as “Madonna, I need you.”

Jurors told the Post they felt it was fine for Linhart to express himself to the Material Girl. But they said they believed police testimony that he resisted arrest by flailing his arms.

Entertainment News Headlines – Yahoo! News

Read More..

The New Old Age Blog: The Emotional Aftermath of Hurricane Sandy

Let’s talk about the emotional aftermath of the storm that left tens of thousands of older people on the East Coast without power, bunkered down in their homes, chilled to the bone and out of touch with the outside world.

Let’s name the feelings they may have experienced. Fear. Despair. Hopelessness. Anxiety. Panic.

Linda Leest and her staff at Services Now for Adult Persons in Queens heard this in the voices of the older people they had been calling every day, people who were homebound and at risk because of medical conditions that compromise their physical functioning.

“They’re afraid of being alone,” she said in a telephone interview a few days after the storm. “They’re worried that if anything happens to them, no one is going to know. They feel that they’ve lost their connection with the world.”

What do we know about how older adults fare, emotionally, in a disaster like that devastating storm, which destroyed homes and businesses and isolated older adults in darkened apartment buildings, walk-ups and houses?

Most do well — emotional resilience is an underappreciated characteristic of older age — but those who are dependent on others, with pre-existing physical and mental disabilities, are especially vulnerable.

Most will recover from the disorienting sense that their world has been turned upside down within a few weeks or months. But some will be thrown into a tailspin and will require professional help. The sooner that help is received, the more likely it is to prevent a significant deterioration in their health.

The best overview comes from a November 2008 position paper from the American Association for Geriatric Psychiatry that reviewed the effects of Hurricane Katrina and other disasters. After Katrina, “the elderly had the highest mortality rates, health decline and suicide rates of any subgroup,” that document notes. “High rates of psychosomatic problems were seen, with worsening health problems and increased mortality and disability.”

This is an important point: Emotional trauma in older adults often is hard to detect, and looks different from what occurs in younger people. Instead of acknowledging anxiety or depression, for instance, older people may complain of having a headache, a bad stomachache or some other physical ailment.

“This age group doesn’t generally feel comfortable talking about their feelings; likely, they’ll mask those emotions or minimize what they’re experiencing,” said Dr. Mark Nathanson, a geriatric psychiatrist at Columbia University Medical Center.

Signs that caregivers should watch out for include greater-than-usual confusion in an older relative, a decline in overall functioning and a disregard for “self care such as bathing, eating, dressing properly and taking medication,” Dr. Nathanson said.

As an example, he mentioned his father-in-law, who had “been sitting in a cold house for days and decided to stop taking his water pill because he felt it was just too much trouble.” Being distraught or distracted and forgetting or neglecting to take pills for chronic conditions like diabetes or heart disease can have immediate harmful effects.

Especially at risk of emotional disturbances are older adults who are frail and advanced in age, those who have cognitive impairments like Alzheimer’s disease, those with serious mental illnesses like schizophrenia or major depression, and those with chronic medical conditions or otherwise in poor physical health, according to the geriatric psychiatry association’s position paper.

A common thread in all of the above is the depletion of physical and emotional reserves, which impairs an older person’s ability to adapt to adverse circumstances.

“In geriatrics, we have this idea of the ‘geriatric cascade’ that refers to how a seemingly minor thing can set in motion a functional, cognitive and psychological downward spiral” in vulnerable older adults, said Dr. Mark Lachs, chief of the division of geriatrics at Weill Cornell Medical College. “Well, the storm was a major thing — a very large disequilibrating event — and its impact is an enormous concern.”

Of special concern are older people who may be in the early stages of Alzheimer’s disease or other types of dementia who are living alone. For this group, the maintenance of ordinary routines and the sense of a dependable structure in their lives is particularly important, and “a situation like Sandy, which causes so much disruption, can be a tipping point,” Dr. Lachs said.

Also of concern are older people who may have experienced trauma in the past, and who may suffer a reignition of post-traumatic stress symptoms because of the disaster.

Most painful of all, for many older adults, is the sense of profound isolation that can descend on those without working phones, electricity or relatives who can come by to help.

“That isolation, I can’t tell you how disorienting that can be,” said Bobbie Sackman, director of public policy for the Council of Senior Centers and Services of New York City. “They’re scared, but they won’t tell you because they’re too proud and ashamed to ask for help.”

The best remedy, in the short run, is the human touch.

“Now is the time for people to reach out to their neighbors in high-rises or in areas where seniors are clustered, to knock on doors and ask people how they are doing,” said Dr. Gary Kennedy, director of the division of geriatric psychiatry at Montefiore Medical Center in the Bronx.

Don’t make it a one-time thing; let the older person know you’ll call or come by again, and set up a specific time so “there’s something for them to look forward to,” Dr. Kennedy said. So-called naturally occurring retirement communities with large concentrations of older people should be organizing from within to contact residents who may not be connected with social services and find out how they’re doing, he recommended.

In conversations with older adults, offer reassurance and ask open-ended questions like “Are you low on pills?” or “Can I run out and get you something?” rather than trying to get them to open up, experts recommended. Focusing on problem-solving can make people feel that their lives are being put back in order and provide comfort.

Although short-term psychotherapy has positive outcomes for older adults who’ve undergone a disaster, it’s often hard to convince a senior to seek out mental health services because of the perceived stigma associated with psychological conditions. Don’t let that deter you: Keep trying to connect them with services that can be of help.

Be mindful of worrisome signs like unusual listlessness, apathy, unresponsiveness, agitation or confusion. These may signal that an older adult has developed delirium, which can be extremely dangerous if not addressed quickly, Dr. Nathanson said. If you suspect that’s the case, call 911 or make sure you take the person to the nearest hospital emergency room.

This is a safe place to talk about all kinds of issues affecting older adults. Would you be willing to share what kinds of mental health issues you or family members are dealing with since the storm so readers can learn from one another?

Read More..

L.A. housing authority rife with fiscal mismanagement, audit finds

Los Angeles' housing authority, which runs on about $1 billion a year in taxpayer funds, is plagued by bad financial management that causes "questionable practices and poor decisions," according to an audit released Thursday by City Controller Wendy Greuel.

Greuel launched the audit last year amid an outcry over hefty taxpayer-funded restaurant tabs for agency officials and a $1-million-plus payout for the authority's fired executive director. The agency is responsible for sheltering about 75,000 of the city's neediest households.

A previous audit found instances of questionable spending by some agency officials, including double and triple billing for some travel and meal expenses. This audit, which looked at the agency's fiscal operations, did not uncover wrongdoing. But it did find that despite the authority's hefty budget and history of scandal going back decades, agency officials have done little to make sure money is properly managed.

Financial oversight was so lax, the audit found, that the agency's board of commissioners did not receive any financial statements or budget status reports during much of 2011 or the early part of 2012, except for one oral report last spring and one annual financial report that was presented nine months after the year had ended. A proposed budget presented to the board for 2012 was not balanced and contained contradictory statements.

"All of this suggests an agency that is out of control," said Greuel, a candidate for mayor. "The city cannot afford to continue spending its housing dollars irresponsibly."

One tenant advocate, Larry Gross, executive director of the L.A. Coalition for Economic Survival, said the lack of financial information given to the board and public was baffling.

"Whoever was on that board was clearly asleep at the wheel," he said. Many of the board members have been replaced in recent years.

Housing authority officials said they agreed with many of the audit's conclusions and will use the findings to guide reforms. Under recently hired Chief Executive Doug Guthrie, officials said they have already instituted a number of new practices, including financial training for all board members, stepped up financial reporting to the board and public, and the arrival of a new chief financial officer with expanded powers.

"We asked for this audit, we paid for the audit and we worked closely with the city controller's office" as the audit was underway, Guthrie said. "There's a lot of good stuff in the audit that helps us."

Mayor Antonio Villaraigosa released a statement expressing support for Guthrie, who was hired last spring after the previous executive director, Rudolf Montiel, was fired and then paid $1.2 million to settle allegations that he was let go in retaliation for reporting improper spending by board members. Montiel had earlier drawn the ire of city leaders when his agency tried to evict nine tenants who protested the agency's policies outside his home.

"The housing authority has worked diligently to win back the trust of the people," Villaraigosa said.

But some City Council members expressed anger at the latest audit findings.

"There's a lot of problems over there, and obviously, the problems haven't gone away," said Councilman Dennis Zine, a candidate for controller. "Maybe it's time for the grand jury to investigate."

