Ramblings & ephemera

New Zealand’s new copyright law

From Mark Gibbs’ “New Zealand gets insane copyright law” (Network World: 20 February 2009): A law was recently passed in New Zealand that has created what many consider to be the world’s harshest copyright enforcement law. This insanity, found in Sections 92A and C of New Zealand’s Copyright Amendment Act 2008 establishes – and I […]

The end of Storm

From Brian Krebs’ “Atrivo Shutdown Hastened Demise of Storm Worm” (The Washington Post: 17 October 2008): The infamous Storm worm, which powered a network of thousands of compromised PCs once responsible for sending more than 20 percent of all spam, appears to have died off. Security experts say Storm’s death knell was sounded by the […]

The end of Storm?

From “Storm Worm botnet cracked wide open” (Heise Security: 9 January 2009): A team of researchers from Bonn University and RWTH Aachen University have analysed the notorious Storm Worm botnet, and concluded it certainly isn’t as invulnerable as it once seemed. Quite the reverse, for in theory it can be rapidly eliminated using software developed […]

Largest botnet as of 2006: 1.5 M machines

From Gregg Keizer’s “Dutch Botnet Bigger Than Expected” (InformationWeek: 21 October 2005): Dutch prosecutors who last month arrested a trio of young men for creating a large botnet allegedly used to extort a U.S. company, steal identities, and distribute spyware now say they bagged bigger prey: a botnet of 1.5 million machines. According to Wim […]

Why botnet operators do it: profit, politics, & prestige

From Clive Akass’ “Storm worm ‘making millions a day’” (Personal Computer World: 11 February 2008): The people behind the Storm worm are making millions of pounds a day by using it to generate revenue, according to IBM’s principal web security strategist. Joshua Corman, of IBM Internet Security Systems, said that in the past it had […]

Srizbi, Bobax, & Storm – the rankings

From Gregg Keizer’s “RSA – Top botnets control 1M hijacked computers” (Computerworld: 4 October 2008): Joe Stewart, director of malware research at SecureWorks, presented his survey at the RSA Conference, which opened Monday in San Francisco. The survey ranked the top 11 botnets that send spam; by extrapolating their size, Stewart estimated the bots on […]

Number of bots drops 20% on Christmas

From Robert Lemos’ “Bot-infected PCs get a refresh” (SecurityFocus: 28 December 2006): On Christmas day, the number of bots tracked by the Shadowserver group dropped nearly 20 percent. The dramatic decrease in weekly totals–from more than 500,000 infected systems to less than 400,000 computers–puzzled researchers. The Internet Storm Center, a threat monitoring group managed by […]

1/4 of all Internet computers part of a botnet?

From Nate Anderson’s “Vint Cerf: one quarter of all computers part of a botnet” (Ars Technica: 25 January 2007): The BBC’s Tim Weber, who was in the audience of an Internet panel featuring Vint Cerf, Michael Dell, John Markoff of the New York Times, and Jon Zittrain of Oxford, came away most impressed by the […]

How ARP works

From Chris Sanders’ “Packet School 201 – Part 1 (ARP)” (Completely Full of I.T.: 23 December 2007): The basic idea behind ARP is for a machine to broadcast its IP address and MAC address to all of the clients in its broadcast domain in order to find out the IP address associated with a particular […]

The future of security

From Bruce Schneier’s “Security in Ten Years” (Crypto-Gram: 15 December 2007): Bruce Schneier: … The nature of the attacks will be different: the targets, tactics and results. Security is both a trade-off and an arms race, a balance between attacker and defender, and changes in technology upset that balance. Technology might make one particular tactic […]

A single medium, with a single search engine, & a single info source

From Nicholas Carr’s “All hail the information triumvirate!” (Rough Type: 22 January 2009): Today, another year having passed, I did the searches [on Google] again. And guess what: World War II: #1 Israel: #1 George Washington: #1 Genome: #1 Agriculture: #1 Herman Melville: #1 Internet: #1 Magna Carta: #1 Evolution: #1 Epilepsy: #1 Yes, it’s […]

Those who know how to fix know how to destroy as well

From Stephen J. Dubner’s interview with Bruce Schneier in “Bruce Schneier Blazes Through Your Questions” (The New York Times: 4 December 2007): This is true in many aspects of our society. Here’s what I said in my book, Secrets and Lies (page 389): “As technology becomes more complicated, society’s experts become more specialized. And in […]

Bruce Schneier on security & crime economics

From Stephen J. Dubner’s interview with Bruce Schneier in “Bruce Schneier Blazes Through Your Questions” (The New York Times: 4 December 2007): Basically, you’re asking if crime pays. Most of the time, it doesn’t, and the problem is the different risk characteristics. If I make a computer security mistake — in a book, for a […]

An analysis of Google’s technology, 2005

From Stephen E. Arnold’s The Google Legacy: How Google’s Internet Search is Transforming Application Software (Infonortics: September 2005): The figure Google’s Fusion: Hardware and Software Engineering shows that Google’s technology framework has two areas of activity. There is the software engineering effort that focuses on PageRank and other applications. Software engineering, as used here, means […]

Matthew, the blind phone phreaker

From Kevin Poulsen’s “Teenage Hacker Is Blind, Brash and in the Crosshairs of the FBI” (Wired: 29 February 2008): At 4 in the morning of May 1, 2005, deputies from the El Paso County Sheriff’s Office converged on the suburban Colorado Springs home of Richard Gasper, a TSA screener at the local Colorado Springs Municipal […]

A botnet with a contingency plan

From Gregg Keizer’s “Massive botnet returns from the dead, starts spamming” (Computerworld: 26 November 2008): A big spam-spewing botnet shut down two weeks ago has been resurrected, security researchers said today, and is again under the control of criminals. The “Srizbi” botnet returned from the dead late Tuesday, said Fengmin Gong, chief security content officer […]

The NSA and threats to privacy

From James Bamford’s “Big Brother Is Listening” (The Atlantic: April 2006): This legislation, the 1978 Foreign Intelligence Surveillance Act, established the FISA court—made up of eleven judges handpicked by the chief justice of the United States—as a secret part of the federal judiciary. The court’s job is to decide whether to grant warrants requested by […]

George Clinton and the sample troll

From Tim Wu’s “On Copyright’s Authorship Policy” (Internet Archive: 2007): On May 4, 2001, a one-man corporation named Bridgeport Music, Inc. launched over 500 counts of copyright infringement against more than 800 different artists and labels.1 Bridgeport Music has no employees, and other than copyrights, no reported assets.2 Technically, Bridgeport is a “catalogue company.” Others […]

How Obama raised money in Silicon Valley & using the Net

From Joshua Green’s “The Amazing Money Machine” (The Atlantic: June 2008): That early fund-raiser [in February 2007] and others like it were important to Obama in several respects. As someone attempting to build a campaign on the fly, he needed money to operate. As someone who dared challenge Hillary Clinton, he needed a considerable amount […]

How movies are moved around on botnets

From Chapter 2: Botnets Overview of Craig A. Schiller’s Botnets: The Killer Web App (Syngress: 2007): Figure 2.11 illustrates the use of botnets for selling stolen intellectual property, in this case Movies, TV shows, or video. The diagram is based on information from the Pyramid of Internet Piracy created by Motion Picture Arts Association (MPAA) […]