Via security guru Bruce Schneier, an actual, real-world Trojan Horse that gets in...well, almost everywhere.
Via Bruce Schneier, a former British military bomb-disposal operator offers some thoughts about the clowns who completely failed to bomb anything in the UK last week:
If these guys at the weekend really were anything to do with al-Qaeda, all one can really say is that it looks as though the War on Terror is won. This whole hoo-ha kicked off, remember, with 9/11: an extremely effective attack. Then we had the Bali and Madrid bombings, not by any measure as shocking and bloody but still nasty stuff. Then we had London 7/7, a further significant drop in bodycount but still competently planned and executed (Not too many groups would have been able to mix up that much peroxide-based explosive first try without an own goal).
Remember, this country carried on successfully for six years with hundreds—thousands, sometimes—of tons of explosives raining down on it every night for six years, delivered by very competent Germans who often died doing that job. The civilian death toll was around 60,000 according to most sources; the equivalent of 20 9/11s, more than three for every year of the war. Civilisation was not brought down. Germany and Japan withstood even greater violence, and survived it too.
Bruce Schneier asks: "Is there a Special Olympics for terrorists going on in the U.K. this week?"
Via Bruce Schneier, a report of an English artist being arrested for sketching a military asset...in 1748.
I just spent two hours removing blog spam. I hate these guys.
From Bruce Schnier: "At least they're honest about it this time."
Via Talking Points Memo, this reminder that on the Internet, nobody knows you're a dog...but they do know what terminal you're using:
In late August, someone with an IP address that originated from the National Institutes of Health drastically edited the Wikipedia entry for the National Institute on Drug Abuse, which operates within NIH. Wikipedia determined the edit to be vandalism and automatically changed the definition back to the original. On Sept. 18, the NIH vandal returned, according to a history of the site's edits posted by Wikipedia. This time, the definition was gradually changed, presumably to avoid the vandalism detector.
People forget about this quite a bit. On the Internet, your browser must send a request to a Web server to get a Web page. In order for the Web server to respond, it has to know where to send the page; ergo, every time you hit a Web site, you tell that site who you are. Wikipedia uses this simple fact to help determine the value of contributions. In this case, it worked perfectly.
Security expert Bruce Schneier finds some cases of appropriate and helpful security theater:
Security is both a reality and a feeling. The reality of security is mathematical, based on the probability of different risks and the effectiveness of different countermeasures. We know the infant abduction rates and how well the bracelets reduce those rates. We also know the cost of the bracelets, and can thus calculate whether they're a cost-effective security measure or not. But security is also a feeling, based on individual psychological reactions to both the risks and the countermeasures. And the two things are different: You can be secure even though you don't feel secure, and you can feel secure even though you're not really secure.
The Aircraft Owners and Pilots Association reports that an enormous block of airspace around Washington is off-limits to general aviation tonight because of the State of the Union Address:
During the president's speech to Congress and the nation, no flights are allowed to or from any of the 21 airports within the Washington, D.C., ADIZ, including pattern work. The special ingress/egress procedures for the "DC-3" airports inside the Flight Restricted Zone are also suspended. Only IFR flights to and from Washington Dulles International (IAD) and Baltimore/Washington International Thurgood Marshall (BWI) airports will be allowed.
This is what security expert Bruce Schneier calls "security theater."
The New York Times picked up the ongoing story of botnets, networks of computers that spammers and other miscreants have taken over:
According to the annual intelligence report of MessageLabs, a New York-based computer security firm, more than 80 percent of all spam now originates from botnets. Last month, for the first time ever, a single Internet service provider generated more than one billion spam e-mail messages in a 24-hour period, according to a ranking system maintained by Trend Micro, the computer security firm. That indicated that machines of the service providers' customers had been woven into a giant network, with a single control point using them to pump out spam.
Users, ISPs, users, software vendors, and users contribute to the problem:
Serry Winkler, a sales representative in Denver, said that she had turned off the network-security software provided by her Internet service provider because it slowed performance to a crawl on her PC, which was running Windows 98. A few months ago four sheriff’s deputies pounded on her apartment door to confiscate the PC, which they said was being used to order goods from Sears with a stolen credit card. The computer, it turned out, had been commandeered by an intruder who was using it remotely.
Note that Winkler's computer probably ran slowly because it had already gotten infected, and the ISP's security software had a lot of work to do because of this.
At least with the Times picking up the story, perhaps more people will notice.