CCTV in your plane’s cabin?

business, law, security, tech in changing society / /

From Michael Reilly’s “In-flight surveillance could foil terrorists in the sky” (New Scientist: 29 May 2008):

CCTV cameras are bringing more and more public places under surveillance – and passenger aircraft could be next.

A prototype European system uses multiple cameras and “Big Brother” software to try and automatically detect terrorists or other dangers caused by passengers.

The European Union’s Security of Aircraft in the Future European Environment (SAFEE) project uses a camera in every passenger’s seat, with six wide-angle cameras to survey the aisles. Software then analyses the footage to detect developing terrorist activity or “air-rage” incidents, by tracking passengers’ facial expressions.

“It looks for running in the cabin, standing near the cockpit for long periods of time, and other predetermined indicators that suggest a developing threat,” says James Ferryman of the University of Reading, UK, one of the system’s developers.

Other behaviours could include a person nervously touching their face, or sweating excessively. One such behaviour won’t trigger the system to alert the crew, only certain combinations of them.

CCTV in your plane’s cabin? Read More »

Give CLEAR your info, watch CLEAR lose your info

business, law, politics, security, tech in changing society, technology / /

From “Missing SFO Laptop With Sensitive Data Found” (CBS5: 5 August 2008):

The company that runs a fast-pass security prescreening program at San Francisco International Airport said Tuesday that it found a laptop containing the personal information of 33,000 people more than a week after it apparently went missing.

The Transportation Security Administration announced late Monday that it had suspended new enrollments to the program, known as Clear, after the unencrypted computer was reported stolen at SFO.

The laptop was found Tuesday morning in the same company office where it supposedly had gone missing on July 26, said spokeswoman Allison Beer.

“It was not in an obvious location,” said Beer, who said an investigation was under way to determine whether the computer was actually stolen or had just been misplaced.

The laptop contained personal information on applicants to the program, including names, address and birth dates, and in some cases driver’s license, passport or green card numbers, the company said.

The laptop did not contain Social Security numbers, credit card numbers or fingerprint or iris images used to verify identities at the checkpoints, Beer said.

In a statement, the company said the information on the laptop, which was originally reported stolen from its locked office, “is secured by two levels of password protection.” Beer called the fact that the personal information itself was not encrypted “a mistake” that the company would fix.

Give CLEAR your info, watch CLEAR lose your info Read More »

Socioeconomic analysis of MySpace & Facebook

business, education, politics, social software, tech in changing society / /

From danah boyd’s “Viewing American class divisions through Facebook and MySpace” (danah boyd: 24 June 2007):

When MySpace launched in 2003, it was primarily used by 20/30-somethings (just like Friendster before it). The bands began populating the site by early 2004 and throughout 2004, the average age slowly declined. It wasn’t until late 2004 that teens really started appearing en masse on MySpace and 2005 was the year that MySpace became the “in thing” for teens.

Facebook launched in 2004 as a Harvard-only site. It slowly expanded to welcome people with .edu accounts from a variety of different universities. In mid-2005, Facebook opened its doors to high school students, but it wasn’t that easy to get an account because you needed to be invited. As a result, those who were in college tended to invite those high school students that they liked. Facebook was strongly framed as the “cool” thing that college students did.

In addition to the college framing, the press coverage of MySpace as dangerous and sketchy alienated “good” kids. Facebook seemed to provide an ideal alternative. Parents weren’t nearly as terrified of Facebook because it seemed “safe” thanks to the network-driven structure.

She argues that class divisions in the United States have more to do with lifestyle and social stratification than with income. In other words, all of my anti-capitalist college friends who work in cafes and read Engels are not working class just because they make $14K a year and have no benefits. Class divisions in the United States have more to do with social networks (the real ones, not FB/MS), social capital, cultural capital, and attitudes than income. Not surprisingly, other demographics typically discussed in class terms are also a part of this lifestyle division. Social networks are strongly connected to geography, race, and religion; these are also huge factors in lifestyle divisions and thus “class.”

The goodie two shoes, jocks, athletes, or other “good” kids are now going to Facebook. These kids tend to come from families who emphasize education and going to college. They are part of what we’d call hegemonic society. They are primarily white, but not exclusively. They are in honors classes, looking forward to the prom, and live in a world dictated by after school activities.

MySpace is still home for Latino/Hispanic teens, immigrant teens, “burnouts,” “alternative kids,” “art fags,” punks, emos, goths, gangstas, queer kids, and other kids who didn’t play into the dominant high school popularity paradigm. These are kids whose parents didn’t go to college, who are expected to get a job when they finish high school. These are the teens who plan to go into the military immediately after schools. Teens who are really into music or in a band are also on MySpace. MySpace has most of the kids who are socially ostracized at school because they are geeks, freaks, or queers.

In order to demarcate these two groups, let’s call the first group of teens “hegemonic teens” and the second group “subaltern teens.”

Most teens who exclusively use Facebook are familiar with and have an opinion about MySpace. These teens are very aware of MySpace and they often have a negative opinion about it. They see it as gaudy, immature, and “so middle school.” They prefer the “clean” look of Facebook, noting that it is more mature and that MySpace is “so lame.” What hegemonic teens call gaudy can also be labeled as “glitzy” or “bling” or “fly” (or what my generation would call “phat”) by subaltern teens. Terms like “bling” come out of hip-hop culture where showy, sparkly, brash visual displays are acceptable and valued. The look and feel of MySpace resonates far better with subaltern communities than it does with the upwardly mobile hegemonic teens. … That “clean” or “modern” look of Facebook is akin to West Elm or Pottery Barn or any poshy Scandinavian design house (that I admit I’m drawn to) while the more flashy look of MySpace resembles the Las Vegas imagery that attracts millions every year. I suspect that lifestyles have aesthetic values and that these are being reproduced on MySpace and Facebook.

I should note here that aesthetics do divide MySpace users. The look and feel that is acceptable amongst average Latino users is quite different from what you see the subculturally-identified outcasts using. Amongst the emo teens, there’s a push for simple black/white/grey backgrounds and simplistic layouts. While I’m using the term “subaltern teens” to lump together non-hegemonic teens, the lifestyle divisions amongst the subalterns are quite visible on MySpace through the aesthetic choices of the backgrounds. The aesthetics issue is also one of the forces that drives some longer-term users away from MySpace.

Teens from poorer backgrounds who are on MySpace are less likely to know people who go to universities. They are more likely to know people who are older than them, but most of their older friends, cousins, and co-workers are on MySpace. It’s the cool working class thing and it’s the dominant SNS at community colleges. These teens are more likely to be interested in activities like shows and clubs and they find out about them through MySpace. The subaltern teens who are better identified as “outsiders” in a hegemonic community tend to be very aware of Facebook. Their choice to use MySpace instead of Facebook is a rejection of the hegemonic values (and a lack of desire to hang out with the preps and jocks even online).

