Friday, June 12, 2009

Food (lemons) for thought.

http://it.slashdot.org/story/09/06/11/1355257/Collateral-Damage-From-Cyber-Warfare?from=rss

Collateral Damage From Cyber Warfare?

Posted by CmdrTaco on Thursday June 11, @11:14AM from the something-to-think-about dept. security military

theodp writes

"If you're thinking about applying for that open US cyber warfare czar position, Robert X. Cringely points out that you will have to effectively function as a world cyber warfare czar, a fact that neither Republican nor Democratic Administrations have yet been willing to embrace, at least in public. The international nature of today's outsourced-and-offshored IT business has big implications for US security. Try to do a security audit of your company's technical resources in Argentina or Bangladesh, suggests Bob, and see what nightmare is unveiled. Toss some random Code Gods into the mix, says Cringely, and it's really too tough to predict who might win in a game of US vs. Albania."


(Related) It's always good to find someone more paranoid than I am. (If not China, perhaps my student Hackers?)

http://it.slashdot.org/story/09/06/11/1912240/Is-China-Creating-the-Worlds-Largest-Botnet-Army?from=rss

Is China Creating the World's Largest Botnet Army?

Posted by timothy on Thursday June 11, @03:22PM from the economies-of-scale dept. security internet

david_a_eaves writes

"The Chinese government is mandating that all computers sold in China come with Internet blocking software. Rob Cottingham writes an excellent piece noting how the censorship application of this software should be the least of our concerns. This new software may create an opportunity for the Chinese Government to appropriate these computers and use them to create the worlds largest botnet army."

Update: 06/11 21:26 GMT by T : J. Alex Halderman writes "My students and I have been examining the Green Dam censorware software. We've found serious vulnerabilities that can be exploited by any web site a user visits with the software installed. We also found that some of the blacklists seems to have been taken from the American-made filtering program CyberSitter. We've posted a report and demo."


(Related) It's so easy, even a caveman can do it. (This could be fun for my Computer Security students!)

http://news.cnet.com/8301-1009_3-10263239-83.html

Look Ma, I created a botnet!

by Elinor Mills June 11, 2009 7:13 PM PDT

… In less than an hour on Thursday, I was able to use programs readily available on the Internet underground for as little as $300 to infect several Windows clients and take complete control of them in a test environment.

In contrast to the real world, the McAfee Malware Experience event, which was akin to a Malware 101 class (or, in my case, Malware for Dummies), served up printed step-by-step instructions for us nonhacker journalists. But McAfee researchers said the programs used--real samples of malicious code from the wild--were not particularly sophisticated and any script kiddie could manage them easily.

… Following the tutorial, McAfee provided some bleak statistics to put my actions into perspective. For instance, the company's Avert Labs sees more than 400,000 new zombies a day, 4,000 new pieces of malware a day and 1.5 million malicious sites a month. There were 1.5 million pieces of unique malware last year and McAfee predicts that number will rise to 2.4 million this year.



CSS 150 How to commit CyberCrime. In any fraud (scam) the most difficult part is the conversion – actually getting the cold, hard cash. (This looks tedious, but remember that it could be programmed into a computer.)

http://apple.slashdot.org/story/09/06/12/016223/UK-Gang-Caught-After-750K-Online-Music-Fraud-Scam?from=rss

UK Gang Caught After $750K Online Music Fraud Scam

Posted by timothy on Friday June 12, @01:46AM from the dj-felonious dept. money music apple news

LSDelirious writes

"10 individuals in the UK have been arrested in connection with an online fraud gang, whereby the group created several songs, had the songs uploaded to iTunes and Amazon, then used thousands of stolen credit cards to repeatedly purchase the songs from these services. It is estimated that they charged approximately $750,000 worth of fraudulent purchases, netting the group over $300,000 in royalties payments."



“It is better to look good than to feel good.” Is this just cosmetic? We could hope for more...

http://www.pogowasright.org/article.php?story=20090611182903994

A New List of How Much AT&T Knows About You

Thursday, June 11 2009 @ 06:29 PM EDT Contributed by: PrivacyNews

These days AT&T knows a great deal about its customers: who they call, where they travel, what they watch on TV, what sites they visit on the Web. It has taken a new shot at explaining to them what information it collects and why in a new privacy policy that it posted Thursday morning. The policy is a draft that in 45 days will replace the 17 policies now used by its various subsidiaries.

Source - NY Times Related - Threat Level: AT&T Unveils New Privacy Policy. No, Really

[From the article:

But AT&T has decided that appearing to take the high ground on privacy will help it in Washington in its battle with Google, and perhaps will improve its image among those who are angry about its cooperation with the government’s warrantless wiretapping program.

