It is simple to tell most “Criminal
Hacker Gang” attacks from “Military Grade” attacks –
Criminals rely on victims who fail to implement and update their
security while the Military attacker assumes all the security is top
shelf and workinig.
How
the Spamhaus DDoS attack could have been prevented
Nearly 13 years ago, the
wizardly band of engineers who invented and continue to defend the
Internet published a prescient document they called BCP38,
which described ways to thwart the most common forms of distributed
denial-of-service attack.
BCP38, short for Best Current Practice
#38, was published soon after debilitating
denial of service attacks crippled eBay, Amazon, Yahoo, and other
major sites in February 2000. If those guidelines to
stop malcontents from forging Internet addresses had been widely
adopted by the companies, universities, and government agencies that
operate the modern Internet, this week's electronic
onslaught targeting Spamhaus would have been prevented.
… BCP38 outlined how providers can
detect and then ignore the kind of forged Internet addresses that
were used in this week's DDoS attack. Since its publication, though,
adoption has been haphazard. Hardware generally needs to be
upgraded. Employees and customers need to be trained. Routers
definitely need to be reconfigured. The cost for most providers, in
other words, has exceeded the benefits.
(Related) An example of an attack your
security software might not handle?
You
Won't Believe How Adorable This Kitty Is! Click for More!
Employees beware: Don't fall prey to a
cat named Dr. Zaius.
"Check out these kitties! :-)"
read emails featuring the photo of a Turkish Angora cat with a purple
mohawk, sent to nearly two million cubicle dwellers so far. It
includes an attachment or link promising more feline photos. Those
who click get a surprise: stern warnings from their tech departments.
The Dr. Zaius email is a simulated
cyberattack. It is among the ploys companies are using to dupe
employees into committing unsafe computing as a way to train them not
to be so easily fooled.
Well golly gosh. If you can't trust
your government, who can you trust!
Mike Masnick writes that the DOJ’s
lack of forthrightness with the courts
about its use of Stingray technology is becoming more evident:
The ACLU filed a
bunch of FOIA (Freedom of Information Act) requests to dig into this
and newly released documents show that, indeed, it was apparently
standard
practice by the DOJ to be “less than explicit” and less than
“forthright” with judges in seeking warrants and court orders
to make use of this technology. Here’s an email that was revealed:
As some of you may
be aware, our office has been working closely with the magistrate
judges in an effort to address their collective concerns regarding
whether a pen register is sufficient to authorize the use of law
enforcement’s WIT technology (a box that simulates a cell tower and
can be placed inside a van to help pinpoint an individual’s
location with some specificity) to locate an individual. It has
recently come to my attention that many agents are still using WIT
technology in the field although the pen register application does
not make that explicit.
While we continue
work on a long term fix for this problem, it is important that we are
consistent and forthright in our pen register requests to the
magistrates…
Read more on TechDirt.
“Know your enemy” vs “Saturate
the target market” Remember, statistically half the world is below
average.
Here’s
How Far-Right Extremists Recruit on Twitter
It’s not hard to find extremists on
the internet. But it’s really hard finding out who’s the most
successful at spreading extremism, which can make counteracting their
influence difficult. Now a pair of researchers think they’ve
figured out how to do it — which could make extremist threats
easier to identify and block.
The researchers also
discovered some peculiar data about how extremists on both the far
right and left use Twitter and how online extremist networks are
organized. In a new report, terrorism analyst J.M. Berger
his co-author Bill Strathearn found that traditional leaders on the
far right
are losing influence to new forms of extremist media, spread online
by a small group of influential activists who are relative unknowns,
but can communicate to a much larger audience of potential
recruits. These activists are even attempting to make inroads
into mainstream politics.
I still think the winner of the “Car
Talk” Bumper Sticker competition says it best: “Honk if you love
Jesus, Text if you want to meet Him”
March 28, 2013
New
Study via AT&T - Nearly Half of Commuters Admit to Texting While
Driving
"Nearly half of commuters
self-reported texting
while driving in a recent
poll, and 43% of those who did called it a “habit.”
Commuters are texting and driving even more than teens –
49%1, compared to 43%2. And the problem has gotten worse. Six in 10
commuters say they never texted while driving three years ago. So
while efforts to raise awareness of the
http://www.att.com/gen/press-room?pid=23184 are working – 98% of
commuters surveyed said they know sending a text or email while
driving isn’t safe – there’s clearly more work to be done to
change behaviors. Survey sponsor AT&T
is calling on employers to help end texting while driving by taking
action during National Distracted Driving Awareness Month in April,
and beyond. It’s asking businesses to join the more than 165
organizations already engaged in the Texting
& Driving-It Can Wait movement, and to use the policies,
technologies and communications materials
available free at att.com/itcanwait
to help move their employees beyond being aware of the danger to
making a personal commitment not to text and drive."
For my students...
"Google
has announced the Open
Patent Non-Assertion (OPN) Pledge. In the pledge Google says
that they will not sue any user, distributor, or developer of Open
Source software on specified patents, unless first
attacked. Under this pledge, Google
is starting off with 10 patents relating to MapReduce, a
computing model for processing large data sets first developed at
Google. Google says that over time they intend to expand the set of
Google's patents covered by the pledge to other technologies."
This is in addition to the Open
Invention Network, and their general work toward reforming
the patent system. The patents covered in the OPN will be free
to use in Free/Open Source software for the life of the patent, even
if Google should transfer ownership to another party. Read the text
of the pledge. It appears that interaction with non-copyleft
licenses (MIT/BSD/Apache) is a bit weird: if you create a non-free
fork it appears you are no longer covered under the pledge.
No comments:
Post a Comment