Slashdot Mirror
Targeted Attacks Focus On Economic Cyberterrorism
Orome1 writes "When it comes to dangerous Web threats, the only constant is change and gone are the days of predictable attack vectors. Instead, modern blended threats such as Aurora, Stuxnet, and Zeus infiltrate organizations through a variety of coordinated tactics, usually a combination of two or more. Phishing, compromised websites, and social networking are carefully coordinated to steal confidential data, because in the world of cybercrime, content equals cash. And, as a new Websense report illustrates, the latest tactics have now moved to a political and nationalistic stage. Cybercriminals and their blended attacks are having a field day taking advantage of security gaps left open by legacy technologies like firewalls, anti-virus, and simple URL blockers."
In Soviet Russia... most people don't have computers, so its not such a problem, komrade.
Cybercriminals and their blended attacks are having a field day taking advantage of security gaps left open by legacy technologies like firewalls, anti-virus, and simple URL blockers."
Calling something legacy implies that there's something better to replace those technologies with. Those technologies have not been replaced by some revolutionary new technology that does all that and holds your d--- while you piss too. And they were never intended to be a pancea -- they are intended to augment information security, not act as a substitute for it.
#fuckbeta #iamslashdot #dicemustdie
Legacy technologies?!
I don't think that word means what you think it means.
Now that I think about it, I'm pretty sure everything I just said is completely wrong.
Maybe its time to work on better out of band authentication and confirmation devices.
Take the IBM ZTIC that plugs into a USB port, and communicates encrypted from the device itself to the bank, just using the computer as a passthrough. This is what needs to be worked on, and maybe banks should start handing these out to customers. This way, even if an end user's computer is infected, their bank account couldn't be logged into without the device, and even if someone was to gain access upon logging on, all bank transfers would have to be confirmed on the ZTIC, so a quick transfer of funds would be caught and denied.
Applying this to MMOs, maybe the ZTIC device to confirm character transfers or deletion, as well as be needed to confirm logging on.
The advantage of using the ZTIC device over a cellphone for this is that the ZTIC device is simple -- it isn't a full fledged computer like a cell phone, and only does one task. Of course, exploits might be found, but the attack surface for this device is a lot smaller than a general purpose machine.
this book salesman? Because it has NO content.
Yours In Electrogorsk,
Kilgore Trout.
Why do we still have nation-states? What good do they serve?
They help to make sure that even though millions of people want to live under Sharia law, I don't have to. Yet.
Don't disappoint your bird dog. Go to the range.
And nations help with that? Nations help keep people repressed. They have a lot to do with why we have religious radicals. In the U.S. we have different names for them, but the same anti-statist religious nuts are here too.
Nations help oppress people, not keep them free.
So we should act quickly, before the people who want sharia law can get onto the internet en masse.
Cyber-terrorism. Eco-terrorism. Econo-terrorism. Man, it's almost like any criminal activity is an act of terrorism, now. Good thing we have those anti-terrorism laws unhindered by judicial process. And BTW, be intelligent about how you disagree with me, terrorist.
What you suggest is Communism. It works *IF* everyone plays nice together. When they dont you end up with Stalinism. Also there is always one bight bulb that figures out you dont have to do much to get by. So you end up with 'do it our way or pay major penalty'.
See
http://encyclopediadramatica.com/Internet_Fuckwad_Theory
Living in a commune sounds good at first. Until you realize that not everyone is driven to help others. In fact most people are douchbags...
Why do we still have nation-states? What good do they serve?
Nations are an emergent phenomena. It all starts with small tribes of people that are small enough that the leaders know everybody, and then grows as the technology and institutions grow to be able to keep more people under its umbrella. Once the group of nations grow large enough, they then have the choice of either attempting to dominate one another until no others remain or cooperating. The eventual result of either of these paths would probably be one singular world government, assuming that either ultimate victory or complete peaceful cooperation are even possible. If they're not, then we're all just wasting a hell of a lot of time trying.
But really, in answer to your question: You have to start with Nations, and long before they become obsolete they become an entrenched middle-man. Doing away with them is a lot like trying to eliminate any middle-man who wants to keep their job.
Were cyberbombs detonated on a cybertrain?
From TFA: "Searching for breaking news represented a higher risk (22.4 percent) than searching for objectionable content (21.8 percent)"
Enlightenment is a pipe dream. So where's the pipe?
Hey I bet Websense will sell you the solution to the problems cited in the report who wants to take a bet.
The internet is global. The economy is global. Politics are local. Why do we still have nation-states? What good do they serve?
Why not graduate to something more modern, like internet-based governance?
Politics are local? Huh, that's funny. Drezner (2007) says that All Politics is Global. He even has a chapter in his book that deals with the internet. To quote from the conclusions of this chapter: "The evidence presented here suggests that both international governmental organizations and nongovernmental organizations have roles to play in global governance. At times they can act as independent agenda-setters and advocates, but they become more important when they provide services as the agents of state interests." Of course, what does Drezner know? His book has only been cited by at least 132 published works according to Google Scholar. I'm sure you have a Political Science Ph.D and plenty of empirical evidence to support your claims, right? And open source global governance? It can never work until there are globally accepted political, social, and societal norms. By the time we reach this (assuming we ever do), the world would already essentially be under one global government, which would make open source government obsolete. You also assume that the norms required for open-source government are widespread globally, or will be the norms that are eventually accepted by the global community. It has in fact aided the adoption of norms that are antithetical to those that would need to be adopted for open source government to ever work.
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
I think any sensible definition of "terrorism" has to involve violence -- people in meatspace getting killed or at least hurt. I read TFA and the only connection it had to terrorism was in the headline. Skimming credit card numbers is not terrorism (though it could be used to finance terrorist activities). Spreading malware through Facebook is not terrorism (though a botnet could be used in conjunction with a terrorist attack, maybe).
I am not aware of terrorists ever having made a "cyber terror attack." Most extremist groups are looking for a bigger shock value than they can get by knocking out Google's Web server or even bringing down the electric grid in half the United States (either of which could be accomplished by a misplaced backhoe or a freak thunderstorm). Actually they would much rather blow up a school bus or something. A lone gunman can create more of a scare and get more PR for the cause than could a group of crack cyber-terrorists who managed to reproduce the U.S. blackout of 2005.
To label any and all malicious activity is disingenuous. It grabs some attention and helps you sell something in the short run, but in the long run, crying wolf is a disservice to the public and it doesn't pay off.
[Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
Nations help oppress people, not keep them free
No. Nations that don't have a constitutional framework founded in liberty (freedom of speech, assembly, etc) might fit that description, but not all nations. Nations are either subject to the rule of law (as backed up by their founding documents) or they are just mob rule (or a fuedal society). A nation that doesn't prevent thugs from telling you what to do isn't keeping people free. A nation that is constititionally chartered around the idea of keeping thugs (individual or governmental) in check is, in fact, a preserver of liberty.
That doesn't mean that it always goes well, but that's the general idea. You seem to be suggesting that ALL nations are oppressive because some nations are oppressive to thugs. Denying liberty to those who seek to deny liberty to others is not oppression. It's the opposite.
Don't disappoint your bird dog. Go to the range.
I'm a little fuzzy on WhiteListing - is that browser specific?
I could really see a hybrid system with "favorite sites" on a "WhiteList Browser", then when extended surfing, put a proposed link into a "BlackList Browser" to see if it's any good. Then there would be some easy way to add it to the WhiteList browser.
Most of my web usage is covered by a top-100 list, and TFA's from Slashdot or Fark, which I haven't seen come through too often with real malware.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
While you can't shut down botnets in-country, you can shut down entire countries if they start launching attacks, severing their undersea cable and communications satellite connections, reducing the activation of more attacks.
Which is why we maintain the ability to pull the plug on China, who persist in using their military to launch attacks on US sites.
