Hack The Planet

This just in, you get what you pay for. I was just reading up on the latest case of free not being free with Digsby IM installing software that uses your system resources when idle. Digsby defended this by saying the software was free but just because something doesn’t cost any money up front doesn’t mean it is free. The disk space that the extra software is taking up costs money. The electricity and network connection costs money and the time it will take your brother, cousin or other random familial IT person to clean off your computer so that it doesn’t run slow after all of the free software you have installed isn’t free. Just remember, nothing is free.

The last week or so has been pretty rough for Twitter. Not only has Twitter been DOS’d a number of times and kicked offline but it also came out that hackers were using Twitter to control a botnet. It seems that Twitter isn’t just dangerous because of the amount of time you can waste but also because it can be used for data and identity theft. Of course with all of the fake Twitter accounts and the previous issue of Twitter accounts being hijacked because of a Twitter employee with a weak password it makes me wonder what type of future Twitter has. My guess is a good one because the normal citizen doesn’t care about security breaches, only about what the new hot hairstyle their favorite celebrity is wearing.

In just over 10 days I will be heading out to BlackHat. Hopefully this year is even better than last year, though it will be tough to beat last year.

There is a constant battle in the world of computer and network security. The battle of usability. The more secure you make something the less usable it seems to become. Case in point: Firefox is a nice browser. All browsers are open to attack or open your computer to attack. You secure firefox by installing one or many secure add-ons. Firefox now is un-usable for a large population of users. While I enjoy the feeling of security having my Firefox locked down like Ft Knox not everyone does. So that is the question; How do you make security more usable.

Wolfram Alpha is quite possibly the coolest thing ever. More than sliced bread. This is knowledge given to the masses. This is changing how people think and learn. If you haven’t seen it go to: http://www.wolframalpha.com/screencast/introducingwolframalpha.html

That is all.

It is 9 am on April 1st in New Zealand, do you know where your Corn Flicker is? Apparently someone alerted the media and of course, this is armageddon. New Zealand has sunk back into the ocean under the weight of the conficker worm. Hide your women and children!

I love reading Schneier’s blog. This specific article was really good and I thought I should share it.

We live more and more in a world of censorship and worry. Will what we say or do be used against us at some later date? And not what we say online in a public forum, but what we say to a friend as we are walking down the street assuming we aren’t being monitored. There are less and less places that you can assume are private.

Russell Tice (the NSA whistleblower) hasgone into more detail about the activities of the NSA domestic wire tapping scandal. It seems that the good folks at the NSA have been doing a bit more than they said they were. I could be mistaken but aren’t they supposed to be the good guys?

If you haven’t heard of the enormous data breach at Heartland Payment Systems then you have been living under a rock. It makes me wonder just how much Heartland had paid for their compliance and how little they actually spent on security.

In the IDS market there are two different disciplines. The first uses signatures to determine if an attack is happening. The second is using network behavior to determine if an attack is happening. I am a firm believer that you have to at least have a signature based IDS to detect known attacks, virus’ and malware. Having a behavior based IDS is definitely useful but only after you have stopped everything that is known about in the wild.

A researcher at the University of California at Davis has been working on a very interesting way to use behavior based IDS to stop zero day worms.