Category Archives: Blog

Blog

Facebook as your alibi

1 Comment

We’ve surely heard enough stories about how posting status updates on social networks can give away more information about you than you intended, so here’s the positive flipside of that: Rodney Bradford was a suspect in a Brooklyn mugging case, and it’s partly thanks to a Facebook status update made from his father’s apartment that the charges against him were dropped. [via TechDirt]

Of course, such alibis could be faked, if you had the time and intelligence to plan it all out and the help of a close-lipped accomplice… expect a lot more mystery and crime plots involving status updates, IP addresses and server timestamps to crop up in the next couple of years.

But perhaps this means that lifelogging is the ultimate way to protect yourself from accidentally being accused of something you didn’t do – if every second of your life is open to public scrutiny, you’re not going to commit a mugging and get away with it, after all.

But what happens when we’re all lifelogging, in some almost unimaginable combination of the participatory panopticon and David Brin’s transparent society? When every moment, when every minor indiscretion is a matter of public record, will we simply cease to sin? Or will we develop a kind of social blindness to the sort of unethical actions that we all take every now and again?

Blog

The Hail Mary Cloud: slow but steady brute-force password-guessing botnet

Hail MaryDid you hear about the recent exploit of jailbroken jesusPhones? Yeah, the Rick-rolling one (though that wasn’t strictly the original exploit, rather some Australian script-kiddie’s repurposing of a Dutch exploit from earlier in the month); to sum it all up in a sentence, bad things can happen to your hardware if you install software without changing the default password. As a sensible and experienced web denizen, you knew that already, of course.

But when you set or change a password, you’d better make the effort to think up a good one. Countless studies have shown how easy it is for black-hat types to guess the most common passwords (or alternatively social-engineer them out of you), but the ease of guessing is going to increase rapidly very soon, thanks to something one free software geek from Norway is calling the Hail Mary Cloud. [image by Anna Gay]

Yeah, I know, the pop-culture reference is a bit obscure, so I’ll sum it up for you: the Hail Mary Cloud is essentially a brute-force password-guessing botnet that has been scraping away at SSH daemons in recent months. A Mechanical Turk method of botnet expansion, in other words; why wait for someone to click on a spam email link when you can prise open a back-door on a webserver somewhere? [via SlashDot]

Each attempt in theory has monumental odds against succeeding, but occasionally the guess will be right and they have scored a login. As far as we know, this is at least the third round of password guessing from the Hail Mary Cloud, but there could have been earlier rounds that escaped our attention.

The fact that we see the Hail Mary Cloud keeping up the guessing is a strong indicator that there are a lot of guessable passwords and possibly badly maintained systems out there, and that even against the very long odds they are succeeding often enough in their attempts to gain a foothold somewhere that it is worth keeping up the efforts. For one thing, the cost of using other people’s equipment is likely to be quite low.

There are a lot of things about the Hail Mary Cloud and its overseers that we do not know. People who responded to the earlier articles with reports of similar activity also reported pretty consistently something like a sixty to seventy percent match in hosts making the attempts.

With 1767 hosts in the current sample it is likely that we have a cloud of at least several thousand, and most likely no single guessing host in the cloud ever gets around to contacting every host in the target list. The busier your SSH deamon is with normal traffic, the harder it will be to detect the footprint of Hail Mary activity, and likely a lot of this goes undetected.

If you’re worried, you’re thinking right – even the most complex of passwords can be guessed if you’ve got enough processor cycles (and available attempts) to spare. If the Hail Mary Cloud grows big enough, the era of the password as an even partially effective security method may be over… so start genning up on public key encryption now and avoid the rush.

Blog

LoveMachine Inc: Second Life founder’s reputation-as-currency start-up?

Love, Second Life styleOh, to be a CEO of a tech start-up… they can get bored of their projects even faster than the public can, y’know. Actually, that’s a little unfair – Philip Rosedale, the man behind Linden Lab, hasn’t lost interest in Second life so much as he’s looking for a new fish to fry with his new company, LoveMachine Inc. [image by Mrs. Bones]

What does LoveMachine do? Apparently it’s developing a system of the same name that was used by Linden Lab as a points-based incentive tool:

Linden employees gave and received “love” for a job well done. If an employee was well-received amongst his or her peers, their accumulated love currency was redeemable for a cash bonus at the end of the month. Similar to social capital systems like Whuffie Bank, it appears that LoveMachine may become a reputation currency system for businesses.

