Bruce Schneier wrote a great summary of what made this worm special here. It's true that Witty didn't get as much press coverage as some; it really deserved to get more. The whole thing fit inside one UDP packet (like SQL Slammer) and it ramped up very quickly given that it only targeted a small fraction of Internet hosts (those running a couple of ISS products). And it was destructive to the host without harming its ability to spread. Rather breathtaking.
You have to physically steal the card to be able to do anything with it.
Actually, getting temporary physical access to the card may be enough. Research side-channel attacks (power, magnetism, etc.) which these cards seem pretty susceptible to.
Still, smart cards are a major improvement over magstripe or RFID, where the key is fairly easily copied. Smart cards raise the bar substantially.
If they're really serious about "eating their own dog food," they should can the executive grumbling and hinting. They should just give every employee (outside the Mac group maybe) a free MP3/WMA/whatever player, one that reflects the corporate goals, and then ban the iPod on campus. Why go halfway? It only makes them appear unable to stem the tide of what's cool... far worse PR than if they'd said nothing.
If they won't do that, then shut up and let the employees use what they want. And maybe try to actually innovate and create a product with an experience that will draw them back.
Most of those devices (actually, most desktops period) send their mail through an MTA. Have the MTA add the hashcash, optionally requiring the device to do SMTP AUTH.
"The Internet changes everything about X"
on
Joe Trippi Interviewed
·
· Score: 2, Insightful
He has a new book out, 'The Revolution will not be Televised' (click for excerpt), about how the Internet is radically changing the way politics is done.
I've become weary of such declarations. Ironic that the 2004 primary season paralleled the dot-com boom: In both cases the Internet created a tremendous amount of "buzz" and everyone said "The Internet has 'radically' changed the rules and the old model is obsolete" -- yet when all was said and done, "buzz" did not translate into stable business models nor votes, and the declaration of the total death of the old order and conventional wisdom turned out to be premature. (The scream was only part of it.)
The Internet brings incremental changes. "When it comes to technology, most people overestimate the impact in the short-term and underestimate it in the long-term." -- Arthur C. Clarke
I work in higher-ed. In my 5 years here I've been watching the gradual drop of the Mac:PC ratio. The reality is that it isn't the institution and IT imposing this change on our users; rather, it is IT responding to users' expressed preferences. During finals it was easy to see in the labs--people waiting in line for a PC, while most of the Macs were sitting idle. "More PCs in the dorms and labs" was even a student body president campaign issue a few years ago. Really, this shouldn't be surprising given Windows' 90%+ marketshare everywhere else... students, like the population at large, just seem to want Windows.
With the faculty, the preference goes by department, and most of the departments that have used Macs are still using Macs (with the notable exception of Education). The best I feel I can do here is to push hard to maintain an open infrastructure, where Windows, Mac OS, and open-source operating systems can equally access all services... and argue against the decision some institutions are making to just mandate Windows-only in the name of simplifying support and infrastructure costs.
A quote I picked up somewhere -- it's in some of my Perl code, the code that's poorly error-checked;-)
Ken Thompson has an automobile which he helped design. Unlike most automobiles, it has neither speedometer, nor gas gauge, nor any of the numerous idiot lights which plague the modern driver. Rather, if the driver makes any mistake, a giant "?" lights up in the center of the dashboard. "The experienced driver," he says, "will usually know what's wrong."
The complete archive for this thread was linked from Groklaw yesterday, you can find it here. You're right, it's well worth reading. The part I found funniest was his comment about "when you can run Hurd in the 21st Century" -- that was 1992 and here it is 2004...
Linus has said repeatedly in recent years words to the effect of "People think I'm a nice guy, but I'm really a bastard." It's interesting to see elements of that in what he calls (in the thread) "hopefully my last flamefest"; he was big enough to apologize for the tone of his first reply.
pHDNgell: Would you mind contacting me at cyrusmac AT nordist DOT net -- I am trying to get Mail.app to work with Cyrus v2.2.3 with no luck (it crashes); if you solved this problem I'd love to hear how. Thanks!
John Lienhard (the U. of Houston one) is the host of "The Engines of Our Ingenuity" radio program. If you haven't heard any of these, get the transcripts or see if the program is on in your area. I've always found them excellent.
Screw all binary drivers, I insist on open source drivers for everything. The only thing I've had to relent on lately is the graphics card since the Nvidia stuff is the only decent graphics card out there but the modules are binary only.
Quite a principled stand you've taken there, AC. You may want to look up the definitions of "all" and "everything" and get back to us.
