February 2009

Prices for various services and software in the underground

business, security / /

From Tom Espiner’s “Cracking open the cybercrime economy” (CNET News: 14 December 2007):

“Over the years, the criminal elements, the ones who are making money, making millions out of all this online crime, are just getting stronger and stronger. I don’t think we are really winning this war.”

As director of antivirus research for F-Secure, you might expect Mikko Hypponen to overplay the seriousness of the situation. But according to the Finnish company, during 2007 the number of samples of malicious code on its database doubled, having taken 20 years to reach the size it was at the beginning of this year.

“From Trojan creation sites out of Germany and the Eastern bloc, you can purchase kits and support for malware in yearly contracts,” said [David Marcus, security research manager at McAfee Avert Labs]. “They present themselves as a cottage industry which sells tools or creation kits. It’s hard to tell if it’s a conspiracy or a bunch of autonomous individuals who are good at covering their tracks.”

Joe Telafici, director of operations at McAfee’s Avert Labs, said Storm is continuing to evolve. “We’ve seen periodic activity from Storm indicating that it is still actively being maintained. They have actually ripped out core pieces of functionality to modify the obfuscation mechanisms that weren’t working any more. Most people keep changing the wrapper until it gets by (security software)–these guys changed the functionality.”

Peter Gutmann, a security researcher at the University of Auckland, says in a report that malicious software via the affiliate model–in which someone pays others to infect users with spyware and Trojans–has become more prevalent in 2007.

The affiliate model was pioneered by the iframedollars.biz site in 2005, which paid Webmasters 6 cents per infected site. Since then, this has been extended to a “vast number of adware affiliates,” according to Gutmann. For example, one adware supplier pays 30 cents for each install in the United States, 20 cents in Canada, 10 cents in the United Kingdom, and 1 or 2 cents elsewhere.

Hackers also piggyback malicious software on legitimate software. According to Gutmann, versions of coolwebsearch co-install a mail zombie and a keystroke logger, while some peer-to-peer and file-sharing applications come with bundled adware and spyware.

In March, the price quoted on malware sites for the Gozi Trojan, which steals data and sends it to hackers in an encrypted form, was between $1,000 and $2,000 for the basic version. Buyers could purchase add-on services at varying prices starting at $20.

In the 2007 black economy, everything can be outsourced, according to Gutmann. A scammer can buy hosts for a phishing site, buy spam services to lure victims, buy drops to send the money to, and pay a cashier to cash out the accounts. …

Antidetection vendors sell services to malicious-software and botnet vendors, who sell stolen credit card data to middlemen. Those middlemen then sell that information to fraudsters who deal in stolen credit card data and pay a premium for verifiably active accounts. “The money seems to be in the middlemen,” Gutmann says.

One example of this is the Gozi Trojan. According to reports, the malware was available this summer as a service from iFrameBiz and stat482.com, who bought the Trojan from the HangUp team, a group of Russian hackers. The Trojan server was managed by 76service.com, and hosted by the Russian Business Network, which security vendors allege offered “bullet-proof” hosting for phishing sites and other illicit operations.

According to Gutmann, there are many independent malicious-software developers selling their wares online. Private releases can be tailored to individual clients, while vendors offer support services, often bundling antidetection. For example, the private edition of Hav-rat version 1.2, a Trojan written by hacker Havalito, is advertised as being completely undetectable by antivirus companies. If it does get detected then it will be replaced with a new copy that again is supposedly undetectable.

Hackers can buy denial-of-service attacks for $100 per day, while spammers can buy CDs with harvested e-mail addresses. Spammers can also send mail via spam brokers, handled via online forums such as specialham.com and spamforum.biz. In this environment, $1 buys 1,000 to 5,000 credits, while $1,000 buys 10,000 compromised PCs. Credit is deducted when the spam is accepted by the target mail server. The brokers handle spam distribution via open proxies, relays and compromised PCs, while the sending is usually done from the client’s PC using broker-provided software and control information.

