Menu

Michael Gracie

Two governments, two hacks

A kid was busted for hacking into Venezuelan government websites and posting silly mockups of these two guys:

– Hugo “I openly hate the US and I can because I’m a member of OPEC but I have a secret crush on Pat Robertson” Chavez,

and..

– Fidel “I mock the US but I don’t hate them because of all the rich tourists from Miami coming in and buying my overpriced cigars” Castro.

When it comes to hacking the US Government, it’s a lot more serious.

Forty grand, up for grabs

It’s winner take all if you can get in.

Not a job, but close.

On MySpace Security: Kids 1, Parents 0

A professor from South Florida says MySpace is safer for kids than parents think.

A couple of thoughts:

Have a nice day.

UPDATE: Maybe kids are just more cynical than adults, and therefore less susceptible to social engineering.

UPDATE 2: Capitalizing on the safety craze anyway.

Internet Explorer bugs are not covered by lemon laws

Brian Krebs notes after extensive individual study that Internet Explorer was unsafe for 3/4ths of the year during 2006.

While I applaud Brian’s efforts, I doubt that comes as much of a surprise to anyone. What is, however, a little shocking is the fact that for more than 3 months out of the year (not necessarily concurrent), Microsoft was withholding (or just didn’t have) solutions for flaws that identity thieves were actively using in criminal pursuits. Actually, that’s no surprise either, so I’ll move on – but kudos to Brian first for pointing it out to everyone else!

When you buy a car that is similarly screwed up, one of several things may happen:

  • The dealer denies responsibility over and over while portending to fix things under the vehicle’s warranty. Then your ex-girlfriend marches into the showroom and calls you from her cell phone, screaming bloody murder into your ear (and everyone else’s in the showroom) until the general manager hands out a new car (and you have to find a dealer in another state to handle your service, since the present dealer now hates you so damn much). Yes, that happened to me (or an ex, that is), and even though we are no longer together I still think that was a pretty killer move on her part.;
  • You hire a lawyer to assist you in enforcing some state lemon law, and after enormous time and expense you get a new car (and you have to find a dealer in another state to handle your service, since the present dealer now hates you so damn much);
  • Your vehicle fails to perform, in a catastrophic way, when you least expect it. You crash. You get hurt really bad. You may very well hurt others really bad. Everyone hires a lawyer. After enormous time and expense, the court finds the big manufacturer at fault, and everyone gets compensation.

Now, to my point…

Regarding IE (and Windows in general) – unfortunately for it’s users, there is no lemon law. I believe the cute little EULA (which nobody reads), takes care of that. Instead, it has failed, catastrophically.

  • How much damage has been done to innocent bystanders – those who don’t read the EULA because they’re simply running something else (I suspect the EULA covers passersby like corporate employees and friends borrowing the computer, but I’m not taking the time to install Windows just to find out)?
  • How many people have had to hassle endlessly with spam, as a result of some friend’s desktop contact list being pilfered via virus infection?
  • How many identities have been snatched as a result of the same?
  • For that matter, how many servers running business critical application on alternative operating systems accessed by alternative browsers have been crashed by floods of spam and DDOS attacks originating from zombiefied home computers?
  • How much time and money has been spent direct protecting one’s self against these indirect threats?
  • How much time and money has been wasted correcting the mistakes of others?

Where the hell is a screaming girlfriend when you need one?

Hacker is as Hacker does

The bad guys are generally pretty smart, so it takes a good guy just as smart to thwart their efforts. Often, the former morphs into the latter for the occasion.

I see a lot of job opportunities on the horizon for a certain class of former criminal.

UPDATE: Security breaches are getting harder to detect and fix. Translation: Even more business headed Monster.com’s way.

OpenID, step-by-step

OpenID, the distributed identity management system, has been around for a while. Nobody really pays much attention to it because it was invented by the LiveJournal crew (think Brad Fitzgerald), and the general consensus around the blogosphere is that LiveJournal is a platform everyone would like to forget even exists. Why? It doesn’t cater to brown-nosers – so brown-nosers don’t cater to it. LiveJournal’s 12 million accounts don’t seem to care, and neither does some big names like Verisign (who have tentatively embraced OpenID).

Having tooled with LiveJournal for five or so minutes (x 10^5), I have to say it is a big pain in the ass, but it works, and works well. OpenID is no different, albeit the implementation in LJ is used only to authenticate comments. Blog tracker Technorati decided to adopt OpenID standards for claiming blogs, and a newer version 2 is in box – now folks are waking up. At least a bit.

Meanwhile, here’s a good primer on how to create your own OpenID, as well as where you can presently use it.

Cisco eats spam

Now that they’ve purchased IronPort Systems, there’s an anti-spam appliance in the portfolio they can now push.

The purchase price was a whopping $830 million. With spam now on even grandma’s mind, I suspect IronPort could have garnered an even higher market cap in the public markets, making it a good deal for Cisco. It’s probably also a good one for IronPort’s CFO Craig Collins – he doesn’t have to write the S-1 and/or play Sarbanes-Oxley jockey going forward.

It’s January 4 – the analysts are batting a thousand right now.

We need a Hacker Hall of Fame

That would be for the white-hat types, and the 2006 inductees would be…

Consumers’ mistrust internet security

Get out! A Trend Micro survey suggests consumers are not confident about internet security.

Guess what? Some might start being more careful, and purveyors of goods and services on the net might get their ships tightened up too.

Awareness is a very good thing.

Can’t security folks just get along?

We see the world in chaos – nobody seems to get along. Those identifying computer security threats can’t seem to either.

I wonder if that is because they are announcing threats only as they develop solutions for them (ones they can sell)?

UPDATE: Can’t agree on what, and can’t agree on when either.

How about “everything” and “immediately” for starters?