Your company has been identified by the Department of Homeland Security as potentially vulnerable to cyber attack. During the week of February 6th - February 10th, the DoHS will be testing cyber infrastructure as part of our Cyber Storm security exercise. In order to participate, you will need to supply us with [insert favorite hacking data here]...
Most of the examples are based on a fictional coffee company called Starbuzz
Can somebody say lawsuit?
As to the book itself, I looked at the sample chapter and it's in the random, jumpy style that marks the modern MTV generation. It has some appeal, but I think trying to get through a whole book laid out like that is going to cause headaches. Still, I plan to buy it, just to see if I can learn anything new.
Vodafone - one of the country's four mobile telephony providers - discovered the tapping after receiving complaints from customers over problems operating their phones.
"Hello, Vodaphone Greece. Yeah, I've got a complaint about my service. I think someone's tapping my phone. How can I tell? Every time I talk to my wife I hear heavy breathing that isn't hers, if you know what I mean..."
The US has no power to force RIM out of business (just out of the US).
I'd be willing to guarantee though that a large subsection of Blackberry users are here and if things go badly and RIM is forced out of the US, there will be serious business repercussions. True, perhaps not a fatal blow, but bound to hurt in the long run, at least until they can get 1% of the Chinese population to buy one.
Of course business leaders in the US won't let it happen; so much of their communications network is tied into the Blackberry that they couldn't afford to suddenly have to give it up.
"We have grave concerns about the potential use of DRMs by rightholders to override existing copyright exceptions," its statement said.
In the long term, the restrictions would not expire when a work went out of copyright, it said, and it may be impossible to trace the rights holders by that time.
"It is probable that no key would still exist to unlock the DRMs," Laca said. "For libraries this is serious.
So copyright law be damned. Slap some DRM on your work and it's yours for perpetuity, even after the copyright expires, simply by "losing" the key. Convenient.
Cobb, a 1986 graduate of George Washington University's law school, became NASA's inspector general on April 22, 2002, after working for a year as an ethics lawyer in the office of the White House General Counsel.
So he is steeped in the fine tradition of White House integrity and ethics. My question, why did it take this long for this investigation to happen?
...but I'm sure there are ample folks who use Oracle, and they won't give you *any* patches at *any* time, or allow you to peruse any of their Metalink site, without first paying.
And I'm sure there are some not-so-ample folks (I myself am fairly svelte) who use Oracle... but I digress. You're right; this kind of "we know it's broken but don't expect us to drop everything and fix it" logic is pervasive in the software industry. It's like buying a 6-cylinder car, having only 5 cylinders work, and the dealer telling you they'll fix it... in six months.
Some may argue that Microsoft should release a removal tool before the patch cycle anyway, and there is some credibility to the idea, though the logical extreme is that Microsoft should include an anti-virus program for free with Windows.
And some may argue that more time needs to be spent at Redmond in thwarting these things outright, rather than having to patch them or update the malicious software removal tool every cycle. It's not like this Trojan is old news.
Dennis Nealon, a spokesman for Brandeis, declined to disclose details about the e-mail message other than to say that it warned of an impending terrorist attack against the Heller School for Social Policy and Management. The message was sent to the university's office of public safety that day at about 11 a.m.
Clearly, some nut out to stir things up, but who knows? If you receive such a threat, in this day and age, wouldn't you have to take it seriously?
But she [Gail Marcinkiewicz, a spokesman for the FBI's Boston branch] said the FBI had a right to seize the computers because the agents who went to the Newton library thought Brandeis students, professors, and staff members were in immediate danger. "We could have done this," said Ms. Marcinkiewicz. "It is supported by case law."
Nonetheless, she said, the FBI decided to seek a warrant. By the time agents had determined that they needed to seize only three of the computers, about 5 p.m., they realized that people at Brandeis were not about to be killed, she added.
So there was an apparent threat, the FBI determined (who knows how) that it came from the library, was ready to seize the computers until the librarian intervened, and then the FBI backed off, got a warrant, and everyone went home happy. Where's the news?
Perhaps everyone sees the FBI as the US Government's stormtroopers (remember Waco?), but the fact is they are charged with the duty of protecting all citizens of the US from harm. They saw a threat and were prepared to act accordingly. They could have simply taken the computers and have been off and no one could have done a thing about it, but they chose retsraint, perhaps wondering how credible the threat really was. In the end, no one gets hurt, Democracy is safe, and the Republic goes on.
