Friday, March 29, 2013

It is simple to tell most “Criminal Hacker Gang” attacks from “Military Grade” attacks – Criminals rely on victims who fail to implement and update their security while the Military attacker assumes all the security is top shelf and workinig.
How the Spamhaus DDoS attack could have been prevented
Nearly 13 years ago, the wizardly band of engineers who invented and continue to defend the Internet published a prescient document they called BCP38, which described ways to thwart the most common forms of distributed denial-of-service attack.
BCP38, short for Best Current Practice #38, was published soon after debilitating denial of service attacks crippled eBay, Amazon, Yahoo, and other major sites in February 2000. If those guidelines to stop malcontents from forging Internet addresses had been widely adopted by the companies, universities, and government agencies that operate the modern Internet, this week's electronic onslaught targeting Spamhaus would have been prevented.
… BCP38 outlined how providers can detect and then ignore the kind of forged Internet addresses that were used in this week's DDoS attack. Since its publication, though, adoption has been haphazard. Hardware generally needs to be upgraded. Employees and customers need to be trained. Routers definitely need to be reconfigured. The cost for most providers, in other words, has exceeded the benefits.

(Related) An example of an attack your security software might not handle?
You Won't Believe How Adorable This Kitty Is! Click for More!
Employees beware: Don't fall prey to a cat named Dr. Zaius.
"Check out these kitties! :-)" read emails featuring the photo of a Turkish Angora cat with a purple mohawk, sent to nearly two million cubicle dwellers so far. It includes an attachment or link promising more feline photos. Those who click get a surprise: stern warnings from their tech departments.
The Dr. Zaius email is a simulated cyberattack. It is among the ploys companies are using to dupe employees into committing unsafe computing as a way to train them not to be so easily fooled.


Well golly gosh. If you can't trust your government, who can you trust!
Mike Masnick writes that the DOJ’s lack of forthrightness with the courts about its use of Stingray technology is becoming more evident:
The ACLU filed a bunch of FOIA (Freedom of Information Act) requests to dig into this and newly released documents show that, indeed, it was apparently standard practice by the DOJ to be “less than explicit” and less than “forthright” with judges in seeking warrants and court orders to make use of this technology. Here’s an email that was revealed:
As some of you may be aware, our office has been working closely with the magistrate judges in an effort to address their collective concerns regarding whether a pen register is sufficient to authorize the use of law enforcement’s WIT technology (a box that simulates a cell tower and can be placed inside a van to help pinpoint an individual’s location with some specificity) to locate an individual. It has recently come to my attention that many agents are still using WIT technology in the field although the pen register application does not make that explicit.
While we continue work on a long term fix for this problem, it is important that we are consistent and forthright in our pen register requests to the magistrates…
Read more on TechDirt.


“Know your enemy” vs “Saturate the target market” Remember, statistically half the world is below average.
Here’s How Far-Right Extremists Recruit on Twitter
It’s not hard to find extremists on the internet. But it’s really hard finding out who’s the most successful at spreading extremism, which can make counteracting their influence difficult. Now a pair of researchers think they’ve figured out how to do it — which could make extremist threats easier to identify and block.
The researchers also discovered some peculiar data about how extremists on both the far right and left use Twitter and how online extremist networks are organized. In a new report, terrorism analyst J.M. Berger his co-author Bill Strathearn found that traditional leaders on the far right are losing influence to new forms of extremist media, spread online by a small group of influential activists who are relative unknowns, but can communicate to a much larger audience of potential recruits. These activists are even attempting to make inroads into mainstream politics.


I still think the winner of the “Car Talk” Bumper Sticker competition says it best: “Honk if you love Jesus, Text if you want to meet Him”
March 28, 2013
New Study via AT&T - Nearly Half of Commuters Admit to Texting While Driving
"Nearly half of commuters self-reported texting while driving in a recent poll, and 43% of those who did called it a “habit.” Commuters are texting and driving even more than teens – 49%1, compared to 43%2. And the problem has gotten worse. Six in 10 commuters say they never texted while driving three years ago. So while efforts to raise awareness of the http://www.att.com/gen/press-room?pid=23184 are working – 98% of commuters surveyed said they know sending a text or email while driving isn’t safe – there’s clearly more work to be done to change behaviors. Survey sponsor AT&T is calling on employers to help end texting while driving by taking action during National Distracted Driving Awareness Month in April, and beyond. It’s asking businesses to join the more than 165 organizations already engaged in the Texting & Driving-It Can Wait movement, and to use the policies, technologies and communications materials available free at att.com/itcanwait to help move their employees beyond being aware of the danger to making a personal commitment not to text and drive."


For my students...
"Google has announced the Open Patent Non-Assertion (OPN) Pledge. In the pledge Google says that they will not sue any user, distributor, or developer of Open Source software on specified patents, unless first attacked. Under this pledge, Google is starting off with 10 patents relating to MapReduce, a computing model for processing large data sets first developed at Google. Google says that over time they intend to expand the set of Google's patents covered by the pledge to other technologies."
This is in addition to the Open Invention Network, and their general work toward reforming the patent system. The patents covered in the OPN will be free to use in Free/Open Source software for the life of the patent, even if Google should transfer ownership to another party. Read the text of the pledge. It appears that interaction with non-copyleft licenses (MIT/BSD/Apache) is a bit weird: if you create a non-free fork it appears you are no longer covered under the pledge.

No comments: