« July 2005 | Main | October 2005 »
Losing your ballot
The right to vote is a precious
one and should never be abused. While some countries have gone for electronic
voting I've huge doubts about it. Now a foolproof system is being devised.
Despite my misgivings about
electronic voting this initiative should be applauded. It's a much better
solution than allowing private enterprise to take it on.
Take the situation in the US at the
moment. The two companies who dominate electronic voting machines manufacture
in the US
are run by brothers, one of who has very strong links to the Republican party.
Far be it of me to suggest any impropriety –
in fact the chances of them successfully getting away with fraud are minimal –
but it hardly inspires confidence.
In this country we have a paper
ballot; simple, incorruptible and checkable. There are those who say that
voting is too much of a hassle and electronic voting would increase turnout but
this is nonsense. Our ancestors fought and died for the freedoms we enjoy today
and winging because you've got to walk a few hundred feet to the nearest
polling place dishonours their memory.
August 22, 2005 | Permalink | Comments (0) | TrackBack
Mugging moves online
Oh for the good old days when
all you needed for a game was a copy of the latest Dungeons and Dragons
playbook and a limited number of friends. As these games have moved online
we're seeing things that would never have been allowed in the old analogue days
of role playing games, including this online mugger.
It's tempting to scoff and say
it's only a game. Well it is and it isn't. For some people the online world is
just as real as the offline one, and can be preferable. After all if you're
flipping burgers for minimum wage in reality and a lord high paladin with top
notch wizarding skills in the virtual world which one are you going to prefer?
It's good this guy got caught,
but we're going to see a lot more of this sort of thing and people are going to
be tempted to take the law into their own hands.
August 22, 2005 | Permalink | Comments (0) | TrackBack
Freedom of speech
It's an oft
quoted and utterly stupid statement that freedom of speech doesn’t include the
right to shout "Fire!" in a crowded cinema. It does, if there is a
fire.
Microsoft
has problems with the way the latest flaw in their software has been
publicised, and they have reason to be. Had this flaw been reported to them
first they could have built a patch to solve it; as it is IT administrators
have a rough weekend ahead.
There's
considerable disagreement about how to deal with vulnerability reporting.
Software manufacturers don't want flaws reported because it makes the hacker's
job easier. Vulnerability testers want to make headlines and get business for
themselves and claim if they didn’t publicise flaws then they wouldn’t get
fixed.
There's a
logical way out of this. If you find a flaw report it to the company. Give them
time to find a patch, say three months, and then if there's no action release
the news. When the patch is ready the person or firm who found the
vulnerability gets the credit and administrators can deal with the problem
immediately.
This latest
announcement shouts of publicity hunting. So if you're thinking of hiring these
people you might want to ask them to be a little more responsible next time.
August 22, 2005 | Permalink | Comments (0) | TrackBack
The Inside Job
We talk a
lot about evil hackers breaking into databases but all the evidence shows the
bigger risk is the inside job, as AOL has shown.
Here is a
guy who sold out his employer for cash and the problems only going to get
worse. People are greedy and there will always be the temptation to sell out
your employer for cash, particularly if you're a grievance.
I'm not too
worried about this case, it was only spamming. But my biggest fear is there's a
programmer in a major software house putting little chunks of spyware in common
applications. If that happens we're all in deep, deep trouble.
August 22, 2005 | Permalink | Comments (1) | TrackBack
Love your laptop
I don't
carry a laptop bag, even though my beloved lappy goes with me everywhere. A
laptop case screams out "I've got a very expensive bit of hardware that
can be easily sold on the black market – care to steal it?" If you're
carrying a laptop put it in a haversack, it'll be less conspicuous and do your
back a world of good.
But I do
like this latest idea, laptops that call for help. Your data is protected,
you've a good chance of getting the hardware back and best of all when the
police do swoop chances are they'll find a lot of other criminal activity that
needs clearing up.
August 22, 2005 | Permalink | Comments (0) | TrackBack
Talking sense
I was
checking to see it wasn't April Fools Day when one of the biggest antivirus
firms tells you the latest virus attack isn't too bad. Time will tell if
Kaspersky are right but it's nice to see a level head in an industry dominated
by scaremongers.
August 22, 2005 | Permalink | Comments (0) | TrackBack
Competitive hacking
Now it
seems organised crime is getting competitive over the latest viruses. But don't mistake this for a game, it's merely free enterprise in action .
We need to
recognise that our PCs are valuable tools not just to us but to those who would
seek to use them for darker purposes. Patch and protect people, because it's
only going to get worse.
August 22, 2005 | Permalink | Comments (0) | TrackBack
Abandon Adware
Now an
adware supplier is suing one of its associates for over enthusiastic use of
spyware. This is useless – no matter how unobtrusive adware is the digital
equivalent of the phone tap and security departments need it locked out fast.
August 22, 2005 | Permalink | Comments (0) | TrackBack
Train by example
August 22, 2005 | Permalink | Comments (0) | TrackBack
Bite on this Apple users
44 patches.
In one go. This makes Microsoft's patch Tuesday look like amateurs night. Apple
users get very smug about how safe their systems are. This gives lie to that –
Apple are just as vulnerable, it's just that no hacker really cares that much
about only getting five per cent of the world's computers.
August 22, 2005 | Permalink | Comments (0) | TrackBack
Beware the false prophet
Now the
bombers of July 7th have seemingly blown away any objections to identity
cards the government is getting busy with biometrics.
One small
problem – they don’t work. There hasn't been a single biometric test that
hasn't been cracked by hackers and at any time there's a failure rate that goes
as high as five per cent. That's three million Britons who are going to get in
trouble because of faulty security. Surely all this money would be better spent
by bobbies on the beat and better intelligence.
August 22, 2005 | Permalink | Comments (0) | TrackBack
Worm turns
So Zotob is
causing trouble as predicted. It's bad, but not too bad.
I was on
holiday in New York
August 22, 2005 | Permalink | Comments (1) | TrackBack
One step forward, two steps back
You
couldn’t make this up. Vista
On the plus
side this problem is being picked up now rather than when the software's
actually on our PCs. But if I was head of security at Redmond Vista
August 22, 2005 | Permalink | Comments (0) | TrackBack
The news
that the US
This was
demonstrated by the case of Gary McKinnon. Everything we learn about his case
shows this is not a skilled hacker, he used script kiddy tools and got lucky
guessing passwords. He also had the advantage that the US Navy is still using
NT4. It the largest military force in the world can't get a decent operating
system for the 21st century there may well be something to this
report.
August 22, 2005 | Permalink | Comments (0) | TrackBack
Reasonable risk
I'm a space
nut; I'll freely admit it. To quote science visionary Carl Sagan "This is
the time when humans have begun to sail the sea of space." It's what we as
human's do – we started out in caves and went to look over the next hill, then
the next continent, then across the seas and mountains. Now it's time to go
forward.
But space
travel is risky. NASA used to approach design by making the safest mechanism
possible and then redesigning it to make it safer. It was a good approach but
didn't help a lot of dead astronauts, most recently the tragic deaths of the Columbia
So the news
that Virgin Galactic has got a licence to build spaceships is deeply heartening
– it shows an adult attitude to risk. Let people make the best bet they can on
security and trust their judgment.
http://science.slashdot.org/article.pl?sid=05/08/16/1752201&tid=160&tid=103&tid=187
What has
this to do with computers I hear you ask? Well plenty. There's no such thing as
safe computing any more – as more and more people get computer savvy we're going
to see more problems. But the internet is possibly the most important invention
since the printing press and to stop using it because of security fears would
be as stupid as deciding to turn our backs on our future outside the gravity
well.
August 22, 2005 | Permalink | Comments (0) | TrackBack
I've got this bridge you can buy…
Scammers
use many different tricks but many depend on our good nature, like this latest
scam.
It's easy
to scoff at the credulous nature of those who click the email link and expose
themselves to scammers but those who do are going to be motivated by the desire
to help someone less fortunate than themselves. So go easy on the victims, they
are merely doing what has made humanity great.
Conversely
scamming may also be one of the oldest professions of mankind. Chimpanzees
regularly scam each other out of food by shouting their equivalent of
"Look out, there's a lion coming" and stealing everyone else's fruit
as they rush for the trees. It seems some habits die hard.
August 22, 2005 | Permalink | Comments (0) | TrackBack
Sasser again or damp squib?
It's
looking like we're got the first big worm outbreak of the year. What makes this
one more worrying is that where as Sasser took about two weeks to surface after
Microsoft issued the patch for the flaw it exploited this one was done in days.
In all
probability this isn’t going to be as big as Sasser – only Windows 2000 users
are really in trouble. But the speed at which these evil little malcontents are
reverse engineering patches is truly worrying.
August 22, 2005 | Permalink | Comments (0) | TrackBack