Class divisions in military use

A month ago, the military banned MySpace but not Facebook. This was a very interesting move because the division in the military reflects the division in high schools. Soldiers are on MySpace; officers are on Facebook. Facebook is extremely popular in the military, but it’s not the SNS of choice for 18-year old soldiers, a group that is primarily from poorer, less educated communities. They are using MySpace. The officers, many of whom have already received college training, are using Facebook. The military ban appears to replicate the class divisions that exist throughout the military. …

MySpace is the primary way that young soldiers communicate with their peers. When I first started tracking soldiers’ MySpace profiles, I had to take a long deep breath. Many of them were extremely pro-war, pro-guns, anti-Arab, anti-Muslim, pro-killing, and xenophobic as hell. Over the last year, I’ve watched more and more profiles emerge from soldiers who aren’t quite sure what they are doing in Iraq. I don’t have the data to confirm whether or not a significant shift has occurred but it was one of those observations that just made me think. And then the ban happened. I can’t help but wonder if part of the goal is to cut off communication between current soldiers and the group that the military hopes to recruit.

Thoughts and meta thoughts

People often ask me if I’m worried about teens today. The answer is yes, but it’s not because of social network sites. With the hegemonic teens, I’m very worried about the stress that they’re under, the lack of mobility and healthy opportunities for play and socialization, and the hyper-scheduling and surveillance. I’m worried about their unrealistic expectations for becoming rich and famous, their lack of work ethic after being pampered for so long, and the lack of opportunities that many of them have to even be economically stable let alone better off than their parents. I’m worried about how locking teens indoors coupled with a fast food/junk food advertising machine has resulted in a decrease in health levels across the board which will just get messy as they are increasingly unable to afford health insurance. When it comes to ostracized teens, I’m worried about the reasons why society has ostracized them and how they will react to ongoing criticism from hegemonic peers. I cringe every time I hear of another Columbine, another Virgina Tech, another site of horror when an outcast teen lashes back at the hegemonic values of society.

I worry about the lack of opportunities available to poor teens from uneducated backgrounds. I’m worried about how Wal-Mart Nation has destroyed many of the opportunities for meaningful working class labor as these youth enter the workforce. I’m worried about what a prolonged war will mean for them. I’m worried about how they’ve been told that to succeed, they must be a famous musician or sports player. I’m worried about how gangs provide the only meaningful sense of community that many of these teens will ever know.

Given the state of what I see in all sorts of neighborhoods, I’m amazed at how well teens are coping and I think that technology has a lot to do with that. Teens are using social network sites to build community and connect with their peers. They are creating publics for socialization. And through it, they are showcasing all of the good, bad, and ugly of today’s teen life.

In the 70s, Paul Willis analyzed British working class youth and he wrote a book called Learning to Labor: How Working Class Kids Get Working Class Jobs. He argued that working class teens will reject hegemonic values because it’s the only way to continue to be a part of the community that they live in. In other words, if you don’t know that you will succeed if you make a run at jumping class, don’t bother – you’ll lose all of your friends and community in the process. His analysis has such strong resonance in American society today. I just wish I knew how to fix it.

Socioeconomic analysis of MySpace & Facebook Read More »

US government makes unsafe RFID-laden passports even less safe through business practices

business, history, law, politics, security, tech in changing society / /

From Bill Gertz’s “Outsourced passports netting govt. profits, risking national security” (The Washington Times: 26 March 2008):

The United States has outsourced the manufacturing of its electronic passports to overseas companies — including one in Thailand that was victimized by Chinese espionage — raising concerns that cost savings are being put ahead of national security, an investigation by The Washington Times has found.

The Government Printing Office’s decision to export the work has proved lucrative, allowing the agency to book more than $100 million in recent profits by charging the State Department more money for blank passports than it actually costs to make them, according to interviews with federal officials and documents obtained by The Times.

The profits have raised questions both inside the agency and in Congress because the law that created GPO as the federal government’s official printer explicitly requires the agency to break even by charging only enough to recover its costs.

Lawmakers said they were alarmed by The Times’ findings and plan to investigate why U.S. companies weren’t used to produce the state-of-the-art passports, one of the crown jewels of American border security.

Officials at GPO, the Homeland Security Department and the State Department played down such concerns, saying they are confident that regular audits and other protections already in place will keep terrorists and foreign spies from stealing or copying the sensitive components to make fake passports.

“Aside from the fact that we have fully vetted and qualified vendors, we also note that the materials are moved via a secure transportation means, including armored vehicles,” GPO spokesman Gary Somerset said.

But GPO Inspector General J. Anthony Ogden, the agency’s internal watchdog, doesn’t share that confidence. He warned in an internal Oct. 12 report that there are “significant deficiencies with the manufacturing of blank passports, security of components, and the internal controls for the process.”

The inspector general’s report said GPO claimed it could not improve its security because of “monetary constraints.” But the inspector general recently told congressional investigators he was unaware that the agency had booked tens of millions of dollars in profits through passport sales that could have been used to improve security, congressional aides told The Times.

GPO is an agency little-known to most Americans, created by Congress almost two centuries ago as a virtual monopoly to print nearly all of the government’s documents … Since 1926, it also has been charged with the job of printing the passports used by Americans to enter and leave the country.

Each new e-passport contains a small computer chip inside the back cover that contains the passport number along with the photo and other personal data of the holder. The data is secured and is transmitted through a tiny wire antenna when it is scanned electronically at border entry points and compared to the actual traveler carrying it.

According to interviews and documents, GPO managers rejected limiting the contracts to U.S.-made computer chip makers and instead sought suppliers from several countries, including Israel, Germany and the Netherlands.

After the computer chips are inserted into the back cover of the passports in Europe, the blank covers are shipped to a factory in Ayutthaya, Thailand, north of Bangkok, to be fitted with a wire Radio Frequency Identification, or RFID, antenna. The blank passports eventually are transported to Washington for final binding, according to the documents and interviews.

The stop in Thailand raises its own security concerns. The Southeast Asian country has battled social instability and terror threats. Anti-government groups backed by Islamists, including al Qaeda, have carried out attacks in southern Thailand and the Thai military took over in a coup in September 2006.

The Netherlands-based company that assembles the U.S. e-passport covers in Thailand, Smartrac Technology Ltd., warned in its latest annual report that, in a worst-case scenario, social unrest in Thailand could lead to a halt in production.

Smartrac divulged in an October 2007 court filing in The Hague that China had stolen its patented technology for e-passport chips, raising additional questions about the security of America’s e-passports.

Transport concerns

A 2005 document obtained by The Times states that GPO was using unsecure FedEx courier services to send blank passports to State Department offices until security concerns were raised and forced GPO to use an armored car company. Even then, the agency proposed using a foreign armored car vendor before State Department diplomatic security officials objected.

Questionable profits

The State Department is now charging Americans $100 or more for new e-passports produced by the GPO, depending on how quickly they are needed. That’s up from a cost of around just $60 in 1998.

Internal agency documents obtained by The Times show each blank passport costs GPO an average of just $7.97 to manufacture and that GPO then charges the State Department about $14.80 for each, a margin of more than 85 percent, the documents show.

The accounting allowed GPO to make gross profits of more than $90 million from Oct. 1, 2006, through Sept. 30, 2007, on the production of e-passports. The four subsequent months produced an additional $54 million in gross profits.

The agency set aside more than $40 million of those profits to help build a secure backup passport production facility in the South, still leaving a net profit of about $100 million in the last 16 months.

GPO plans to produce 28 million blank passports this year up from about 9 million five years ago.

US government makes unsafe RFID-laden passports even less safe through business practices Read More »

The end of Storm

business, security / /

From Brian Krebs’ “Atrivo Shutdown Hastened Demise of Storm Worm” (The Washington Post: 17 October 2008):

The infamous Storm worm, which powered a network of thousands of compromised PCs once responsible for sending more than 20 percent of all spam, appears to have died off. Security experts say Storm’s death knell was sounded by the recent shutdown of Atrivo, a California based ISP that was home to a number of criminal cyber crime operations, including at least three of the master servers used to control the Storm network.

Three out of four of [Storm’s] control servers were located at Atrivo, a.k.a. Intercage, said Joe Stewart, a senior security researcher with Atlanta based SecureWorks who helped unlock the secrets of the complex Storm network. The fourth server, he said, operated out of Hosting.ua, an Internet provider based in the Ukraine.

Stewart said the final spam run blasted out by Storm was on Sept. 18.Three days later, Atrivo was forced off the Internet after its sole remaining upstream provider — Pacific Internet Exchange (PIE) — decided to stop routing for the troubled ISP. In the weeks leading up to that disconnection, four other upstream providers severed connectivity to Atrivo, following detailed reports from Security Fix and Host Exploit that pointed to a massive amount of spam, malicious software and a host of other cyber criminal operations emanating from it.

Stewart said spam sent by the Storm network had been steadily decreasing throughout 2008, aided in large part by the inclusion of the malware in Microsoft’s malicious software removal tool, which has scrubbed Storm from hundreds of thousands of PCs since last fall. Stewart said it’s impossible to tell whether the Storm worm was disrupted by the Atrivo shutdown or if the worm’s authors pulled the plug themselves and decided to move on. But at least 30,000 systems remain infected with the Storm malware.

The end of Storm Read More »

The end of Storm?

business, security / /

From “Storm Worm botnet cracked wide open” (Heise Security: 9 January 2009):

A team of researchers from Bonn University and RWTH Aachen University have analysed the notorious Storm Worm botnet, and concluded it certainly isn’t as invulnerable as it once seemed. Quite the reverse, for in theory it can be rapidly eliminated using software developed and at least partially disclosed by Georg Wicherski, Tillmann Werner, Felix Leder and Mark Schlösser. However it seems in practice the elimination process would fall foul of the law.

Over the last two years, Storm Worm has demonstrated how easily organised internet criminals have been able to spread this infection. During that period, the Storm Worm botnet has accumulated more than a million infected computers, known as drones or zombies, obeying the commands of a control server and using peer-to-peer techniques to locate new servers. Even following a big clean-up with Microsoft’s Malicious Software Removal Tool, around 100,000 drones probably still remain. That means the Storm Worm botnet is responsible for a considerable share of the Spam tsunami and for many distributed denial-of-service attacks. It’s astonishing that no one has succeeded in dismantling the network, but these researchers say it isn’t due to technical finesse on the part of the Storm Worm’s developers.

Existing knowledge of the techniques used by the Storm Worm has mainly been obtained by observing the behaviour of infected systems, but the researchers took a different approach to disarm it. They reverse translated large parts of the machine code of the drone client program and analysed it, taking a particularly close look at the functions for communications between drones and with the server.

Using this background knowledge, they were able to develop their own client, which links itself into the peer-to-peer structure of a Storm Worm network in such a way that queries from other drones, looking for new command servers, can be reliably routed to it. That enables it to divert drones to a new server. The second step was to analyse the protocol for passing commands. The researchers were astonished to find that the server doesn’t have to authenticate itself to clients, so using their knowledge they were able to direct drones to a simple server. The latter could then issue commands to the test Storm worm drones in the laboratory so that, for example, they downloaded a specific program from a server, perhaps a special cleaning program, and ran it. The students then went on to write such a program.

The team has not yet taken the final step of putting the whole thing into action with a genuine Storm Worm botnet in the wild. From a legal point of view, that could involve many problems. Any unauthorised access to third-party computers could be regarded as tampering with data, which is punishable under paragraph § 303a of the German Penal Code. That paragraph threatens up to two years’ imprisonment for unlawfully deleting, suppressing, making unusable or changing third-party data. Although this legal process would only come into effect if there was a criminal complaint from an injured party, or if there was special public interest in the prosecution of the crime.

Besides risks of coming up against the criminal law, there is also a danger of civil claims for damages by the owners of infected PCs, because the operation might cause collateral damage. There are almost certain to be configurations in which the cleaning goes wrong, perhaps disabling computers so they won’t run any more. Botnet operators could also be expected to strike back, causing further damage.

The end of Storm? Read More »

Three top botnets

business, security / /

From Kelly Jackson Higgins’ “The World’s Biggest Botnets” (Dark Reading: 9 November 2007):

You know about the Storm Trojan, which is spread by the world’s largest botnet. But what you may not know is there’s now a new peer-to-peer based botnet emerging that could blow Storm away.

“We’re investigating a new peer-to-peer botnet that may wind up rivaling Storm in size and sophistication,” says Tripp Cox, vice president of engineering for startup Damballa, which tracks botnet command and control infrastructures. “We can’t say much more about it, but we can tell it’s distinct from Storm.”

Researchers estimate that there are thousands of botnets in operation today, but only a handful stand out by their sheer size and pervasiveness. Although size gives a botnet muscle and breadth, it can also make it too conspicuous, which is why botnets like Storm fluctuate in size and are constantly finding new ways to cover their tracks to avoid detection. Researchers have different head counts for different botnets, with Storm by far the largest (for now, anyway).

Damballa says its top three botnets are Storm, with 230,000 active members per 24 hour period; Rbot, an IRC-based botnet with 40,000 active members per 24 hour period; and Bobax, an HTTP-based botnet with 24,000 active members per 24 hour period, according to the company.

1. Storm

Size: 230,000 active members per 24 hour period

Type: peer-to-peer

Purpose: Spam, DDOS

Malware: Trojan.Peacomm (aka Nuwar)

Few researchers can agree on Storm’s actual size — while Damballa says its over 200,000 bots, Trend Micro says its more like 40,000 to 100,000 today. But all researchers say that Storm is a whole new brand of botnet. First, it uses encrypted decentralized, peer-to-peer communication, unlike the traditional centralized IRC model. That makes it tough to kill because you can’t necessarily shut down its command and control machines. And intercepting Storm’s traffic requires cracking the encrypted data.

Storm also uses fast-flux, a round-robin method where infected bot machines (typically home computers) serve as proxies or hosts for malicious Websites. These are constantly rotated, changing their DNS records to prevent their discovery by researchers, ISPs, or law enforcement. And researchers say it’s tough to tell how the command and control communication structure is set up behind the P2P botnet. “Nobody knows how the mother ships are generating their C&C,” Trend Micro’s Ferguson says.

Storm uses a complex combination of malware called Peacomm that includes a worm, rootkit, spam relay, and Trojan.

But researchers don’t know — or can’t say — who exactly is behind Storm, except that it’s likely a fairly small, tightly knit group with a clear business plan. “All roads lead back to Russia,” Trend Micro’s Ferguson says.

“Storm is only thing now that keeps me awake at night and busy,” he says. “It’s professionalized crimeware… They have young, talented programmers apparently. And they write tools to do administrative [tracking], as well as writing cryptographic routines… and another will handle social engineering, and another will write the Trojan downloader, and another is writing the rootkit.”

Rbot

Size: 40,000 active members per 24 hour period

Type: IRC

Purpose: DDOS, spam, malicious operations

Malware: Windows worm

Rbot is basically an old-school IRC botnet that uses the Rbot malware kit. It isn’t likely to ever reach Storm size because IRC botnets just can’t scale accordingly. “An IRC server has to be a beefy machine to support anything anywhere close to the size of Peacomm/Storm,” Damballa’s Cox says.

It can disable antivirus software, too. Rbot’s underlying malware uses a backdoor to gain control of the infected machine, installing keyloggers, viruses, and even stealing files from the machine, as well as the usual spam and DDOS attacks.

Bobax

Size: 24,000 active members per 24 hour period

Type: HTTP

Purpose: Spam

Malware: Mass-mailing worm

Bobax is specifically for spamming, Cox says, and uses the stealthier HTTP for sending instructions to its bots on who and what to spam. …

According to Symantec, Bobax bores open a back door and downloads files onto the infected machine, and lowers its security settings. It spreads via a buffer overflow vulnerability in Windows, and inserts the spam code into the IE browser so that each time the browser runs, the virus is activated. And Bobax also does some reconnaissance to ensure that its spam runs are efficient: It can do bandwidth and network analysis to determine just how much spam it can send, according to Damballa. “Thus [they] are able to tailor their spamming so as not to tax the network, which helps them avoid detection,” according to company research.

Even more frightening, though, is that some Bobax variants can block access to antivirus and security vendor Websites, a new trend in Website exploitation.

Three top botnets Read More »

Largest botnet as of 2006: 1.5 M machines

business, security / /

From Gregg Keizer’s “Dutch Botnet Bigger Than Expected” (InformationWeek: 21 October 2005):

Dutch prosecutors who last month arrested a trio of young men for creating a large botnet allegedly used to extort a U.S. company, steal identities, and distribute spyware now say they bagged bigger prey: a botnet of 1.5 million machines.

According to Wim de Bruin, a spokesman for the Public Prosecution Service (Openbaar Ministerie, or OM), when investigators at GOVCERT.NL, the Netherlands’ Computer Emergency Response Team, and several Internet service providers began dismantling the botnet, they discovered it consisted of about 1.5 million compromised computers, 15 times the 100,000 PCs first thought.

The three suspects, ages 19, 22, and 27, were arrested Oct. 6 …

The trio supposedly used the Toxbot Trojan horse to infect the vast number of machines, easily the largest controlled by arrested attackers.

Largest botnet as of 2006: 1.5 M machines Read More »

Why botnet operators do it: profit, politics, & prestige

business, security / /

From Clive Akass’ “Storm worm ‘making millions a day’” (Personal Computer World: 11 February 2008):

The people behind the Storm worm are making millions of pounds a day by using it to generate revenue, according to IBM’s principal web security strategist.

Joshua Corman, of IBM Internet Security Systems, said that in the past it had been assumed that web security attacks were essential ego driven. But now attackers fell in three camps.

‘I call them my three Ps, profit, politics and prestige,’ he said during a debate at a NetEvents forum in Barcelona.

The Storm worm, which had been around about a year, had been a tremendous financial success because it created a botnet of compromised machines that could be used to launch profitable spam attacks.

Not only do the criminals get money simply for sending out the spam in much more quantity than could be sent by a single machine but they get a cut of any business done off the spam.

Why botnet operators do it: profit, politics, & prestige Read More »

Srizbi, Bobax, & Storm – the rankings

business, security / /

From Gregg Keizer’s “RSA – Top botnets control 1M hijacked computers” (Computerworld: 4 October 2008):

Joe Stewart, director of malware research at SecureWorks, presented his survey at the RSA Conference, which opened Monday in San Francisco. The survey ranked the top 11 botnets that send spam; by extrapolating their size, Stewart estimated the bots on his list control just over a million machines and are capable of flooding the Internet with more than 100 billion spam messages every day.

The botnet at the top of the chart is Srizbi. According to Stewart, this botnet — which also goes by the names “Cbeplay” and “Exchanger” — has an estimated 315,000 bots and can blast out 60 billion messages a day.

While it may not have gotten the publicity that Storm has during the last year, it’s built around a much more substantial collection of hijacked computers, said Stewart. In comparison, Storm’s botnet counts just 85,000 machines, only 35,000 of which are set up to send spam. Storm, in fact, is No. 5 on Stewart’s list.

“Storm is pretty insignificant at this point,” said Stewart. “It got all this attention, so Microsoft added it to its malicious software detection tool [in September 2007], and that’s removed hundreds of thousands of compromised PCs from the botnet.”

The second-largest botnet is “Bobax,” which boasts an estimated 185,000 hacked systems in its collection. Able to spam approximately nine billion messages a day, Bobax has been around for some time, but recently has been in the news again, albeit under one of its several aliases.

Srizbi, Bobax, & Storm – the rankings Read More »

Number of bots drops 20% on Christmas

business, security / /

From Robert Lemos’ “Bot-infected PCs get a refresh” (SecurityFocus: 28 December 2006):

On Christmas day, the number of bots tracked by the Shadowserver group dropped nearly 20 percent.

The dramatic decrease in weekly totals–from more than 500,000 infected systems to less than 400,000 computers–puzzled researchers. The Internet Storm Center, a threat monitoring group managed by the SANS Institute, confirmed a drop of about 10 percent.

One of the Internet Storm Center’s network monitoring volunteers posited that the decrease was due to the large number of computers given as gifts this Christmas. The systems running Microsoft Windows XP will be using Service Pack 2, which also means the firewall will be on by default, adding an additional hurdle for bot herder looking to reclaim their drones.

“Many of the infected machines are turned off, the new shiny ones have not been infected, and the Internet is momentarily a safer place,” Marcus Sachs, director of the ISC, stated in a diary entry. “But like you said, give it a few weeks and we’ll be right back to where we started from.”

Number of bots drops 20% on Christmas Read More »

1/4 of all Internet computers part of a botnet?

business, security / /

From Nate Anderson’s “Vint Cerf: one quarter of all computers part of a botnet” (Ars Technica: 25 January 2007):

The BBC’s Tim Weber, who was in the audience of an Internet panel featuring Vint Cerf, Michael Dell, John Markoff of the New York Times, and Jon Zittrain of Oxford, came away most impressed by the botnet statistics. Cerf told his listeners that approximately 600 million computers are connected to the Internet, and that 150 million of them might be participants in a botnet—nearly all of them unwilling victims. Weber remarks that “in most cases the owners of these computers have not the slightest idea what their little beige friend in the study is up to.”

In September 2006, security research firm Arbor Networks announced that it was now seeing botnet-based denial of service attacks capable of generating an astonishing 10-20Gbps of junk data. The company notes that when major attacks of this sort began, ISPs often do exactly what the attacker wants them to do: take the target site offline.

1/4 of all Internet computers part of a botnet? Read More »

Prices for various services and software in the underground

business, security / /

From Tom Espiner’s “Cracking open the cybercrime economy” (CNET News: 14 December 2007):

“Over the years, the criminal elements, the ones who are making money, making millions out of all this online crime, are just getting stronger and stronger. I don’t think we are really winning this war.”

As director of antivirus research for F-Secure, you might expect Mikko Hypponen to overplay the seriousness of the situation. But according to the Finnish company, during 2007 the number of samples of malicious code on its database doubled, having taken 20 years to reach the size it was at the beginning of this year.

“From Trojan creation sites out of Germany and the Eastern bloc, you can purchase kits and support for malware in yearly contracts,” said [David Marcus, security research manager at McAfee Avert Labs]. “They present themselves as a cottage industry which sells tools or creation kits. It’s hard to tell if it’s a conspiracy or a bunch of autonomous individuals who are good at covering their tracks.”

Joe Telafici, director of operations at McAfee’s Avert Labs, said Storm is continuing to evolve. “We’ve seen periodic activity from Storm indicating that it is still actively being maintained. They have actually ripped out core pieces of functionality to modify the obfuscation mechanisms that weren’t working any more. Most people keep changing the wrapper until it gets by (security software)–these guys changed the functionality.”

Peter Gutmann, a security researcher at the University of Auckland, says in a report that malicious software via the affiliate model–in which someone pays others to infect users with spyware and Trojans–has become more prevalent in 2007.

The affiliate model was pioneered by the iframedollars.biz site in 2005, which paid Webmasters 6 cents per infected site. Since then, this has been extended to a “vast number of adware affiliates,” according to Gutmann. For example, one adware supplier pays 30 cents for each install in the United States, 20 cents in Canada, 10 cents in the United Kingdom, and 1 or 2 cents elsewhere.

Hackers also piggyback malicious software on legitimate software. According to Gutmann, versions of coolwebsearch co-install a mail zombie and a keystroke logger, while some peer-to-peer and file-sharing applications come with bundled adware and spyware.

In March, the price quoted on malware sites for the Gozi Trojan, which steals data and sends it to hackers in an encrypted form, was between $1,000 and $2,000 for the basic version. Buyers could purchase add-on services at varying prices starting at $20.

In the 2007 black economy, everything can be outsourced, according to Gutmann. A scammer can buy hosts for a phishing site, buy spam services to lure victims, buy drops to send the money to, and pay a cashier to cash out the accounts. …

Antidetection vendors sell services to malicious-software and botnet vendors, who sell stolen credit card data to middlemen. Those middlemen then sell that information to fraudsters who deal in stolen credit card data and pay a premium for verifiably active accounts. “The money seems to be in the middlemen,” Gutmann says.

One example of this is the Gozi Trojan. According to reports, the malware was available this summer as a service from iFrameBiz and stat482.com, who bought the Trojan from the HangUp team, a group of Russian hackers. The Trojan server was managed by 76service.com, and hosted by the Russian Business Network, which security vendors allege offered “bullet-proof” hosting for phishing sites and other illicit operations.

According to Gutmann, there are many independent malicious-software developers selling their wares online. Private releases can be tailored to individual clients, while vendors offer support services, often bundling antidetection. For example, the private edition of Hav-rat version 1.2, a Trojan written by hacker Havalito, is advertised as being completely undetectable by antivirus companies. If it does get detected then it will be replaced with a new copy that again is supposedly undetectable.

Hackers can buy denial-of-service attacks for $100 per day, while spammers can buy CDs with harvested e-mail addresses. Spammers can also send mail via spam brokers, handled via online forums such as specialham.com and spamforum.biz. In this environment, $1 buys 1,000 to 5,000 credits, while $1,000 buys 10,000 compromised PCs. Credit is deducted when the spam is accepted by the target mail server. The brokers handle spam distribution via open proxies, relays and compromised PCs, while the sending is usually done from the client’s PC using broker-provided software and control information.

Carders, who mainly deal in stolen credit card details, openly publish prices, or engage in private negotiations to decide the price, with some sources giving bulk discounts for larger purchases. The rate for credit card details is approximately $1 for all the details down to the Card Verification Value (CVV); $10 for details with CVV linked to a Social Security number; and $50 for a full bank account.

Prices for various services and software in the underground Read More »

Criminals working together to improve their tools

business, security / /

From Dan Goodin’s “Crimeware giants form botnet tag team” (The Register: 5 September 2008):

The Rock Phish gang – one of the net’s most notorious phishing outfits – has teamed up with another criminal heavyweight called Asprox in overhauling its network with state-of-the-art technology, according to researchers from RSA.

