« June 2006 | Main | August 2006 »

July 23, 2006

International Campaign Against Mass Surveillance

I concur with the findings of the International Campaign Against Mass Surveillance and back their efforts to provide oversight in the intelligence War on Terror.

My fear is that the battle against Terorrism will destory democracy - ensuring that the terrorists win after all.

Here is the ICAMS Campaign Declaration:

Global security and the “war on terror” now dominate the global political agenda. Driven largely by the United States, a growing web of anti-terrorism and security measures are being adopted by nations around the world. This new “security” paradigm is being used to roll back freedom and increase police powers in order to exercise increasing control over individuals and populations.

Within this context, governments have begun to construct, through numerous initiatives, what amounts to a global registration and surveillance infrastructure. This infrastructure would ensure that populations around the world are registered, that travel is tracked globally, that electronic communications and transactions can be easily monitored, and that all the information that is collected in public and private databases about individuals is stored, linked, data-mined, and made available to state security agents.

The object of the infrastructure is not ordinary police work, but mass surveillance of entire populations. In its technological capacity and global reach, it is an unprecedented project of social control. Already, the United States and other countries are aggressively using information gathered and shared through this infrastructure to crack down on dissent, close borders to refugees and activists, and seize and detain people without reasonable grounds.

And, all of this is taking place at a time when the U.S. and its allies are maintaining a system of secret and extraterritorial prisons around the world, in which unknown numbers of prisoners are facing indefinite, arbitrary detention and torture.

The current situation reaches beyond the issue of privacy as it is often encountered in everyday life. What we are confronting are intrusions that reach to the very nature of the relationship between the individual and the state. Basic justice and human rights are at stake, and this will affect us all.

Governments around the world must abandon the intrusive and discriminatory measures inherent in the practice of mass registration and surveillance, and put the genuine protection and development of citizens – in the fullest sense, including the protection of our rights – at the centre of any approach to “security”:

* All data collection, storage, use, analysis, data mining and sharing practices that erode or are contrary to existing data protection, privacy and other human rights laws and standards must stop immediately. Governments must resist efforts by the United States and other countries to pressure them into weakening their existing privacy standards.

* Mechanisms must be put in place to allow individuals to correct personal data and challenge misuse (including placement on a “watch list”).

* International transfers of personal data between states should occur only within the context of formal agreements and under internationally recognized data-protection principles.

* Governments must stop the wholesale, indiscriminate collection and retention of information on citizens, including the acquisition of databanks from private companies.

* Governments must halt implementation of a universal biometric passport and the creation of “sharing standards” for passenger name record (PNR) information until the issue has been openly debated at the national level and privacy and other human rights protections are established.

Inter-governmental bodies must commit to operating with greater openness and accountability. They must not become a means of circumventing civil liberties and democratic processes at the national level. Any initiatives must respect existing data protection, privacy and other human rights laws and standards.

The United Nations – particularly the Office of the High Commission for Human Rights – must use all available mechanisms for the protection and promotion of human rights to urgently address the threat posed by the development of the global surveillance infrastructure.

We invite individuals and organizations around the world to endorse this Declaration, and to circulate it as widely as possible. Your voice is needed to strengthen the International Campaign Against Mass Surveillance!

I recommend supporting ICAMS if you are concerned about the all-pervading nature of perpetual surveillance culture in the 21st Century New Cold War.

You can find the full ICAMS report here (pdf) - it makes interesting reading - but I can sum it up in a single quote

When everyone is perpetually watched to see if they are a potential security threat then everyone is a potential security threat.

To which I can only add - we are all "the enemy" now ....

Tags: , , , , , ,

Posted by Dr. K at 1:46 PM | | Comments (1)

July 17, 2006

The Wisdom of the Herd

What is today's top story online? Click here to decide.

Michael Arrington, a popular blogger on new Internet businesses ( www.techcrunch.com), caused a stir last month when he said Digg ( www.digg.com) looked as though it was close to equaling The New York Times in one measure of online readership. "Digg is looking more and more like the newspaper of the Web," Mr. Arrington concluded in a post on his popular blog. According to Alexa.com, which tracks Web traffic, the news-aggregating site begun in late 2004 also has more online traffic than The Washington Post, the Los Angeles Times, The Wall Street Journal, or USA Today.
More traffic does not equal quality - digg is becoming a site where the "Wisdom of the Herd" has become commonplace - it reminds me of USENET circa 1990-1994 - flame wars, insults and cliques.

Try watching the "upcoming" stories sometime - why does somebody come online and then digg umpteen stories within seconds? Surely that person hasn't actually read those stories?

What is happening here to skew the news?