Carders, who mainly deal in stolen credit card details, openly publish prices, or engage in private negotiations to decide the price, with some sources giving bulk discounts for larger purchases. The rate for credit card details is approximately $1 for all the details down to the Card Verification Value (CVV); $10 for details with CVV linked to a Social Security number; and $50 for a full bank account.

Prices for various services and software in the underground Read More »

Criminals working together to improve their tools

business, security / /

From Dan Goodin’s “Crimeware giants form botnet tag team” (The Register: 5 September 2008):

The Rock Phish gang – one of the net’s most notorious phishing outfits – has teamed up with another criminal heavyweight called Asprox in overhauling its network with state-of-the-art technology, according to researchers from RSA.

Over the past five months, Rock Phishers have painstakingly refurbished their infrastructure, introducing several sophisticated crimeware packages that get silently installed on the PCs of its victims. One of those programs makes infected machines part of a fast-flux botnet that adds reliability and resiliency to the Rock Phish network.

Based in Europe, the Rock Phish group is a criminal collective that has been targeting banks and other financial institutions since 2004. According to RSA, they are responsible for half of the worldwide phishing attacks and have siphoned tens of millions of dollars from individuals’ bank accounts. The group got its name from a now discontinued quirk in which the phishers used directory paths that contained the word “rock.”

The first sign the group was expanding operations came in April, when it introduced a trojan known alternately as Zeus or WSNPOEM, which steals sensitive financial information in transit from a victim’s machine to a bank. Shortly afterward, the gang added more crimeware, including a custom-made botnet client that was spread, among other means, using the Neosploit infection kit.

Soon, additional signs appeared pointing to a partnership between Rock Phishers and Asprox. Most notably, the command and control server for the custom Rock Phish crimeware had exactly the same directory structure of many of the Asprox servers, leading RSA researchers to believe Rock Phish and Asprox attacks were using at least one common server. …

RSA researchers also noticed that a decrease in phishing attacks hosted on Rock Phishers’ old servers coincided with never-before-seen phishing attacks used on the Asprox botnet.

In this case, Rock Phishers seem to be betting that the spoofed pages used in their phishing attacks will remain up longer using fast-flux technology from Asprox.

“It just shows that these guys know each other and are willing to provide services to each other,” said Joe Stewart, a researcher at SecureWorks who has spent years tracking Asprox and groups that use fast-flux botnets. “This goes on in the underground all the time.”

Criminals working together to improve their tools Read More »

Wikipedia, freedom, & changes in production

business, history, science, social software, tech in changing society / /

From Clay Shirky’s “Old Revolutions, Good; New Revolutions, Bad” (Britannica Blog: 14 June 2007):

Gorman’s theory about print – its capabilities ushered in an age very different from manuscript culture — is correct, and the same kind of shift is at work today. As with the transition from manuscripts to print, the new technologies offer virtues that did not previously exist, but are now an assumed and permanent part of our intellectual environment. When reproduction, distribution, and findability were all hard, as they were for the last five hundred years, we needed specialists to undertake those jobs, and we properly venerated them for the service they performed. Now those tasks are simpler, and the earlier roles have instead become obstacles to direct access.

Digital and networked production vastly increase three kinds of freedom: freedom of speech, of the press, and of assembly. This perforce increases the freedom of anyone to say anything at any time. This freedom has led to an explosion in novel content, much of it mediocre, but freedom is like that. Critically, this expansion of freedom has not undermined any of the absolute advantages of expertise; the virtues of mastery remain as they were. What has happened is that the relative advantages of expertise are in precipitous decline. Experts the world over have been shocked to discover that they were consulted not as a direct result of their expertise, but often as a secondary effect – the apparatus of credentialing made finding experts easier than finding amateurs, even when the amateurs knew the same things as the experts.