Over the past five months, Rock Phishers have painstakingly refurbished their infrastructure, introducing several sophisticated crimeware packages that get silently installed on the PCs of its victims. One of those programs makes infected machines part of a fast-flux botnet that adds reliability and resiliency to the Rock Phish network.

Based in Europe, the Rock Phish group is a criminal collective that has been targeting banks and other financial institutions since 2004. According to RSA, they are responsible for half of the worldwide phishing attacks and have siphoned tens of millions of dollars from individuals’ bank accounts. The group got its name from a now discontinued quirk in which the phishers used directory paths that contained the word “rock.”

The first sign the group was expanding operations came in April, when it introduced a trojan known alternately as Zeus or WSNPOEM, which steals sensitive financial information in transit from a victim’s machine to a bank. Shortly afterward, the gang added more crimeware, including a custom-made botnet client that was spread, among other means, using the Neosploit infection kit.

Soon, additional signs appeared pointing to a partnership between Rock Phishers and Asprox. Most notably, the command and control server for the custom Rock Phish crimeware had exactly the same directory structure of many of the Asprox servers, leading RSA researchers to believe Rock Phish and Asprox attacks were using at least one common server. …

RSA researchers also noticed that a decrease in phishing attacks hosted on Rock Phishers’ old servers coincided with never-before-seen phishing attacks used on the Asprox botnet.

In this case, Rock Phishers seem to be betting that the spoofed pages used in their phishing attacks will remain up longer using fast-flux technology from Asprox.

“It just shows that these guys know each other and are willing to provide services to each other,” said Joe Stewart, a researcher at SecureWorks who has spent years tracking Asprox and groups that use fast-flux botnets. “This goes on in the underground all the time.”

Criminals working together to improve their tools Read More »

Wikipedia, freedom, & changes in production

business, history, science, social software, tech in changing society / /

From Clay Shirky’s “Old Revolutions, Good; New Revolutions, Bad” (Britannica Blog: 14 June 2007):

Gorman’s theory about print – its capabilities ushered in an age very different from manuscript culture — is correct, and the same kind of shift is at work today. As with the transition from manuscripts to print, the new technologies offer virtues that did not previously exist, but are now an assumed and permanent part of our intellectual environment. When reproduction, distribution, and findability were all hard, as they were for the last five hundred years, we needed specialists to undertake those jobs, and we properly venerated them for the service they performed. Now those tasks are simpler, and the earlier roles have instead become obstacles to direct access.

Digital and networked production vastly increase three kinds of freedom: freedom of speech, of the press, and of assembly. This perforce increases the freedom of anyone to say anything at any time. This freedom has led to an explosion in novel content, much of it mediocre, but freedom is like that. Critically, this expansion of freedom has not undermined any of the absolute advantages of expertise; the virtues of mastery remain as they were. What has happened is that the relative advantages of expertise are in precipitous decline. Experts the world over have been shocked to discover that they were consulted not as a direct result of their expertise, but often as a secondary effect – the apparatus of credentialing made finding experts easier than finding amateurs, even when the amateurs knew the same things as the experts.

The success of Wikipedia forces a profound question on print culture: how is information to be shared with the majority of the population? This is an especially tough question, as print culture has so manifestly failed at the transition to a world of unlimited perfect copies. Because Wikipedia’s contents are both useful and available, it has eroded the monopoly held by earlier modes of production. Other encyclopedias now have to compete for value to the user, and they are failing because their model mainly commits them to denying access and forbidding sharing. If Gorman wants more people reading Britannica, the choice lies with its management. Were they to allow users unfettered access to read and share Britannica’s content tomorrow, the only interesting question is whether their readership would rise a ten-fold or a hundred-fold.

Britannica will tell you that they don’t want to compete on universality of access or sharability, but this is the lament of the scribe who thinks that writing fast shouldn’t be part of the test. In a world where copies have become cost-free, people who expend their resources to prevent access or sharing are forgoing the principal advantages of the new tools, and this dilemma is common to every institution modeled on the scarcity and fragility of physical copies. Academic libraries, which in earlier days provided a service, have outsourced themselves as bouncers to publishers like Reed-Elsevier; their principal job, in the digital realm, is to prevent interested readers from gaining access to scholarly material.

Wikipedia, freedom, & changes in production Read More »

How ARP works

technology / /

From Chris Sanders’ “Packet School 201 – Part 1 (ARP)” (Completely Full of I.T.: 23 December 2007):

The basic idea behind ARP is for a machine to broadcast its IP address and MAC address to all of the clients in its broadcast domain in order to find out the IP address associated with a particular MAC address. Basically put, it looks like this:

Computer A – “Hey everybody, my IP address is XX.XX.XX.XX, and my MAC address is XX:XX:XX:XX:XX:XX. I need to send something to whoever has the IP address XX.XX.XX.XX, but I don’t know what their hardware address is. Will whoever has this IP address please respond back with their MAC address?

All of the other computers that receive the broadcast will simply ignore it, however, the one who does have the requested IP address will send its MAC address to Computer A. With this information in hand, the exchange of data can being.

Computer B – “Hey Computer A. I am who you are looking for with the IP address of XX.XX.XX.XX. My MAC address is XX:XX:XX:XX:XX:XX.

One of the best ways I’ve seen this concept described is through the limousine driver analogy. If you have ever flown, then chances are when you get off of a plane, you have seen a limo driver standing with a sign bearing someone’s last name. Here, the driver knows the name of the person he is picking up, but doesn’t know what they look like. The driver holds up the sign so that everyone can see it. All of the people getting off of the plane see the sign, and if it isn’t them, they simply ignore it. The person whose name is on the card however, sees it, approaches the driver, and identifies himself.

How ARP works Read More »

Bush, rhetoric, & the exercise of power

history, language & literature, politics / /

From Mark Danner’s “Words in a Time of War: Taking the Measure of the First Rhetoric-Major President” (Tomgram: 10 May 2007):

[Note: This commencement address was given to graduates of the Department of Rhetoric at Zellerbach Hall, University of California, Berkeley, on May 10, 2007]

I give you my favorite quotation from the Bush administration, put forward by the proverbial “unnamed Administration official” and published in the New York Times Magazine by the fine journalist Ron Suskind in October 2004. Here, in Suskind’s recounting, is what that “unnamed Administration official” told him:

“The aide said that guys like me were ‘in what we call the reality-based community,’ which he defined as people who ‘believe that solutions emerge from your judicious study of discernible reality.’ I nodded and murmured something about enlightenment principles and empiricism. He cut me off. ‘That’s not the way the world really works anymore,’ he continued. ‘We’re an empire now, and when we act, we create our own reality. And while you’re studying that reality — judiciously, as you will — we’ll act again, creating other new realities, which you can study too, and that’s how things will sort out. We’re history’s actors…. and you, all of you, will be left to just study what we do.'”

