International Cybercrime (Of The Horse)

via The Center for Internet and Society on 5/8/08

A colleague and I were just discussing a new international working group, chaired by the FBI, which has “band[ed] together to fight cyber crime in a synergistic way.” The group is called the Strategic Alliance Cyber Crime Working Group; it even has a tagline: “Cyber Solidarity: Five Nations, One Mission.”

read more

Warping court memories with subtle suggestions

via Mind Hacks on 5/8/08

The legal system works on a principal of innocent until proven guilty by the evidence presented in court, but Cognitive Daily covers several studies that shown our memory of the evidence is affected by moral judgements of the person in question.

With their trademark clarity, CogDaily discuss a study [pdf] by psychologist David Pizarro that found if participants were told about man leaving a restaurant without paying, they remembered the unpaid bill being more expensive if they were told he treated the waiters rudely, than if they were told he was generally a responsible person.

The study is reminiscent of a famous experiment by a young Elizabeth Loftus called Reconstruction of Automobile Destruction.

It was simple but elegantly designed. Groups of people were shown clips of cars crashing and then asked how fast the cars were travelling, but with different verbs in the question.

For example, some people were asked how fast the cars were travelling when they “smashed” into each other, others how fast when they “bumped” into each other, others how fast when they “contacted” with each other, and so on.

Loftus found that simply asking the questions with a different verb altered people’s memories of the speed of the crash – like so:

“smashed” : 40.8 miles per hour
“collided” : 39.3 miles per hour
“bumped”: 38.1 miles per hour
“hit” : 34 miles per hour
“contacted” : 31.8 miles per hour

Needless to say, these sorts of tricks have been used by lawyers ever since.

Link to CogDaily on moral blame can change the memory of a crime.
pdf of full-text paper.
Link to Wikipedia page Loftus’s car crash study.

Reducing costs not as easy as security, say ANZ CIOs

via The IT Skeptic’s ITIL Pipe on 5/8/08

Computerworld New Zealand – Auckland,New Zealand The top five hottest skills, according to respondents, are networking, IT service management, help desk, and enterprise applications. … (more)

Egypt shuts off cell anonymity

via ZDNet Government on 5/8/08

As protests continue to mount over rising food prices, Egypt is moving to keep close tabs on cellphone users. The government wants cellphone companies to close down anonymous subscribers, Reuters reports.
“Everyone who uses the telephone must be known,” Trade Minister Rachid Mohamed Rachid told a news conference, adding that the move was needed for “public [...]

The Art of the Business Card

via How to Change the World on 5/8/08

A few weeks ago I was in Charlotte to make a speech for Network Solutions, and I met Justin Ruckman. He handed me his business card–which I just loved. For once, a business card that cuts to the chase and is readable. Hallelujah! So I asked him to make business cards for me. Take a look at your business card: Can people really read the 8 point type? If you want Justin to make business cards for you, his site is here.

Web Oriented Architecture Webinar Series

via Real World SOA | David Linthicum on 5/8/08

I’ve had a number of you who have asked me to bring back the Webinar series I was doing a year or so ago. So, I’m going to start on 5/13, next week, delivering the first of many Webinars around the notion of Web Oriented Architecture, or WOA. The description is below, and you can register here. It’s free, with very little commercial interruption. Come learn about WOA and SOA in the real world. David Linthicum: Delivering Enterprise Data to the Emerging Web Data is the driving force behind the emerging Internet. While the Web used to be a collection… READ MORE

The man who defied Milgram’s conformity experiment

via Mind Hacks on 5/8/08

Jewish Currents has an interesting first person account from one of the people who took part in Stanley Milgram’s famous conformity experiment where 65% of participants were ordered to fatally shock another participant. This article is written by one of the 15% who refused to continue.