-- Tigger warning: This post may contain tiggers! --
Countries and organizations are going to have to realize that connecting their in-house network to "the internet" securely is HARD and sometimes the best thing to do is to have an "ip gap" or better yet an "air gap" between their in-house data and the outside world. Oh, and turn off of those USB ports or at least treat them as untrustworthy. This isn't easy either, so there is a trade-off.
Many governments already do this for their sensitive networks.
This won't stop inside jobs and it won't stop the most determined invader but it will make it much more expensive to succeed.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I'd like to see a much more hostile internet to coerce better security practices. People in general won't care about such things unless and until it is forced upon them by events.
If they won't change unless someone "breaks their shit", then that needs to happen.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
I was talking about white-listing processes on systems which absolutely have to be secure.
As it stands antivirus software just blacklists virus code which is just an example of Enumerating Badness : http://www.ranum.com/security/computer_security/editorials/dumb/
What the hell Sweden?!? You guys are hosting 37% of the phishing sites out there. Get your act together, or I might starting thinking about issuing a verbal warning which is only 3 steps away from a written warning.
That doesn't mean that it always goes well, but that's the general idea. You seem to be suggesting that ALL nations are oppressive because some nations are oppressive to thugs. Denying liberty to those who seek to deny liberty to others is not oppression. It's the opposite.
All laws benefit one group by disadvantaging another. What you're calling liberty is just screwing over a minority to benefit a majority, and what you're calling tyranny is benefiting a minority by screwing over a majority. Both are oppressive, the difference is one group knows it and the other group posts on slashdot about how great it is to live in a "free" society.
#fuckbeta #iamslashdot #dicemustdie
Denying liberty to those who seek to deny liberty to others is not oppression. It's the opposite.
Well then there is no such thing as oppression. Or Liberty. Or something. That's a shakey ground or slippery slope that I wouldn't stand behind, it's far too black and white.
What qualifies as "denying liberty" to others? The fact that I'm using a computer right now means that I've supported computer companies that set up sweat shops in a lot of third world countries for all their goods and resources which means I've contributed to the poor state of their economy and I'm essentially keeping people in poverty over in some other country. I've supported the system that aims to take away the civil rights of some people and made them work in hazardous conditions.
Does that mean that mean that I'm oppressive? Simply denying another person's liberty? How many degrees of seperation must it go through before its no longer on me?
I mean, if this logic holds, then locking me up for using a computer is not oppression - it's the opposite.
I think you'd be better off saying that Denying liberty to those who seek to deny liberty to others is still oppression - but people need to redefine oppression and realize that some kinds of oppression are good for society.
Which is why most models of open source governance work on a consensus model.
So laws against murder, bank robbery, and other real crimes (with real victims) are oppressive?
"Fascism should more properly be called corporatism because it is the merger of state and corporate power." -- Mussolini
A great movie came out with Robert Redford, about this type of cyber crime that could virtually cause a full collapse of a nation, or country. This is not far off, get a few more stock exchange collapses in a row, and we are off to mad max land!
Debatable, but they're certainly singular.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
The Chinese and Japanese can both do a lot of shenigans with their US treasury reserves.
1) Blanket the market and buy as many call options as you can.
2) Announce that your treasury is dumping 100% of it's US treasuries, and you will only take hard assets or Euro as payment.
3)Stock prices now soar on inflation.
4)Exercise all your call options.
5)Blanket the market and buy as many put options as you can.
6)Announce that you have decided not to sell your US treasuries after all as the bids "weren't as high as you expected"
7)Stock prices plunge on deflation.
8)Exercise all your put options.
9) GOTO 1
bash-2.04$
bash-2.04$yes "Don't you hate dialup connections?"| write USERNAME
Which is why most models of open source governance work on a consensus model.
Which is a terrible idea. That's how you get the tyranny of the majority. Governance must be based on principle, not consensus.
Don't disappoint your bird dog. Go to the range.
That would be true if consensus == majority. But it most certainly does not.
You can't have the majority imposing its will on a minority if a consensus is required for that imposition. What incentive is there for the minority to join the consensus of their own repression?
Tyranny of the majority is what we have now, if you haven't noticed. Or more often, since this is a republic, tyranny of the minority. How is that better?
And no, we don't have governance based on principle. Unless you equate "I want as much power, money, and other goodies" as principle. Because that is what our politicians are trained to believe. Have you ever heard of the saying that "power corrupts?" It's not just a cute thing to say. It is evidenced every time a lobbyist makes a "campaign contribution."
All laws benefit one group by disadvantaging another
Sure, OK. And you have a problem with taking away the advantage (the consequenceless use of violence) held by criminals? You really think that a rapist or a murderer has the moral equivalence of a carpenter or a teacher, and can't see that it's rational to give non-aggressors an advantage over violent parasites?
Don't disappoint your bird dog. Go to the range.
So you are admitting the government of the United States of America is a thug against the very citizens it is supposed to protect
Gee. No, I'm not saying the opposite of what I'm saying, actually.
Don't disappoint your bird dog. Go to the range.
Nations are an emergent phenomena. It all starts with small tribes of people that are small enough that the leaders know everybody, and then grows as the technology and institutions grow to be able to keep more people under its umbrella. Once the group of nations grow large enough, they then have the choice of either attempting to dominate one another until no others remain or cooperating..
Right about that point I shift my nation's knowledge pursuits from pure science, to more military-based discoveries, and try try to get my most productive city to build "The Great Library" wonder.
See here, and the title above:
http://en.wikipedia.org/wiki/Sneakers_(film)
(Is that the one? If so?? Great film!)
APK
"constitutional framework" "founding documents"
You new worlders are so cute.
You new worlders are so cute
... what? An old-world Nanny State leftist? Greek, perhaps? Or maybe an ex-pat Parisian who left in the 60's to go to Venezuela? Ah, paradise!
And you would be
Don't disappoint your bird dog. Go to the range.
"We've got something to replace those technologies. Linux." - by Black Gold Alchemist (1747136)
on Wednesday November 10, @08:46PM (#34192576)
The ONLY reason Linux appears "safer to use" vs. cyberthreats is simple: "SECURITY-BY-OBSCURITY", & not even then!
E.G. -> Witness ANDROID based systems (a Linux variant no less) getting abused more & more lately (and yes, "normal Linux distros" before that as well - because it's not as if I do not get security-oriented updates via KUbuntu's Software Package Management here).
I mean, just like you are doing now? Hey - The MacOS X folks from Apple tried the same play Linux folks are too, and on T.V. no less, & what happened once Apple's MacOS X started getting a larger share of market?? Exploits for MacOS X too...
No escaping facts here.
Criminals online, they're NOT MUCH DIFFERENT than say, pickpockets. Pickpockets do not gather where there aren't larger amounts of folks, especially unsaavy folks, to take advantage of. They go where the crowds are, subways/trainstations/malls or any other largely travelled throughfare. Pickpockets (and yes, "cyber-criminals" too) are after YOUR MONIES.
So, crowds being where they are, on today on PC's online... where's the analogues to those crowded areas? Windows.
This is why Windows is "abused" more, plain & simple. It's more used and presents a larger target to go after from 1 single attack codebase.
(Once Linux, if ever, gets more folks using it than currently today? It too will be attacked more... just as Apple's MacOS X began to be once it began gaining larger amounts of users! Also/lastly: Need I remind ANYONE where the 1st computer worm/virus originated? Robert Morris ring a bell?? That's right - on *NIX's people! Don't think it can't happen again either I say, & learn from history.)
I like & use KUbuntu here daily, but I'm not so "zealous" to not realize that it too, is NOT "invulnerable" to attacks online... it's just less targetted (for now).
APK
P.S.=> I'd also like to know if you think that webbrowsers running on Linux or MacOS X are "invulnerable" to attack? Most attacks nowadays utilize javascript as the attack vector being used in malscripted html webpages, or even maliciously scripted adbanners or just plain KNOWN bad websites, and even emails that use scripts... So, does javascript run on *NIX variants with the same basically flawed & exploitable DOM? Sure does last I checked! apk