Tuesday, November 30, 2010

For my Computer Security students: Assume all servers in China are military. What would their responses be if China felt threatened? (Or simply wanted to rattle their sabers?)


Chinese DNS Tampering a Real Threat To Outsiders

"China has long used the Internet's Domain Name Service to censor Web sites and information that the ruling Communist Party deems threatening. But now security experts warn that the government's censorship is in danger of spilling over China's borders, suppressing the ability of those living outside of China to find information online. An estimated 57% of all networks on Earth passed DNS requests through a Chinese DNS rootserver at some point in 2010, according to data from security firm Renesys. Tampering by the Communist Party there poses a danger to Internet security and freedom. In fact, DNS tampering may be a bigger threat than techniques like BGP (Border Gateway Protocol) hijacking, which is believed to be responsible for an unexpected shift in Internet routing in April that has recently been the subject of mainstream media reports in the US. There is already evidence that China's efforts to tamper with DNS have bled outside the country's borders. The same report to Congress from the US-China Economic and Security Review Commission that called attention to the BGP hijacking incident from April, 2010 also mentions a March, 2010 incident in which Internet users in the US and Chile attempted to connect to social networking websites banned by the Chinese government. However, their DNS requests were handled by a Beijing-based Domain Name Server, which responded with incorrect DNS information that directed the surfers to incorrect servers, the report says."

Some guidance for victims... And where do we draw the line?


Free Speech, Privacy & Cyberstalkers – Help For Those With Personal Cyberstalking Terrorists

November 29, 2010 by Dissent

Ms. Smith writes:

In the United States, we highly value free speech. It is a wonderful right, but there are truly twisted people who hide behind freedom of speech and the right to privacy by being anonymous online. Just because we can say most anything anonymously, doesn’t mean we should. People joke online about cyberstalking others, but the reality is that the U.S. Department of Justice estimates that there may be hundreds of thousands of cyberstalking victims in the U.S. Many times, the stalker is an ex-significant other (boyfriend, girlfriend, husband, wife). A cyberstalker could just as easily be out to destroy the victim’s reputation. Other cyberstalkers are trolls, looking for their comments to rile up other people, but then it escalates to obsession with someone. Cyberstalking is a crime and it’s on the rise.

Read more on Privacy and Security Fanatic (Network World).

For my Computer Security (Risk Management) students: What is an “appropriate” response? How do you convince Managers (Politicians) not to over-react?


Causing Terror On the Cheap

"Bruce Schneier posts on his blog today about the value of terror with respect to cost-benefit for the terrorists. If you look at terror attacks in terms of what they cost the terrorists to implement, compared with what they cost the economy of the nation that was hit, the reward for terrorists is astronomical. Add in the insane costs of the security measures implemented afterward, particularly in America, and it's easy to see why the terrorists do what they do. Even when they're unsuccessful, they cost us billions in security countermeasures." [Billions to prevent attacks that failed the first time and will never be attempted again. Bob]

Occasionally rational thought breaks out!


Aussie Gov't Decides ISPs Aren't Responsible For Infected Computers

"In a sudden outburst of common sense, the Australian senate decided that it is not the government's responsibility to force ISPs to disconnect infected computers from the Internet. Peter Coroneos, chief of the Internet Industry Association, used a car analogy that actually makes sense: 'It would be like forcing car manufacturers to take responsibility for bad drivers.'"

...and there is no easy alternative. You can't examine an update and decide you don't want it installed on your computer. (Would auto manufacturers be allowed to install 4-barrel carbs at your next tune up without your permission?) Also, what differentiates this from systems “in the Cloud” that are not under a users control?


Apple, Microsoft, Google Attacked For Evil Plugins

"A Mozilla exec has attacked Apple, Microsoft and Google for installing plugins without users' permission. 'Why do Microsoft, Google, Apple, and others think that it is an OK practice to add plug-ins to Firefox when I'm installing their software packages?' Asa Dotzler asks. 'That is precisely how a Trojan horse operates... These additional pieces of software installed without my consent may not be malicious but the means by which they were installed was sneaky, underhanded, and wrong.' He called on them to 'stop being evil.'"

I suspect there's money to be made, and Comcast wants to be the one to make it.


Level 3 Shaken Down By Comcast Over Video Streaming

"It looks like the gloves are really coming off; Level 3 Communications had to pony up an undisclosed amount of cash to keep Netflix streaming to Comcast customers. Perhaps now the FCC might actually do something to ensure that the internet remains open. Level 3's Chief Legal Officer, Thomas Stortz, said: 'Level 3 believes Comcast's current position violates the spirit and letter of the FCC's proposed Internet Policy principles and other regulations and statutes, as well as Comcast's previous public statements about favoring an open Internet. While the network neutrality debate in Washington has focused on what actions a broadband access provider might take to filter, prioritize or manage content requested by its subscribers, Comcast's decision goes well beyond this. With this action, Comcast is preventing competing content from ever being delivered to Comcast's subscribers at all, unless Comcast's unilaterally-determined toll is paid — even though Comcast's subscribers requested the content. With this action, Comcast demonstrates the risk of a 'closed' Internet, where a retail broadband Internet access provider decides whether and how their subscribers interact with content.'"

Digital signatures ensure that you document was not altered.


Digisigner: Digitally Sign Your PDF Documents

Digital signatures on PDF documents are highly useful. To digitally sign a PDF document you need a PDF modification application that usually comes with a price tag. But thanks to DigiSigner you can now easily digitally sign PDF documents for free.


Also read related article: Electronically Sign Your PDF Documents For Free Using Adobe Signatures

No comments: