Books Security Uncategorized

Bruce Schneier discusses Liars and Outliers

Bruce Schneier is discussing his latest book Liars and Outliers on The WELL.

The discussion is still open for the next couple of days but has been very enlightening so far. I particularly like the notion of cooperators and defectors to describe individuals in relation to systems.

Also — and this is the final kicker — not all defectors are bad. If
you think about the notions of cooperating and defecting, they’re
defined in terms of the societal norm. Cooperators are people who
follow the formal or informal rules of society. Defectors are people
who, for whatever reason, break the rules. That definition says nothing
about the absolute morality of the society or its rules. When society
is in the wrong, it’s defectors who are in the vanguard for change. So
it was defectors who helped escaped slaves in the antebellum American
South. It’s defectors who are agitating to overthrow repressive regimes
in the Middle East. And it’s defectors who are fueling the Occupy Wall
Street movement. Without defectors, society stagnates.

I’m a great fan of Schneier’s writing and how his analyses has grown beyond that of computer security to the fundamental notion of what security is and how group within societies embrace or reject aspects of it.


Mikko Hypponen: Three types of online attack

Cybercrime expert Mikko Hypponen talks us through three types of online attack on our privacy and data — and only two are considered crimes. “Do we blindly trust any future government? Because any right we give away, we give away for good.”


Mikko Hypponen: Three types of online attack

Cybercrime expert Mikko Hypponen talks us through three types of online attack on our privacy and data — and only two are considered crimes. “Do we blindly trust any future government? Because any right we give away, we give away for good.”


Kindle Fire

So in searching for a little more information on the new Kindle that Amazon have launched in the UK I stumbled across the fact that in the US they have launched two new additional model, a touchscreen version and the Kindle Fire. The Kindle Fire is a colour touchscreen dual-core tablet with a 7″ screen and 8GB of storage, all for $199. One of the key features of the Kindle Fire is the Amazon Silk web browser that will dramatically improve the web browsing experience for the user by utilizing the Amazon Web Services cloud to act as a form of proxy server and carry out much of the computational load of displaying a webpage which might contain elements from many different servers thus requiring many requests to many different IPs. In addition through analysis of web requests flowing through the Amazon Web Services cloud they can predict the most likely next page a user might browse to and preload that page in the background as the user views the original page again decreasing the time waiting for a page to load.

Have Amazon created the first viable non-iPad tablet by not copying the iPad?

What most tablet manufacturers have failed to realise is that the iPad is a success not solely because of its form but because of its ecosystem also. Android tablets generally are too variable to be considered a coherent set of hardware sharing the same ecosystem.

But I believe that Amazon will succeed with the Fire because they are not going after the niche currently occupied by Apple instead they have created a device whose purpose is to help sell more products through Amazon. Despite productivity tools such as word processors, spreadsheet apps and photo editing apps being available on iPad tablets are essentially devices for consuming content not they are pretty lousy for producing content. Amazon have realised this and produced the optimal content consumption device and ecosystem.


100 Million Facebook account details on BitTorrent

The BBC reports that details of 100m Facebook users has been collected and published online via BitTorrent.

The BBC story takes a little less freaked line than The Telegraph, but it’s not as if this was a security breach that caused private data to be exposed as Facebook says this was all public in any case.

Ron Bowes of SkullSecurity reportedly wrote a program to download millions of the public profiles of Facebook users in order to assist the development of the Nmap Security Scanner and the Ncrack tool by creating a database of usernames typically used by people.

Mr Bowes said his original plan was to “collect a good list of human names that could be used for these tests”.

“Once I had the data, though, I realised that it could be of interest to the community if I released it, so I did,” he added.

Mr Bowes confirmed that all the data he harvested was already publicly available but acknowledged that if anyone now changed their privacy settings, their information would still be accessible.

“If 100,000 Facebook users decide that they no longer want to be in Facebook’s directory, I would still have their name and URL but it would no longer, technically, be public,” he said.

It has been played down by people who have likened it to creating a telephone directory. However the question of whether users explicitly consented to be in such a directory is not easily answered as Facebook’s privacy settings seem to be too complicated for a sizable percentage of their users to understand.


HTTPS Everywhere

EFF and the Tor Project have launched a Firefox extension called HTTPS Everywhere. The extension forces the browser to connect using https with every website that offers the facility to do so. With the increasing occurence of sidejacking of web sessions where the site only uses SSL for authentication but not for the whole session this extension should be installed by everyone.

Computing Security

Stuck in London. Need money quick. Facebook hacked.

Help! My Gmail and Facebook accounts have been stolen and the passwords changed. Someone I know just called to tell me that he got an email saying that I’m in London in a hospital and need money immediately. What do I do?

Firstly report the fact that your account has been hacked to Facebook and Google using the following links.


Next notify any close friends or family that your accounts have been hacked and to ignore any pleas to send money.

If you get your accounts returned I recommend using to create a new password.

Computing Copyright

Digital economy bill passed – file-sharing will carry on regardless

The Digital economy bill has been passed and now just awaits the Royal Assent.

I think that the bill will spectacularly fail to prevent file-sharing instead it will be a boon for the companies that offer virtual private networking services and teenagers will start file-sharing offline by exchanging DVD-ROMs full of MP3s.

I’m torn with regard to the Liberal Democrats as my local MP is Don Foster who not only voted against the bill, but was present at the barely attended second reading of the bill and argued against it in the debate. I’m displeased with the party as a whole though as they didn’t oppose the bill and it was Lib Dem peers Lords Razzall and Clement Jones who sought to amend the Digital Economy Bill to allow site blocking for copyright infringement, although in the end that clause was dropped.

Computing Microsoft

Removing administrator rights fixes 90 percent of Windows 7 vulnerabilities

Ars Technica reports that 90 percent of Windows 7 flaws fixed by removing admin rights

After tabulating all the vulnerabilities published in Microsoft’s 2009 Security Bulletins, it turns out 90 percent of the vulnerabilities can be mitigated by configuring users to operate without administrator rights, according to a report by BeyondTrust.

Ars Technica describes this as being good news for IT departments who can reduce security breaches by mandating the use of the ‘Standard User’ account, but it is still not common practice for home users to do the same.


The fundamental problem with the PDF format

Mikko of F-Secure argues that the ongoing security problems with Adobe Acrobat Reader, which is now the primary vector for malware having overtaken Microsoft Word sometime in 2009, is to do with fundamental issues with the PDF format itself.

Looking at the 756 page specification document (PDF format naturally) one finds details about how to embed all kinds of things from multimedia to executable JavaScript into PDF files.

So using an alternative to Adobe Acrobat Reader such as the Foxit Reader is not the solution as it is just as vulnerable due to including the same functionality as Adobe Acrobat Reader. There might be alternative PDF readers that simply render the documents without the additional functions but another secure workaround is to open them up in Google Docs.