Link Spasm

I haven’t done one of these in awhile. Each link interesting, but I don’t want to make a separate post about each.

The Futurist – “A Future Timeline for Economics

NASA Turns 50 — Now What?

Sound Bites of the 1908 Presidential Candidates

Music: “Funeral March by Beruit” via Stephen Pampinella

Information Security-ish – “Why Risk Management Doesn’t Work

New Killer Drones Could be Piloted by Teenagers

Techdirt: The Grand Unified Theory On The Economics Of Free

TechDirt: Books Are The Souvenir Edition For Your Idea

Market-place gods had it right

Quicken Online Drops Subscription Fee, Now Free

The Apex Fallacy: An Interview with Dr. Helen Smith

HotAir: Video: French archive releases footage of McCain POW interview

Weekend Links – 18 May 2008

These may or may not be of interest to you:

Pricings For Underground Markets In Computer Crime

http://news.bbc.co.uk/2/hi/science/nature/7358868.stm
:

Ancient humans started down the path of evolving into two separate species before merging back into a single population, a genetic study suggests. The genetic split in Africa resulted in distinct populations that lived in isolation for as much as 100,000 years, the scientists say.
[…]

Very Cool idea for a blog – http://althouse3.blogspot.com/ :

The Time That Blog Forgot. If only I could have blogged in the century before blogging! I will imperfectly satisfy my longing by using a random number generator to pick the year and the NYT archive to scan the news stories for today’s date in that year

Unqualified Reservations’ Open Letter To Open-Minded Progressives Parts 1, 2, 3 and 4

http://stephenpampinella.wordpress.com/2008/05/11/thinking-about-xgw/ :

And as per the above quote, each strategic paradigm has been around forever, so each Generation does not evolve to displace each other, but instead merely adds to a belligerent’s repetoire of strategic paradigm. That being said, given one’s place in the social structure of the international political system, employing certain strategic paradigms is politically self-destructive (and irrational) or alternatively can lead to political success (and thus, rational). Thus, most states aren’t supposed to kill civilians, but some do and get away with it as well as the non-state actors they are fighting. These actors can fight one type of war without losing legitimacy, unlike more established states who are deeply embedded in a normative culture that prohibits ‘collateral damage’. Each Generation is a repetoire and has existed throughout time, but just because an actor has learned a repetoire doesn’t mean it can always use it and expect to win. That’s why history is important. It conditions which Generations/repetoires/strategic paradigms will be most successful to achieving one’s policy goals.

http://gatesofvienna.blogspot.com/2008/05/distributed-emergence-networking.html :

The mission of the Counterjihad is to organize action to resist sharia and roll back Islamization in the nations of the West. This purpose will be accomplished via a number of strategies that can operate together or separately, consecutively or concurrently. They may include some or all of the following…
[…]
The most important characteristic of an effective anti-Islamization network is that it be international. The enemy’s networks are very international, and radical Islam coordinates effortlessly across national boundaries. We must do the same thing.

http://www.steynonline.com/content/view/1217/ :

I’m not sure why Michelle would stick “pastor of a church” in that list of downscale occupations: Her pastor drives a Mercedes and lives in a gated community. But, insofar as I understand Mrs. O, she feels that many Harvard and Princeton graduates have to give up their life’s dream of being a minimum-wage “community organizer” (whatever that is) and are forced to become corporate lawyers, investment bankers and multinational CEOs just to pay off their college loans. I’m sure the waitresses and checkout clerks nodded sympathetically.

http://frontpagemagazine.com/Articles/Read.aspx?GUID=43EB6031-8C4B-42DB-AB4B-E8BD78132710 :

With its heavily funded proxies marching through an Arab democracy’s ruins, Iran has arrived on the Mediterranean, outflanking Israel.

http://shrinkwrapped.blogs.com/blog/2008/05/sometimes-a-thi.html :

The neocons, especially President Bush, were convinced that if only the jackboot of fascism were removed from their necks, the Iraqi people would eagerly adopt democracy and freedom. Our painful experiences in Iraq have shown how naive such a hope was.

http://www.sinodefence.com/

So, Obama was a Muslim? Here and Here.

