Category Archives: Geek Horror

Stuxnet

07 Thursday Jun 2012

Posted by in cyber war, Geek Horror

Leave a comment

Tags

, ,

My favorite story in the news right now is confirmation of sorts that the U.S. and Israel launched a first-strike in cyber warfare against the Iranian nuclear jihad.  One of the more fun debates is political party rhetoric about the importance of confidential information – they want to find the source of the leaks.  Nevermind the stuxnet wiki article at the time of me writing this blog already quotes from Gary Samore as an early White House leaker.  So there are discussions of that nature.

Of course I read blogs on cyber security and anything else I’m currently interested in.  I discovered a pattern with this topic – the industry I work in.  Everything I read takes the position that cyber war is bad.  This only leads to an escalation in cyber warfare.  Stuxnet points to the need for more protection.

I couldn’t disagree more.  I felt compelled to comment on a recent blog but noticed the site was an aggregator.  The blog itself looked well read but I didn’t like the idea of publishing my content to this site that’s nothing more than an index selling advertisement.  It seemed like less of a professional dialog* and more of being part of someone’s business model.  Not that there’s anything wrong with that, but it occurs to me I have my own digital presence.  So rather than comment on that blog – I’ll blog it myself.

My position is this.  These security industry analysts are looking at this from inside the fish bowl.  In the context of a safe and free Internet and online commerce, this is a setback.  This is an escalation of arms and advances the bad guys.  In fact, by definition of cyber warfare, the bad guys are the government.

I look at this from the context of war.  A conventional approach to international conflict is to start out small and progress your actions slow enough so that they can be monitored by other nations and even weighed in on.  Going to the UN first or establishing a block-aid before the actual bombing of humans.  In the context of preemptive strikes, I’d personally prefer getting hit with a computer worm.  Cyber war is good.

Yes, cyber war leads to civilian casualties.  I’d argue maybe the damage is on par with a block-aid.  I understand Iran lost several months of production on their centrifuge operations.  In the context of war, this isn’t nearly as bad as the enemy sinking a passenger ship to stop the flow of supplies.  It’s a reasonable, less harmful approach in terms of human life.

I can’t interpret a blog written by someone in the computer security industry well enough to say what the blogger’s motives are.  I just know it’s bullshit taking the position this is bad for the industry.  Any company making security products or providing security services benefits from this.  The Cold War didn’t hurt the Defense Industry.  They say even art excels during times of war.  Innovation explodes in times of conflict.

Whatever your qualms over cyber warfare, get over it.  It beats real attacks against humans.  It promotes growth of the industry.  Turn your focus to lessons learned.  How successful was the attack at mitigating Iran’s nuclear development.  How fast did production return to normal – what was the downtime?  Was this effective in the context of international conflict?

* Poetic license on “dialog” because in social networking it’s really a broadcast.  A many-to-many discussion.  A party line.

We Are Marshall

06 Monday Feb 2012

Posted by in Geek Horror

3 Comments

Tags

,

I bought these Marshall iPhone headphones knowing I’ll be using my iPhone for conference calls all day long for the next few weeks rather than a land line.  And after first using them for music, I was a happy boy with their quality.  I just knew I would not want a bluetooth ear piece or ear buds stuck in my ear all day.  I’ll wear ear buds running – although rarely these days – but I’m generally dissatisfied with that experience.  I like the big ole comfy headset.

Today was their first run in production and turns out comfort wasn’t the issue – echo was.  I never heard echo myself but I had people complain on several conference calls.  I could go on mute and solve the problem although I wasn’t sure it was me.  People would hang up and redial to try to solve the problem – apparently it was pretty annoying.  Then I called Karen later in the afternoon and discovered it was me.  Funny thing is she didn’t hear it from her iPhone, but her signal was weak and she called me back from a land line.  Then she heard it confirming I was the culprit.  I unplugged my headset and the echo went away.  But I was devastated.  I really liked my Marshall headphones.

So what does a guy like me do next?  I googled the heck out the situation.  Turns out it’s not the headphones per se, but my iPhone 4s.  A good number of iPhone 4s owners are reporting this problem.  And here’s where it gets weird.  You can mitigate the echo by cycling through the speaker phone.  Your call participants hear an echo, hit your speaker button on and off.  Unfortunately this might only fix the echo temporarily.  The good news is it appears Apple will replace the iPhone.  There’s an Apple Store at the Domain off MoPac.  I’ll be setting up an appointment for this weekend.

Search Results

02 Thursday Feb 2012

Posted by in Geek Horror

Leave a comment

Tags

, ,

If you’re a web voyeur, and most of you are, I think you might enjoy this.  Click on the picture to the left to view a large enough image to read.  This is a partial list of the searches people have entered into Google, or Bing or whatever search engine which has lead them to my blog over the last 30 days.  While I get a few regular hits from friends and family, most of my readers come from searches.

Don’t be insulted by the term voyeur.  It’s a general term ascribed to people who read blogs, forums, facebook etc. but rarely if ever produce content.  Information on this topic I’ve read indicate 90% of participants in basically anything are voyeurs, while another 9% participate – leaving 1% as the original content producers.  This (assuming you even believe it) can be mapped to facebook users as well as the typical classroom where there is one teacher, a handful of students who ask questions, and the remaining class sit and listen.  It’s the remainder that sit and listen whom are referred to as voyeurs.  But the point of the studies I’ve read is that even the voyeurs contribute by means of learning and perhaps later sharing in other forum.  So the term is not intended to be derogatory.  And there’s a name for this ratio but I forget what it is.  Whatever, I may have digressed.

