Tuesday, July 13, 2004

Scamming the 419 Scammer

Scamming the 419 Scammer



Every once in a while I come across a documented encounter between a 419 scammer and a potential victim who slowed down and actually fooled the scammer. Here's a very funny encounter that resulted in the scammer joining the fictitious Church of the Painted Breast and sending the target $80. As described in a BBC News article:




"I'm sure he's not a prince at all," Mike says. "He contacted me with a standard 419 [so-called after a section of Nigeria's legal code] scam... "I tried to turn it round by saying I worked for a church and we couldn't do any business with people who are not of our faith."



Ah, the sweet revenge of scamming the scammer.

Thursday, June 17, 2004

Keeping an Eye on Internet Health

Keeping an Eye on Internet Health



Here's a tiny program that runs in the system tray of your Windows box and displays the current health status of the Internet. The ISCAlert utility tracks the Infocon status that is set by the Internet Storm Center, whose volunteer handlers monitor the Internet for security issues. When the icon is green, all is safe and clear, but when it turns red, you know something fishy is going on in your cyber-neighborhood. ISCAlert is a free tool that was written by Tom Liston, Internet Storm Center handler, and author of LaBrea. As Tom succinctly put it, "Infocon status is used to reflect changes in malicious traffic and the possibility of disrupted connectivity on the Internet."

Monday, May 31, 2004

Mobile Wi-Fi Hotspots Offer Unusual Opportunities

Mobile Wi-Fi Hotspots Offer Unusual Opportunities



RKD recently forwarded a link to MagicBike, "a mobile WiFi (wireless Internet) hotspot that gives free Internet connectivity wherever its ridden or parked." This idea is reminiscent of a 2002 project by the Media Lab at MIT to provide Internet access to remote locations in rural India via roaming buses that offered Internet services using store-and-forward architecture.



Initially dubbed PostNet, and later renamed DarkNet:




The network spontaneously reorganizes itself as more devices are added or removed from it. Each device has an antenna for radio frequency communication, allowing it to be detected by the network. When a node or a device goes off line, the network is able to detect and reroute a request. If, for example, one is accessing a stock service hosted on one’s intranet through an intermediate device located elsewhere and that device loses its connection or logs off, the network will be able to reroute any request through a different device.



As far as I know, the PostNet/DarkNet project is still active, though probably under a new name.



The potential of mobile Wi-Fi hotspots to offer Internet connectivity to remote places is impressive. Consider the Wi-Fi access point that, according to a BBC News article, yak farmers in the mountains of Nepal use to keep in touch with their families. Mobile hotspots could significantly expand the reach of this antenna, whether they were implemented as buses, bicycles, or even yaks.

Friday, May 28, 2004

Security and the Immune System Metaphor

Security and the Immune System Metaphor



On several occasions I have seen the use of the immune system metaphor used to describe the workings of an information security system, with unclear real-world applicability and success. You may recall the beginnings of IBM's Digital Immune System for Cyberspace that strives to "automatically detect viral activity during early spread, automatically develop a cure and distribute it across the Internet faster than the virus spreads." This initiative has been in existence for many years, and I have yet to hear about any discrete results besides a 1999 announcement that Symantec incorporated IBM's technology to create its own product suite. I am still unclear whether the system was actually modeled after a real immune system, or whether that was just a marketing gimmick.



The latest use of the immune system metaphor is in the context of Sana Security's intrusion protection system, described in a recent InfoWorld article. The article quotes Steven Hofmeyr, Sana Security's chief scientist:




Biological models help us produce better security systems... Our system is accurate because it learns in the local environment. One machine may be differently configured and have different usage patterns from another. That effects how you should protect it... I can't always take an organ out of my body and just transplant it into yours, because your body may reject it.



I tried downloading Sana Security's technical whitepaper that describes their product, but encountered a bug in their registration script that prevented me from accessing the materials. Sana Security seems to have implemented behavioral mechanisms that monitor the system to establish a baseline for normal behavior to alert and block behavior that deviates from the expected profile. This concept, with various objectives and implementations, was implemented by the likes of Tiny Software, Alladin, Finjan, and Pelican Software, which Microsoft purchased in 2003. I am glad that looking at the immune system has inspired Sana Security to develop a behavior-based intrusion prevention system, though I wonder how different their product is from those that did not use the immune system analogy.



The immune system metaphor may be a great marketing device for providing non-techie executives a high-level overview of a security product, but sticking too closely to the analogy is likely to be misleading. As Marcus Ranum wrote in 2003, computers are not biological entities. He further pointed out that computer functions differ from this anology in several ways:




  • Computers don't heal themselves. Once they're down they stop getting better on their own. Once you unplug them they stop getting worse.
  • Computers can temporarily "opt out" of their biosphere by being turned off or unconnected from the network. During their disconnected state they can heal, with help from their friends the system administrators.
  • Computers, unlike biological organisms, can rapidly share immunity without having to actually be exposed to the pathogen in question.
  • Thursday, May 27, 2004

    The Value of MBA Education

    The Value of MBA Education



    The Economist has an extensive article that examines the value of formal business education. The articles quotes Henry Mintzberg, a professor at Canada's McGill University, criticizing conventional MBA programs because they "ignore the extent to which management is a craft, requiring zest and intuition rather than merely an ability to analyze data and invent strategies."



    This may, very well, be the case. However, most people will become much more effective at applying their "zest and intuition" after learning the fundamental principles of business, and by experimenting in low-risk environments that an MBA programs provide. We cannot count on MBA schools to create awesome general managers, but we can appreciate such programs for allowing professionals of all walks of life to become more skilled at making business-related decisions.



    It is possible to make business decisions without attending a business school, just like it is possible to write software without having a computer science degree. Those who value formal education will treat an MBA program as a way of learning about the mechanics of the world--the program will prepare them for a career grounded in solid understanding of business fundamentals. Those indisposed to the academic environment will probably find the enormous price tag of an MBA experience not worth the value that a master's degree brings.

    Wednesday, May 19, 2004

    Birds do it, bees do it

    Birds Do It, Bees Do It



    From the people at FOX News, comes this breaking story:


    A childless German couple finally found out why they weren't able to conceive. [...] After eight years of marriage, the 36-year-old man and his 30-year-old wife went to the campus' fertility clinic to figure out what was wrong. [...] "When we asked them how often they had had sex," said a clinic spokesman, "they looked blank, and said: 'What do you mean?'" He went on to explain that each of the pair had been brought up extremely religiously and had never heard of the birds and the bees.



    This reminds me of the following fine song (please sing along):


    Birds do it, bees do it

    Even educated fleas do it

    Let's do it, let's fall in love


    In Spain the best upper sets do it

    Lithuanians and Letts do it

    Let's do it, let's fall in love



    Indeed. Let's fall in love.

    Wednesday, May 21, 2003

    Long link title, but a good read. -- The War Room - What Robert Dallek's new biography doesn't tell you about JFK and Vietnam. By Fred Kaplan
    The article also indirectly highlights the ever present "successor issue."