It was the assumption of this so-called preponderance that lay behind the philosophy of power enunciated by Bush’s Brain [Karl Rove] and that led to an attitude toward international law and alliances that is, in my view, quite unprecedented in American history. That radical attitude is brilliantly encapsulated in a single sentence drawn from the National Security Strategy of the United States of 2003: “Our strength as a nation-state will continue to be challenged by those who employ a strategy of the weak using international fora, judicial processes and terrorism.” Let me repeat that little troika of “weapons of the weak”: international fora (meaning the United Nations and like institutions), judicial processes (meaning courts, domestic and international), and…. terrorism. This strange gathering, put forward by the government of the United States, stems from the idea that power is, in fact, everything. In such a world, courts — indeed, law itself — can only limit the power of the most powerful state. Wielding preponderant power, what need has it for law? The latter must be, by definition, a weapon of the weak. The most powerful state, after all, makes reality.

Bush, rhetoric, & the exercise of power Read More »

The Yakuza’s influence in Japan

business, history, law, politics, security / /

From Jake Adelstein’s “This Mob Is Big in Japan” (The Washington Post: 11 May 2008):

Most Americans think of Japan as a law-abiding and peaceful place, as well as our staunch ally, but reporting on the underworld gave me a different perspective. Mobs are legal entities here. Their fan magazines and comic books are sold in convenience stores, and bosses socialize with prime ministers and politicians. …

I loved my job. The cops fighting organized crime are hard-drinking iconoclasts — many look like their mobster foes, with their black suits and slicked-back hair. They’re outsiders in Japanese society, and perhaps because I was an outsider too, we got along well. The yakuza’s tribal features are also compelling, like those of an alien life form: the full-body tattoos, missing digits and pseudo-family structure. …

The Japanese National Police Agency (NPA) estimates that the yakuza have almost 80,000 members. The most powerful faction, the Yamaguchi-gumi, is known as “the Wal-Mart of the yakuza” and reportedly has close to 40,000 members. In Tokyo alone, the police have identified more than 800 yakuza front companies: investment and auditing firms, construction companies and pastry shops. The mobsters even set up their own bank in California, according to underworld sources.

Over the last seven years, the yakuza have moved into finance. Japan’s Securities and Exchange Surveillance Commission has an index of more than 50 listed companies with ties to organized crime.

In the good old days, the yakuza made most of their money from sleaze: prostitution, drugs, protection money and child pornography. Kiddie porn is still part of their base income — and another area where Japan isn’t acting like America’s friend.

In 1999, my editors assigned me to cover the Tokyo neighborhood that includes Kabukicho, Japan’s largest red-light district. Japan had recently outlawed child pornography — reluctantly, after international pressure left officials no choice. But the ban, which is still in effect, had a major flaw: It criminalized producing and selling child pornography, not owning it. So the big-money industry goes on, unabated.

I’m not entirely objective on the issue of the yakuza in my adopted homeland. Three years ago, [Tadamasa Goto, a notorious Japanese gang boss, the one that some federal agents call the “John Gotti of Japan”] got word that I was reporting an article about his liver transplant. A few days later, his underlings obliquely threatened me. Then came a formal meeting. The offer was straightforward. “Erase the story or be erased,” one of them said. “Your family too.”

The Yakuza’s influence in Japan Read More »

Gottman on relationships

science / /

From THE MATHEMATICS OF LOVE: A Talk with John Gottman (Edge: 14 April 2004):

So far, his surmise is that “respect and affection are essential to all relationships working and contempt destroys them. It may differ from culture to culture how to communicate respect, and how to communicate affection, and how not to do it, but I think we’ll find that those are universal things”.

Another puzzle I’m working on is just what happens when a baby enters a relationship. Our study shows that the majority (67%) of couples have a precipitous drop in relationship happiness in the first 3 years of their first baby’s life. That’s tragic in terms of the climate of inter-parental hostility and depression that the baby grows up in. That affective climate between parents is the real cradle that holds the baby. And for the majority of families that cradle is unsafe for babies.

So far I believe we’re going to find that respect and affection are essential to all relationships working and contempt destroys them. It may differ from culture to culture how to communicate respect, and how to communicate affection, and how not to do it, but I think we’ll find that those are universal things.

Bob Levenson and I were very surprised when, in 1983, we found that we could actually predict, with over 90 percent accuracy, what was going to happen to a relationship over a three-year period just by examining their physiology and behavior during a conflict discussion, and later just from an interview about how the couple viewed their past. 90% accuracy!

That was surprising to us. It seemed that people either started in a mean-spirited way, a critical way, started talking about a disagreement, started talking about a problem as just a symptom of their partner’s inadequate character, which made their partner defensive and escalated the conflict, and people started getting mean and insulting to one another. That predicted the relationship was going to fall apart. 96% of the time the way the conflict discussion started in the first 3 minutes determined how it would go for the rest of the discussion. And four years later it was like no time had passed, their interaction style was almost identical. Also 69% of the time they were talking about the same issues, which we realized then were “perpetual issues” that they would never solve. These were basic personality differences that never went away. She was more extroverted or she was more of an explorer or he was more punctual or frugal.

Some couples were caught by the web of these perpetual issues and made each other miserable, they were “grid locked” like bumper-to-bumper traffic with these issues, while other couples had similar issues but coped with them and had a “dialogue” that even contained laughter and affection. It seemed that relationships last to the extent that you select someone whose annoying personality traits don’t send you into emotional orbit. Once again conventional wisdom was wrong. The big issue wasn’t helping couples resolve their conflicts, but moving them from gridlock to dialogue. And the secret of how to do that turned out to be having each person talk about their dream within the conflict and bringing Viktor Frankl’s existential logotherapy into the marital boxing ring. Once people talked about what they wished for and hoped for in this gridlock conflict and the narrative of why this was so important to them, in 86% of the cases they would move from gridlock to dialogue. Again a new door opened. Not all marital conflicts are the same. You can’t teach people a set of skills and just apply them to every issue. Some issues are deeper, they have more meaning. And then it turned out that the very issues that cause the most pain and alienation can also be the greatest sources of intimacy and connection.

Another surprise: we followed couples for as long as 20 years, and we found that there was another kind of couple that didn’t really show up on the radar; they looked fine, they weren’t mean, they didn’t escalate the conflict — but about 16 to 22 years after the wedding they started divorcing. They were often the pillars of their community. They seemed very calm and in control of their lives, and then suddenly they break up. Everyone is shocked and horrified. But we could look back at our early tapes and see the warning signs we had never seen before. Those people were people who just didn’t have very much positive connection. There wasn’t very much affection — and also especially humor — between them.