Gates's fortune is put at $US47 billion ($62.88 billion), according to the latest list of the world's rich published by Forbes magazine.
The couple's Bill and Melinda Gates Foundation has a $US29 billion ($38.8 billion) endowment making it the world's biggest charity.
So BG is putting more than half of his money into the Foundation (assuming he's the sole contributor). We may all not like him, but at least he's trying to do some good with the money he's fleeced from us. I just wish I still had the money so I could donate it and get the tax writeoff!
I don't think people realize how complex a blogging site can be. Attempting to secure a blogging site is a real task. Live journal actually has a revenue stream and paid programmers so there is less excuse for them not to try, but succeeding is another matter.
There is a vast difference between making a site "bulletproof" and making it work "correctly." Make no mistake, any software undertaking is not easy, but when a piece of software has to interact with the outside environment, the correct procedure is to treat data like stinky fish until you can verify its integrity. I write Perl apps and the taint mode (-T) switch is my friend. It forces me to ask "what is this data and how do I know it's valid?" If I can't answer that question, I shouldn't be using it. Now, to parse blog material is tedious, because content can take on so many different internal formats, but if you stick to only allowing content a certain way and then parse consistantly, you can avoid a lot of headaches.
Hackers only get away with exploits in most cases because either a) it hasn't been patched and remains open to exploit or b) they are not ensuring that the data people are sending them is valid.
... this wouldn't even be necessary if they'd taken security seriously in the first place, instead of tacking it on as an afterthought, or using the "eh, we can probably trust all this user-submitted content" model.
Oh, but we can trust users, can't we? And what's with a little harmless hacking? Good for the spirit, good for the soul!
Making software bulletproof is probably impossible. If one coder can think something up, another can devise a way to break it or exploit it. LiveJournal is going to run their little contest, someone will come along and solve their current problem, and all the while Bantown will be finding a new exploit. Perhaps they should go back to first principles and design the site correctly.
Maybe, but they can't possibly keep up with all the potential mis-spellings. And I wonder if they've considered the slang problem; after all, it would be simple enough to make the content available through slang-terms, written into the "alt" attribute of images or dumped to meta data.
After all the Hindenburg and her brother zeppelins were meant to ferry not only passengers but mail. Call this the next generation of airship communications, although using balloons. I had even thought of this a few years back; mount cell transponder equipment on blimps and have them hover over populated areas to act as relays for mobile phones and wireless Internet.
But if you're going to go to the degree of high altitude balloons, why stop there? Satellites would be the ultimate answer. Ask Arthur C. Clarke. A globe-girdling satellite network along the lines of GPS but carrying voice and data. I know, satellite phones are big and clunky, but so were cell phones at one time. It's possible to get a satellite phone right now, though I doubt they are going to be as cheap as cell phones for a while.
Why do we still drive cars that use an internal combustion engine and only get 30 miles per gallon?
Um, because consumers have never demanded anything different and Detroit and Big Oil have squelched attempts to develop new technologies for fear of cutting into their profit margin?
If these new X-Prizes bear fruit, it may signal breaking the grip of the big guys on the market, but I think there's less competition for a successful space plane than there is for a fuel-efficient, alternative-fuel car. Even if something radically new and spectacular is created through this process, don't expect Detroit to jump on the bandwagon so easily. Look at how hard it is for them to switch over to making hybrid vehicles.
Ok, so I'm a researcher, and you've given me the freedom from patent restrictions to allow me to go ahead with my research and Company XYZ can't stop me because it's for "research" and not personal gain. Don't I eventually end up becoming a de facto researcher for Company XYZ? They still hold the patents and could make use of my research to improve their products, couldn't they? And where's the economic incentive for me to do this research?
Without that issue to get angry about, much of the fire against the agreement will be quenched. VeriSign has clearly refused to budge on it being given lifetime control of the dotcom registry, but ICANN is willing to let this go because it believes the importance of dotcoms will diminish as it releases new top-level domains and the Internet becomes more search-engine led.
Apparently ICANN has suffered some sort of stroke or mental lapse. Can they honestly think that the ".com" extension is simply going to fade into the sunset anytime soon, given that virtually every important company has a website with that extension and vast marketing tied to their ".com" address? I haven't noted a boom in the number of ".info" domains lately. ICANN has sold out to VeriSign and is bring this out in the hopes that it will appease most of their critics, since anyone with a brain in their head will see it's a sham.
Slashdot Mirror
I can see it now...
FROM: cyberstorm@dohs.gov
TO: unlucky.recipient@yourcompany.com
SUBJECT: Participation in Cyber Storm exercise
Your company has been identified by the Department of Homeland Security as potentially vulnerable to cyber attack. During the week of February 6th - February 10th, the DoHS will be testing cyber infrastructure as part of our Cyber Storm security exercise. In order to participate, you will need to supply us with [insert favorite hacking data here]...
Can somebody say lawsuit?
As to the book itself, I looked at the sample chapter and it's in the random, jumpy style that marks the modern MTV generation. It has some appeal, but I think trying to get through a whole book laid out like that is going to cause headaches. Still, I plan to buy it, just to see if I can learn anything new.
"Hello, Vodaphone Greece. Yeah, I've got a complaint about my service. I think someone's tapping my phone. How can I tell? Every time I talk to my wife I hear heavy breathing that isn't hers, if you know what I mean..."
I seem to remember someone predicting this might happen in the future, or at least something like it.
I'd be willing to guarantee though that a large subsection of Blackberry users are here and if things go badly and RIM is forced out of the US, there will be serious business repercussions. True, perhaps not a fatal blow, but bound to hurt in the long run, at least until they can get 1% of the Chinese population to buy one.
Of course business leaders in the US won't let it happen; so much of their communications network is tied into the Blackberry that they couldn't afford to suddenly have to give it up.
But we all know the big fight is in the USA.
In the long term, the restrictions would not expire when a work went out of copyright, it said, and it may be impossible to trace the rights holders by that time.
"It is probable that no key would still exist to unlock the DRMs," Laca said. "For libraries this is serious.
So copyright law be damned. Slap some DRM on your work and it's yours for perpetuity, even after the copyright expires, simply by "losing" the key. Convenient.
So he is steeped in the fine tradition of White House integrity and ethics. My question, why did it take this long for this investigation to happen?
Move along. Nothing to see here.
Déjà vu
And I'm sure there are some not-so-ample folks (I myself am fairly svelte) who use Oracle... but I digress. You're right; this kind of "we know it's broken but don't expect us to drop everything and fix it" logic is pervasive in the software industry. It's like buying a 6-cylinder car, having only 5 cylinders work, and the dealer telling you they'll fix it... in six months.
And some may argue that more time needs to be spent at Redmond in thwarting these things outright, rather than having to patch them or update the malicious software removal tool every cycle. It's not like this Trojan is old news.
Clearly, some nut out to stir things up, but who knows? If you receive such a threat, in this day and age, wouldn't you have to take it seriously?
But she [Gail Marcinkiewicz, a spokesman for the FBI's Boston branch] said the FBI had a right to seize the computers because the agents who went to the Newton library thought Brandeis students, professors, and staff members were in immediate danger. "We could have done this," said Ms. Marcinkiewicz. "It is supported by case law."Nonetheless, she said, the FBI decided to seek a warrant. By the time agents had determined that they needed to seize only three of the computers, about 5 p.m., they realized that people at Brandeis were not about to be killed, she added.
So there was an apparent threat, the FBI determined (who knows how) that it came from the library, was ready to seize the computers until the librarian intervened, and then the FBI backed off, got a warrant, and everyone went home happy. Where's the news?
Perhaps everyone sees the FBI as the US Government's stormtroopers (remember Waco?), but the fact is they are charged with the duty of protecting all citizens of the US from harm. They saw a threat and were prepared to act accordingly. They could have simply taken the computers and have been off and no one could have done a thing about it, but they chose retsraint, perhaps wondering how credible the threat really was. In the end, no one gets hurt, Democracy is safe, and the Republic goes on.
The couple's Bill and Melinda Gates Foundation has a $US29 billion ($38.8 billion) endowment making it the world's biggest charity.
