\n"; echo $styleSheet; ?>
Home > Moore's Lore > Category Archives
Moore's Lore
Security


September 08, 2005

Your Money is Magnetic InkEmail This EntryPrint This Article

bank vault.jpgIn an era where money is magnetic ink, even the rich of New Orleans may not be safe.

A friend forwarded an American Banker feature (all content is behind their firewall, only the headlines are in front) that explains all this.

The story, by Steve Bills, details the problems banks had in the impacted area, and as many as five banks were still out of action as of Tuesday.

Those banks hurt worst were small community banks that did not outsource their financial processing.

Customers of those banks who managed to escape may be unable to get to their money, although they may not all know that because financial networks do have a limited ability to "stand-in" for their absent customers.

This could happen again-and-again, because only 40% of small banks out-source. Would out-sourcing solve the problem? Not necessarily. One of the bigger outsourcers, Fiserv, has operations in New Orleans (fortunately they're based in Wisconsin) and eight employees are still missing.

Given all this there are some basic things that need to be required:

Continue reading "Your Money is Magnetic Ink"

August 16, 2005

The Emperor is Naked! The Empire is a Lie!Email This EntryPrint This Article

casey_sheehan_714.jpg Cindy Sheehan has been able to demonstrate just how naked the Emperor is, and thus demonstrate the lie of Empire.

No one else could, because everyone else was afraid. Howard Dean said "we broke it, we own it." John Kerry supported it and couldn't back away from it.

This is how Democrats felt forced to respond, because they'd been stuck into a political wilderness for a generation by Vietnam. They were afraid to equate Iraq with Vietnam, fearing that political wilderness, and its chains, which bound liberalism and the cause of human rights for a generation.

Well, Cindy Sheehan broke through that fear. She lost her son. It transformed her. (It didn't transform her husband , but everyone's journey is different.)

By putting that transformation in our face, and in the face of George W. Bush, Cindy Sheehan is also making a change in us. Damn the past, damn the present, our kids are dying. Scales fall from the eyes.

There is no way at this point for the Emperor to appear clothed again, and his supporters know it.

That's why they're acting as they are toward Sheehan. It's like the crowd in the story, at first. Of course the Emperor's New Clothes are beautiful. You're just a stupid little boy. You just can't see the big picture.

Stupid. Little. Boy.

Stupid Little Boy, says Cindy Sheehan? Look at him, look at the Little Boy. Look at Casey. You call him Stupid, you call me Stupid?

Maybe we were. We were stupid because we believed in you. And look at what it's gotten us. My son is dead! And this is no fairy tale.

Continue reading "The Emperor is Naked! The Empire is a Lie!"

July 31, 2005

The Identity WarsEmail This EntryPrint This Article

Real-ID-Act10feb05.gifAs previously noted, I became an un-person last week as the Social Security decided to waste my time over a "mistake" some one made back in 1970. (Image from Mindfully.Org.)

Either my wonderful mother (who still walks among us, to my great joy) failed to check the box indicating I was a citizen on my Social Security application, or some clerk failed to do so when the data was entered because there were separate forms then for citizens and non-citizens.

The clerk who put me through this hell blamed "Homeland Security." But I think he was really responding to the reality of how this number is used.

As I've noted many times before, the Social Security Number is an index term. Everybody has one. Everyone's number is different. By indexing databases based on Social Security Numbers (SSNs), government and businesses alike can make certain there's a one-to-one correspondence between records and people.

Stories like this AP feature don't really address this need, this fact about how data is stored. Without the SSN we'd have to create one. Some companies like Acxiom do just that. Every business and individual in their database has their own unique identifier, created by the company. Which also means that the Acxiom indexing scheme is proprietary. The only way toward a non-proprietary indexing scheme, in other words, is for government to provide one. Which gets us back to the need for an SSN.

Continue reading "The Identity Wars"

July 29, 2005

The Tech-Politics ContradictionEmail This EntryPrint This Article

cisco_logo.jpgThe big trend of this decade, in technology, is a move toward openness.

It started with open frequencies like 802.11. It then moved into software, with open source operating systems and applications. Now we have open source business models. The ball keeps rolling along.

Open source has proven superior in all these areas due to simple math. The more people working a problem, the better. No single organization can out-do the multitudes.

But this simple, and rather elegant, fact, is at odds with all political trends.

Continue reading "The Tech-Politics Contradiction"

July 20, 2005

Corporate Death PenaltyEmail This EntryPrint This Article

visa_logo.jpgLet us now praise a famous brand, Visa.

One of the differences between card processing and many other businesses is that you're totally dependent on a few big players for survival.

Of the three big guns -- Visa, Master Card and American Express -- the first is most important. The bank association's changing requirements are generally a road map for other processors, defining necessary changes under enforced deadlines.

When Visa pulls its business from a processor, even for a little while, it's terribly destructive. When they do it permanently, and publicly, it's time to get out the resumes. When they do it alongside American Express, it's a corporate death penalty.


saint jennifer.JPGUPDATE: My saintly wife (that's the original St. Jennifer there to the left) notes the AmEx decision is effective at the end of August. Visa's decision becomes effective at the end of October, so you might call them the "good cop" in all this.

So say goodbye to CardSystems International, the small (90 employee) Atlanta processor which revealed in May that a computer worm had exposed 40 million customer accounts to possible identity theft.

What I found most fascinating, however, was what was below the headline.

Continue reading "Corporate Death Penalty"

July 12, 2005

Ballmer's MicrosoftEmail This EntryPrint This Article

A reporter can make a good living just covering Microsoft.

This is not a good thing.

One fact that attracted me to technology journalism in the first place was its social mobility. I often write about companies I call "Clueless" and find they have disappeared practically before I can get the piece into digital print. Those that are "Clued-in" can also fall quickly, corporate management in this space being much like tightrope walking.

Intense competition makes for rapid evolution. Call this Dana's First Law of Competition. Markets in India and China are intensely competitive. You can't let your guard down for an instant. This is a very good thing.

It's not what human nature wants, of course. As people we want to relax, to enjoy our lives, to set the competition aside sometimes so we can, say, raise our families, get more education, or retire with dignity.

Both Microsoft and the government had opportunities to prevent this, to re-ignite competition. They chose not to take these opportunities.
steve ballmer.jpg
Bill Gates had one vision for Microsoft, but the company has gone beyond it. He was wise to pass the baton to his majordomo, Steve Ballmer. Ballmer is all sales, all the time, a whirling picture of aggression. (He's also, admittedly, what we call on this blog a Truly Handsome Man (grass don't grow on a busy street) but looks ain't everything.)

Ballmer's vision isn't really about technology. It's about exploiting advantages and making money.

So at Microsoft's recent Worldwide Partner Conference in Minneapolis (Minneapolis?) we got headlines like these:


  • This used to be about software partners. Now it's mainly about hardware partners, like tablet PC makers. This is an important change.
  • Microsoft continues to eat its young, entering profitable small business niches, aimed at engulfing and devouring them.
  • Ballmer told his software developers to "stick it to IBM" even while Microsoft sticks it to them.
  • Microsoft is telling its partners to "push Office ugrades," more evidence that the idea of Windows as a "software ecosystem" are ending.

This is just one corner of the news Microsoft made last week.

Continue reading "Ballmer's Microsoft"

July 07, 2005

London CallingEmail This EntryPrint This Article

london blast.jpgThe blasts that hit central London today struck a city with vast experience in dealing with terror, its aftermath, and the issues underneath it.

It also represented the first time that the blogosphere actually gave better coverage to a major event than any news organization.

UPDATE: Media outlets like the BBC and GMTV are featuring calls for photos and eyewitness accounts as part of their ongoing coverage.

London suffered a decades-long IRA bombing campaign which killed hundreds. It was able to bring many bombers to justice, and discredit their cause in the eyes of their Irish-American sponsors, before finally reaching a political settlement which, while tenuous and setback-filled, is still an ongoing process.

Each time an event like this happens, moreover, we learn more about what citizens can do to cover it, and how media can adapt to citizen journalism.

The picture above, for instance, was taken by commuter Keith Tagg and quickly posted to photo-blogging sites like Picturephone. It's not a great picture, it's certainly not professional, but it does catch the immediacy of an eyewitness. That's probably why the BBC quickly adapted it in its own photo coverage, adding a second photo of commuters moving along the tracks from Alexander Chadwick.

The BBC Online site in general scored high marks for innovation and audience participation, teaching the important lesson that most people don't want to be journalists, but to be heard, and that those who listen will win their loyalty.

David Stephenson, looking to increase his exposure as a security expert, quickly linked to several important documents, including the London Strategic Emergency Plan, which guides the city's response to such events. (Does your city have one? Great follow-up story.) And John Robb offered the real low-down on all this at Global Guerillas.

Prime Minister Tony Blair also needs to be singled out here. He understands that, in a time of crisis like this, the head of government becomes, in essence, a mayor, and needs to act like one. He left the G8 Summit but didn't cancel it, quickly convening a meeting of his emergency committee, dubbed Cobra. (The Brits are much better at naming things than Americans.)

A blog called Geepster quickly linked the blast sites to Google Maps, using their API to deliver an excellent map and RSS news feed within a few hours of the event. Flickr created a quick pool of London blast photos.

Overall the blogosphere coverage of this act was an Internet year (at least) ahead of what we saw during the winter's tsunami, let alone the Madrid 3-11 blasts of 2003. The fact this happened in London had something to do with it. So did advances in blogging technology.

The question, of course, is what can we learn from this?

Continue reading "London Calling"

June 29, 2005

An Always-On EndorsementEmail This EntryPrint This Article

Always On Server_small.jpgIt's nice when "real" (paid) market analysts agree with one of your premises. Especially when it's a key premise to you, as Always On is to me. (This is advertised as an Always On Server, from Virtual Access.)

So I was pleased to read Chris Jablonski's recent piece at ZDNet, Forget P2P, M2M is where the next party is.

M2M stands for Machine to Machine (ironically this sits right below an item about how poor most tech nicknames are) but we're talking about the same thing, intelligent sensors linked to wireless networks. Programming the sensors to deliver some result, then automating delivery of the result in some way (sending an alarm, telling the user, etc.) is what I mean by an Always-On application.

As I have said here many times the tools are already at hand, and cheap. We're talking here about RFID chips, WiFi and cellular networks, along with standards like Zigbee that let these things run for years on a single battery charge.

There are problems with every application space, however:

Continue reading "An Always-On Endorsement"

June 28, 2005

Identity Theft Turning Point?Email This EntryPrint This Article

credit cards.jpgThe recent theft of 40 million card numbers at CardSystem Solutions is a turning point in the identity theft wars.

Previous thefts involved third parties, insiders or numbers left in bins, things that are easily fixed.

The CardSystems case stands out, first, because it happened at an actual processor and second, because it involved the use of a computer worm.

My wife works at a payment processor in Atlanta (most processors, for some reason, including CardSystems, are based here) that has (knock on wood) not been hit (yet).

Continue reading "Identity Theft Turning Point?"

May 19, 2005

From The Security Manager's DeskEmail This EntryPrint This Article

trend micro pc-cillin.gif"Dad, the Internet's broken again."

update I finally surrendered in this case and renewed my daughter's antiviral, for $55. I would rather have her choose when to make the Linux switch. The anti-viral did, finally, get rid of all the malware, although we lost a second evening to it and she wound up writing her last paper on my own machine.

Actually it had been breaking for some time, I learned. My lovely daughter is a big fan of Fanfiction.Net, a site where kids are allowed to post their own stories based on popular characters. (Think Harry Potter meets the Three Stooges.)

It's a harmless avocation but it comes with a price. Fanfiction is filled, absolutely filled, with spyware and malware. Ad pop-ups were filling her screen, and no matter how many I clicked away (even if the browser was turned off) more appeared. She had been running an anti-spyware program, but it had not been updated. And her anti-viral had just expired.

The solution seemed simple enough. Her anti-spyware program was updated and deployed. But here's a dirty secret of our time. Most adware today is no different from a virus.

All the tricks of the virus creep were deployed to keep crap like eZula infesting my girl's PC. Copies were hidden in memory, in the restore directory, in directories under program files. (None had ever asked permission, nor told her what it would do.)

When I deployed Spybot in normal boot, the spyware was so thick (download this, click here) the program actually stopped -- the pop-ups and demands to download more garbage were a primeval forest. When deployed in "safe mode," there were several "problems" that couldn't be eliminated. Re-boot and start Spybot again? Well, dozens more spy-virii popped up during the re-boot.

But wait, there's more.

Continue reading "From The Security Manager's Desk"

April 25, 2005

Tear Down The Great Wall of SilenceEmail This EntryPrint This Article

mao zedong.jpg On the surface, the current upset between China and Japan seems ridiculous. (Illustration from Paulnoll.com. Mr. Noll was a corporal during the Korean conflict.)

That the heirs of Mao , that the Butchers of Beijing should lecture anyone about human rights seems absurd.

China puts more people to death each year than any country in the world. (Yes, even more than Texas.) China is a brutal dictatorship that oppresses its people as no other country, the most Totalitarian regime on Earth. My mentioning this may get Corante blocked to all of China, by the state's firewall system, the most extensive Internet censorship regime on the planet.

By contrast, Emperor Hirohito and the brutal system he led are dead. Japan acknowledged its sins in the 1951 Treaty of San Francisco and has since been a functioning democracy where politicians must accomodate the views of voters. Japan's Constitution forbids it to make war on its neighbors. Japan contributes more to good causes than any other national governnment.

This is power politics. China is pushing Japan out of the world power picture, letting Taiwan know that resistance is futile, and successfully challenging America's status as a Great Power. Just 12 years ago we were The Hyperpower. Now we're becoming second rate, losing our status to tyrants.

The reaction in the U.S. to all this has been silence. Deafening silence.

Few U.S. outlets have covered the story. The right-wing Cybercast "News" Service actually offered a balanced perspective. The New York Times offers only a fearful editorial on possible Chinese revaluation of the Yuan -- at another time this would be called appeasement.

The reason for this silence is not subject to dispute.

Continue reading "Tear Down The Great Wall of Silence"

April 10, 2005

DNS Poisoning Threatens IntranetsEmail This EntryPrint This Article

Hacker 2.gifIf your company runs all its Internet traffic through an internal server, and that server runs Microsoft Windows, then you're vulnerable to a new type of hack known as DNS Cache Poisoning. (The illustration here comes from a Brazilian blog, marketinghacker.br.)

The alert went out about a month ago. The idea has been around for a decade, but it's now being adopted by sophisticated criminal gangs.

Here's how it works.

Criminals break into a Windows server caching DNS requests for an Intranet, then insert instructions redirecting users to poisoned pages. The 12-digit IP address chosen by the criminal is thus linked to a chosen Internet address, and requests for Google.Com (for instance) could go to a site that downloads spyware or key-logging software in the background.

What can be done about it?

Continue reading "DNS Poisoning Threatens Intranets"

March 21, 2005

Terrorism or Freedom FighterEmail This EntryPrint This Article

kofi annan 2.jpgI am a supporter of the U.N. I want it to have real power and influence.

This makes me a minority among my countrymen. So be it.

But I found myself troubled in reading this definition of terrorism today from U.N. Secretary-General Kofi Annan:

"any action constitutes terrorism if it is intended to cause death or serious bodily harm to civilians or non-combatants with the purpose of intimidating a population or compelling a government or an international organisation to do or abstain from doing any act".

In effect this prohibits any violent action against any tyrannical government, and puts the U.N. on record supporting that tyranny.

Continue reading "Terrorism or Freedom Fighter"

March 13, 2005

America Rising? No.Email This EntryPrint This Article

Cynthia Webb (left) is sporting a collection of recent U.S. media reports claiming a "renaissance" in America's consumer electronic market share.

There are more American labels around. Apple. Motorola. Microsoft. The U.S. companies are good at seeing the opportunity and writing software that works.

Our balance of payments is not helped by it.

As Cynthia notes (deep in the article), these boxes are being made in China. (Actually most of them are being made in Taiwan.) Some of the software conceptualizing is being done here, as is the marketing (although I suspect some of that software work was off-loaded to India).

Those failing, flailing Japanese outfits she mentions, meanwhile, are still doing everything in Japan. Or they're doing "too much" in Japan. Except for Sony and Nintendo Japanese companies were never good at anticipating demand. Mitsubishi, Canon, C. Itoh, Ricoh, et al -- they were manufacturing houses. They were China before China was cool.

But the Japanese are getting wise. American Howard Stringer is Sony's new CEO. He knows the game. Expect most Sony stuff soon to come with a "Made in China" label.

What's the real story?

Continue reading "America Rising? No."

March 10, 2005

One More Step for Always OnEmail This EntryPrint This Article

Wind River is continuing its slow march toward the computing mainstream. (The illustration, from the Wind River site, shows the engagement model the company follows with its customers in producing products. It's careful and complicated.)

It's easy for someone to criticize Wind River's strategy as an attempt to maintain proprietary control in a world of open source, but the fact is there are opportunities here for the Always On world that need to be explained, and then seized.

Fact is Wind River's VxWorks is the leading RTOS out there. RTOS stands for Real Time Operating System, folks. An RTOS is used to make a device, not a system. You find RTOS's in things like your stereo, and your TV remote. What the device can do is strictly defined, and strictly limited. Your interaction with the device is also defined and limited.

An RTOS is not a robust, scalable, modular operating system like, say, Linux. And over the last few years, Wind River has been creeping into your world. VxWorks is used in most of your common WiFi gateways. This limits what they can do. They become "point" solutions. You can't run applications directly off a gateway, only off one of the PCs it's attached to.

Now, slowly, this is changing.

Continue reading "One More Step for Always On"

February 23, 2005

Fibbies Get The Paris Hilton TreatmentEmail This EntryPrint This Article

What does the FBI have in common with Paris Hilton?

They're both making news this week as victims of hackers. (The image is from a conservative humor site. Some of the stuff is pretty good.)

We wrote about Paris earlier this week. (Here's a poem for the occasion. Ahem. I've seen Paris, I've seen France, girl pull on some underpants.)

Now ZDNet reports a new virus comes in the form of an e-mail claiming to be from the FBI. (Not to be undone, Ms. Hilton herself is the subject of a new e-mail virus, called Sober.K.)

As Matt Hines writes, "The mail is disguised as correspondence warning people that their Internet use has been monitored by the FBI's Internet Fraud Complaint Center and that they have 'accessed illegal Web sites.' The e-mails then direct recipients to open the virus-laden attachment to answer a series of questions."

Continue reading "Fibbies Get The Paris Hilton Treatment"

February 22, 2005

The World's Beta TesterEmail This EntryPrint This Article

The last time Paris Hilton featured on this beat, she was leading to the rise of BitTorrent, and crying crocodile tears over the interest we had in a sex tape she made with a (presumably ex-) boyfriend.

This time, she's had her Sidekick II hacked and the fall-out may be more serious.

That's because Paris Hilton is totally innocent this time. As with other Sidekick II users, her data was synced to a T-Mobile Web site, and it was T-Mobile that got hacked.

Now her calendar, phone list, and photos taken with her cameraphone are being spread all over everywhere.

This is very bad for T-Mobile, which is still advertising the Sidekick II as a way to have a private box to store connections to your rich-and-famous friends. (Snoop Dogg is the ad's star, although Paris does appear.) Those ads are still running, but what kind of impact are they making now, as the story of this hack (and how it happened) gains more prominence?

There's another implication.

Continue reading "The World's Beta Tester"

February 16, 2005

Encryption Must Become FlexibleEmail This EntryPrint This Article

Word that the SHA-1 encryption scheme has been broken in China, which follows news from John Hopkins on how RFID car keys can be hacked, brings me to a sad conclusion.

Permanent hardware encryption isn't going to happen. (The image, by the way, is from DBC of Germany, a player in this market game.)

This does not mean we should give up on encryption as protection, or on hardware for encryption. It's just that, just as Moore's Law means today's state-of-the-art PC is tomorrow's door stop, so today's RFID lock could become tomorrow's open door.

Unfortunately this has major implications for the security industry as it is today.

Continue reading "Encryption Must Become Flexible"

February 08, 2005

Pull My Finger (Or Pull My Leg)Email This EntryPrint This Article

The digirati are in a fury today over claims by an outfit called i-mature which claims to have solved the problem of age verification with a $25 device that checks a finger's bone density to determine just how old you are.

The image, by the way, is from Vanderbilt University, which has no affiliation with either Corante, i-Mature, or this blog. It describes x-rays of a finger taken at different power settings. Go Commodores.

RSA announced "a joint research collaboration" with the company. But there is skepticism over exactly how precisely a bone scan can measure age, and the more people investigate, the more questions they raise.

Continue reading "Pull My Finger (Or Pull My Leg)"

February 05, 2005

MCI Fingered for Spam FloodEmail This EntryPrint This Article

MCI grossed an estimated $5 million/year violating the law in its home state of Virginia, by knowingly hosting sales of a Russian virus used to turn PCs into spam zombies.

The full story, by Spamhaus' Steve Linford (below) was distributed online today. It charges that MCI knowingly hosts Send-Safe.Com, which sells a spam virus that takes over innocent computers and turns them into spam-sending proxies. Linford tracked Send-Safe to a Russian, Ruslan Ibragimov. Linford estimates MCI earns $5 million/year from its work supporting spammers.

The theft of broadband-connected PCs by viruses, mainly Send Safe and another Russian-made program, Alexey Panov's Direct Mail Sender ("DMS"), is responsible for 90% of the spam coming into AOL and other major ISPs, Linford charged.

Here's the nut graph:


MCI Worldcom not only knows very well they are hosting the Send Safe spam operation, MCI's executives know send-safe.com uses the MCI network to sell and distribute the illegal Send Safe proxy hijacking bulk mailer, yet MCI has been providing service to send-safe.com for more than a year.

Want this made a little more explicit? Read on.

Continue reading "MCI Fingered for Spam Flood"

February 04, 2005

The E-Mail MeltdownEmail This EntryPrint This Article

The final destruction of e-mail as an Internet service has begun. (This is as serious as Comic Book Guy's heart attack, right.)

Mainline spam software publishers have added a new worm to their product that not only turns PCs into spam zombies, but runs that spam through the zombies' e-mail server. This on top of an "industry" that already costs legitimate businesses $22 billion.

The result is spam that looks like it's coming from a legitimate address, and despite all the warnings most people still don't update their anti-virals so as to prevent this kind of infection.

Continue reading "The E-Mail Meltdown"

January 31, 2005

Tinfoil Hat TimeEmail This EntryPrint This Article

Has Microsoft, and its ecosystem, built planned obsolescence into PCs so as to force upgrades?

I know this is tinfoil hat territory, but hear me out. (The tinfoil hat on the left is being modeled by Elizabeth Kramer of Pleasantville, NY, daughter of the blogger Kathlyn Kramer.)

In theory the MTBF (Mean Time Before Failure) of all PC hardware extends not years but decades. There is no theoretical reason for an old machine to stop working, and refuse repair.

Yet that's just what is happening here.

It started a year ago. My 6 year old Windows 98 machine started acting up, refusing to boot, and Scandisk just wouldn't complete. A big part of the problem, I concluded, was the Norton security system I had installed.

But PCs were cheap so I changed it out. I got me a new Windows XP set-up for about half the price I'd paid for the original box back in 1998, and felt like I'd gotten off cheap.

Continue reading "Tinfoil Hat Time"

January 29, 2005

RFID Insecurity: TI Liable?Email This EntryPrint This Article

Texas Instruments is using only 40-bit cryptography on the RFID chips it sells for car locks, RFID tags, and things like toll booth passes.

What this means, according to students at Johns Hopkins, profiled this week in The New York Times, is that the codes aren't hard to break.