The learner, said the professor, would be in an adjoining room, out of my sight, and strapped to a chair so that his arms could not move — this so that the learner could not jump around and damage the equipment or do harm to himself. I was to be seated in front of a console marked with lettering colored yellow for “Slight Shock” (15 volts) up to purple for “Danger: Severe Shock” (450 volts). The shocks would increase by 15-volt increments with each incorrect answer.

I was very suspicious and asked a number of questions: Isn’t it dangerous? How do you know the learner doesn’t have a bad heart and can’t take the shocks? What if he wants to stop, can he get out of the chair? The professor assured me that the shocks were not painful or harmful since the amperage was lowered as the voltage increased. He let me feel what a 45-volt shock would be like: a slight tickle. I asked the learner if he was willing to do this and why he didn’t have any questions. He said, “Let’s try it.” With some trepidation on my part, we began the experiment.

Link to ‘Resisting Authority’ (via MeFi).

Visualizing Nessus Working Harder For You

via Tenable Network Security on 5/8/08

Recently, several images were uploaded to the SecViz – Security Visualization web site which visualize how hard the Nessus, Saint and Retina vulnerability scanners actually work. Default scans for each scanner were performed in full view of a Snort sensor and the alerts from Snort were sent to Prelude for visualization with “pig“. The visualization allows understanding of how many different and unique techniques are performed by each scanner. Below are screen shots for the results from each scanner:

Saint Results	Retina Results	Nessus Results

When I first saw these results, I didn’t think they were entirely relevant. The visualization is using Snort events, which means that all of the scanners might be trying techniques that Snort might not detect. For example, when Nessus performs a variety of non-credentialed Windows checks over ports 445 and various Windows RPC services, Snort generates some events, but it does not generate a unique event for every custom probe. However, after the author of these posts to SecViz contacted me and pointed out some of the test results, I thought it was a good blog topic. The raw results for Nessus included 1019 alerts, 166 alerts for Saint and 76 alerts for Retina which was fairly significant.

read more

US State Department Loses 1,000 Laptops

via Liquidmatrix Security Digest on 5/8/08

Ouch!

From vnunet:

An audit at the US State Department has revealed the loss of over 1,000 laptops, some of which held security information.

Around $30m worth of computing hardware is “unaccounted for”, the bulk of it laptops. These include over 400 from the Anti-Terrorism Assistance Program, some containing security material.

Nita M. Lowey, a representative on the House Appropriations subcommittee that oversees State Department operations, told Congressional Quarterly that she is “concerned” about the security revelations.

Sigh.

Article Link

See more of John’s shared items …

]]> http://blog.securitymonks.com/2008/05/08/google-reader-share-with-notes/feed/ 0 http://blog.securitymonks.com/2007/09/11/winding-paths/ http://blog.securitymonks.com/2007/09/11/winding-paths/#comments Tue, 11 Sep 2007 19:00:06 +0000 John Gerber http://blog.securitymonks.com/?p=49 “Mountains cannot be surmounted except by winding paths.”
– Johann Wolfgang von Goethe

When the Brooklyn Bridge was constructed, one of the first thing the engineers had to do was to securely anchor the bridge’s two towers on the solid bedrock. The problem was, the bedrock was under many layers of mud below the East River. The solution decided upon was to use a huge wooden caisson, which was assembled on land, towed to the site of the tower, and sunk. Compressed air was pumped into the chamber to prevent water from leaking in. The caisson’s false floor was then ripped out so the workers could dig up the river bottom.

The EyeWitness to History.com website described the working conditions of the caisson as follows:

The working conditions within the caisson resembled a scene from Dante’s Inferno. The tremendous pressure, the suffocating heat, the lack of oxygen and the noise all combined to limit a worker’s time within the caisson to a maximum of two hours. As they ascended through the compressed air to the top of the caisson, the workers were threatened with the crippling and painful effects of the bends – an imbalance of nitrogen in the blood caused by a too rapid ascension out of the compressed air.

