Off Topic

A virus too big to fail?

Once upon a time, many years ago, a school refused to take my advice (mediated through my brother) as to what to do about a very simple computer virus infection.  The infection in question was Stoned, which was a boot sector infector.   BSIs generally do not affect data, and (and this is the important point) are not eliminated by deleting files on the computer, and often not even by reformatting the hard disk.  (At the time there were at least a dozen simple utilities for removing Stoned, most of them free.)

The school decided to cleanse it’s entire computer network by boxing it up, shipping it back to the store, and having the store reformat everything.  Which the store did.  The school lost it’s entire database of student records, and all databases for the library.  Everything had to be re-entered.  By hand.

I’ve always thought this was the height of computer virus stupidity, and that the days when anyone would be so foolish were long gone.

I was wrong.  On both counts.

“In December 2011 the Economic Development Administration (an agency under the US Department of Commerce) was notified by the Department of Homeland Security that it had a malware infection spreading around its network.

“They isolated their department’s hardware from other government networks, cut off employee email, hired an outside security contractor, and started systematically destroying $170,000 worth of computers, cameras, mice, etc.”

The only reason they *stopped* destroying computer equipment and devices was because they ran out of money.  For the destruction process.

Malware is my field, and so I often sound like a bit of a nut, pointing out issues that most people consider minor.  However, malware, while now recognized as a threat, is a field that extremely few people, even in the information security field, study in any depth.  Most general security texts (and, believe me, I know almost all of them) touch on it only tangentially, and often provide advice that is long out of date.

With that sort of background, I can, unfortunately, see this sort of thing happening again.


Lest you think I exaggerate any of this, you can read the actual report.

REVIEW: “Consent of the Networked”, Rebecca MacKinnon

BKCNSNTW.RVW   20121205

“Consent of the Networked”, Rebecca MacKinnon, 2012, 978-0-465-02442-1, U$26.99/C$30.00
%A   Rebecca MacKinnon
%C   387 Park Ave. South, New York, NY   10016-8810
%D   2012
%G   978-0-465-02442-1 0-465-02442-1
%I   Basic Books
%O   U$26.99/C$30.00 special.markets@perseusbooks.com
%O  http://www.amazon.com/exec/obidos/ASIN/0465024421/robsladesinterne
%O   http://www.amazon.ca/exec/obidos/ASIN/0465024421/robsladesin03-20
%O   Audience n Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   294 p.
%T   “Consent of the Networked: The Worldwide Struggle for Internet Freedom”

In neither the preface nor the introduction is there a clear statement of the intent of this work.  The closest comes buried towards the end of the introduction, in a sentence which states “This book is about the new realities of power, freedom, and control in the Internet Age.”  Alongside other assertions in the opening segments, one can surmise that MacKinnon is trying to point out the complexities of the use, by countries or corporations, of technologies which enhance either democracy or control, and the desirability of a vague concept which she refers to as “Internet Freedom.”

Readers may think I am opposed to the author’s ideas.  That is not the case.  However, it is very difficult to critique a text, and suggest whether it is good or bad, when there is no clear statement of intent, thesis, or terminology.

Part one is entitled “Disruptions.”  Chapter one outlines a number of stories dealing with nations or companies promising freedom, but actually censoring or taking data without informing citizens or users.  The “digital commons,” conceptually akin to open source but somewhat more nebulous (the author does, in fact, confuse open source and open systems), is promoted in chapter two.

Part two turns more directly to issues of control.  Chapter three concentrates on factors the Republic of China uses to strengthen state censorship.  Variations on this theme are mentioned in chapter four.

Part three examines challenges to democracy.  Chapter five lists recent US laws and decisions related to surveillance and repression of speech.  The tricky issue of making a distinction between repression of offensive speech on the one hand, and censorship on the other, is discussed in chapter six.  The argument made about strengthening censorship by taking actions against intellectual property infringement, in chapter seven, is weak, and particularly in light of more recent events.

Part four emphasizes the role that corporations play in aiding national censorship and surveillance activities.  Chapter eight starts with some instances of corporations aiding censorship, but devolves into a review of companies opposed to “network neutrality.”  Similarly, chapter nine notes corporations aiding surveillance.  Facebook and Google are big, states chapter ten, but the evil done in stories given does not inherently relate to size.

Part five asks what is to be done.  Trust but verify, says (ironically) chapter eleven: hold companies accountable.  MacKinnon mentions that this may be difficult.   Chapter twelve asks for an Internet Freedom Policy, but, since the author admits the term can have multiple meanings, the discussion is fuzzy.  Global Information Governance is a topic that makes chapter thirteen apposite in terms of the current ITU (International Telecommunications Union) summit, but the focus in the book is on the ICANN (Internet Committee on Assigned Names and Numbers) top level domain sale scandals.  The concluding chapter fourteen, on building a netizen-centric Internet is not just fuzzy, but full of warm fuzzies.

There are a great many interesting news reports, stories, and anecdotes in the book.  There is a great deal of passion, but not much structure.  This can make it difficult to follow topical threads.  This book really adds very little to the debates on these topics.

copyright, Robert M. Slade   2013   BKCNSNTW.RVW   20121205

Risk analysis, traffic analysis, and unusual factors

Canadian terrorists strike again: apparently we are responsible for taking down a major piece of transportation infrastructure, vis, the I-5 bridge over the Skagit river at Mount Vernon.

A friend in Seattle assures me that, while he is disappointed in us, he holds no grudges, and is willing to warn us if he hears of any drone strikes planned for north of the border.

(Allow me, for a moment, to examine this “oversized load” on which everyone is blaming the collapse.  Image 2 in the slide deck [if they don’t change it] is this “oversized load.”  You will notice that it is basically an empty box with the two sides missing, and has, relatively, zero structural rigidity.  If a ding from that kind of load brought the bridge down [and didn’t even collapse the load itself], the bridge was definitely unsafe.)

I drive that route regularly, and, when I heard that a bridge had gone down, that bridge was the first one I thought of.  I have always felt unsafe crossing it.  There is a wrongness about it you can just feel.

It’s also ugly.  And I am reminded of an essay by an engineer who said that bridges were the most beautiful products of all forms of engineering.  A properly designed bridge has curves, and those curves just feel right.  They are beautiful.

So, if you ever have questions about a bridge, and you don’t have enough facts to go on, just look at it.

If it’s ugly, don’t cross it.

REVIEW: “Cloud Crash”, Phil Edwards

BKCLDCRS.RVW   20101009

“Cloud Crash”, Phil Edwards, 2011, 978-1466408425, U$9.99
%A   Phil Edwards PhilEdwardsInc.com philipjedwards@gmail.com
%C   Seattle, WA
%D   2011
%G   978-1466408425 1466408421
%I   CreateSpace Independent Publishing Platform/Amazon
%O   U$9.99
%O  http://www.amazon.com/exec/obidos/ASIN/1466408421/robsladesinterne
%O   http://www.amazon.ca/exec/obidos/ASIN/1466408421/robsladesin03-20
%O   Audience n Tech 2 Writing 1 (see revfaq.htm for explanation)
%P   386 p.
%T   “Cloud Crash”

To a background of the Internet crashing, and opposed by a conspiracy that has penetrated the highest levels of government, two (no, make that three … err … four … better say five …) groups of individuals race to save the world from … a stock market fraud?  hostile takeover? aliens?  (No, I’m pretty sure the aliens were a red

The story and inconsistent characterizations could use some work, and the plot twists don’t make it very easy to follow what is going on.  It’s fairly easy to tell who the good and bad guys are: the politics and philosophy of the book are fairly simple, and one is reminded of the scifi and comics of the 30s and 40s, with heavily anti-fascist and (ironically) right-wing rhetoric.

It would be tempting to dismiss the work as a simple “jump on the latest buzzword” potboiler, were it not for the fact that the technology is fairly realistic.  Yes, right now everyone is jumping on the cloud bandwagon without much regard for real security.  Yes, if you wanted to make a big (and public) splash on the Internet, without doing too much permanent damage, taking down power supplies would still leave the data intact.  (Of course, an axe would do just as good a job as bombs …)

So, while the story isn’t great, at least the technology is less annoying than is normally the case …

copyright, Robert M. Slade   2012     BKCLDCRS.RVW   20101009