…These sorts of emotionally disconnected relationships were another important dimension of failed relationships. We learned through them that the quality of the friendship and intimacy affects the nature of conflict in a very big way.

One of the major things we found is that honoring your partner’s dreams is absolutely critical. A lot of times people have incompatible dreams — or they don’t want to honor their partner’s dreams, or they don’t want to yield power, they don’t want to share power. So that explains a lot of times why they don’t really belong together.

Psycho-physiology is an important part of this research. It’s something that Bob Levenson brought to the search initially, and then I got trained in psycho-physiology as well. And the reason we’re interested in what was happening in the body is that there’s an intimate connection between what’s happening to the autonomic nervous system and what happening in the brain, and how well people can take in information — how well they can just process information — for example, just being able to listen to your partner — that is much harder when your heart rate is above the intrinsic rate of the heart, which is around a hundred to a hundred and five beats a minute for most people with a healthy heart.

At that point we know, from Loren Rowling’s work, that people start secreting adrenalin, and then they get into a state of diffuse physiological arousal (or DPA) , so their heart is beating faster, it’s contracting harder, the arteries start getting constricted, blood is drawn away from the periphery into the trunk, the blood supply shuts down to the gut and the kidney, and all kinds of other things are happening — people are sweating, and things are happening in the brain that create a tunnel vision, one in which they perceive everything as a threat and they react as if they have been put in great danger by this conversation.

Because men are different. Men have a lot of trouble when they reach a state of vigilance, when they think there’s real danger, they have a lot of trouble calming down. and there’s probably an evolutionary history to that. Because it functioned very well for our hominid ancestors, anthropologists think, for men to stay physiologically aroused and vigilant, in cooperative hunting and protecting the tribe, which was a role that males had very early in our evolutionary history. Whereas women had the opposite sort of role, in terms of survival of the species, those women reproduced more effectively who had the milk-let-down reflex, which only happens when oxytocin is secreted in the brain, it only happens when women — as any woman knows who’s been breast-feeding, you have to be able to calm down and relax. But oxytocin is also the hormone of affiliation. So women have developed this sort of social order, caring for one another, helping one another, and affiliating, that also allows them to really calm down and have the milk let-down reflex. And so — it’s one of nature’s jokes. Women can calm down, men can’t; they stay aroused and vigilant.

Physiology becomes really critical in this whole thing. A provocative finding from Alyson Shapiro’s recent dissertation is that if we take a look at how a couple argues when the woman is in the sixth month of pregnancy, we can predict over half the variation in the baby, the three-month-old baby’s vagal tone, which is the ability of the vagus nerve, the major nerve of the parasympathetic branch of the autonomic nervous system, which is responsible for establishing calm and focusing attention. That vagus nerve in the baby is eventually going to be working well if the parents, during pregnancy, are fighting with each other constructively. That takes us into fetal development, a whole new realm of inquiry.

You have to study gay and Lesbian couples who are committed to each other as well as heterosexual couples who are committed to each other, and try and match things as much as you can, like how long they’ve been together, and the quality of their relationship. And we’ve done that, and we find that there are two gender differences that really hold up.

One is that if a man presents an issue, to either a man he’s in love with or a woman he’s in love with, the man is angrier presenting the issue. And we find that when a woman receives an issue, either from a woman she loves or a man she loves, she is much more sad than a man would be receiving that same issue. It’s about anger and sadness. Why? Remember, Bowlby taught us that attachment and loss and grief are part of the same system. So women are finely tuned to attaching and connecting and to sadness and loss and grief, while men are attuned to defend, stay vigilant, attack, to anger. My friend Levenson did an acoustic startle study (that’s where you shoot of a blank pistol behind someone’s head when they least expect it). Men had a bigger heart rate reactivity and took longer to recover, which we would expect, but what even more interesting is that when you asked people what they were feeling, women were scared and men were angry.

So that’s probably why those two differences have held up. Physiologically people find over and over again in heterosexual relationships — and this hasn’t been studied yet in gay and Lesbian relationships — that men have a lower flash point for increasing heart-rate arousal, and it takes them longer to recover. And not only that, but when men are trying to recover, and calm down, they can’t do it very well because they keep naturally rehearsing thoughts of righteous indignation and feeling like an innocent victim. They maintain their own vigilance and arousal with these thoughts, mostly of getting even, whereas women really can distract themselves and calm down physiologically from being angered or being upset about something. If women could affiliate and secrete oxytocin when they felt afraid, they’s even calm down faster, probably.

Gottman on relationships Read More »

ODF compared & constrasted with OOXML

business, technology / /

From Sam Hiser’s “Achieving Openness: A Closer Look at ODF and OOXML” (ONLamp.com: 14 June 2007):

An open, XML-based standard for displaying and storing data files (text documents, spreadsheets, and presentations) offers a new and promising approach to data storage and document exchange among office applications. A comparison of the two XML-based formats–OpenDocument Format (“ODF”) and Office Open XML (“OOXML”)–across widely accepted “openness” criteria has revealed substantial differences, including the following:

  • ODF is developed and maintained in an open, multi-vendor, multi-stakeholder process that protects against control by a single organization. OOXML is less open in its development and maintenance, despite being submitted to a formal standards body, because control of the standard ultimately rests with one organization.
  • ODF is the only openly available standard, published fully in a document that is freely available and easy to comprehend. This openness is reflected in the number of competing applications in which ODF is already implemented. Unlike ODF, OOXML’s complexity, extraordinary length, technical omissions, and single-vendor dependencies combine to make alternative implementation unattractive as well as legally and practically impossible.
  • ODF is the only format unencumbered by intellectual property rights (IPR) restrictions on its use in other software, as certified by the Software Freedom Law Center. Conversely, many elements designed into the OOXML formats but left undefined in the OOXML specification require behaviors upon document files that only Microsoft Office applications can provide. This makes data inaccessible and breaks work group productivity whenever alternative software is used.
  • ODF offers interoperability with ODF-compliant applications on most of the common operating system platforms. OOXML is designed to operate fully within the Microsoft environment only. Though it will work elegantly across the many products in the Microsoft catalog, OOXML ignores accepted standards and best practices regarding its use of XML.

Overall, a comparison of both formats reveals significant differences in their levels of openness. While ODF is revealed as sufficiently open across all four key criteria, OOXML shows relative weakness in each criteria and offers fundamental flaws that undermine its candidacy as a global standard.

ODF compared & constrasted with OOXML Read More »