Well the demographic profile is one - people like "dirtyfratboy" on digg have a lot of time to spare - indicating that they are either retired - or well - a dirtyfratboy who finds digg more appealing that studying . Who knows?

The "Wisdom of the Herd is another factor that skews the choice of news - currently diggers try and create an imaginary hierarchy, a popularity contest which is determined solely by the number of posts, comments and votes submitted - rather than acting like real editors, submitting, voting and commenting on things they might actually be interested in.

This populist approach to news means the only news you will ever get digg from has almost certainly been chosen by tech-obsessed 14-25 year old males - which is exactly the demographic which digg can make money from.

It is not for nothing that there are three Google Ads above the fold ...

But my problem isn't really with digg as such - it is only tapping into the new craze.

My problem is with this whole "Wisdom of the Crowd" thing.

It looks at the "crowd" as though they had some God-like oversight that guarantees the delivery of content which is both timely and interesting - but they don't - they only know what is popular for them.

Using the "Wisdom of the Herd" can lead to problems - look at the "Tulip Bubble", the "South Sea Bubble" and other follies of mass-delusion.

Look at the manipulation of the "Wisdom of the Herd" by Fascists such as Hitler and Communists such as Stalin.

Look at the manipulation of the "Wisdom of the Herd" by MSM, spin doctors and religious leaders all over the world.

Another problem with digg is that there are so many duplicates, old stories and lame bits of rubbish promoted on digg, that I despair of the front page sometimes. Is this really what passes for "news"?

Or have these people got collective amnesia? Didn't I read that last week, last month, last year or sometime back in the 70's ..

Sites like digg - which rely on the "Wisdom of the Herd" - fall foul of power law distributions in their curves - and are actually making it even harder to explore The Long Tail of news.

On digg the "Long Tail of News" doesn't exist - it gets buried or ignored.

Even now digg has no place for Extreme Sports News - not even under entertainment.

The reason why digg clones such as Pligg and CrispyNews are so popular is that people can set up "digg-style" sites that explore the news that they are interested in - rather than try and submit it to digg and have it disappear because either there is no suitable category or it doesn't appeal to the digg demographic spread..

In short digg is not delivering the goods for me - yet I have identified the problem not with digg itself - but with the "Wisdom of the Herd" - the idea that if everyone votes on the news we will end up with a "newspaper" "by the people, for the people".

What we actually end up with is actually the 99% of rubbish which is popular with a narrow demographic - a bit like old mainstream media really ...

Tags: , , , , ,

Posted by Dr. K at 10:30 AM |

New Cold War or World War III - Part 2

Upping the levels of rhetoric and propaganda: Part 2 - from The Observer

However, it may be that a fuse has been lit. 'The nightmare scenario is war in Gaza, widespread war against the Israelis in Lebanon and between factions, Syria and Iran being dragged into the conflict and a steady escalation from there to who knows where, widespread conflict, oil prices through the ceiling, bombs going off all over the place' said the diplomat. 'You don't usually see the nightmare scenario evolve in the Middle East but, if it does, we are all in deep, deep trouble.'
Indeed - the main feature of any Cold War is the repeated escaltion of conflicts by proxy agents which increase the levels of paranoia for everyone.

The threat of a real "shooting war" is enough to justify increased surveillance, cointelpro and other activities designed to fight the "Enemy Within" on the "Home Front".

All this increased surveillance and monitoring of citizens leads me inexorably to conclude: that:
When everyone is perpetually watched to see if they are a potential security threat then everyone is a potential security threat.
and that -
We are all 'the enemy" now.

Tags: , , , , ,

Posted by Dr. K at 3:19 AM |

New Cold War - or World War III?

I think this is called "upping the rhetoric and propaganda levels" - Gingrich says it's World War III

Former U.S. House Speaker Newt Gingrich says America is in World War III and President Bush should say so. In an interview in Bellevue this morning Gingrich said Bush should call a joint session of Congress the first week of September and talk about global military conflicts in much starker terms than have been heard from the president.

"We need to have the militancy that says 'We're not going to lose a city,' " Gingrich said. He talks about the need to recognize World War III as important for military strategy and political strategy.
Does Newt Gingrich really believe that we are "in" WWIII - or is he gearing up for a possible run at the presidency of the USA and is trying to sound tougher than the President about prosecuting the war against terror?

Tags: , , , ,



Posted by Dr. K at 2:40 AM |

July 12, 2006

9 Years for Wi-Fi Crime

Wired News: Crazy-Long Hacker Sentence Upheld

They discovered that at two of the stores -- in Long Beach, California, and Gainseville, Florida -- the pair had modified a proprietary piece of software called "tcpcredit" that Lowe's used to handle credit-card transactions, changing the program so it would stash customer's credit-card numbers where the hackers could retrieve them later. The program had collected only six credit-card numbers when it was discovered.
I'm not sure calling these guys "hackers" is correct - as far as I am concerned it looks like their only motive was crime - and the tools they used to attempt to commit the crime were computers rather than sawn-off shotguns.

These people are criminal hackers - true blackhats - who by their own admission wanted to install the modified code in every outlet to harvest credit card data - not hackers who explore networks, nor script kiddies who DoS everything in sight, nor organised Hacktivist groups such as Team Evil-Arab.

I can't say I am going to lose any sleep over this decision - online theft is crime, and criminal "hackers" deserve to be caught - so the rest of the Hackers can get on with playing with the Internet in peace and not get tarred with the "blackhat" brush.

Tags: , , , , ,

Posted by Dr. K at 1:11 PM | | Comments (4)

Sanitised by Consent

I couldn't resist commenting on this article from Information Week. Hollywood Victory In Film-Sanitizing Suit Imperils Mash-Ups

Last week, four companies that rent and sell Hollywood films stripped of their original sex, violence, and profanity were found to be violating copyright law.
I have been sanitising the output of big media for a while now and have thoughtfully made the edited films available for everyone to share - just follow this link - /dev/null

Now you can watch only the best bits of all those Hollywood "blockbusters" - which are actually second rate imitations of bad comic books, tired re-treads of old sixties tv shows, just plain utter rubbish that only got made because the star was bankable - or all three ...

Also if you haven't got ADSL you can still watch all the best bits for free without running up a huge telephone bill.

Hey! Don't thank me!!

I'm doing Big Media a favour by distributing this stuff and doing their PR for them

Don't forget - you can copy anything you find in /dev/null/ and distribute it - after all the original is still there isn't it .

Tags: , , , ,

Posted by Dr. K at 3:34 AM |

July 9, 2006

NSA Net Wargames

A recent NSA excerise in net security - Security agency war game tries to teach Net defense | CNET News.com - has come up with a set of regulations that might be a little familiar They shuld have asked me - these are like CompSec 101

Aside from a streamlined network architecture, MacTaggart and his NSA colleagues offered three other rules of thumb:

• Follow a "deny by default" policy--that is, allow network users to access only the ports and services they truly need. "If you don't know that you need it, turn it off," said Pablo Breuer, who led the NSA's "red team" of hackers. "If someone comes screaming to you, ask them to prove they need the service."

• Remove all services, software and user accounts that aren't necessary to run a particular server. They "can be disabled, but it's better to go an extra step and have (them) completely removed," MacTaggart said.

• Plan for disasters. "No matter how well-designed the network is," MacTaggart said, "there's going to be some sort of security incident, an outage, a hard-drive failure."

At least they tried to simulate a "real world" situation:
In hopes of simulating a real-world situation, the attackers made a point of using the most publicly known exploits during the competition. They also took advantage of common mistakes like the use of weak passwords or the same passwords on multiple systems, and targeted security holes in Microsoft Windows that have readily available patches.
Again there are the same problems with these kinds of simulations that I found in the recent simulated cyber attack - no people - and as any IT security analyst knows - people are the weakest link in any IT chain.

Where were the Social Engineering attacks?

They would have been impossible to run - suppose team A phoned up team B and said "hey this is your ISP and we are checking for problems - what it your ID? hmmm ... we have a problem here - do you have your password handy?" - would they have fell for it?

Very unlikely - because they knew they were doing an excercise.

Simulations like this can never replicate the human factor and the applicaton of Murphy's Law - the "fog of war" that all military planners have to cope with.

So what did we learn from this simulation excercise? - a bunch of stuff that I recommended back in 2000 when I wrote Complete Hacker's Handbook

1) Deny by default:
... start by excluding everything and add what you need. Rememer that it is far easier to lock things down really tightly, and then loosen the bits that need loosening, than it is to make everyting loose and then lock down the bits you don't trust.

2) Remove all unused services and software
Turn off all services that are not being used ... remove completely any software that is not on use on the machine.

3) Plan for disaster
If .. your entire building is wiped out overnight you must have a business continuity plan that includes IT disaster recovery .. (this) plan .. needs to be documented and checked every year to make sure it works.

What I want to know is why it took so long for the NSA to come these conclusions when they could have bought a copy of my book and learned it 6 years ago

If it takes the NSA six years to catch up with what was accepted wisdom 6 years ago - what chance have they of catching hackers or fending off a full scale information warfare cyber-attack?

Enquiring minds want to know ...

