Why I’m scared of Cybermen, Daleks, Zombies and Spambots

Thursday, February 24th, 2011

I never liked zombies, or daleks and cybermen for that matter, because they were relentless in their attacks. At least vampires tended to be solitary creatures with well defined weak spots. Zombies, although a bit slow and stupid and vulnerable to simple decapitation, hunted in packs. That’s what scared me as a kid, and scares me as an IT security geek.

Let me explain.

(more…)

Libya: Internet experiencing blackouts

Wednesday, February 23rd, 2011

It didn’t come as much of a surprise to hear Libya’s internet was hit by various blackouts.

Renesys indicated there had been some internal shutdowns, and again this came as no shock.

When Egypt’s internet was cut off it sent shivers down the spine, but once you came to terms with the notion that switching off the web wasn’t that hard, it simply made sense. What better way to put a gag in people’s mouths and clamp down on freedom of speech?

You fear this will become a trend as insurrection spreads across the Middle East, with curfews or complete blackouts becoming the norm for cracking down on rebellious behaviour.

Outside of such egregious actions, the internet blackouts also call into question who has control over the web. It is supposed to be us, the people who create and use its content, but at the end of it all, it is the corporations and the governments who have ultimate power.

Yes, the internet has proven to be an incredibly effective platform for organising protest movements. We’ve seen what has been brought about in Egypt, Bahrain and Tunisia thanks to social networks. Not so long ago, Facebook helped

But it is clear that people do not have much say if it comes to the crunch. Do you have a killswitch? No. Do ISPs? Yes. Can the Government organise an internet shutdown? Evidently.

So as much as we might like to believe the internet is the one place where the people really have the power, they don’t. Non-virtual trends have filtered into the web, and this is a now irreversible shift.

Just as governments can brutally suppress protest on the streets, they can take attempt to take control of the internet as well. We’ve seen in China how successful the authorities have been in quashing minor online uprisings.

In fact, governments could have more success in virtual environments than in the real world. You can turn the internet off, sure. But suppressing millions of individuals with a purpose is a little trickier.

It seems the internet can help kick protests off, but to finish them, you need real people power.

Has Anonymous really targeted Westboro Baptist Church?

Monday, February 21st, 2011

Anonymous has drawn a new organisation into its crosshairs – the highly controversial Westboro Baptist Church.

Actually, nope, scrap that… it seems it’s all just a hoax. But not one organised by Anonymous, but by the anti-gay church itself.

According to an Anonymous release the whole thing was designed to give the church, which was the subject of an excellent Louis Theroux documentary not so long ago, some limelight, as well as trick the hacker group.

“You thought you could play with Anonymous. You observed our rising notoriety and thought you would exploit our paradigm for your own gain. And then you thought you could lure some idiots into a honeypot for more IPs to sue,” the message to Westboro Baptist Church read.

Anonymous warned its members not to launch a DDoS attack, claiming that the church had its “ports wide open to harvest IPs to sue.”

But this is where the whole concept of Anonymous becomes a troubling one – if it has no accountability then the group opens itself up to such dirty tricks (if it was a trick…) and even somewhat destabilises its credibility, even if its causes are thought to be morally right.

How do we know the aforementioned post was really from Anonymous? And how do we know the original message calling for attacks on the church was a hoax? Who writes the releases? Who is running the show, if anyone?

For its backers, the great thing about WikiLeaks is that it is accountable – it has a face in the form of Julian Assange. This means people have something to hold onto and can really get behind. Indeed, Anonymous itself became famous through its support of Assange and his cause.

Of course, Anonymity can have its benefits – most notably that things can be said that need to be said, without any comments having to be attached to a certain individual or organisation.

But what I would say is that accountability can create martyrs, and martyrs can aid a cause, just as targets give you something to shoot at.

Whether you agree with the way Anonymous goes about its business or not, the fact is it will always have to cope with fakers. It’s an easy model to hijack.

And what if another organisation tries to pull what Westboro Baptist Church supposedly did with IP harvesting, but succeeds? Anonymous members could find themselves in handcuffs. Just earlier this year, arrests were made as part of investigations into the group, so law enforcement are clearly after them.

Oh and then there’s the issue with being a protest organisation, and yet staunchly in favour of free speech. Anonymous will also have to cope with the paradox that when fighting against certain causes, you risk going against advocacy of freedom of speech. Admittedly, the group has tread this line carefully and avoided any hypocrisy from this respect thus far.

Expect to see more twists in 2011 – another big year for Anonymous and hacktivism in general.

The password cracking software enigma

Monday, February 21st, 2011

I am always banging on about passwords, and how important it is to avoid using stupidly simple and easily breakable ones. But it seems that no matter how good your password construction skills are, in some cases it makes no difference at all. Depending upon where your data is being stored, it can be quickly accessed by anyone. It doesn’t take a master hacker, nor some geek with a home built supercomputer in the bedroom, to break your password protection. All it takes is someone with a few hundred quid to spare and the ‘forensic software’ that it can purchase.

(more…)

Help

Sunday, February 20th, 2011

There were three of them, we were young and they looked oh-so sexy in their silvery grey jackets. We became intimate immediately, slept together every night and I devoted all my attention to them equally. It was exhausting and especially when my wife joined in and made it a ménage à trios.