The success of Wikipedia forces a profound question on print culture: how is information to be shared with the majority of the population? This is an especially tough question, as print culture has so manifestly failed at the transition to a world of unlimited perfect copies. Because Wikipedia’s contents are both useful and available, it has eroded the monopoly held by earlier modes of production. Other encyclopedias now have to compete for value to the user, and they are failing because their model mainly commits them to denying access and forbidding sharing. If Gorman wants more people reading Britannica, the choice lies with its management. Were they to allow users unfettered access to read and share Britannica’s content tomorrow, the only interesting question is whether their readership would rise a ten-fold or a hundred-fold.

Britannica will tell you that they don’t want to compete on universality of access or sharability, but this is the lament of the scribe who thinks that writing fast shouldn’t be part of the test. In a world where copies have become cost-free, people who expend their resources to prevent access or sharing are forgoing the principal advantages of the new tools, and this dilemma is common to every institution modeled on the scarcity and fragility of physical copies. Academic libraries, which in earlier days provided a service, have outsourced themselves as bouncers to publishers like Reed-Elsevier; their principal job, in the digital realm, is to prevent interested readers from gaining access to scholarly material.

Wikipedia, freedom, & changes in production Read More »

How ARP works

technology / /

From Chris Sanders’ “Packet School 201 – Part 1 (ARP)” (Completely Full of I.T.: 23 December 2007):

The basic idea behind ARP is for a machine to broadcast its IP address and MAC address to all of the clients in its broadcast domain in order to find out the IP address associated with a particular MAC address. Basically put, it looks like this:

Computer A – “Hey everybody, my IP address is XX.XX.XX.XX, and my MAC address is XX:XX:XX:XX:XX:XX. I need to send something to whoever has the IP address XX.XX.XX.XX, but I don’t know what their hardware address is. Will whoever has this IP address please respond back with their MAC address?

All of the other computers that receive the broadcast will simply ignore it, however, the one who does have the requested IP address will send its MAC address to Computer A. With this information in hand, the exchange of data can being.

Computer B – “Hey Computer A. I am who you are looking for with the IP address of XX.XX.XX.XX. My MAC address is XX:XX:XX:XX:XX:XX.

One of the best ways I’ve seen this concept described is through the limousine driver analogy. If you have ever flown, then chances are when you get off of a plane, you have seen a limo driver standing with a sign bearing someone’s last name. Here, the driver knows the name of the person he is picking up, but doesn’t know what they look like. The driver holds up the sign so that everyone can see it. All of the people getting off of the plane see the sign, and if it isn’t them, they simply ignore it. The person whose name is on the card however, sees it, approaches the driver, and identifies himself.

How ARP works Read More »

Bush, rhetoric, & the exercise of power

history, language & literature, politics / /

From Mark Danner’s “Words in a Time of War: Taking the Measure of the First Rhetoric-Major President” (Tomgram: 10 May 2007):

[Note: This commencement address was given to graduates of the Department of Rhetoric at Zellerbach Hall, University of California, Berkeley, on May 10, 2007]

I give you my favorite quotation from the Bush administration, put forward by the proverbial “unnamed Administration official” and published in the New York Times Magazine by the fine journalist Ron Suskind in October 2004. Here, in Suskind’s recounting, is what that “unnamed Administration official” told him:

“The aide said that guys like me were ‘in what we call the reality-based community,’ which he defined as people who ‘believe that solutions emerge from your judicious study of discernible reality.’ I nodded and murmured something about enlightenment principles and empiricism. He cut me off. ‘That’s not the way the world really works anymore,’ he continued. ‘We’re an empire now, and when we act, we create our own reality. And while you’re studying that reality — judiciously, as you will — we’ll act again, creating other new realities, which you can study too, and that’s how things will sort out. We’re history’s actors…. and you, all of you, will be left to just study what we do.'”

