Ged Carroll

Category: security | 保衛 | 정보 보안 | 情報セキュリティー

According to Wikipedia security can be defined:

Security is protection from, or resilience against, potential harm (or other unwanted coercive change) caused by others, by restraining the freedom of others to act. Beneficiaries (technically referents) of security may be of persons and social groups, objects and institutions, ecosystems or any other entity or phenomenon vulnerable to unwanted change. Security mostly refers to protection from hostile forces, but it has a wide range of other senses: for example, as the absence of harm (e.g. freedom from want); as the presence of an essential good (e.g. food security); as resilience against potential damage or harm (e.g. secure foundations); as secrecy (e.g. a secure telephone line); as containment (e.g. a secure room or cell); and as a state of mind (e.g. emotional security).

Back when I started writing this blog, hacking was something that was done against ‘the man’, usually as a political statement. Now breaches are part of organised crime’s day to day operations. The Chinese government so thoroughly hacked Nortel that all its intellectual property was stolen along with commercial secrets like bids and client lists. The result was the firm went bankrupt. Russian ransomware shuts down hospitals across Ireland. North Korean government sanctioned hackers robbed 50 million dollars from the central bank of Bangladesh and laundered it in association with Chinese organised crime.

Now it has spilled into the real world with Chinese covert actions, Russian contractors in the developing world and hybrid warfare being waged across central Europe and the middle east.

  • Gates on spam

    Gates on spam

    Bill Gates wrote to me regarding the latest thinking by Microsoft (ok so its a Microsoft marketing ploy to make me think that Chairman Bill cares even for heretics like me) and some of their partners to curb spam. The mail is interesting, however I have a few concerns on the content of the email by Gates on spam:

    • the industry initative lacked networking manufacturers like Nokia, Juniper or Extreme Networks
    • no computing powerhouses like Sun Microsystems, Oracle, IBM, Apple
    • there was no reference to non-windows PC users (Mac, Unix, Linux, Symbian smartphones, PalmOS etc)
    • there is no independent experts on the panel like Phil Zimmerman

    From: billgates at chairman.microsoft.com

    Subject: Preserving and Enhancing the Benefits of Email – A Progress Report

    Date: 28 June 2004 21:47:34 BST

    To: *********** at ***.com

    During the past year, Microsoft has taken a number of important steps to help curb the epidemic of junk email, which is a major headache for computer users worldwide. We’ve made significant progress, including blocking more than 95 per cent of all incoming junk email – an average of 3 billion messages a day – on Hotmail. But more work remains to be done. We’re committed to finding additional ways to counter this costly nuisance.

    Over the next 12 months, we will begin to introduce several additional innovative technologies and processes that should further reduce the volume of junk email reaching customers’ inboxes. Because you’ve subscribed to receive executive emails from us, I’d like to update you on what we’re doing in this area. On the Web at www.microsoft.com/execmail, I’ve posted an in-depth explanation of Microsoft’s technology vision and strategy for ending the junk email epidemic as a major problem. I hope you’ll take a few minutes to read it.

    Thank you.

    Bill Gates

    More posts related to Gates on spam here.

  • Free party clampdown

    An old clubbing pal of mine from Birkenhead Si forwarded on this interesting article in the Western Morning News. According to the article police are preparing to use the wide ranging powers of the Anti Social Behaviour Act 2003 to clamp down on unauthorised open-air gatherings – a free party; in conjunction with provisions already made by sections 63 – 67 of the Criminal Justice and Public Order Act 1994. With its definition of music as an emission of a succession of repetitive beats, thus allowing unscheduled opera performances but not young peoples music.

    While I can understand people’s concerns over noise; I am more concerned about the right to associate, freedom of expression (by speech, music or visual media) and the two standards allowed in the law making free party attendees second-class citizens.

    And politicians wonder why so many voters are apathetic?

    May it have something to do with:

    • the persistent erosion of voters rights?
    • a lack of clear differentiation between many of the social policies of both major political parties?
    • legislation that no longer represents the social mores of much of the electorate?
    • a collectively small amount of life experience amongst professional politicians, the significant majority of which are trained lawyers?
    • a cynical political process that means that politicians go after softer targets rather than dealing with the big policing issues in the UK, such as organised crime, rise in violent crime, white collar and corporate crime?

    Si also generously included a link to lots of information on where there might be a local free party here, just remember its free as in speech; the parties do cost money to put on. More culture related posts here.

  • Microsoft security spin

    I read a classic piece of spin in The Business, Microsoft races to stop bank account hackers by Tony Glover. Tony who has been shortlisted in a category for Business Journalist of the Year wrote “Technicians at the US software giant Microsoft are working flat out to prevent a new security threat that this week could give criminals access to computer systems used worldwide by banks and governments.”

    The general threat that Tony outlined called phishing has been covered for quite a while by national newspapers, something that wasn’t made clear in the article. In fact eBay, HBOS and Barclays customers have all been exposed to phishing attacks. The article was an excellent piece of PR work (my hat goes off to the members of the Microsoft press team) that failed to point out:

    – Phishing has been going on for quite a while now, though the vulnerability in Microsoft Internet Explorer is new. It is one of many security vulnerabilities in the product and phishing as a security risk is well understood

    – Microsoft was trying to plug yet another security gap in their software that facilitates phishing? . Despite repeated promises to get tough security, Microsoft have failed to do so

    – Using an alternative browser like Opera can help prevent the risk of phishing (though nothing in IT systems can be labeled foolproof)

    – It is yet another good argument against software bundling like Microsoft (and increasingly Apple) have been doing and is an excellent riposte to critics of the EU competition commissions case against Microsoft. Bundling of software restricts the ability of competition to spur innovation and improvements in both quality and service

    Free Internet calls move a step closer on page six goes on to talk breathlessly about a new feature in Microsoft Office that provides Internet calls. Its not that big a deal, I know of people who used Skype and before it Net2Phone and other over the net software phones. In fact Stephen Waddington, managing director of geeky PR firm Rainier was quoted in a newspaper case study talking about his firms uses of voice over the ‘net for international conference calls a few years ago.

    In addition, many instant messenger programmes such as Yahoo! Instant Messenger, AIM and iChat offer audio and video calls between users. Another fallacy in technology circles is the concept of ‘free’, you’d think that technology marketers would be mature enough to realise that nothing ever comes for free, even ‘free’ pirated MP3s or DiVX movie files via a P2P network is partly financed by banner advertisements, spyware and adware in the P2P software itself. Freeware is often produced for altruistic reasons, even if it is to build a community of users or make ones mark with an elegant solution to a problem. In the case of ‘free internet calls’ it will help increase sales of broadband connections, where calls leave the domain of a connection between IP addresses over PCs some sort of ‘interconnection charge’ will be due. Its not new, its history repeating.