Rachel Lucas is a Firefly Fan. Shiny!

http://www.tdaxp.com/archive/2008/05/13/former-head-of-iraqi-anti-corruption-agency-now-an-undocumented-immigrant.html :

The Department of Homeland Security and the Department of State may two the two worst-run agencies in the federal government. When they work together, things get truly bad

http://hotair.com/archives/2008/05/13/suspected-fbi-hezbollah-spy-sentenced-to-no-jail-time/ :

She was here illegally, pursuant to a sham marriage she arranged with a U.S. citizen. She illegally accessed FBI records about herself and her brother-in-law not once but twice while working for the Bureau, a breach that warranted debriefings at the “highest levels of government.” Best of all, she was actually assigned to Baghdad for a time, where she spent her days interrogating Al Qaeda. Total penalty for her various crimes: A $750 fine and off scot free.

Political Satire: “Yes We Shall”

Video of a GR watching Air Bud

There has been a lot of recent activity on this old post of mine – Found on Wikipedia: “The Dulles Plan”

Podcast: This American Life on The Mortgage Crises – “The Giant Pool of Money”

The Singularity & the 12th Imam

New Year’s Eve Links [Updated]

BTW, I am listening to The Pipettes while I type this.

Top 10 Businesspundit Posts of 2006

TDAXP describes the differences between Shia and Sunni Islam; [update] Catholicgauze has the maps to go with it.

5GW: “Exploring what comes next is cooler than what’s maturing now

In “The empires of the future are the empires of the mind” EnigmaFoundry writes:

So the Bush administrations policy has a fundamental conceptual flaw: It is fighting an ad hoc network by trying to kill those it believes are part of the network. But this ad hoc network is feed by a fundamental belief, which is: The US is evil, it is out to kill Muslims, and it is therefore the duty of good people to destroy this evil killing machine. Now, to defeat this network we need to fight this fundamental belief, not to kill those who hold it, because this would just demonstrate that the belief is correct. Every time we win, we lose.

My thought on the aboive: 4GW (and 5GW) is as much about memes as about tangible things.

Old Lawfare links: here and here. A newer one here. [Update] And here.

Hezbollah’s Christian Allies

When Sysadmins Ruled the Earth by Cory Doctorow

“…One of its main ideas is that mandatory schooling begin at age 3 and end after 10th-grade. After that, going on to colleges and universities would be one of several choices available. Another choice, equally typical and just as well-funded, would be vocational training.”

Weekend Information Security Links, Part 1

So many links, so little time.

Continue reading

Sunday Links

Incentives for breeding? “Babies Are Kew-el”

How about a 5GW campaign against birth control quality?
Personally, I am a bit hesitant around small children (they seem fragile and I don’t want them to break around me. Once they turn three-ish and can talk. Then they become interesting (amusing + programmable).

Hot Air outtakes! Note to freaks: It does not included an extended version of her “Jump” vepisode.

“John Stamos is here, and he is pissed”

On the Doolittle Raiders

Continue reading

Sunday Information Security Links

Jeff Hayes has Lock Picking Analogy:

In the world of locks, the same premise holds true. Some locks are designed and tested much better than others. The lock picking hobbyist — the lock hackers — do us all, including the manufacturers, a service in assessing the security of these products. If the manufacturer demonstrates a weak design and QA process, then society at large is fully in its rights to bring those flaws to light.

He also has a post on the principle of Least Privilege:

The principle of least privilege requires that a user be given no more privilege than necessary to perform a job. This is done to enhance protection of data and functionality from faults and malicious behavior.