It was the assumption of this so-called preponderance that lay behind the philosophy of power enunciated by Bush’s Brain [Karl Rove] and that led to an attitude toward international law and alliances that is, in my view, quite unprecedented in American history. That radical attitude is brilliantly encapsulated in a single sentence drawn from the National Security Strategy of the United States of 2003: “Our strength as a nation-state will continue to be challenged by those who employ a strategy of the weak using international fora, judicial processes and terrorism.” Let me repeat that little troika of “weapons of the weak”: international fora (meaning the United Nations and like institutions), judicial processes (meaning courts, domestic and international), and…. terrorism. This strange gathering, put forward by the government of the United States, stems from the idea that power is, in fact, everything. In such a world, courts — indeed, law itself — can only limit the power of the most powerful state. Wielding preponderant power, what need has it for law? The latter must be, by definition, a weapon of the weak. The most powerful state, after all, makes reality.

Bush, rhetoric, & the exercise of power Read More »

The Yakuza’s influence in Japan

business, history, law, politics, security / /

From Jake Adelstein’s “This Mob Is Big in Japan” (The Washington Post: 11 May 2008):

Most Americans think of Japan as a law-abiding and peaceful place, as well as our staunch ally, but reporting on the underworld gave me a different perspective. Mobs are legal entities here. Their fan magazines and comic books are sold in convenience stores, and bosses socialize with prime ministers and politicians. …

I loved my job. The cops fighting organized crime are hard-drinking iconoclasts — many look like their mobster foes, with their black suits and slicked-back hair. They’re outsiders in Japanese society, and perhaps because I was an outsider too, we got along well. The yakuza’s tribal features are also compelling, like those of an alien life form: the full-body tattoos, missing digits and pseudo-family structure. …

The Japanese National Police Agency (NPA) estimates that the yakuza have almost 80,000 members. The most powerful faction, the Yamaguchi-gumi, is known as “the Wal-Mart of the yakuza” and reportedly has close to 40,000 members. In Tokyo alone, the police have identified more than 800 yakuza front companies: investment and auditing firms, construction companies and pastry shops. The mobsters even set up their own bank in California, according to underworld sources.

Over the last seven years, the yakuza have moved into finance. Japan’s Securities and Exchange Surveillance Commission has an index of more than 50 listed companies with ties to organized crime.

In the good old days, the yakuza made most of their money from sleaze: prostitution, drugs, protection money and child pornography. Kiddie porn is still part of their base income — and another area where Japan isn’t acting like America’s friend.

In 1999, my editors assigned me to cover the Tokyo neighborhood that includes Kabukicho, Japan’s largest red-light district. Japan had recently outlawed child pornography — reluctantly, after international pressure left officials no choice. But the ban, which is still in effect, had a major flaw: It criminalized producing and selling child pornography, not owning it. So the big-money industry goes on, unabated.

I’m not entirely objective on the issue of the yakuza in my adopted homeland. Three years ago, [Tadamasa Goto, a notorious Japanese gang boss, the one that some federal agents call the “John Gotti of Japan”] got word that I was reporting an article about his liver transplant. A few days later, his underlings obliquely threatened me. Then came a formal meeting. The offer was straightforward. “Erase the story or be erased,” one of them said. “Your family too.”

The Yakuza’s influence in Japan Read More »

Gottman on relationships

science / /

From THE MATHEMATICS OF LOVE: A Talk with John Gottman (Edge: 14 April 2004):

So far, his surmise is that “respect and affection are essential to all relationships working and contempt destroys them. It may differ from culture to culture how to communicate respect, and how to communicate affection, and how not to do it, but I think we’ll find that those are universal things”.

Another puzzle I’m working on is just what happens when a baby enters a relationship. Our study shows that the majority (67%) of couples have a precipitous drop in relationship happiness in the first 3 years of their first baby’s life. That’s tragic in terms of the climate of inter-parental hostility and depression that the baby grows up in. That affective climate between parents is the real cradle that holds the baby. And for the majority of families that cradle is unsafe for babies.

So far I believe we’re going to find that respect and affection are essential to all relationships working and contempt destroys them. It may differ from culture to culture how to communicate respect, and how to communicate affection, and how not to do it, but I think we’ll find that those are universal things.