So BG is putting more than half of his money into the Foundation (assuming he's the sole contributor). We may all not like him, but at least he's trying to do some good with the money he's fleeced from us. I just wish I still had the money so I could donate it and get the tax writeoff!
And apparently he's spends a lot of free time pissing gamers off:
Starforce Posts Thier Objections to Toms Hardware
This may seem familiar (from C|Net): StarForce Response
Can you say whacko? Ooooopppss! I may be attracting a lawsuit or at least a visit from the FBI...
Will it be available in China?
There is a vast difference between making a site "bulletproof" and making it work "correctly." Make no mistake, any software undertaking is not easy, but when a piece of software has to interact with the outside environment, the correct procedure is to treat data like stinky fish until you can verify its integrity. I write Perl apps and the taint mode (-T) switch is my friend. It forces me to ask "what is this data and how do I know it's valid?" If I can't answer that question, I shouldn't be using it. Now, to parse blog material is tedious, because content can take on so many different internal formats, but if you stick to only allowing content a certain way and then parse consistantly, you can avoid a lot of headaches.
Hackers only get away with exploits in most cases because either a) it hasn't been patched and remains open to exploit or b) they are not ensuring that the data people are sending them is valid.
Oh, but we can trust users, can't we? And what's with a little harmless hacking? Good for the spirit, good for the soul!
Making software bulletproof is probably impossible. If one coder can think something up, another can devise a way to break it or exploit it. LiveJournal is going to run their little contest, someone will come along and solve their current problem, and all the while Bantown will be finding a new exploit. Perhaps they should go back to first principles and design the site correctly.
Maybe, but they can't possibly keep up with all the potential mis-spellings. And I wonder if they've considered the slang problem; after all, it would be simple enough to make the content available through slang-terms, written into the "alt" attribute of images or dumped to meta data.
After all the Hindenburg and her brother zeppelins were meant to ferry not only passengers but mail. Call this the next generation of airship communications, although using balloons. I had even thought of this a few years back; mount cell transponder equipment on blimps and have them hover over populated areas to act as relays for mobile phones and wireless Internet.
But if you're going to go to the degree of high altitude balloons, why stop there? Satellites would be the ultimate answer. Ask Arthur C. Clarke. A globe-girdling satellite network along the lines of GPS but carrying voice and data. I know, satellite phones are big and clunky, but so were cell phones at one time. It's possible to get a satellite phone right now, though I doubt they are going to be as cheap as cell phones for a while.
Um, because consumers have never demanded anything different and Detroit and Big Oil have squelched attempts to develop new technologies for fear of cutting into their profit margin?
If these new X-Prizes bear fruit, it may signal breaking the grip of the big guys on the market, but I think there's less competition for a successful space plane than there is for a fuel-efficient, alternative-fuel car. Even if something radically new and spectacular is created through this process, don't expect Detroit to jump on the bandwagon so easily. Look at how hard it is for them to switch over to making hybrid vehicles.
Ok, so I'm a researcher, and you've given me the freedom from patent restrictions to allow me to go ahead with my research and Company XYZ can't stop me because it's for "research" and not personal gain. Don't I eventually end up becoming a de facto researcher for Company XYZ? They still hold the patents and could make use of my research to improve their products, couldn't they? And where's the economic incentive for me to do this research?
Apparently ICANN has suffered some sort of stroke or mental lapse. Can they honestly think that the ".com" extension is simply going to fade into the sunset anytime soon, given that virtually every important company has a website with that extension and vast marketing tied to their ".com" address? I haven't noted a boom in the number of ".info" domains lately. ICANN has sold out to VeriSign and is bring this out in the hopes that it will appease most of their critics, since anyone with a brain in their head will see it's a sham.
Myths such as: he's a hacker, that he perpetrated any fraud or crime, and that he likes cats, and his wife Muffy is *not* actually a lesbian.
Govt lawyer: We need to see this cached data if we're ever to curb terrorism!
Google lawyer (waving hand): You don't need to see our data.
Govt lawyer: We don't need to see their data.
Google lawyer: You won't find any terrorists with it.
Govt lawyer: We won't find any terrorists with it.
Google lawyer: You are dropping your request
Govt lawyer: We are dropping our request
Google lawyer 2: I was sure we were dead back there.
Google lawyer: The Force (tm) has a strong influence on the weak-minded.