Some things make me want to change fields: Security Focus on Quantum Computer Security:

In the weird world of quantum computing, the state of computer systems networked together is so fragile that a read access to a single quantum bit, or qubit, on one machine would require a network-wide reset. It’s no wonder, then, that two researchers who are working on ways of defending against the future possibility of malicious attack assume that any unauthorized access to a quantum computer constitutes a catastrophic failure.

Quantum computers make use of quantum physics, the rules of subatomic particles and light, to create a computing system. Where a classical computers uses binary values of 0 and 1, a quantum system can be in a state that represents either 0 or 1, or a probabilistic blend of both states, known as a “superposition,” so that it has the potential to be either 0 or 1 with its value only be determined at time of measurement. These quantum bits of information, or qubits, essentially take on all possibilities until measured, when the state of the qubits collapse to an actual value.

The science behind quantum computing gets even weirder…

There is no telling what such an attack might look like. Destroying data or circumventing a calculation on a quantum computer is the easiest course. Attackers could operate a rogue computer on the quantum network or coopt the communications line, he said.

“We deliberately stay away from specifics of malware, such as Trojan horses, et cetera,” Lidar said. “So, quantum malware to us just looks like any malicious instruction set sent to an attacker.”

Yikes.

Multiple Sources for Boarding Passes And Bad Security: Here, here, here, and here:

Last week Christopher Soghoian created a Fake Boarding Pass Generator website, allowing anyone to create a fake Northwest Airlines boarding pass: any name, airport, date, flight. This action got him visited by the FBI, who later came back, smashed open his front door, and seized his computers and other belongings. It resulted in calls for his arrest

WatchYourEnd has USB Flash Drives Contain Evidence of a North Korean Spy Ring:

A pro-North Korean group is under increased suspicion in South Korea, of providing a significant amount of information, including state secrets, to Pyongyang recently after large amounts of evidence were found on USB flash drives in their offices.

Dark Reading on Strategic Security:

Most C-level executives still view security as an operational issue, not a strategic issue, according to “Navigating Risk: The Business Case for Security.” The study, which researched the attitudes of some 213 top-level corporate, non-security executives, found that most security organizations are still operating in silos that are far removed from their highest-ranking decision makers.

Despite frequent news about security breaches, most C-level executives report that they still have little direct responsibility for most aspects of security. And the few executives who do understand the issues often do not have the influence needed to do something about it.

Dark Reading: Increasing Spam With New Malware Techniques:

Unlike traditional methods of spamming, where each botnet sends out spam emails one at a time, SpamThru uses templates that lets them send millions of emails from a single bot-infected computer, MessageLabs’ Wood says. “The template approach is the equivalent to a mail merge.”

What can be done:

  • Corporate firewalls should only allow mail servers to send email out along with desktop firewalls controlling applications and traffic.
  • ISPs should require residential accounts to only relay email through them (with authentication).
  • Shared Distributed Blackholes of IP space that can dropped at perimeters
  • InfoSec Lawfare against enablers of bots.

Security Focus on Employee Privacy, Employer Policy:

Mark Rasch looks at two recent court cases where an employee’s reasonable expectation of privacy was more important than the employer’s ability to read any employee’s e-mail – despite a privacy policy that clearly stated any company e-mail can, and will, be monitored.

A book review of Identity Crisis (something that has been on my to-do list.

A reminder about the importance of power from SANS.

More on Botnets from SecurIT.

Weekend Information Security Links

(ht Dark Reading) Anti-Phishing.org has an excellent PDF –> The Crimeware Landscape: Malware, Phishing, Identity Theft and Beyond:

“Crimeware” is software that performs illegal actions unanticipated by a user running the software, which are intended to yield financial benefits to the distributor of the software.

SecuritTeam: Money Mule Recruitment Over IM:

Today was the first time we observed a money mule recruitment happening on instant messaging.

Dark Reading: New Email Malware:

There is less hard data about Haxdoor, which uses a rootkit to hide from the user and from most antivirus applications that might be running on the PC. Once installed, it hunts for passwords for popular Internet services — such as eBay, PayPal, or Web Money — and for popular email clients such as Outlook Express. The attacker can then use the passwords to carry out online fraud or identity theft, Panda says.