Bob Levenson and I were very surprised when, in 1983, we found that we could actually predict, with over 90 percent accuracy, what was going to happen to a relationship over a three-year period just by examining their physiology and behavior during a conflict discussion, and later just from an interview about how the couple viewed their past. 90% accuracy!

That was surprising to us. It seemed that people either started in a mean-spirited way, a critical way, started talking about a disagreement, started talking about a problem as just a symptom of their partner’s inadequate character, which made their partner defensive and escalated the conflict, and people started getting mean and insulting to one another. That predicted the relationship was going to fall apart. 96% of the time the way the conflict discussion started in the first 3 minutes determined how it would go for the rest of the discussion. And four years later it was like no time had passed, their interaction style was almost identical. Also 69% of the time they were talking about the same issues, which we realized then were “perpetual issues” that they would never solve. These were basic personality differences that never went away. She was more extroverted or she was more of an explorer or he was more punctual or frugal.

Some couples were caught by the web of these perpetual issues and made each other miserable, they were “grid locked” like bumper-to-bumper traffic with these issues, while other couples had similar issues but coped with them and had a “dialogue” that even contained laughter and affection. It seemed that relationships last to the extent that you select someone whose annoying personality traits don’t send you into emotional orbit. Once again conventional wisdom was wrong. The big issue wasn’t helping couples resolve their conflicts, but moving them from gridlock to dialogue. And the secret of how to do that turned out to be having each person talk about their dream within the conflict and bringing Viktor Frankl’s existential logotherapy into the marital boxing ring. Once people talked about what they wished for and hoped for in this gridlock conflict and the narrative of why this was so important to them, in 86% of the cases they would move from gridlock to dialogue. Again a new door opened. Not all marital conflicts are the same. You can’t teach people a set of skills and just apply them to every issue. Some issues are deeper, they have more meaning. And then it turned out that the very issues that cause the most pain and alienation can also be the greatest sources of intimacy and connection.

Another surprise: we followed couples for as long as 20 years, and we found that there was another kind of couple that didn’t really show up on the radar; they looked fine, they weren’t mean, they didn’t escalate the conflict — but about 16 to 22 years after the wedding they started divorcing. They were often the pillars of their community. They seemed very calm and in control of their lives, and then suddenly they break up. Everyone is shocked and horrified. But we could look back at our early tapes and see the warning signs we had never seen before. Those people were people who just didn’t have very much positive connection. There wasn’t very much affection — and also especially humor — between them.

…These sorts of emotionally disconnected relationships were another important dimension of failed relationships. We learned through them that the quality of the friendship and intimacy affects the nature of conflict in a very big way.

One of the major things we found is that honoring your partner’s dreams is absolutely critical. A lot of times people have incompatible dreams — or they don’t want to honor their partner’s dreams, or they don’t want to yield power, they don’t want to share power. So that explains a lot of times why they don’t really belong together.

Psycho-physiology is an important part of this research. It’s something that Bob Levenson brought to the search initially, and then I got trained in psycho-physiology as well. And the reason we’re interested in what was happening in the body is that there’s an intimate connection between what’s happening to the autonomic nervous system and what happening in the brain, and how well people can take in information — how well they can just process information — for example, just being able to listen to your partner — that is much harder when your heart rate is above the intrinsic rate of the heart, which is around a hundred to a hundred and five beats a minute for most people with a healthy heart.

At that point we know, from Loren Rowling’s work, that people start secreting adrenalin, and then they get into a state of diffuse physiological arousal (or DPA) , so their heart is beating faster, it’s contracting harder, the arteries start getting constricted, blood is drawn away from the periphery into the trunk, the blood supply shuts down to the gut and the kidney, and all kinds of other things are happening — people are sweating, and things are happening in the brain that create a tunnel vision, one in which they perceive everything as a threat and they react as if they have been put in great danger by this conversation.

