From my dad, yet another New York Times article to make you all warm and fuzzy inside:
Thieves Winning Online War, Maybe in Your PC
Despite the efforts of the computer security industry and a half-decade struggle by Microsoft to protect its Windows operating system, malicious software is spreading faster than ever. The so-called malware surreptitiously takes over a PC and then uses that computer to spread more malware to other machines exponentially. Computer scientists and security researchers acknowledge they cannot get ahead of the onslaught.
As more business and social life has moved onto the Web, criminals thriving on an underground economy of credit card thefts, bank fraud and other scams rob computer users of an estimated $100 billion a year, according to a conservative estimate by the Organization for Security and Cooperation in Europe. A Russian company that sells fake antivirus software that actually takes over a computer pays its illicit distributors as much as $5 million a year.
I spent part of this afternoon rooting around in my email correspondance from 1999 and 2000. Forgetting the wherefores and whatnots of the emails themselves, just getting into the Outlook files proved difficult. How many passwords does anyone remember from nine years ago? I actually remember a few, but not, unfortunately, the ones I needed.
Sure, I found them eventually, but heavens. That's half an hour of my life I'll never get back, and it was my own fault.
I've largely solved Yesterday's frustration (more of a PEBCAK issue than anything else, wouldn't you know?) so now I have a new one: the touchpad on my laptop isn't working. It's probably a driver issue, but still, it makes navigating—doing anything, really—that much more difficult.
Anyway. On to New York for my first-and-only Yankees game.
Forgot to mention: Philadelphia beat Altanta 12-10 yesterday. As soon as I get my technical problems fixed I'll have photos of the massive thunderstorm that caused a two-hour rain delay. And after a nail-biting day when the Cubs and Milwaukee were tied for first place, the Cubs won and Milwaukee lost, putting us a full game up once again.
Windows is designed to be secure (don't laugh). One security measure is to lock users out after a certain number of failed login attempts. Vista, however, tries lots more times to login than you might think. So, even if you mis-type your password once or twice, Vista might think the KGB is trying to break into your laptop and lock you out.
I know this because, 36 hours into a 7-day trip, I appear to be locked out of my laptop.
Now, I can unlock my laptop in seconds by logging in while connected physically my network. Only problem, my network is 1100 km away and I won't reconnect to it for a few days.
So, great, at least my laptop is secure from someone who knows my UID and password. Of course, if someone ripped the hard drive out and connected it to another machine, he could read the unencrypted parts without any problem. Since I would like to keep the laptop intact, and it's the encrypted parts that I kind of need right now, it's inconvenient, to say the least.
When I calm down and I don't want to beat the Windows Vista team lead over the head repeatedly with my laptop, I'll explain why this "security" only matters if you aren't actually a malicious hacker, and why if you are a malicious hacker it's irrelevant. In other words, what I'm going through at this exact moment is much like the people lining up for crosses in Monty Python's Life of Brian: it'll only hurt if you're honest.
Via Dad, it seems a network administrator for the City of San Francisco has locked out all the other administrators:
A disgruntled city computer engineer has virtually commandeered San Francisco's new multimillion-dollar computer network, altering it to deny access to top administrators even as he sits in jail on $5 million bail, authorities said Monday.
Terry Childs, a 43-year-old computer network administrator who lives in Pittsburg, has been charged with four counts of computer tampering and is scheduled to be arraigned today.
Childs created a password that granted him exclusive access to the system, authorities said. He initially gave pass codes to police, but they didn't work. When pressed, Childs refused to divulge the real code even when threatened with arrest, they said.
He was taken into custody Sunday. City officials said late Monday that they had made some headway into cracking his pass codes and regaining access to the system.
He's about to find out that you can sit in jail on a contempt of court charge for, well, ever.
The first—the most serious one—comes from David Brooks via my friend RB:
Let’s take a look at what [Clinton is] going to put her party through for the sake of [a] 5 percent chance [of winning]: The Democratic Party is probably going to have to endure another three months of daily sniping. ... For three more months (maybe more!) the campaign will proceed along in its Verdun-like pattern. There will be a steady rifle fire of character assassination from the underlings, interrupted by the occasional firestorm of artillery when the contest touches upon race, gender or patriotism. The policy debates between the two have been long exhausted, so the only way to get the public really engaged is by poking some raw national wound.
The other story, via Bruce Schneier, concerns a weird but scary Craigslist hoax:
Two hoax ads on Craigslist cost a Jacksonville man thousands of dollars in property Saturday and could land the pranksters in jail on theft and burglary charges.
The classified ads popped up Saturday afternoon on the Web site saying the owner of a home ... was forced to leave the area suddenly and that his belongings, including a horse, were free for the taking, said Jackson County sheriff's Detective Sgt. Colin Fagan.
The only problem is that Robert Salisbury has no plans of leaving his home any time soon.
Finally, a new dating website that left my friend TLC "flabbergasted but intrigued:"
You fill out a profile which consists of photos, your height, body type, education, occupation and a personal statement, and get rated by other members of the In My League community on a scale of one to ten based on your attractiveness.
Once you've been rated five times, you'll see your rating and all of your matches. Your matches are people who are within one point of your rating either way on the ten point scale. You can send messages and flirts to your matches, and when you appear as someone else's match, they send messages and flirts to you.
So if you're a 7.0, you'll be able to contact members who are rated as high as 8.0. And nobody rated below a 6.0 will be able to get in touch with you.
We live in interesting times.
Via Bruce Schneier, apparently the physical security of British nuclear weapons until around 1998 consisted of, essentially, a bicycle key:
To arm the weapons you just open a panel held by two captive screws - like a battery cover on a radio - using a thumbnail or a coin.
Inside are the arming switch and a series of dials which you can turn with an Allen key to select high yield or low yield, air burst or groundburst and other parameters.
The Bomb is actually armed by inserting a bicycle lock key into the arming switch and turning it through 90 degrees. There is no code which needs to be entered or dual key system to prevent a rogue individual from arming the Bomb.
Oh. Well. Of course. Why use a hard-to-forge sequence of letters and numbers like the U.S. or U.S.S.R. when a little key will do?
So what prevented an accidental (or deliberate) British detonation until Tony Blair fixed the problem? Why, tradition, of course, what what!
The Royal Navy argued that officers of the Royal Navy as the Senior Service could be trusted: "It would be invidious to suggest... that Senior Service officers may, in difficult circumstances, act in defiance of their clear orders."
(Insert nervous laughter here.)
Via Bruce Schneier, Cory Doctorow: "The DRM business model is the urinary tract infection of media experiences: all of the uses that used to come in an easy gush now come in a mingy, painful dribble..."