There are caveats. You have to get a few inches from the car you want to steal to get the code. Then you have to spend time breaking the code and making your own key, which only lets you hotwire the vehicle. But the whole thing can be done in an hour, the students said, and the required technology could easily be put into a device the size of an iPod.

What does this mean?

Continue reading "RFID Insecurity: TI Liable?"

January 25, 2005

The Future of RoamingEmail This EntryPrint This Article

The significance of WiFi-cellular roaming doesn't lie in cutting voice costs. (The picture, by the way, comes from Novinky, a Czech online magazine, a story about DSL.)

The significance of WiFi-cellular roaming lies in Always On applications.

Think about it. Cellular channels are relatively low in bandwidth, WiFi channels are high in bandwidth.

Now, you're wearing an application, like a heart monitor. When you're at home, or in your office, this thing can be generating, and immediately disgorging, tons and tons of data, detailed stuff that may be fun for your doctor to analyze later.

Continue reading "The Future of Roaming"

January 24, 2005

Bush's Robot ArmyEmail This EntryPrint This Article

I've been re-reading the last in Harry Turtledove's Worldwar series, called Homeward Bound, and I'm once again struck by the similarities between the U.S. military in Iraq and the Lizards of the story.

The Lizards (not to give the story away) invade Earth i 1942, at the height of World War II. They have the weapons of 2000, Earth has what it had. The overall theme of the piece (which has now run into its seventh 500-page book) is human ingenuity vs. reliance on technology.

I don't know what they're thinking with this latest battle robot. (The picture, which I'm confident betrays no military secrets, is from the BBC.) But I'm pretty certain we're going to have some captured, disabled electronically and then grabbed under covering fire. The wireless link between the operator and the bot is the weak link.

And what happens then?

Continue reading "Bush's Robot Army"

January 22, 2005

Shoot the MessengerEmail This EntryPrint This Article

Guillaume Tena of Harvard is being threatened with the charms of a French jail cell for having written-up a list of flaws in a French anti-viral product three years ago.

Tegam International, which makes something called Viguard, called Tena a "terrorist" after he published his analysis of their product in March 2002 and a French court is apparently dumb enough to take the claim seriously.

Now, Tena's no angel. Tegam says he was once a virus writer himself, credited with (among other things) Happy99, the first e-mail virus. But, they admit, he went straight and is now on the side of the angels. (This assumes, of course, that there are angels at Harvard.)

UPDATE: Tena writes to say that reports he's a virus writer are false, that they were started by Tegem and picked up by the media without questioning it. "Cite a credible source if you have one," Tena writes. "This article is now on the web for eternity. Please do something about it."

I have no independent source, other than press reports, to indicate Tena has so much as a parking ticket to his name. Absent evidence, I shouldn't spread rumors, so this is being reposted with my apologies.

So why should angels (or Yalies) support him?

Continue reading "Shoot the Messenger"

January 16, 2005

Panix AttackEmail This EntryPrint This Article

Panix.Com has apparently had its domain hijacked.

Panix, a 16-year old ISP in New York, told its users that ownership of the domain was apparently moved to Australia, the DNS records were moved to the United Kingdom, and its e-mail was directed to Canada.

This should be a matter for criminal prosecution.

Continue reading "Panix Attack"

January 13, 2005

Where To Learn Net SecurityEmail This EntryPrint This Article

Where's the best place to learn the art of network security?

My guess is it's an online gambling site.

Most such sites are based in either the UK, the Caribbean or Australia. Because of U.S. legal pressure they were already in the forefront of isolating traffic geographically, at the ISP level. Also because of U.S. pressure, they are frequently on their own when it comes to defending their business interests. (UK police, however, are apparently cooperative.)

All this means that, if you're into security, this is an opportunity.

Continue reading "Where To Learn Net Security"

January 06, 2005

Kings of Always-OnEmail This EntryPrint This Article

For the last year I've been harping here on the subject of Always On.

The idea is that you have a wireless network based on a scalable, robust operating system that can power real, extensible applications for home automation, security, medical monitoring, home inventory, and more.

As I wrote I often came back to Motorola and its CEO, Ed Zander. They would be the perfect outfit to do this, I wrote.

Little did I know (until now) but they did. A year ago.

It's called the MS1000.

The product was introduced at last year's CES, and re-introduced at various vertical market shows during the year. It's based on Linux, responds to OSGi standards, and creates an 802.11g network on which applications can then be built.

At this year's CES show, Motorola is pushing a home security solution based on the device, with 10 new peripherals like cameras and motion sensors that can be easily set-up with the network in place, along with a service offering called ShellGenie.

Previously the company bought Premise, which has been involved in IP-based home control since 1999, and pushed a version of the same thing called the Media Station for moving entertainment around the home.

What should Motorola do now? Well, the platform is pretty dependent on having a home PC. The MS1000 could use space for slots so needed programs could be added as program modules. They need to look at medical and home inventory markets, not just entertainment and security.

But they've made an excellent start. And from here on out everyone else is playing catch-up.

Oh, and one more thing...

Continue reading "Kings of Always-On"

December 09, 2004

Feature Or Bug?Email This EntryPrint This Article

In our zeal to stamp out bugs that hackers can exploit are we destroying all the features that make software useful? (The picture to the right is of a perfectly harmless computer bug. Learn how to make one from Irenecrafts.)

The question occurs based on reaction to Secunia's latest security alert.

It's a pop-up hijack, in which a malicious site hijacks, say, a session with your bank or broker. If that bank or broker uses pop-ups, the malicious code may tell you to input account information in the pop-up. Then the hacker goes into your account as you and drains it.

Pretty nasty. But what was nastier, as ZDNet revealed, was the reaction to it.

Continue reading "Feature Or Bug?"

December 01, 2004

All God's Chillun Need FirewallsEmail This EntryPrint This Article

I first came up with the line above about four years ago, soon after I got my first software firewall, from ZoneAlarm.

Nothing has happened since to change my mind, except to make the call more urgent.

USA Today's test of a half-dozen "honeypot" computers, left unprotected with broadband connections, should be required reeading. It's gone from threat to certainty that your computer will be turned into a spambot zombie if you don't have a firewall.

The situation is so dire I had to change my mind on something.

Continue reading "All God's Chillun Need Firewalls"

October 21, 2004

Open Source IntelligenceEmail This EntryPrint This Article

Intelligence comes from data collection and data analysis. With the Internet creating a gusher of data on everyone and everything, that last is becoming harder. (The Spy vs. Spy game shown is available at Amazon.com.)

Thus we have what Charles Cameron of the OJR today calls Open Source Intelligence. This has nothing to do with Linux. Instead it's the fact that, as Rep. Rob Simmons wrote in a recent OSS paper (warning, this link is to a large .RTF file read in Word):

as much as 80 percent of the intelligence required to support informed policy-making is available via open-source channels

What this means for our intelligence agencies is revolutionary.

Continue reading "Open Source Intelligence"

October 04, 2004

The Bush Band DrummerEmail This EntryPrint This Article

For those too innocent or too young to remember, the drummer in the movie "Spinal Tap" was always changing, while the rest of the band stayed the same.

Well, in an Administration noted for its stability, the Bush Administration has finally revealed who holds the drum kit -- it's the chief of cyberspace security.

Continue reading "The Bush Band Drummer"

September 27, 2004

Ireland's Second Cyber-WarEmail This EntryPrint This Article

That's right, kiddies. Ireland has gotten into its second major cyber-scrape, one big enough to use the word "war" in describing. (You will also notice that the ancestral home of my mom's people, the O'Donnells, is not shown on this Irish map from the Goingonvacation site.)

Ireland's first cyber-war came in the late 1990s, when an Irish entrepreneur, Connect-Ireland, won the contract to manage East Timor's registration service. East Timor at that time was trying to break away from Indonesia. So Indonesian hackers engaged in a cyber-war to try and take the Irish site down.

Its latest effort is more offensive-minded.

Continue reading "Ireland's Second Cyber-War"

August 25, 2004

VOIP Hardware Go-AheadEmail This EntryPrint This Article

Despite a regulatory regime that is impossible to obey (isolating data traffic that's to be turned into voice on a network with trillions of transactions going through it each second) hardware makers are going ahead with the production of Voice Over IP (VOIP) hardware.

Linksys and Netgear are the latest to say that voice support will become part of their residential gateways Real Soon Now. (For more on VOIP, buy O'Reilly's VOIP book, right.)

In this case, however, the Feds will be glad to know there's actually less here than meets the eye.

Continue reading "VOIP Hardware Go-Ahead"

August 05, 2004

The Internet Is Inherently InsecureEmail This EntryPrint This Article

This is not news.

On the other hand it is big news. (One more reason to love O'Reilly is at left. They do better parodies of themselves than any rival can.)

At the DefCon show in Las Vegas, a few weeks ago, a speaker from Avaya noted that DNS, the Internet's "white pages," makes it inherently easy to attack. At another conference in the same town a speaker noted that the best tool for hackers is...Google.

Shock. Consternation. Anger.

What should we do about this?

Continue reading "The Internet Is Inherently Insecure"

July 08, 2004

OgreEmail This EntryPrint This Article

My very first editor at Rice, Steve Jackson, took O'Reilly's Clue after graduating. Instead of finishing law school he went to his first love, board games, and started a company to make them.

His first hit was called Ogre. (This image is from Goingfaster.com, a gaming enthusiast and Jackson fan.) At a time when the big cost of producing games was making, and printing, all the cardboard game pieces, Steve cut costs in half by having one player take one piece, the Ogre.

In the real world, of course, the Ogre can't win.