Initially, 80 of the crew’s 352 sandhogs were affected by the agony of the bends, and 15 died. Work continued with slower ascent times.

Sandhogs continue to do their work, and die, under New York. Most people do not realize that New York City has a $6 billion water tunnel project that has claimed 24 lives, endured six mayors and survived three city fiscal crises.

The sandhogs have my utmost respect. My great grandfather was a coal miner in Scranton, PA. My gramma would tell about him coming home completely black from coal dust. Only his eyes remained white. They knew the coal mines would kill them one way or a another. They did what they had to do to take care of their families. It is an amazing quality in people. They will sacrifice themselves for the hope of the future. The people who are left behind also demonstrate such courage in continuing to live and by not allowing the sacrifices to be in vain.

I grew up in Rutherford, New Jersey. As a child, I could see the skyline of New York City from my bedroom window. My childhood home was within fifteen miles of the World Trade Center. My family attended St. Joseph’s church in East Rutherford where Father Mychal Judge, affectionately known as Father Mike, was a friar. Father Mike was the Fire Department chaplain killed six years ago today following the World Trade Center attacks. He was one of the first to die when struck by falling debris as he anointed a firefighter and a fallen office worker.

People much more eloquent than I can post tributes concerning 9/11. I just wanted to take a moment and remember those whose lives ended and the many more people whose lives were permanently altered by the events of September 11, 2001.

Back then I was working at a government facility, many states removed. I first became aware that something was wrong when my mother called to tell me that a plane had flown into the tower. Just to be clear, I was not working in intelligence or any organization within the government that should have been aware of what was going on. As I headed to an area where a television was located, I ran into people who had heard the news on their radios. We arrived and had been watching the news for only a few minutes when the second plane hit.

There was a married couple working at this location. The husband had flown out that morning to DC. I was scheduled to fly to DC for a meeting the next day. Fortunately, the husband was able to get a call through not long after the plane crashed into the pentagon. To say the wife was relieved is an understatement. My brother was working in Time Square for an engineering firm. My mom talked to him after the towers collapsed. The engineers were in shock. The towers were suppose to be able to withstand a plane crash. It would be a long day for my brother.

Fortunately, no one close to me died in the attack. I do mourn those I once knew. My life’s path was altered. Not surprisingly, security became much more important to me. Like many, watching and listening to the news started taking up a decent amount of my spare time. I found some news programs better than others and I would go off to web sites for more in depth coverage. I began having my computer record programs off Internet radio. It seems like a lifetime ago. I use to copy these recorded programs to rewritable CDs. Fortunately, I soon switched over to an MP3 player. To some degree, wanting to get my fix of news helped me start regularly working out before work. I was pretty serious and lost seventy pounds.

Later, I realized that knowing what was going on in the world, while good, was not real helpful in daily life. Sure, one could sit around at parties and make other people feel dumb. But I was never one to take satisfaction in that. Besides, anyone could bring out Trivia Pursuit and turn the tables completely around on me. I have lived a fairly focused life and I am terrible at trivia. At that time, I became aware of podcasts. While I did not have an iPod, I learned I could still listen to podcasts on my MP3. I started putting my listening time towards security and information technology podcasts.

Tom Bishop, of BMC Software Inc, talked with Ynema Mangum on Technology Trends. They talked on various trends, and it is another great TalkBMC podcast. When they brought up Google Reader, I found their comments particularly interesting and accurate. When you describe Google Reader to someone as a “web-based feed reader to keep up with blogs and news,” people respond, “big deal.” It sounds so simple. It is when you start using it, you realize how fundamentally important it is.

Recently, I was talking with folks about good sites for security information. These folks were saying, “Yeah, I go to this site, and that site…” As I listened, I was transported back to a time when I had to go off to one endless progression of sites on a daily basis just to keep up on news and information. I was trapped in IT hell. That was before RSS saved me. I knew I had to help these poor people. So I climb up on my soap box and start evangelizing about RSS. They cried out in despair, “But my company will not allow RSS through the firewall!” I enlightened them about Google Reader’s ability to pull all the feeds into one location, all accessible via the web. They could even pull the postings down and go off line. They rejoiced.