Dark Reading: People Aspects of Information Security:

Interestingly, however, organizations are finding it difficult to locate skilled security staff to work on the problem. While the number of security professionals increased 8.1 percent worldwide in the past year, “you can look at any jobs site and see that there are a lot of open positions out there,” Carey noted. As a result, many organizations are giving more responsibility to junior-level staffers and security outsourcing organizations, the report says.

Well duh. Supply and Demand. Pay more for people who have the the skills and more people will get the skills.

Financial Cryptography: E-Tradecraft:

Someone’s paying attention to the tracking ability of mobile phones. Darrent points to Spyblog who suggests some tips to whistleblowers (those who sacrifice their careers and sometimes their liberty to reveal crimes in government and other places)…

Bruce Schneier.com: Chemical Residue Detectors

Schneier on Security and Botnets:

The trick here is to not let the computer’s legitimate owner know that someone else is controlling it. It’s an arms race between attacker and defender.

Botnets are hard to shutdown once established. The best thing, is to have proper controls in place to begin with to prevent takeover and to start forcing infoSec Lawfare (economic incentives) against those who allow their networks to be used.

Security Focus: An Information Security Lawfare Example:

Federal prosecutors charged on Tuesday a 32-year-old Florida man with computer trespass in connection with the creation of a bot network and the targeting of Internet service provider Akamai with a denial-of-service attack more than two years ago.


WatchYourEnd: Los Alamos Nuclear Weapons Data Found on Three USB Flash Drives During Drug Raid

…police found classified nuclear data on three USB flash drives during a search of the trailer she shares with another man who was being investigated for drug charges. The information is believed to be classified as Secret Restricted Data which indicates it involves nuclear weapons data and…

WatchYourEnd on Homeland Security and EndPoint Security: here and here:

…Federal Homeland Security officials in Portland, Oregon are trying to find a lost USB thumb drive that may have held personal information on more than 900 current and former employees. This information included your standard “destroy a person’s life” data…

and

…the Port of Seattle is reporting that six computer disks containing personal information for almost 7,000 people who work at the Seattle-Tacoma Airport are now missing. At this time they do not know if the disks were “misplace” or if they have been removed from Port property. No mention of encryption or other endpoint security measures and/or policies.

Security Focus: Fraud Costs

Two American brokerage houses have written off $22 million in fraud losses on their third quarter financials, citing spyware, stolen identities and hacker fraud as the cause.

Security Focus: Spammers continue Lawfare against spam-fighter Spamhause

e360 is going after Spamhaus again, this time trying to use the US Marshall service to seize http://www.spamhaus.org from Tucows, Inc.

Schneier on Security: Links to Paleo-Security Article:

Prehistoric evidence indicates that people have always been concerned with detecting whether others have tampered with their belongings. Early human beings may have swept the ground in front of their dwellings to detect trespassers’ footprints. At least 7,000 years ago, intricate stone carvings were…

Security Humour Spotted by Securiteam:

FLUNKY: Well, he says it’s bad security to create a privileged low-security channel for a lucky few.
CEO: He isn’t a socialist, is he?

CEO: Not interested. Let’s cut to the chase. What does he want my password changed to?
FLUNKY: dF3#(~!pk40%L/sD:@
CEO: This is a prank, right?

Securiteam: A Wormboy’s Story

When I came to work the next morning, all you could hear around the office was the sound of mutley, you would hear that laugh at least 3 times once every half hour. There were about 50 computers in the office. The Jig was up. The IT dept. had no clue what was going on, because norton didn’t detect it. Honestly they never had a clue.

Jeff Hayes: Network Access Control:

NAC is a very powerful tool. It allows a network to follow a predefined set of policies. It is policy-based networking at its finest. However, deploying it properly requires some detailed networking and security skills and knowledge.