Zine also said he would like the City Council to have more authority over the agency. Under a hybrid governing structure, the mayor appoints the authority's seven board members, but the council lacks the ability to review spending decisions, a power it has over many other city departments.

The audit also found that the agency's list of assets contained at least $100 million worth of property that had been disposed of or no longer had much value, such as refrigerators and stoves that had been purchased in the 1970s. No inventory of its fixed assets had been performed in at least seven years.

In addition, the agency did not always follow its own rules when it came to awarding contracts to vendors, in one case allowing someone to sit on a bid selection panel after he had declared a conflict of interest.

jessica.garrison@latimes.com

Read More..

Mr. Bond's Carbon-Fiber Tuxedo

James Bond is nothing if not consistent — shot, drowned, pushed out of an airplane with no parachute, he always comes back. And he’s always wearing an impeccable tux. That’s what makes an icon. And that rule to consistently deliver the goods — and to look good doing it — is one followed not only by Mr. Bond, but also by one of his favorite automakers.

Aston Martin has remained consistent for most of its 99-year history, producing sharply designed, poshly appointed and distinctly British sports cars for the luxury market. The company has stuck to the formula with its new range-topping Vanquish.

But consistency can be a double-edged sword. Just as you can throw out a Bond film title and your average Joe may struggle to tell you which actor portrayed 007 in that particular flick, show anyone (aside from Aston enthusiasts) a contemporary Aston Martin and they won’t be able to tell you whether it’s a Vantage, Virage, or DBS. That holds true for the new Vanquish — it’s essentially the same tuxedo with some new bits underneath.

Because Aston does bespoke like Chevy does floor mats, there will likely be a completely naked carbon fiber Vanquish available.

It is a damn good-looking thing though, building subtly on the shape of the Vanquish that debuted in 2001. While similarly sized, the new Vanquish looks leaner, its lines sharper and more tapered amidships. It also borrows cues from Aston’s recent One-77 supercar (out of production after just 77 were built) including the tighter waistline, elongated side strakes, and LED light blade rear clusters. There are hints of carbon fiber, too, visible on the front splitter, side skirts, door mirrors and rear diffuser.

Every body panel on the new Vanquish is constructed from carbon fiber, a choice Aston made because of its high strength-to-weight ratio and reduction in mass (though Ferrari would disagree). Fewer individual body panels are required and the panel gap on the C-pillar joint is no longer present. A new rear Aero Duct (fancy spoiler) is fashioned via an innovative method of laying-up carbon fiber.

Because Aston does bespoke like Chevy does floor mats, there will likely be a completely naked carbon-fiber Vanquish available. (Aston already has a “cutaway” Vanquish display model in exposed carbon.)

Beneath the carbon cloak sits an evolution of Aston’s decade-old VH platform. Aston insists VH — “vertical horizontal” — is a methodology rather than an architecture, so we’ll just call it the re-engineered DBS chassis. The lightweight bonded aluminum structure incorporates a tub with carbon-fiber components. Compared to the outgoing DBS, according to Aston, the weight is down, 75 percent of the parts are new, and rigidity is up 25 percent.

The engine is a considerably re-engineered 6.0-liter V12 (Bond requires 12 cylinders). The block has been revised, there are new heads with dual variable valve timing, an uprated fuel pump, enlarged throttle bodies and an improved “big wing” intake manifold, to cite a few changes. Peak power is 565 hp at 6,750 rpm, and peak torque is 457 pound-feet at 5,500 rpm. With a curb weight around 3,834 pounds, Aston reports the Vanquish can attain 60 mph in 4.0 seconds on the way to a 183 mph top speed.

It feels that fast, especially on the narrow “B” roads (about 1.5 lanes) of the English midlands where I drove it. These are some of the most gritty, undulating, curvy roads in the U.K., and Aston develops its cars on them. The Vanquish’s three-mode (Normal, Sport, Track) suspension handles them with aplomb, combining admirable compliance with excellent body control. The stiff chassis provides the foundation for front and rear double wishbones with coil springs and adjustable shocks. Cocktails all ’round for the Adaptive Damping System engineers who’ve done a bang-up job.

