Slashdot Mirror
Swedish Lemon Angels
slaytanic killer writes: "Bruce Schneier addresses the "Third Wave of Computer Attacks" in a recent ZDnet article. Another step in his evolution towards looking at the human side of computer weaknesses; analyzing the dangers which come into life when humans translate syntax into meaning. Complete with links at the bottom about rigorous military analysis and Penn&Teller's exploding Swedish Lemon Angels."
- 1 egg
- 1/2 cup buttermilk
- 5 tsp. baking soda
- 1/2 tsp. vanilla
- 1 cup lemon juice
- 1 and 1/4 cups sugar
- 1 cup flour
- 3/4 cup sugar
- 8 tbs. melted butter
preheat oven to 375 degrees.- In a small bowl beat egg until foamy.
- Add the butter milk and the vanilla and blend well.
- Add the baking soda, one teaspoon at a time, sprinkling it in and beating until it is smooth.
- Add the lemon juice all at once and blend into the mixture.
- Scoop the mixture out of the bowl useing a spatula and spread onto a floured surface.
- sift the flour and the sugar and work it into the mixture using your fingertips.
- With a floured rolling pin, roll the dough out 1/32" thick, and with the tip of a sharp knife, cut out "angel" shapes and sprinkle on some sugar.
- Brush with butter.
- Place on ungreased baking sheet and bake for 12 minutes or until the edges curl up.
- Let cool and serve.
For anyone who somehow managed to miss kitchen chemistry as a kid, these are going to blooey right around step 4. Fun.Slashdot is jumping the shark. I'm just driving the boat.
I realize that Bruce needs to structure some sort of narrative around his article, but this "third wave" of "semantic hacking" is hardly new.
The attack on Internet Wire was just an insider abusing the system. It's been going on for quite a while, and shame on Internet Wire for having lax enough security than an ex-employee could abuse the system. Social Engineering has also been a common practice for years: call the helpdesk from the CEO's phone and demand that your password be reset. Easy stuff, old practices. In fact, social engineering, manipulation of the press, and misleading the public are practices that predate the internet by a few thousand years:
"What of this again, that these people are experts in flattery, and will commend the talk of an illiterate, or the beauty of a deformed, friend, and compare the scraggy neck of some weakling to the brawny throat of Hercules when holding up Antaeus[12] high above the earth; or go into ecstasies over a squeaky voice not more melodious than that of a cock when he pecks his spouse the hen? We, no doubt, can praise the same things that they do; but what they say is believed."
- Juvenal's Satires
What's new is that the interconnectedness of the internet community is allowing these practices to migrate to the internet in powerful ways. At least one person believes that this is cause for deep optimism:
"All the bad things we hear about the Web are true. There really are people online who'd like to lure our children into shadows. There really are hucksters who'll steal not only your money but your identity. There really are people who'll take pictures of you in a public bathroom and publish the pictures to the world. Every human vice
we can imagine finds its way onto the Web, which seems to spur the world's most lurid imaginations even further. But the reason for this should be a cause for optimism."
You can check the article out yourself for more, but I agree with the premise. The internet continuing to mirror the "real" world is generally a good thing, and the "forces of good" can harness those powers as well as the "forces of evil".
Noam Chomsky has worried quite a bit about the power of centralized press.
"Chomsky's central belief is that propaganda plays the same role in a democracy as violence plays in a dictatorship.
In the United States, therefore, you need to be less afraid of the National Guard and more afraid of the manipulation of information by governmental, corporate and academic sources. According to Chomsky, the elites who control and benefit from the American political system preserve that system by marginalizing alternative political views, selectively reporting on the consequences of United States foreign policy, and creating political apathy among the general populace by encouraging them to watch professional sports and TV sitcoms rather than actively participate in the political process."
Bruce Schneier should be less worried about manipulation of public news outlets, stock prices, and the economy by hackers, and more worried about the manipulation of public opinion by corporations and governments. Hackers, by showing people how easy it is to have their opinions manipulated, actually serve a positive purpose. I'm not saying I endorse the Internet Wire hack, real people lost money and that's not good. But, creative hacks, the "jam the WTO" movement in Seattle, cool sites like The Onion and Adbusters are all great ways to wake up an uninterested, uninvolved public.
