January 2009

Old botnets dead; new botnets coming

business, security / /

From Joel Hruska’s “Meet Son of Storm, Srizbi 2.0: next-gen botnets come online” (Ars Technica: 15 January 2009):

First the good news: SecureWorks reports that Storm is dead, Bobax/Kraken is moribund, and both Srizbi and Rustock were heavily damaged by the McColo takedown; Srizbi is now all but silent, while Rustock remains viable. That’s three significant botnets taken out and one damaged in a single year; cue (genuine) applause.

The bad news kicks in further down the page with a fresh list of botnets what need to be watched. Rustock and Mega-D (also known as Ozdok) are still alive and kicking, while newcomers Xarvester and Waledac could cause serious problems in 2009. Xarvester, according to Marshal may be an updated form of Srizbi; the two share a number of common features, including:

* HTTP command and control over nonstandard ports
* Encrypted template files contain several files needed for spamming
* Bots don’t need to do their own DNS lookups to send spam
* Config files have similar format and data
* Uploads Minidump crash file

Old botnets dead; new botnets coming Read More »

A definition of cloud computing

business, technology / /

From Darryl K. Taft’s “Predictions for the Cloud in 2009” (eWeek: 29 December 2008):

[Peter] Coffee, who is now director of platform research at Salesforce.com, said, “I’m currently using a simple reference model for what a ‘cloud computing’ initiative should try to provide. I’m borrowing from the famous Zero-One-Infinity rule, canonically defined in The Jargon File…”

He continued, “It seems to me that a serious effort at delivering cloud benefits pursues the following ideals—perhaps never quite reaching them, but clearly having them as goals within theoretical possibility: Zero—On-premise[s] infrastructure, acquisition cost, adoption cost and support cost. One—Coherent software environment—not a ‘stack’ of multiple products from different providers. This avoids the chaos of uncoordinated release cycles or deferred upgrades. Infinity—Scalability in response to changing need, integratability/interoperability with legacy assets and other services, and customizability/programmability from data, through logic, up into the user interface without compromising robust multitenancy.”

A definition of cloud computing Read More »

Social networks can be used to manipulate affinity groups

business, law, religion, security, tech in changing society / /

From Ronald A. Cass’ “Madoff Exploited the Jews” (The Wall Street Journal: 18 December 2008):

Steven Spielberg. Elie Wiesel. Mort Zuckerman. Frank Lautenberg. Yeshiva University. As I read the list of people and enterprises reportedly bilked to the tune of $50 billion by Bernard Madoff, I recalled a childhood in which my father received bad news by asking first, “Was it a Jew?” My father coupled sensitivity to anti-Semitism with special sympathy for other Jews. In contrast, Mr. Madoff, it seems, targeted other Jews, drawing them in at least in some measure because of a shared faith.

The Madoff tale is striking in part because it is like stealing from family. Yet frauds that prey on people who share bonds of religion or ethnicity, who travel in the same circles, are quite common. Two years ago the Securities and Exchange Commission issued a warning about “affinity fraud.” The SEC ticked off a series of examples of schemes that were directed at members of a community: Armenian-Americans, Baptist Church members, Jehovah’s Witnesses, African-American church groups, Korean-Americans. In each case, the perpetrator relied on the fact that being from the same community provided a reason to trust the sales pitch, to believe it was plausible that someone from the same background would give you a deal that, if offered by someone without such ties, would sound too good to be true.

The sense of common heritage, of community, also makes it less seemly to ask hard questions. Pressing a fellow parishioner or club member for hard information is like demanding receipts from your aunt — it just doesn’t feel right. Hucksters know that, they play on it, and they count on our trust to make their confidence games work.

The level of affinity and of trust may be especially high among Jews. The Holocaust and generations of anti-Semitic laws and practices around the world made reliance on other Jews, and care for them, a survival instinct. As a result, Jews are often an easy target both for fund-raising appeals and fraud. But affinity plays a role in many groups, making members more trusting of appeals within the group.

Social networks can be used to manipulate affinity groups Read More »

Real-life superheroes

weird / /

From John Harlow’s “Amateur crimefighters are surging in the US” (The Times: 28 December 2008):

There are, according to the recently launched World Superhero Registry, more than 200 men and a few women who are willing to dress up as comic book heroes and patrol the urban streets in search of, if not super-villains, then pickpockets and bullies.

They may look wacky, but the superhero community was born in the embers of the 9/11 terrorist attacks when ordinary people wanted to do something short of enlisting. They were boosted by a glut of Hollywood superhero movies.

In recent weeks, prompted by heady buzz words such as “active citizenry” during the Barack Obama campaign, the pace of enrolment has speeded up. Up to 20 new “Reals”, as they call themselves, have materialised in the past month.

The Real rules are simple. They must stand for unambiguous and unsponsored good. They must create their own Spandex and rubber costumes without infringing Marvel or DC Comics copyrights, but match them with exotic names – Green Scorpion in Arizona, Terrifica in New York, Mr Xtreme in San Diego and Mr Silent in Indianapolis.

They must shun guns or knives to avoid being arrested as vigilantes, even if their nemeses may be armed. Their best weapon is not muscle but the internet – an essential tool in their war on crime is a homepage stating the message of doom for super-villains.

[Citizen] Prime patrols some of the most dangerous streets in Phoenix but, like most Reals, is reluctant to speak about the villains he has dispatched with a blow from his martial arts-honed forearm. He does admit helping a motorist change a flat tyre.

Real-life superheroes Read More »

DIY genetic engineering

business, education, science, tech in changing society, technology / /

From Marcus Wohlsen’s “Amateurs are trying genetic engineering at home” (AP: 25 December 2008):

Now, tinkerers are working at home with the basic building blocks of life itself.

Using homemade lab equipment and the wealth of scientific knowledge available online, these hobbyists are trying to create new life forms through genetic engineering — a field long dominated by Ph.D.s toiling in university and corporate laboratories.

In her San Francisco dining room lab, for example, 31-year-old computer programmer Meredith L. Patterson is trying to develop genetically altered yogurt bacteria that will glow green to signal the presence of melamine, the chemical that turned Chinese-made baby formula and pet food deadly.

Many of these amateurs may have studied biology in college but have no advanced degrees and are not earning a living in the biotechnology field. Some proudly call themselves “biohackers” — innovators who push technological boundaries and put the spread of knowledge before profits.

In Cambridge, Mass., a group called DIYbio is setting up a community lab where the public could use chemicals and lab equipment, including a used freezer, scored for free off Craigslist, that drops to 80 degrees below zero, the temperature needed to keep many kinds of bacteria alive.

Patterson, the computer programmer, wants to insert the gene for fluorescence into yogurt bacteria, applying techniques developed in the 1970s.

She learned about genetic engineering by reading scientific papers and getting tips from online forums. She ordered jellyfish DNA for a green fluorescent protein from a biological supply company for less than $100. And she built her own lab equipment, including a gel electrophoresis chamber, or DNA analyzer, which she constructed for less than $25, versus more than $200 for a low-end off-the-shelf model.

DIY genetic engineering Read More »