The steering is similarly well-sorted, giving little up to that of the new Porsche 911 I got into following the Vanquish launch. Aston’s rear-mid mounted, six-speed Touchtronic 2 automatic/sequential manual gearbox does the business well and more smoothly than competitors’ double-clutch transmissions. That said, it was flummoxed twice whilst puttering through quaint English villages.

The Vanquish isn’t really a track car, but it’s quite capable of outrunning the bad guys. Your fairer driving companions will approve of the fine-scented cockpit materials like Bridge of Weir Luxmil leather and Alcantara, all hand-stitched. Even the headliner looks tailored.

If there’s one area where the Vanquish falls flat, it’s in ergonomics and infotainment. Familiar elements from the glass key/starter module to the gear-selection buttons remain, though the center stack is a bit different. The speedometer and tach dials are attractive but difficult to read, hence a new digital speedo display. Suspension mode and cruise control buttons on the steering wheel look like afterthoughts. Aston trumpets the center information screen’s haptic feedback, but it’s still too small and saddled by lackluster navigation and menu logic.

The standard Bang & Olufsen sound system wasn’t quite tuned up on the early production cars I drove. Aston says final adjustments on the audio system is ongoing. Tire noise on the funky roads was an unexpected issue. Space wasn’t, though, the Vanquish enjoying more occupant space than the DBS. Back seats are optional, but most suitable for those bound and gagged. Rear and rear three-quarter visibility isn’t great, but the exhaust note is.

The Vanquish breaks little new styling ground — but then, Daniel Craig could probably throw on Sean Connery’s old tuxedo and look just right. That’s a good thing. Class doesn’t go out of style, and neither will the Vanquish. Carbon fiber? That’s another question.

WIRED Sexy shape. Highly composed driving dynamics and near 600 horsepower. Hand-finished interior smells like Ralph Lauren’s saddle cabinet.

TIRED Occasional hitches in the auto-trans at low speed. Standard paddle-shifters should be longer. The optional squared-off steering wheel feels awkward when cruising. As nice as the shape is, there’s just something too familiar about it.

Read More..

Ex-oilman named new leader of world’s Anglicans

LONDON (Reuters) – Britain named a former oil executive as the new Archbishop of Canterbury and leader of the world’s 80 million Anglicans on Friday as the church struggles to overcome a painful rift over the issues of female bishops and same-sex marriage.

Welby, 56, who has been bishop of the northern English city of Durham for little more than a year, will replace incumbent Rowan Williams who steps down in December.

The long-awaited appointment, announced by Prime Minister David Cameron‘s office in a statement, follows weeks of intense speculation that a row over whether to choose a reformer or a safe pair of hands had stalled the nomination process.

For Welby, the move capped a meteoric rise up the Church of England hierarchy since quitting the business world and being ordained in 1992.

The bespectacled father-of-five is seen as more conservative than the liberal Williams and is widely reported to be against gay marriage but in favor of the ordination of women bishops.

(Writing by Maria Golovnina Editing by Guy Faulconbridge)

Celebrity News Headlines – Yahoo! News

Read More..

Recipes for Health: Sweet Potato and Apple Kugel — Recipes for Health

Andrew Scrivani for The New York Times

I’ve looked at a number of sweet potato kugel recipes, and experimented with this one a few times until I was satisfied with it. The trick is to bake the kugel long enough so that the sweet potato softens properly without the top drying out and browning too much. I cover the kugel during the first 45 minutes of baking to prevent this. After you uncover it, it’s important to baste the top every 5 to 10 minutes with melted butter.

 

4 eggs

Salt to taste

2 large sweet potatoes (1 3/4 to 2 pounds total), peeled and grated

2 slightly tart apples, like Gala or Braeburn, peeled, cored and grated

1 tablespoon fresh lime juice

1 tablespoon mild honey or agave nectar

3 to 4 tablespoons melted unsalted butter, as needed

 

1. Heat the oven to 375 degrees. Butter a 2-quart baking dish.

2. In a large mixing bowl, beat the eggs with salt to taste (I suggest about 1/2 teaspoon). Add the grated sweet potatoes and the apples. Pour the lime juice over the grated apples and sweet potatoes, then stir everything together. Combine the honey and 2 tablespoons of the melted butter and stir together, then toss with the sweet potato mixture and combine well.