(more…)

WARNING: Five Million Fake Adverts

Sunday, February 20th, 2011

A couple of days ago, over at our sister site PC Pro, I asked if you can trust Google sponsored results.  My inbox would seem to suggest that many people share my concern when it comes to clicking on those paid for search result placings, although a number of outraged online citizens expressed their anger that I should dare suggest that advertising can ever be a bad thing. I find this latter concept totally alien, having witnessed all sorts of misleading adverts during the last four decades. Whether it is the sign on the side of the plumbing van falsely claiming membership of a professional organisation or a scammer trying to entice you to purchase rogue antivirus software via pop-ups on your computer screen. They both hope you will comply because they are taking advantage of the trust phenomenon.

(more…)

This week I have been mostly underwhelmed by mobile announcements

Thursday, February 17th, 2011

The Mobile World Congress in Barcelona usually manages to completely underwhelm me with some pointless announcement or other, and this year has been no exception. Apparently, and I trust you are sitting down for this, dealing with the smartphone-driven network demands for data services is proving something of a challenge. With global mobile broadband subscribers expected to continue rising at a stonking pace, hitting 5 billion or so within five years, the challenge is only likely to get worse.

Am I worried by this announcement? Not at all, and for good reason: I rather suspect that the mobile network operators will somehow damage to keep up with demand through beefed up network provision and implementation of more efficient technologies. Heck, it’s not as if they are going to be short of money to invest in that upgraded network provision as, after all, most people do not get their mobile access for free now do they?

(more…)

Facebook + friends = STRESS

Wednesday, February 16th, 2011

Apparently the more Facebook friends you have the more stressed you’ll be when using the site.

In research that some may question the validity/point of, Scottish psychologists quizzed a bunch of students (why just students?!) about how they use Zuckerberg’s baby (I’m referring to Facebook here, not any offspring of the young billionaire).

Edinburgh Napier University researchers found those users who spent the most time on the site and had more contacts than anyone else were likely to be the most stressed. It’s hard being young and popular – haven’t you seen teen not-actually-real documentary The Hills?

I’d like to add a little of my own psychoanalysis here that the researchers didn’t appear to comment on: the people with the most friends on Facebook and who spend the most time on it are more than likely lonely, insecure and in need of real human contact.

When these anti-outside air people go on Facebook, their unconscious is reminded that they aren’t actually making real contact with actual friends, but instead interacting with basically imaginary friends whose online personas are as detached from their genuine personalities as Apple and Adobe are in their outlook on openness. This only places additional stress on the Facebook users’ already fragile state without them appreciating why.

The more virtual friends they acquire, the more they are reminded how alienated they are from real-world and human interaction, making them even more depressed. No doubt stress levels for the Facebook-obsessed went up a notch on Valentine’s Day. It’s little wonder there weren’t any reports of people inexplicably imploding when February 14th hit, with love hearts and adoring messages splattered all over the social network to remind the lonely just how lonely they were.

There’s plenty of papers and research out there raising concerns about how people are becoming increasingly virtual in their social experiences, as well as what pejorative consequences this might entail. But no one really listens.

And who cares? I’m on Facebook right now, blissfully ignorant in the land of quasi-make believe where I’m a really fascinating, loquacious chap who has a startling amount of friends who I get on with all very well and converse with every day… God, I’m depressed.

P.S. To the 32 per cent of students who said rejecting friend requests led to feelings of guilt and discomfort, try doing it in real life to someone sleazing all over you like a sex-starved B-list celebrity on Viagra… it’s actually quite rewarding.

Stuxnet and Iran: Forming a link

Tuesday, February 15th, 2011

You have to hand it to the research community for its work on Stuxnet and linking the now notorious piece of malicious kit to organisations in Iran.

OK, it may have been a little embarrassing for some that it took over a year to detect the most impressive piece of malware ever created, but since it was identified, security professionals have surpassed expectations in their investigations into Stuxnet.

Towards the end of last week, Symantec put out an updated paper on Stuxnet with some valuable new findings, most notably that five different organisations with a presence in Iran had been targeted.

It seems this fresh information was largely attainable thanks to a big group effort in drawing infection samples together. A total of 3,280 unique samples were gathered, representing approximately 12,000 infections, all of which could be linked back to the five Iranian organisations.

ESET, F-Secure, Kaspersky Labs, Microsoft, McAfee and Trend Micro all shared information with Symantec to figure out what Stuxnet was going after. Given the occasional animosity that sparks up between some of these firms, it’s refreshing to see them working together towards a common goal.

I remember when Stuxnet first broke out as a major development and spoke to some in the industry who said it was likely the provenance of Stuxnet would never be discovered. It doesn’t seem figuring out who created the malware is so unfeasible anymore, largely thanks to the IT sec industry’s willingness to share information.

You’ll be hard pushed to find an area of the wider tech sector that is so collaborative. In fact, you’d be hard pushed to find such collective intelligence being leveraged in any industry.

In recent times there have been a few too many spats in the tech industry, some even escalating into billion-dollar court cases. Industry in-fighting often only brings pejorative consequences and can be particularly detrimental to innovation as creative people get scared of treading on others’ feet.

What the Stuxnet investigation has shown is that you can get pretty darn far if you’re willing to work with competitors, perhaps further than you’d ever imagined. To all patent hogging, close-minded firms seeking total hegemony: take the hint.

Massive Amounts of Big Language Abuse

Tuesday, February 15th, 2011

IT and the US are both major sources of corruption – of the English Language at least. HP has just acquired Vertica
http://www.vertica.com/

and I was going to blog of the IT business implications but can only get as afar as
“Customers Can Analyze Massive Amounts of Big Data at Speed and Scale”

Where else could you read “Massive Amounts of Big Data”? You only have to look further down the page before you hit a “monetizing”. Eugh!

Anyway, hopefully this is part of HP’s commitment to high value, high return software rather than low margin hardware.