Tags: , , , , , , ,

Posted by Dr. K at 1:34 PM |

July 8, 2006

UK Parlimentary Piracy Report

The UK Government have just released their report on piracy - it doesn't make happy reading.
House of Commons - Transport - Eighth Report

Since 1992, there have been a total of 3,583 piratical attacks worldwide. This represents an increase from 1993 to 2005 of 168%. In the same period, 340 crew members and passengers died at the hands of pirates, and 464 received injuries. In 2005 alone piracy resulted in over 150 injuries and assaults and over 650 crew members were taken hostage or kidnapped.

These statistics may appear modest by contrast with the casualties suffered in other violent conflicts. But these attacks were not sustained in a violent conflict. They were suffered by innocent people travelling lawfully by sea. Even one such attack is one too many.
Technology designed to make life safer at sea has been used by pirates to locate and attack ships:
New technology designed to ensure that ships can be located at all times does, in the hands of pirates, has the potential to assist pirates to identify and track down high value cargoes and to attack vessels at sea. We want to know what the UK Government is doing to find out how pirates are gaining access to sophisticated technologies; and what it is doing to help to deny them the use of these technologies.

On the links between Piracy and possble terrorist threats:
Piracy provides a tempting and successful demonstration to terrorists of what can be achieved with relatively straightforward equipment and organisation. Well organised and determined terrorists could take control of a ship and use it to achieve terrible ends. Dangerous cargo could be seized and used as a weapon; the ship itself could be used as a weapon; hostages could be taken.

On the modern image of Piracy:
The popular image of piracy as a joke is redundant and has failed to keep pace with reality. The Government must now consider what imaginative and practical measures might be taken to broaden the public understanding of piracy as a brutal and cowardly crime.
It might be a good idea to encourage people to understand that a pirate is not someone who performs copyright theft , a pirate is not a joke and is not somebody who indulges in copyright violation theft or a spot of P2P downloading.

The report concludes by saying that the UK government is failing in its obligations to tackle Piracy:
What the Government must demonstrate is practical action that international cooperation is succeeding in making piracy a thing of the past. That is woefully lacking. So far from destroying piracy, it is growing; and the Government does not even know the scale of the problem. That is failure by any measure. The Government needs to demonstrate a new level of commitment in tackling piracy.

The Piracy problem has been growing for years unoticed - while the MPAA & RIAA have gone out of their way to brand any copyright violators "pirates" - the public has come to regard Piracy as a joke - meanwhile the Real Pirates have carried out their acivites unhampered.

Tip of the hat to wtwu Tags: , , , , ,

Posted by Dr. K at 2:32 PM | | Comments (1)

July 7, 2006

The Evil of Piracy

This article from The Times Online highlights the global problem caused by Real Pirates

Romantic gloss 'blinds public to the evil of piracy

PIRACY on the high seas, given a romantic gloss by films such as Pirates of the Caribbean, is a growing risk to seafarers, with 340 deaths since 1992.

The number of attacks has grown fivefold since the late 1980s, from 50 a year to more than 250 in each of the past seven years, according to a report by MPs. Last year there were 264 reported attacks, including an attempt to hijack the Seabourn Spirit, a cruise ship carrying British passengers, off Somalia.

More than 650 passengers and crew were taken hostage from ships last year; 152 were injured and 11 remain missing. Victims are often thrown overboard and left to drown. In 2003 British officers on board an Isle of Man-registered supply ship were held hostage until a ransom was paid.

I've said it before and I'll say it again:

Piracy - it isn't copyright theft and it isn't funny either.

Lets crack down on the Real Pirates.

Tags: , , , , ,

Posted by Dr. K at 3:31 PM |

Gary McKinnon to be Extradited

This news from the Guardian Unlimited does not surprise me:

A Briton accused of hacking into the Pentagon's computers is to be extradited to the US, the Home Office has confirmed. Gary McKinnon, from north London, stands accused of what American prosecutors call the "biggest military hack of all time", and potentially faces a sentence of 70 years if found guilty.
I am saddened by the decision to extradite Gary McKinnon to the US for trial. I have already asked Who breaks a butterfly on the wheel? in an earlier posting, but now it seems that the US government are determined to have a "show trial" in the US to cover up their own inadequacies in securing the Milnet sites that were hacked.

Lets not forget - Gary McKinnon gained access to these systems not because he is some master hacker - he gained access because the systems adminstrators at the Milnet sites didn't change the default password on a piece of remote desktop software used for support.

Gary McKinnon is not like criminal hackers who infect computers with viruses, spyware and botnets in order to perform "click fraud", he is not like criminal hackers who steal credit card numbers and set up "phishing" sites in order to perfom identity theft, nor is he like Team Evil Arab who recenty defaced over 700 websites as a protest against the Israeli incursions into Gaza.