3. Transfer the mixture to the prepared baking dish. Cover the dish tightly with foil and place in the oven. Bake 45 minutes. Remove the foil and brush the top of the kugel with melted butter. Return to the oven and bake for another 15 to 20 minutes or longer, brushing every 5 minutes with butter. The kugel is ready when the edges are browned, the top is browned in spots and the mixture is set. Remove from the heat and allow to cool for 10 to 15 minutes before serving.

Yield: 8 servings.

Advance preparation: You can make this a day ahead and reheat in a medium oven.

Nutritional information per serving (6 servings): 187 calories; 7 grams fat; 4 grams saturated fat; 1 gram polyunsaturated fat; 2 grams monounsaturated fat; 104 milligrams cholesterol; 28 grams carbohydrates; 4 grams dietary fiber; 91 milligrams sodium (does not include salt to taste); 5 grams protein

Martha Rose Shulman is the author of “The Very Best of Recipes for Health.”

Read More..

Blue reign in Sacramento: Democrats dominate California voting

SACRAMENTO — Gov. Jerry Brown and his fellow Democrats are on the cusp of a coveted supermajority in both the Assembly and Senate, giving them the rare power to raise taxes without any Republican support.

No single party has held such a supermajority in Sacramento since 1933.

To cement the dual two-thirds majorities when the Legislature gets down to business next year, Democrats must hold onto one of two Senate seats to be vacated and a few Assembly seats won in tight races. The Senate seats will be filled in special elections expected in March.

The supermajorities would mark a dramatic shift in Sacramento's balance of power, where GOP legislators have aggressively used their ability to block state budget plans and prevent revenue increases to scale back the scope of state government.

Coupled with the approval of Brown's tax plan, Proposition 30, the Democrats now have not only the power but also the money to break free of the deficit that has paralyzed state government for years.

The pressure on Democrats to restore funding for the many services slashed to balance the budget in recent years will be intense.

Already, activists are pressing lawmakers to pump new money into such programs as college scholarships, dental care for the needy and, of course, public schools.

But the first move Brown and legislative leaders made Wednesday was to reassure voters that they would show restraint.

They promised there would be no frenzy of tax hikes.

"Voters have trusted the elected representatives, maybe even trusted me to some extent, and now we've got to meet that trust," Brown said at a Wednesday news conference in the Capitol. "We've got to make sure over the next few years that we pay our bills, we invest in the right programs, but we don't go on any spending binges."

Still, lawmakers can appear to hold the line on revenue generation without actually doing so.

Supermajorities allow lawmakers to impose new fees to pay for infrastructure and other programs that are not technically defined as taxes.

And the same Democrats who are talking tough about fiscal responsibility this week have for years been touting the programs they want to restore or start once the opportunity is there. In addition to raising revenue, they would also be empowered to bring constitutional changes and other measures to voters without any GOP signoff — and to override gubernatorial vetoes.

Given a supermajority, "We're going to use it," Senate President Darrell Steinberg (D-Sacramento) said Wednesday.

"It will be an awesome responsibility," Steinberg said. "But it's very exciting.''

Steinberg briefed the media on his desire to overhaul the tax code.

The result, he acknowledged, could be more money for the state budget.

Assembly Speaker John A. Pérez (D-Los Angeles), who vowed there would be no additional tax increases next year, laid out goals that could trigger more government spending, such as helping students pay for college.

The success Tuesday of Brown's Proposition 30, which raises billions of dollars through temporary income-tax increases on high earners and a quarter-cent surcharge on sales, gives lawmakers breathing room they have not had in years.

With one election, a deficit that has rendered Sacramento dysfunctional and threatened to ravage public schools has been largely wiped out.

Read More..

In Bounties They Trust, But Does Paying for Security Bugs Make a Safer Web?

The night before the end of Google’s Pwnium contest at the CanSecWest security conference this year in Vancouver, a tall teen dressed in khaki shorts, tube socks and sneakers was hunkered down on a hallway bench at the Sheraton hotel hacking away at his laptop.

With a $60,000 cash prize on the line, the teen, who goes by the hacker handle “Pinkie Pie,” was working hard to get his exploit for the Chrome browser stabilized before the close of the competition.