Because men are different. Men have a lot of trouble when they reach a state of vigilance, when they think there’s real danger, they have a lot of trouble calming down. and there’s probably an evolutionary history to that. Because it functioned very well for our hominid ancestors, anthropologists think, for men to stay physiologically aroused and vigilant, in cooperative hunting and protecting the tribe, which was a role that males had very early in our evolutionary history. Whereas women had the opposite sort of role, in terms of survival of the species, those women reproduced more effectively who had the milk-let-down reflex, which only happens when oxytocin is secreted in the brain, it only happens when women — as any woman knows who’s been breast-feeding, you have to be able to calm down and relax. But oxytocin is also the hormone of affiliation. So women have developed this sort of social order, caring for one another, helping one another, and affiliating, that also allows them to really calm down and have the milk let-down reflex. And so — it’s one of nature’s jokes. Women can calm down, men can’t; they stay aroused and vigilant.

Physiology becomes really critical in this whole thing. A provocative finding from Alyson Shapiro’s recent dissertation is that if we take a look at how a couple argues when the woman is in the sixth month of pregnancy, we can predict over half the variation in the baby, the three-month-old baby’s vagal tone, which is the ability of the vagus nerve, the major nerve of the parasympathetic branch of the autonomic nervous system, which is responsible for establishing calm and focusing attention. That vagus nerve in the baby is eventually going to be working well if the parents, during pregnancy, are fighting with each other constructively. That takes us into fetal development, a whole new realm of inquiry.

You have to study gay and Lesbian couples who are committed to each other as well as heterosexual couples who are committed to each other, and try and match things as much as you can, like how long they’ve been together, and the quality of their relationship. And we’ve done that, and we find that there are two gender differences that really hold up.

One is that if a man presents an issue, to either a man he’s in love with or a woman he’s in love with, the man is angrier presenting the issue. And we find that when a woman receives an issue, either from a woman she loves or a man she loves, she is much more sad than a man would be receiving that same issue. It’s about anger and sadness. Why? Remember, Bowlby taught us that attachment and loss and grief are part of the same system. So women are finely tuned to attaching and connecting and to sadness and loss and grief, while men are attuned to defend, stay vigilant, attack, to anger. My friend Levenson did an acoustic startle study (that’s where you shoot of a blank pistol behind someone’s head when they least expect it). Men had a bigger heart rate reactivity and took longer to recover, which we would expect, but what even more interesting is that when you asked people what they were feeling, women were scared and men were angry.

So that’s probably why those two differences have held up. Physiologically people find over and over again in heterosexual relationships — and this hasn’t been studied yet in gay and Lesbian relationships — that men have a lower flash point for increasing heart-rate arousal, and it takes them longer to recover. And not only that, but when men are trying to recover, and calm down, they can’t do it very well because they keep naturally rehearsing thoughts of righteous indignation and feeling like an innocent victim. They maintain their own vigilance and arousal with these thoughts, mostly of getting even, whereas women really can distract themselves and calm down physiologically from being angered or being upset about something. If women could affiliate and secrete oxytocin when they felt afraid, they’s even calm down faster, probably.

Gottman on relationships Read More »

ODF compared & constrasted with OOXML

business, technology / /

From Sam Hiser’s “Achieving Openness: A Closer Look at ODF and OOXML” (ONLamp.com: 14 June 2007):

An open, XML-based standard for displaying and storing data files (text documents, spreadsheets, and presentations) offers a new and promising approach to data storage and document exchange among office applications. A comparison of the two XML-based formats–OpenDocument Format (“ODF”) and Office Open XML (“OOXML”)–across widely accepted “openness” criteria has revealed substantial differences, including the following:

  • ODF is developed and maintained in an open, multi-vendor, multi-stakeholder process that protects against control by a single organization. OOXML is less open in its development and maintenance, despite being submitted to a formal standards body, because control of the standard ultimately rests with one organization.
  • ODF is the only openly available standard, published fully in a document that is freely available and easy to comprehend. This openness is reflected in the number of competing applications in which ODF is already implemented. Unlike ODF, OOXML’s complexity, extraordinary length, technical omissions, and single-vendor dependencies combine to make alternative implementation unattractive as well as legally and practically impossible.
  • ODF is the only format unencumbered by intellectual property rights (IPR) restrictions on its use in other software, as certified by the Software Freedom Law Center. Conversely, many elements designed into the OOXML formats but left undefined in the OOXML specification require behaviors upon document files that only Microsoft Office applications can provide. This makes data inaccessible and breaks work group productivity whenever alternative software is used.
  • ODF offers interoperability with ODF-compliant applications on most of the common operating system platforms. OOXML is designed to operate fully within the Microsoft environment only. Though it will work elegantly across the many products in the Microsoft catalog, OOXML ignores accepted standards and best practices regarding its use of XML.

Overall, a comparison of both formats reveals significant differences in their levels of openness. While ODF is revealed as sufficiently open across all four key criteria, OOXML shows relative weakness in each criteria and offers fundamental flaws that undermine its candidacy as a global standard.

ODF compared & constrasted with OOXML Read More »

The future of security

business, law, security, technology / /

From Bruce Schneier’s “Security in Ten Years” (Crypto-Gram: 15 December 2007):

Bruce Schneier: … The nature of the attacks will be different: the targets, tactics and results. Security is both a trade-off and an arms race, a balance between attacker and defender, and changes in technology upset that balance. Technology might make one particular tactic more effective, or one particular security technology cheaper and more ubiquitous. Or a new emergent application might become a favored target.

By 2017, people and organizations won’t be buying computers and connectivity the way they are today. The world will be dominated by telcos, large ISPs and systems integration companies, and computing will look a lot like a utility. Companies will be selling services, not products: email services, application services, entertainment services. We’re starting to see this trend today, and it’s going to take off in the next 10 years. Where this affects security is that by 2017, people and organizations won’t have a lot of control over their security. Everything will be handled at the ISPs and in the backbone. The free-wheeling days of general-use PCs will be largely over. Think of the iPhone model: You get what Apple decides to give you, and if you try to hack your phone, they can disable it remotely. We techie geeks won’t like it, but it’s the future. The Internet is all about commerce, and commerce won’t survive any other way.

Marcus Ranum: … Another trend I see getting worse is government IT know-how. At the rate outsourcing has been brain-draining the federal workforce, by 2017 there won’t be a single government employee who knows how to do anything with a computer except run PowerPoint and Web surf. Joking aside, the result is that the government’s critical infrastructure will be almost entirely managed from the outside. The strategic implications of such a shift have scared me for a long time; it amounts to a loss of control over data, resources and communications.

Bruce Schneier: … I’m reminded of the post-9/11 anti-terrorist hysteria — we’ve confused security with control, and instead of building systems for real security, we’re building systems of control. Think of ID checks everywhere, the no-fly list, warrantless eavesdropping, broad surveillance, data mining, and all the systems to check up on scuba divers, private pilots, peace activists and other groups of people. These give us negligible security, but put a whole lot of control in the government’s hands.

That’s the problem with any system that relies on control: Once you figure out how to hack the control system, you’re pretty much golden. So instead of a zillion pesky worms, by 2017 we’re going to see fewer but worse super worms that sail past our defenses.

The future of security Read More »

My new book – Google Apps Deciphered – is out!

business, education, history, personal, social software, tech help, tech in changing society, technology / /

I’m really proud to announce that my 5th book is now out & available for purchase: Google Apps Deciphered: Compute in the Cloud to Streamline Your Desktop. My other books include:

(I’ve also contributed to two others: Ubuntu Hacks: Tips & Tools for Exploring, Using, and Tuning Linux and Microsoft Vista for IT Security Professionals.)

