OPSEC

REVIEW: “Rainbows End”, Vernor Vinge

BKRNBSND.RVW   20130525

“Rainbows End”, Vernor Vinge, 2006, 0-312-85684-9, U$25.95/C$34.95
%A   Vernor Vinge
%C   175 Fifth Avenue, New York, NY  10010
%D   2006
%G   0-312-85684-9
%I   Tor Books/Tom Doherty Assoc.
%O   U$25.95/C$34.95 pnh@tor.com www.tor.com
%O  http://www.amazon.com/exec/obidos/ASIN/0312856849/robsladesinterne
http://www.amazon.co.uk/exec/obidos/ASIN/0312856849/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0312856849/robsladesin03-20
%O   Audience i+ Tech 2 Writing 3 (see revfaq.htm for explanation)
%P   364 p.
%T   “Rainbows End”

It is always a pleasure to read something from Vinge.  His characters are interesting, his plots sufficiently convoluted, and his writing clear and flowing.  In addition, for the geek, his understanding of the technology is realistic and fundamental, which makes a change from so many who merely parrot jargon they do not comprehend.

Of course, this is future technology we are talking about, so none of it is (currently) real.  But it could be, without the wild flights of illogic that so abound in fiction.

In this book, we have a future with interconnectedness around the globe.  Of course, this means that there are dangers, in regard to identity and authentication.  The new technology protects against these dangers with a Secure Hardware Environment.  (Or SHE, and, since the DHS mandates that everyone must use it, does that make it SHE-who-must-be-obeyed?)

Encryption is, of course, vital to the operations, and so is used a lot, often in multiple layers.  It is probably a measure of the enjoyability of Vinge’s work that I really didn’t take note of the fact that two of the characters were named Alice and Bob.  Not, that is, until late in the volume, when the author also briefly introduces a character named Eve Mallory.

copyright, Robert M. Slade   2013   BKRNBSND.RVW   20130525

CyberSec Tips – “Computer Maintenance Department”

I got a call today from “James,” of the “computer maintenance department.”

I suppose this may work better against those who actually have a computer maintenance department.  Since I’m self-employed, it’s pretty obvious that this is phony.  Sometimes, though, “James” or his friends call from Microsoft or other such possibilities.

Just in case anyone doesn’t know, these are false, attempts to get you to damage your own computer, or install something nasty.  They can then charge you for spurious repairs, add you to a botnet, or mine your computer for account information.

Oh, and also, as chance would have it, today I got my first completely automated spam/fraud/telemarketing call: a computer generated voice and voice response system, asking how I was, and then, when I didn’t respond, was I there.  Probably would have been fun to try and push the limits of it’s capability, but I didn’t have time …

Cyberbullying, anonymity, and censorship

Michael Den Tandt’s recent column in the Vancouver Sun is rather a melange, and deserves to have a number of points addressed separately.

First, it is true that the behaviours the “cyberbullying” bill address, those of spreading malicious and false information widely, generally using anonymous or misleading identities, do sound suspiciously close to those behaviours in which politicians engage themselves.  It might be ironic if the politicians got charged under the act.

Secondly, whether bill C-13 is just a thinly veiled re-introduction of the reviled C-30 is an open question.  (As one who works with forensic linguistics, I’d tend to side with those who say that the changes in the bill are primarily cosmetic: minimal changes intended to address the most vociferous objections, without seriously modifying the underlying intent.)

However, Den Tandt closes with an insistence that we need to address the issue of online anonymity.  Removing anonymity from the net has both good points and bad, and it may be that the evil consequences would outweigh the benefits.  (I would have thought that a journalist would have been aware of the importance of anonymous sources of reporting.)

More importantly, this appeal for the banning of anonymity betrays an ignorance of the inherent nature of networked communitcation.  The Internet, and related technologies, have so great an influence on our lives that it is important to know what can, and can’t, be done with it.

The Internet is not a telephone company, where the central office installs all the wires and knows at least where (and therefore likely who) a call came from.  The net is based on technology whish is designed, from the ground up, in such a way that anyone, with any device, can connect to the nearest available source, and have the network, automatically, pass information to or from the relevant person or site.

The fundamental technology that connects the Internet, the Web, social media, and pretty much everything else that is seen as “digital” these days, is not a simple lookup table at a central office.  It is a complex interrelationship of prototcols, servers, and programs that are built to allow anyone to communicate with anyone, without needing to prove your identity or authorization.  Therefore, nobody has the ability to prevent any communication.

There are, currently, a number of proposals to “require” all communications to be identified, or all users to have an identity, or prevent anyone without an authenticated identity from using the Internet.  Any such proposals will ultimately fail, since they ignore the inherent foundational nature of the net.  People can voluntarily participate in such programs–but those people probably wouldn’t have engaged in cyberbullying in any case.

John Gilmore, one of the people who built the basics of the Internet, famously stated that “the Internet interprets censorship as damage and routes around it.”  This fact allows those under oppressive regimes to communicate with the rest of the world–but it also means that pornography and hate speech can’t be prevented.  The price of reasonable commuincations is constant vigilance and taking the time to build awareness.  A wish for a technical or legal shortcut that will be a magic pill and “fix” everything is doomed to fail.

CyberSec Tips: E-Commerce – tip details 2 – fake sites

Following on with some more of the tips from an earlier post, originally published here:

The next three tips are pretty straightforward, and should be followed:
Don’t click on offers in email.
If it sounds too good to be true, don’t fall for it.
Don’t fall for fake eBay or PayPal sites.

Good advice all around.  In terms of fake eBay or PayPal sites, check the URLs, if you can see them, or the places you end up.  Often fraudsters will try and register sites with odd variations on the name, such as replacing the lower case letter l in PayPal with a digit 1, which can look similar: paypal.com vs paypa1.com.  Or they will send you to a subdirectory on either a legitimate site (for example, googledocs.com/paypal) or on a straight scam site (frauds.ru/paypal).  Or sometimes the URL is simply a mess of characters.  If the site isn’t pretty clearly the one you want, get out of there.