- Twid
- "When you want something with all your heart, the entire universe conspires to give it to you" -Paulo Coelho
Beware the LOTR (Lawyers On The Rampage) attacks. The perpetrators of these attacks seem to be hitting small to medium sites all over the internet, in a seemingly random pattern.
Ñ'
From: president@whitehouse.gov
To: The People of the United States of America
My fellow Americans,
I hereby forfeit all American land and assets to the Republic of Iraq. May Allah forgive us for our past evils.
Signed,
Saddam^H^H^H^H^H^HBill Clinton
That's the most obvious use of this, and it appears that in this case, even a pathetically crude and transparent fraud managed to cause significant damage, though it appears they caught the perp.
Even a teenager has been able to pull off a scam of this sort. This article in The Standard has the story of a teenager caught manipulating stock prices, who was ordered to pay back his illegal profits after he got caught.
Now this is an inexperienced kid, and another idiot who apparently made his transactions transparently obvious and got caught. We only hear about the ones who get caught, and I highly doubt these guys are the only ones doing it. They're just the only ones dumb enough to make it so transparent.
It seems to me that Schneier's idea of semantic attacks as a new, third generation attack is a little overstated - what is a semantic attack but a natural progression out of social engineering?
I suppose the distinction, if one is to be made, is that in the past, social engineering was a means to an end - you would use your 'leet SE skillz to get a private dialup number, or access to a machine - whereas semantic attacks tend to be ends in themselves.
Nevertheless, the distinction feels somewhat contrived, and moreover, anyone who's read books like Sterling's The Hacker Crackdown (or anyone who knows their computer history, for that matter) knows that SE has been a big part of these attacks since the beginning: obtaining access to university systems, obtaining AT&T technical docs - SE is what armed people to commit the physical and syntactic attacks he mentions.
His pessimism about their severity is striking too - sure people online don't verify their sources as well as they should - but a) they've for the most part not known how, and moreover b) the media's been doing this for at least the last century without civilization grinding to a halt.
Semantic attacks against humans rely on gullibility or sometimes in the case of the internet, technical ignorance - but with digital signatures coming into fashion, it may not be long before grandma's email program tells her when a signature is invalid, and when grandma herself knows not to trust unsigned mail. And the idea of semantic attacks against computers, through feeding them bad data, is really about spamming search engines, and trying to overflow buffers, which are neither new nor noteworthy.
I know Schneier has gradually become more skeptical about the ability of people, especially online, to take care of themselves - and in many cases, he has good reason to. But having said that, I do feel that the picture he paints is a little too bleak.
Computer are easy to fix in comparison to humans. Computers accept any given set of instructions we see fit to give them, and they execute those instructions exactly, every time. When there's a problem in the instructions, we can give the computer a new set to fix the problem.
Humans dont WANT to be fixed. Humans don't even want to admit that they're broken. About 3 1/2 years ago, my mother was driving around a curve with my younger brother in the car when she was striken by an elderly woman nearly head on. Her car was demolished, and she was badly injured herself. (My younger brother was not.) Even after the physical therapy, she will suffer pain every day for the rest of her life. The elderly woman couldn't see well enough to see the bend in the road, or even my mothers car. She was for all intents and purposes blind, and a terrible danger to everyone on the road. Any responsible person would know that they should not drive in that condition, but people are frequently NOT RESPONSIBLE. Given the choice between safe and convenient, the woman chose convenience.
Could this problem have been prevented? Can it be fixed? Sure! First, however, someone has to admit that there is a problem. Then people would have to implement more frequent checks and more rigid requirements for the license to drive.
People don't want to go out of their way for safety or correctness. They don't want to learn good practice. They want convenience, and they want fast results. That will probably always be the case. As long as it is, those people will be the biggest source of trouble, computer related or not.