The only other contestant, a Russian university student named Sergey Glazunov, had already made off with one $60,000 prize for a zero-day exploit that attacked 10 different bugs.

Finally, with just hours to go before the end of the three-day competition, Pinkie Pie achieved his goal and dropped his exploit, a beauty of a hack that ripped through six zero-day vulnerabilities in Chrome and slipped out of the browser’s security sandbox.

Google called both hacks “works of art,” and within 24 hours of receiving each submission, had patched all of the bugs that they exploited. Within days, the company had also added new defensive measures to Chrome to ward off future similar attacks.

Google’s Pwnium contest is a new addition to its year-round bug bounty programs, launched in 2010, that are aimed at encouraging independent security researchers to find and report security vulnerabilities in Google’s Chrome browser and web properties, and to get paid for doing so.

Vendor bounty programs like Google’s have been around since 2004, when the Mozilla Foundation launched the first modern pay-for-bugs plan for its Firefox browser.* In addition to Google and Mozilla, Facebook and PayPal have also launched bug bounty programs, and even the crafts site Etsy got into the game recently with a program that pays not only for new bugs, but also retroactively for previously reported bugs, to thank researchers who contributed to the site’s security before the bounty program began.

The Mozilla Foundation has paid out more than $750,000 since launching its bounty program; Google has paid out more than $1.2 million.

But some of the biggest vendors, who might be expected to have bounty programs, don’t. Microsoft, Adobe and Apple are just three software makers who have been criticized for not paying independent researchers for bugs they have found, even though the companies benefit greatly from the free work done by those who uncover and disclose security vulnerabilities.

Microsoft says its new BlueHat security program, which pays $50,000 and $250,000 to security pros who can devise defensive measures for specific kinds of attacks, is better than paying for bugs.

“I don’t think that filing and rewarding point issues is a long-term strategy to protect customers,” Microsoft security chief Mike Reavey said recently.

All of which begs the question: Eight years down the line, have bug bounty programs made browsers and web services more secure? And is there any way to really test that proposition?

*Netscape actually launched the first bounty program in 1995, but the idea never really caught on beyond Netscape at the time.

There’s no scientific method for determining if software is more secure than it used to be. And there’s no way to know how much a bounty program has improved the security of a particular software program, as opposed to other measures undertaken by software makers. Security isn’t just about patching bugs; it’s also about adding defensive measures — such as browser sandboxes — to mitigate entire classes of bugs. The combination of these two make software more secure.

But everyone interviewed for this story says the anecdotal evidence strongly supports the conclusion that bounty programs have indeed improved the security of software. And more than this, the programs have yielded other security benefits that go far beyond the individual bugs they’ve helped fix.

In the most obvious sense, bounty programs make software more secure simply by the fact that they reduce the number of security holes hackers can attack.

“There’s a finite number of bugs in these products, so every time you can knock out a bunch of them, you’re in a better place,” says top security researcher Charlie Miller, who’s responsible for finding a number of high-profile vulnerabilities in Apple’s iPhone and other products.

But one of the biggest indications that bounty programs have improved security is the decreasing number of bug reports that come in, according to Google.

“It’s a hard measurement to take, but we’re seeing a fairly sustained drop-off in the number of incoming reports we’re receiving for the Chromium program,” says Chris Evans, information security engineer at Google who leads the company’s Chromium vulnerability rewards program as well as its new Pwnium contest, launched this year.

Google has its own internal fuzzing program to uncover security vulnerabilities, and the rate at which that team is finding bugs has dropped, too, Evans says. Google recently asked some of its best outside bug hunters why bug reports had declined and was told it was just “harder to find” vulnerabilities these days. Harder-to-find bugs for researchers also means harder-to-find bugs for hackers.

Bounty programs also improve security by encouraging researchers to disclose bugs responsibly — that is, passing the information to vendors first, so that they can release a patch to customers before the information is publicly disclosed. And they help mend the fractious relationship that has long existed between researchers and vendors.

In 2009, Miller and fellow security researchers Alex Sotirov and Dino Dai Zovi launched a “No More Free Bugs” campaign to protest freeloading vendors who weren’t willing to pay for the valuable service bug hunters provided and to call attention to the fact that researchers often got punished by vendors for trying to do a good deed.

Pages: 1 2 3 4 View All

Read More..