Continue reading "Ogre"

July 07, 2004

The Councilman DecisionEmail This EntryPrint This Article

I deliberately waited before writing about the atrocious, god-awful "Councilman" decision, in which a U.S. Appeals Court panel ruled, 2-1, that your e-mail isn't private when it's in transit, on someone else's server.

To arrive at this decision, executive director Marc Rotenberg of the Electronic Privacy Information Center wrote, the court basically had to twist the 1986 Wiretap Act into a pretzel. It's one more example of how important judges are in the American judicial system. (That's Rotenberg, left, as he appeared on the PBS NewsHour in 2000.)

Continue reading "The Councilman Decision"

June 15, 2004

Online Banking ThreatenedEmail This EntryPrint This Article

Here's another reason why we need portable, biometric identity.

You may be about to lose your online bank account.

As MSNBC reports, over 2 million Americans have had their online accounts raided in just the last 12 months. Their source is the Gartner Group. (The image is from the El Dorado Savings Bank, with convenient locations throughout the California gold country. Fine, friendly people, too, I'm sure.)


Criminals have begun using keylogger viruses to steal user passwords, phishing e-mails, and special accounts created solely for the purpose of collecting the ill-gotten booty.

Continue reading "Online Banking Threatened"

June 03, 2004

Another Ad For Better IdentityEmail This EntryPrint This Article

Like many people, I need a lot of passwords. Again, like many people, they're not very secure.

The solution, offered in a recent AP story, is a second password, a temporary password, a scratch-off password European banks are resorting to because their customers' accounts are fundamentally insecure. (The illustration is from the AP story, as posted on CNN.Com.)

But what if, instead of a scratch-off card linked to a bad password, you had a Smart card you stuck into your PC, one that contained biometric data, and which would allow you to have just one password?

Continue reading "Another Ad For Better Identity"

May 12, 2004

Meanwhile, Across The Pond...Email This EntryPrint This Article

I'm a big Guy Kewney fan. He knows what he's talking about, and he writes really, really well. (The picture is from his old eWeek column.)

His latest discovery is snarfing. Specifically he's talking about "bluesnarfing," abusing bad Bluetooth stacks to get inside peoples' cell phones.

As Guy notes, this is a problem with a few Bluetooth stacks. Easy to fix with updating, or by using something better. But Guy, naturally, has found an ignorant someone shouting about this as though the sky is falling. And, to make it more fun, it's an authority figure, this time the wondrously-named Sir Archy Kirkwood, president of the House of Commons Commission.

Continue reading "Meanwhile, Across The Pond..."

March 17, 2004

Who To Listen ToEmail This EntryPrint This Article

There's an old rule that every reporter knows. Where you stand depends on where you sit.

In other words, you discount what a source says based on what he or she is expected to say.

If a source is a sell-side analyst covering a stock for a broker who makes a market in that stock, and the source says "buy," you discount it. The source is selling stock, not passing information. (I originally wrote this as "buy side" analyst, but Brian wrote to correct me. You're buying, the analyst is selling.)

Continue reading "Who To Listen To"

February 24, 2004

Crimestoppers in LondonEmail This EntryPrint This Article

Alert readers of this blog will remember our recent item on ATM card skimmers.

Well, a brave Slashdot reader apparently went a little further than we recommended. Rather than just looking around for these skimmers and avoiding them, he got his mates together and stole the thing, then took it apart.

Click below to see some interesting pictures:

Continue reading "Crimestoppers in London"

February 22, 2004

More On SecurityEmail This EntryPrint This Article

We have had a good discussion here on my post about Security and Source so I have decided to re-visit the topic. (The picture, by the way, is taken from this page at Computerworld's Windows Advantage.

PhilipW pointed out the 95-5 rule as it applies to Linux. Nearly all the work on its kernel is done by a handful of people. Given that, he asked, how can it be any more secure than Windows?

That's true, but Linux is better when trouble hits because you don't have to be passive in the face of it. With Windows, all you can do is wait. It's the difference between being able to shop for a mechanic or being totally dependent on dealer service for your car.

Continue reading "More On Security"

February 19, 2004

From McGruff The Tech Crime DogEmail This EntryPrint This Article

Been to your ATM lately?

There's a new scam going around that can catch you out easily.

It involves two pieces of technology, installed by thieves at an ATM machine. This is already happening in Brazil, and Texas police are now on the look-out for it. (The picture is from Brazil, but if you can't see it just click on the Texas police link -- they have some grainier versions.)

Continue reading "From McGruff The Tech Crime Dog"

Security and SourceEmail This EntryPrint This Article


The leaking of some Microsoft source code is a big story. Virus writers will now have an easy time making nastier bugs.

But if that's the case, why isn't Linux, whose source code has always been available, more vulnerable? (The picture, by the way, is from a BBC Q&A on the Microsoft leak.)

The fact that it's not should tell you something about the intersection of politics, creativity, and copyright in our world.

Continue reading "Security and Source"