… It has a prominent section on location information, one of the biggest new types of information being collected by cellphone companies. It makes clear that AT&T knows where its cellphone customers are and uses that information to show ads for local merchants when they check yellow pages and use other services.



What? The Internet is unreliable? I'm shocked!

http://www.bespacific.com/mt/archives/021566.html

June 11, 2009

Trustworthiness of Case Reports in the Digital Age

The Decline and Fall of the Dominant Paradigm: Trustworthiness of Case Reports in the Digital Age, by William R. Mills, New York Law School Law Review, volume 53, 2008/2009.

  • "It is axiomatic that our American common law, based in the principle of precedent and the rule of stare decisis, relies on accurate case reports published in authentic sources. But when citing American court opinions as legal authority, authors, for the past century or more, have given little thought to the accuracy of the case reports or the authenticity of the sources wherein the reports were found. This remains true in the digital age, when authors doing research are increasingly likely to have relied on the Internet as their primary or sole source of case law."


(Related) But apparently there is no problem with online health information.

http://www.bespacific.com/mt/archives/021565.html

June 11, 2009

Pew Survey: The Social Life of Health Information

"This Pew Internet/California HealthCare Foundation survey finds that technology is not an end, but a means to accelerate the pace of discovery, widen social networks, and sharpen the questions someone might ask when they do get to talk to a health professional. Technology can help to enable the human connection in health care and the internet is turning up the information network’s volume."



(Probably not related) This may be a future tool for e-discovery, when it can handle data other than web pages. Might make an interesting intelligence gathering tool as well. But I doubt it will ever tell us what politicians mean...

http://tech.slashdot.org/story/09/06/12/1217234/Extracting-Meaning-From-Millions-of-Pages?from=rss

Extracting Meaning From Millions of Pages

Posted by kdawson on Friday June 12, @08:48AM from the data-mining-gone-large dept. software google internet

freakshowsam writes

"Technology Review has an article on a software engine, developed by researchers at the University of Washington, that pulls together facts by combing through more than 500 million Web pages. TextRunner extracts information from billions of lines of text by analyzing basic relationships between words. 'The significance of TextRunner is that it is scalable because it is unsupervised,' says Peter Norvig, director of research at Google, which donated the database of Web pages that TextRunner analyzes. The prototype still has a fairly simple interface and is not meant for public search so much as to demonstrate the automated extraction of information from 500 million Web pages, says Oren Etzioni, a University of Washington computer scientist leading the project."

Try the query "Who has Microsoft acquired?"



For my JavaScript students.

http://it.slashdot.org/story/09/06/11/2147240/New-Exploit-Uses-JavaScript-To-Compromise-Intranets-VPNs?from=rss

New Exploit Uses JavaScript To Compromise Intranets, VPNs

Posted by timothy on Thursday June 11, @06:40PM from the criminal-enterprises-deal-in-cache dept. security programming

redsoxh8r writes

"Security researcher Robert Hansen, known as Rsnake, has developed a new class of attack that abuses a weakness in many corporate intranets and most browsers to compromise remote machines with persistent JavaScript backdoors. Threatpost reports: 'The attacks rely on the long-term caching policies of some browsers and take advantage of the collisions that can occur when two different networks use the same non-routable IP address space, which happens fairly often because the amount of address space is quite small. The bottom line is that even a moderately skilled attacker has the ability to compromise remote machines without the use of any vulnerability or weakness in the client software.'" [Read that again, carefully. Bob]



From the mind of an old (he's 25!) hacker. You learn to protect yourself, but it's still fun to tell the Emperor he has no clothes.

http://www.wired.com/threatlevel/2009/06/dvd-jon-attacks-apple/

DVD Jon’ Mocks Apple … Big Time

By David Kravets June 11, 2009 4:40 pm

… His ad campaign for the doubleTwist software promises, “The Cure for iPhone Envy.”

Those same words, in addition to, “Your iTunes library on any device in seconds,” appear on a giant 15-foot-plus banner advertisement adjacent to Apple’s store in San Francisco.

… The doubleTwist software, according to the company’s web site, allows “All of your stuff, on all your devices, with all your friends – in seconds.” That includes video, music and pictures.

It’s free. A premium, paid version is coming soon.

It’s also legal, he said.

“We have a law firm,” he said, “looking at all of our products making sure we are on the right side of the law.”



Just to remind my students – everything I'm teaching you today will be obsolete before you graduate. Enjoy!

http://lifehacker.com/5285358/upcoming-tech-that-will-rock-your-world

Upcoming Tech That Will Rock Your World

By Gina Trapani, 9:00 AM on Wed Jun 10 2009

No comments: