For my Computer Forensics students...
NAND Flash Can Verify a Device's Identity
"Researchers at UC San Diego and Cornell University have developed software that they say can detect variations in flash behavior that are unique to each chip. The system uses 'physically unclonable functions' (PUFs), or variations in manufacturing that are unique to each element of each flash chip. Swanson described one PUF that his team has worked with, called Program Disturb. It uses a type of manufacturing flaw that doesn't affect normal operation but causes problems under test conditions."
Related: from last October, another description of such error-based identity assignment.
Simple guide to greedy ISPs...
http://corp.sonic.net/ceo/2011/08/11/the-five-levels-of-isp-evil/
The Five Levels of ISP Evil
Recently a number of ISPs have been caught improperly redirecting end-user traffic in order to generate affiliate payments, using a system from Paxfire. A class action lawsuit has been filed against Paxfire and one of the ISPs.
This is a serious allegation, but it’s the tip of the iceberg. I’m not sure if everyone understands the levels of sneakiness that service providers can engage in. So, while I’m no expert (as we are an ISP who doesn’t do these things), but as a broad overview, here is my quick guide to the five levels of ISP evil, and the various “opportunities to monetize customers” that we’ve passed on:
5: Improper NXDOMAIN handling, also known as “Domain Helper” applications. When a customer attempts to visit an invalid site, instead of returning the RFC standard “no such domain” response, the servers provide a search result which includes sponsored links.
4: Clickstream Tracking. An ISP is in the unique position as the point of traffic origination, creating the opportunity for very in-depth analysis of Internet usage behavior. Tracking the user’s Clickstream, the site to site to site movement as they browse using a set of tools like Phorm allows service providers to create cash out of information about private use of the Internet.
3: Ad Swapping. Transparently proxy all web traffic, and when ad banners are in transit, perform real-time swaps of the ads for other ads for which the ISP is getting a cut of the revenue.
2: Affiliate Program Pumping. As alleged in the Paxfire scheme, ISPs or their accomplices take incomplete or incorrect domain entries into the URL bar and direct them to an intermediate page, which redirects transparently to a URL which includes an affiliate tag.
1: Rolling Over. In an attempt to avoid costs or under pressure from government or content creators, ISPs have handed over customer information, and even subjected customer traffic to broad snooping.
“Who is John Galt?” Painting a picture of California as somewhat less than inviting... I particularly like the “tax” on Amazon affiliates that dramatically reduced their revenue...
Dear California: I’m Leaving You. Here’s Why…
No comments:
Post a Comment