That would be great news. Think about it: Do you know how much good music there is out there, pressed on DRM-free CDs, that I've never heard? This would just make it cheaper, so I can buy more of it.
Slashdot Mirror
"You're a mean drunk, Superman."
And of course a flood of spam will follow this like night follows day. This has been going on for some time; LURHQ wrote up some good articles about the virus/spam connection: Sobig.a and the Spam You Received Today, Sobig.e - Evolution of the Worm, and Sobig.f Examined.
Have a look at CWirc, it rocks.
Bruce Schneier wrote a great summary of what made this worm special here. It's true that Witty didn't get as much press coverage as some; it really deserved to get more. The whole thing fit inside one UDP packet (like SQL Slammer) and it ramped up very quickly given that it only targeted a small fraction of Internet hosts (those running a couple of ISS products). And it was destructive to the host without harming its ability to spread. Rather breathtaking.
Actually, getting temporary physical access to the card may be enough. Research side-channel attacks (power, magnetism, etc.) which these cards seem pretty susceptible to.
Still, smart cards are a major improvement over magstripe or RFID, where the key is fairly easily copied. Smart cards raise the bar substantially.
Sounds like we can get our money for nothing after all! (What about the chicks for free?)
In short, if it's broken, that's valuable. If it isn't broken in the time allotted, on the other hand, that doesn't mean it's secure.
GNU | Enterprise
Sorry if I wasn't clear. You posted the URL correctly. It was The Register that got the URL spelling wrong. :-)
*snort* Nice URL there Reg...
If they won't do that, then shut up and let the employees use what they want. And maybe try to actually innovate and create a product with an experience that will draw them back.
Most of those devices (actually, most desktops period) send their mail through an MTA. Have the MTA add the hashcash, optionally requiring the device to do SMTP AUTH.
Here you go, high tech even. :-)
I've become weary of such declarations. Ironic that the 2004 primary season paralleled the dot-com boom: In both cases the Internet created a tremendous amount of "buzz" and everyone said "The Internet has 'radically' changed the rules and the old model is obsolete" -- yet when all was said and done, "buzz" did not translate into stable business models nor votes, and the declaration of the total death of the old order and conventional wisdom turned out to be premature. (The scream was only part of it.)
The Internet brings incremental changes. "When it comes to technology, most people overestimate the impact in the short-term and underestimate it in the long-term." -- Arthur C. Clarke
With the faculty, the preference goes by department, and most of the departments that have used Macs are still using Macs (with the notable exception of Education). The best I feel I can do here is to push hard to maintain an open infrastructure, where Windows, Mac OS, and open-source operating systems can equally access all services... and argue against the decision some institutions are making to just mandate Windows-only in the name of simplifying support and infrastructure costs.
A quote I picked up somewhere -- it's in some of my Perl code, the code that's poorly error-checked ;-)
Ken Thompson has an automobile which he helped design. Unlike most automobiles, it has neither speedometer, nor gas gauge, nor any of the numerous idiot lights which plague the modern driver. Rather, if the driver makes any mistake, a giant "?" lights up in the center of the dashboard. "The experienced driver," he says, "will usually know what's wrong."
at The CMS Matrix; you can pick up to 10 you want to compare.
The whole thread was linked from Groklaw yesterday at this URL.
The complete archive for this thread was linked from Groklaw yesterday, you can find it here. You're right, it's well worth reading. The part I found funniest was his comment about "when you can run Hurd in the 21st Century" -- that was 1992 and here it is 2004...
Linus has said repeatedly in recent years words to the effect of "People think I'm a nice guy, but I'm really a bastard." It's interesting to see elements of that in what he calls (in the thread) "hopefully my last flamefest"; he was big enough to apologize for the tone of his first reply.
pHDNgell: Would you mind contacting me at cyrusmac AT nordist DOT net -- I am trying to get Mail.app to work with Cyrus v2.2.3 with no luck (it crashes); if you solved this problem I'd love to hear how. Thanks!
John Lienhard (the U. of Houston one) is the host of "The Engines of Our Ingenuity" radio program. If you haven't heard any of these, get the transcripts or see if the program is on in your area. I've always found them excellent.
Quite a principled stand you've taken there, AC. You may want to look up the definitions of "all" and "everything" and get back to us.
Hypothetically, you mean?
Have a look at the BigEvil list, a custom ruleset for SpamAssassin that has tons of bad domain names.
That would be great news. Think about it: Do you know how much good music there is out there, pressed on DRM-free CDs, that I've never heard? This would just make it cheaper, so I can buy more of it.