Interesting to see another outfit chasing after reputation economies as a potential business model… and restricting such a system to the limited and manageable confines of discreet organisations makes sense, as closed economies are inherently easier to manage. I expect they’ve heeded Bruce Schneier’s advice on reputation economies, too:

You’ve all experienced a reputation economy: restaurants. Some restaurants have a good reputation, and are filled with regulars. When restaurants get a bad reputation, people stop coming and they close. Tourist restaurants – whose main attraction is their location, and whose customers frequently don’t know anything about their reputation – can thrive even if they aren’t any good. And sometimes a restaurant can keep its reputation – an award in a magazine, a special occasion restaurant that “everyone knows” is the place to go – long after its food and service have declined.

Details of the LoveMachine plans are understandably sketchy at the moment. However, Rosedale and company have got a public worklist of jobs that they need a contractor to take on, and – if you live in the San Francisco area – they’re looking to hire. [hat tip to Fabio Fernandes]

Blog

Should the state subsidise bookstores?

12 Comments

Here’s some food for thought from occasional Guardian book-blogger and Clarion graduate Damien G Walter. We all know that the book retail industry is in a bit of a pickle on both sides of the pond, but have you considered that it’s one of the few cultural spheres which receives no government assistance? Perhaps the state should step in and support book retailing in the same way as it does theatres, concert halls and museums? Take it away, Damo:

… these problems are all symptomatic of a fundamental crisis at the heart of both book-selling and publishing. Books and reading, among the most fundamental cornerstones of our cultural (and hence spiritual) life, have in recent years been allowed to slide into existing as a purely commercial industry. In every other area of our cultural life, visual arts, theatre, TV, etc etc, we acknowledge the need for public subsidy to mitigate the less pleasant outcomes of commercialism. But because of their relatively strong commercial basis (theatre would long since have disappeared outside London without subsidy) bookshops and publishers have not made a case (and perhaps have never tried) to get support from the state.

Would Waterstones be better able to fulfil our cultural needs beyond selling books if it received subsidy to do so? Would independent bookshops flourish if they could access grants to support their existence?

Is it time that bookshops and publishers made the case for public subsidy?

The obvious response to this (at least from me) is “isn’t that what libraries are for?”, but the counter-response would be “yeah, and when’s the last time the government increased library budgets with a focus on enhancing the experience of readers rather than drop-in internet users and community groups?” Over here in the UK, that was an awfully long time ago… and despite the best efforts of library staff up and down the country (plus some of the more dedicated borrowers), the situation gets worse every year. So maybe a strong campaign for increased library funding would be a better plan than suggesting recently-successful businesses go to the state with cap in hand… there’s plenty of recent evidence that state bail-outs rarely work the way they’re supposed to, after all.

How do you think the book retail industry can be rescued – if indeed it can (or should) be?

Blog

Want to stave off swine flu? Catch a cold

1 Comment

sneezeOK, before anyone says it, the headline is not to be taken as medical advice (I am not a doctor, nor do I play one on television, etc, etc). But research into surprisingly low incidences of swine flu in France in recent months suggests that the common cold may be suppressing the ability of the H1N1 virus to get a toe-hold in our immune systems. [image by trumanlo]

… the percentage of throat swabs from French respiratory illnesses that tested positive for swine flu fell in September, while at the same time rhinovirus, which causes colds, rose […] in late October, rhinovirus fell – at the same time as flu rose. He suspects rhinovirus may have blocked the spread of swine flu via a process called viral interference.

This is thought to occur when one virus blocks another. “We think that when you get one infection, it turns on your antiviral defences, and excludes the other viruses,” says Ab Osterhaus at the University of Rotterdam in the Netherlands.

How important such interference is in viral epidemics is unclear, however: there are also cases in which there is no interference, and people catch two viruses at the same time. Normally, we don’t get a chance to see how rhinovirus affects flu, as flu epidemics usually strike in winter, whereas rhinovirus hits when schools start (late summer in the northern hemisphere).

In other words, the effect isn’t fully understood, or even well enough understood to provide some sort of solution. But it might provide a starting point…

So why hasn’t the US, for example, seen a dip in pandemic cases during a back-to-school rhinovirus outbreak? Mackay speculates that interference from rhinovirus may not be enough to fend off flu if someone is exposed repeatedly. There were far more cases of swine flu in the US in September than in Europe.

The effects of rhinovirus, often dismissed as “only” a cold, are too poorly understood, say all the researchers. Its seeming ability to block swine flu may already have saved lives in France by buying the nation time before the vaccine arrived. It may even lead to a drug that induces the antiviral state, but without the sniffles.

Fight fire with fire, as the old saying goes.