Google Apps Deciphered is a guide to setting up Google Apps, migrating to it, customizing it, and using it to improve productivity, communications, and collaboration. I walk you through each leading component of Google Apps individually, and then show my readers exactly how to make them work together for you on the Web or by integrating them with your favorite desktop apps. I provide practical insights on Google Apps programs for email, calendaring, contacts, wikis, word processing, spreadsheets, presentations, video, and even Google’s new web browser Chrome. My aim was to collect together and present tips and tricks I’ve gained by using and setting up Google Apps for clients, family, and friends.

Here’s the table of contents:

  • 1: Choosing an Edition of Google Apps
  • 2: Setting Up Google Apps
  • 3: Migrating Email to Google Apps
  • 4: Migrating Contacts to Google Apps
  • 5: Migrating Calendars to Google Apps
  • 6: Managing Google Apps Services
  • 7: Setting Up Gmail
  • 8: Things to Know About Using Gmail
  • 9: Integrating Gmail with Other Software and Services
  • 10: Integrating Google Contacts with Other Software and Services
  • 11: Setting Up Google Calendar
  • 12: Things to Know About Using Google Calendar
  • 13: Integrating Google Calendar with Other Software and Services
  • 14: Things to Know About Using Google Docs
  • 15: Integrating Google Docs with Other Software and Services
  • 16: Setting Up Google Sites
  • 17: Things to Know About Using Google Sites
  • 18: Things to Know About Using Google Talk
  • 19: Things to Know About Using Start Page
  • 20: Things to Know About Using Message Security and Recovery
  • 21: Things to Know About Using Google Video
  • Appendix A: Backing Up Google Apps
  • Appendix B: Dealing with Multiple Accounts
  • Appendix C: Google Chrome: A Browser Built for Cloud Computing

If you want to know more about Google Apps and how to use it, then I know you’ll enjoy and learn from Google Apps Deciphered. You can read about and buy the book at Amazon (http://www.amazon.com/Google-Apps-Deciphered-Compute-Streamline/dp/0137004702) for $26.39. If you have any questions or comments, don’t hesitate to contact me at scott at granneman dot com.

My new book – Google Apps Deciphered – is out! Read More »

A single medium, with a single search engine, & a single info source

business, education, social software, tech in changing society, technology / /

From Nicholas Carr’s “All hail the information triumvirate!” (Rough Type: 22 January 2009):

Today, another year having passed, I did the searches [on Google] again. And guess what:

World War II: #1
Israel: #1
George Washington: #1
Genome: #1
Agriculture: #1
Herman Melville: #1
Internet: #1
Magna Carta: #1
Evolution: #1
Epilepsy: #1

Yes, it’s a clean sweep for Wikipedia.

The first thing to be said is: Congratulations, Wikipedians. You rule. Seriously, it’s a remarkable achievement. Who would have thought that a rag-tag band of anonymous volunteers could achieve what amounts to hegemony over the results of the most popular search engine, at least when it comes to searches for common topics.

The next thing to be said is: what we seem to have here is evidence of a fundamental failure of the Web as an information-delivery service. Three things have happened, in a blink of history’s eye: (1) a single medium, the Web, has come to dominate the storage and supply of information, (2) a single search engine, Google, has come to dominate the navigation of that medium, and (3) a single information source, Wikipedia, has come to dominate the results served up by that search engine. Even if you adore the Web, Google, and Wikipedia – and I admit there’s much to adore – you have to wonder if the transformation of the Net from a radically heterogeneous information source to a radically homogeneous one is a good thing. Is culture best served by an information triumvirate?

It’s hard to imagine that Wikipedia articles are actually the very best source of information for all of the many thousands of topics on which they now appear as the top Google search result. What’s much more likely is that the Web, through its links, and Google, through its search algorithms, have inadvertently set into motion a very strong feedback loop that amplifies popularity and, in the end, leads us all, lemminglike, down the same well-trod path – the path of least resistance. You might call this the triumph of the wisdom of the crowd. I would suggest that it would be more accurately described as the triumph of the wisdom of the mob. The former sounds benign; the latter, less so.

A single medium, with a single search engine, & a single info source Read More »