Will the decision to extradite and try Gary McKinnon in the USA do anything to stop the real threats on the Internet ?

Or this just more spin designed to calm public fears while doing nothing to make us safer?

Enquiring minds want to know ...

Tags: , , ,

Posted by Dr. K at 12:05 PM | | Comments (6)

July 5, 2006

Crispy News & Digg Clones

I've just spent a morning using the Crispy News website tools to make a near "digg" clone - but focused on Extreme Tales

I cheated a little - by recycling old Extreme Tales blogposts to fill it up with news a bit - but it allowed me to get a feel for the interface and figure out what I could and couldn't do.

I use digg quite a lot - but the emphasis is on technology - the recent update to digg v3 included video games - but no sports of any description, not even under "entertainment" - and nothing about Extreme Sports either.

So I have built my own digg clone thingy totally focused on Extreme Sports - you can try it here - and please add stories, vote on some stories and give some feedback - and it does RSS as well.

I'll report back in the future about how it goes - early days yet ....

Tags: , , , , ,

Posted by Dr. K at 3:56 PM | | Comments (2)

July 4, 2006

Freighter fights off pirates

CNN.com - Japanese freighter fights off pirates - Jul 4, 2006

The attacks raised concerns about a resurgence of piracy in the strait, one of the world's busiest shipping lanes and a key link between Asia and Europe.

In the latest attack, pirates on an unlit speedboat off Indonesia's Sumatra island followed the 26,989-gross-tonnage Japanese ship and tried to board it from the stern, said Noel Choong, chief of the International Maritime Bureau's piracy reporting center in Kuala Lumpur.
Yet more Real Piracy in Malyasia - luckily not as bad as other incidents.
He said no injuries were reported among the all-Indonesian crew aboard the two boats, but the pirates stole and damaged equipment on the first ship and robbed the crew of cash and personal belongings on the other. The ships had been chartered by the U.N. World Food Program.
Real Piracy is a real problem - not just some over hyped propaganda exercise by the RIAA/MPAA who are worried about copyright violation theft - and it needs to be tackled before it gets out of hand. Experience shows that tackiling piracy needs regular pro-active patrols by Navy and Coastguard to prevent attacks :
The Strait of Malacca had been one of the most pirate-infested areas in the world, but attacks fell to an all-time low last year after increased naval patrolling by Indonesia and its neighbors.
Piracy is a genuine problem in many parts of the world - its is a transnational crime that can be commited to a ship from any nation at any time.

Isn't it time the major maritime nations got together and formed an Anti-Piracy taskforce to gather and share information about the activities of pirates and to run regular patrols in the most affected areas?

Apart from the high cost of piracy on the high seas - piracy has also been linked with terrorism, gun running, drug smuggling and the trafficking of people for sexual purposes - what used to be called the "white slave trade" in the old days.

Piracy - it isn't copyright theft and it isn't funny either - lets crack down on the Real Pirates.

Tags: , , ,

Posted by Dr. K at 3:32 PM | | Comments (2)

Behind the Chinese Cyber Curtain

Nicely interesting article about how the "Cyber Curtain" in China can be circumvented with a small piece of programming - better yet, the architecture of the "Great Firewall of China" allows for DOS attacks against internal targets in China - using the flaws in their own censorware infrastructure.

Academics break the Great Firewall of China | CNET News.com

The machines in China allow data packets in and out, but send a burst of resets to shut connections if they spot particular keywords," explained Richard Clayton of the University of Cambridge computer laboratory. "If you drop all the reset packets at both ends of the connection, which is relatively trivial to do, the Web page is transferred just fine."

Clayton added that this means the Chinese firewall can be used to launch denial-of-service attacks against specific IP addresses within China, including those of the Chinese government itself.

The IDS uses a stateless server, which examines each data packet both going in and out of the firewall individually, unrelated to any previous request. By forging the source address of a packet containing a "sensitive" keyword, people could trigger the firewall to block access between source and destination addresses for up to an hour at a time.


Cool huh? My problems arise with the latter part of the article:

... the researchers had reported their findings to the Chinese Computer Emergency Response Team.
This means tha, despite all this research into the flaws of the Chinese censorware firewall - which is explicitly designed to prevent freedom of speech - public purse funded research is helping the Chinese to make their censorware firewall even better ...

Why are UK academic institutions helping countries to enforce censorware and aiding the restictions on free speech?

Enquiring minds want to know ...

Tags: , , , ,

Posted by Dr. K at 1:12 PM |