If this blog seems a bit rambling, it was intended to be so. Remember the subject is “Winding Paths.” Life is full of decisions and pathways to take. As Johann Wolfgang von Goethe points out, “Mountains cannot be surmounted except by winding paths.” I wanted to do a post today that reflected on paths I have taken and paths others have taken for me. Fortunately I am not working five hundred feet below New York City. Yet, I have clean drinking water. Nor do I come home each night covered in coal dust. Yet I have heat, air conditioning, and electricity. When alarms go off and people are evacuating a building, my job is not to rush in to put out fires or help get people out. I am one of those people who is helped out. Nor am I overseas serving in dangerous theaters of operations. Yet, I benefit so greatly because of their service. I might spend a little too much time working, and fail to get much sleep, but those are minor inconveniences. I am thankful for paths that have brought me to where I am. I am thankful for those people, past and present, who sacrifice so much. Thank you.

Google Reader lacks search capabilities. Is it just me, or does this seem odd? For those unfamiliar with Google Reader, it is an RSS reader which checks news sites and blogs for new content. RSS readers allow you, from one location, to follow changes to a site; whether a site updates daily or monthly. The bottom line is that it is about keeping track of changes to information.

I know at one organization I have worked for, they have a gentleman who pulls articles of interest, makes comments, and then sends them out to top management. From there it can be further sent down to employees. Now I have talked to folks who end up receiving these emails, and everyone I talk to tell me, “Yeah, I mean to read those emails. I keep them in my mailbox. Well, until my mailbox starts getting full, and then I delete them. I just don’t get around to it.”

Research carried out by Hewlett Packard reported that a worker’s functioning IQ drops when constantly distracted by phone calls and emails. The reports says this distractions slows employees down about twice as much as smoking marijuana. Simply ignoring email is not a real option either. One can control how information gets delivered to the user. RSS feeds are one method that offers some relief from email overload.

On this blog, over on the right side, under “Interesting Postings,” I share blog postings and news items that I find particularly interesting. I do this through the Google Reader. If you select “Additional Shared Items” it will take you to my Google Reader shared item area. The problem is, I will flag a handful a postings a day. That adds up over time. Frequently, I am skimming these articles for knowledge of the content. Later, I will find myself trying to recall exact details or wanting to quote and link back to the article. If it is recent, I can page through and find the article. If it has been awhile, it is almost impossible to find. This is where searching Google Reader would be real useful.

I have to give credit to Steve Trefethen and Library Clips for posting this solution. You need the following:

1. Export your Google Reader OPML
2. Sign up at Google Custom Search Engine (CSE)
3. Import your OPML file into the CSE

Clipotech has provided a nice video showing exactly how to export your Google Reader OPML. When you sign up at CSE, you will need to create a search engine. Enter just one URL to get it created. Once the search engine is created, select the “control panel” link from where you can select the “Advanced” link. From there, you will be able to “Upload annotations.” Upload the Google Reader OPML. You can now search through all the content from the sites you are subscribed to via Google RSS Reader.

While I would like to be able to search only my “Shared Items,” this will do for now. I did come across a posting where someone devised a method to search only his shared items. He did this through a combination of creating a second Google account, subscribing to the first account’s shared items, selecting the settings on the second account to forward new postings to his mail account, filtering all those mail messages to a certain mailbox, and then searching that mailbox. People do what they have to do. I would rather search all my subscribed RSS feeds. Besides, I find myself often thinking of items I have read which I am not sure if I marked for sharing. Searching all my RSS feeds works out better. Strangely, I find my memory is becoming just a collection of search terms. I hope Google stays true to their motto, “Don’t be evil,” because they really are part of the fabric of modern life.