Back to my search results.  I am as voyeuristic as anyone.  I get such a kick out of reading some of these stats.  I don’t know who actually reads my blog because like in facebook readers are anonymous, but I do get some fun stats like these search terms.  Because I didn’t capture the entire list above, you won’t see many of the search terms that include the word “porn”.  It’s unbelievable what some people are looking for.  And they can be so specific.  Like “cross country runner porn”.  Seriously?  Still, other terms are pretty boring.  I get a lot of hits on the term “iStock” because I buy many of my pics from that site and the word iStock is in the file name.  You might think searches only find blogs that have the term listed in the tags, but search engines actually index the entire web page.  Tags are a bit superfluous nowadays.  If you’re curious, click on the image and take a peek.

Web Security

12 Saturday Feb 2011

Posted by in cyber war, Geek Horror

5 Comments

Tags

, , , , , ,

This was annoying.  I received an abuse letter (email) from Comcast, my ISP, last night.  For copyright infringement related to the illegal file sharing of some inane Kanye West song.  I’ve appended their email to the end of this blog.  The first thought that ran through my mind was, “Really, I have a Kanye West song?”  So my first action was to query my iTunes library of over 5000 songs and sure enough, I have exactly one Kanye West song – Gold Digger featuring Jamie Foxx.

I immediately suspected my tenants since they’re fairly young.  Although I knew it could also have been from Brittany – she always brings her MacBook whenever she comes home from college.  I doubt I could prove the source of the Gnutella file sharing.  I turned off my web filtering half a year ago when I was trying to install Lo-Jack on Brittany’s new laptop.  It required some call home function that my firewall was blocking.  Unless I’m specifically blocking something, my firewall won’t log the traffic.  It can, but I didn’t have it configured to do that either.  So the Kanye West download could have been from any computer in my house – or carriage house which I rent out.  The Comcast abuse letter only lists the IP address of my cable modem and it doesn’t provide the DHCP address from my home network(s).

My second action, after reviewing my iTunes, was to turn web filtering back on.  I have an old IBM Proventia FW that I have setup between my cable modem and my home LANs.  One network is for my tenants, and they have their own WiFi server.  I allow that LAN access to the Internet but not to my home office LAN (network 2) or my home LAN (network 3).  My home office network has access to all three networks in order to manage the WiFi servers.  With the web filtering running, I setup two FW rules to block traffic to the Gnutella service.  One rule for TCP ports 6346 to 6347 and another for UDP ports 6346-6347 – both at 202.0.0.0 with a 28 bit mask.  Then I asked my tenant if he was using Gnutella and informed him about the abuse letter and my new web filters.  He was pretty humble about it and apologized.

I’m relating this in my blog, and probably FaceBook, because it occurs to me many of my friends could use some advice on computer security.  I’ve been in this industry for a long time, and I just got in trouble from my ISP.  Maybe I should be embarrassed – I’m not.  I do appreciate the irony.  But I know that many of my friends have kids – with their own computers – whom run these illicit and dangerous file sharing applications.  The last link above shows you how to block some of the more nefarious sites.  Understand that I’m not judging.  I support some copyleft arguments as they juxtapose certain tenets of innovation against the precepts of copyright protection.  But these applications put your computer and home network at extreme risk of being compromised.  These apps are favorites of hackers and are as likely as visiting free porn sites to result in your machine becoming pwned into a botnet.  Forget fears of Comcast cutting off your access – be afraid of being pwned.

I’m serious.  I’d rather blog on my running themes, but you need to know this stuff.  My YouTube instructions on protecting your texting privacy was originally intended in jest when Tiger Woods got clubbed by his wife after she saw his text history.  I was just having fun, but it’s turned into one of my most watched YouTube episodes.  Likewise, my commentary on the Google vs China cyber story last year continues to receive 4 or 5 views a day based on people searching on the terms cyberwar and cyber warfare.  So I figure this is good information.  I hope so.  Or if not, I hope you get a chuckle from knowing that Comcast is on to me.

————————————————————————

Notice of Action under the Digital Millennium Copyright Act

Abuse Incident Number:      Not Applicable
Report Date/Time:           Thu, 10 Feb 2011 11:31:02 -0600

ED MAHONEY
1805 S COFFMAN ST
LONGMONT, CO  805047568

Dear Comcast High-Speed Internet Subscriber:

Comcast has received a notification by a copyright owner, or its authorized agent, reporting an alleged infringement of one or more copyrighted works made on or over Comcast’s High-Speed Internet service (the ‘Service’).  The copyright owner has identified the Internet Protocol (‘IP’) address associated with your Service account at the time as the source of the infringing works.  The works identified by the copyright owner in its notification are listed below.  Comcast reminds you that use of the Service (or any part of the Service) in any manner that constitutes an infringement of any copyrighted work is a violation of Comcast’s Acceptable Use Policy and may result in the suspension or termination of your Service account.

If you have any questions regarding this notice, you may direct them to Comcast in writing by sending a letter or e-mail to:

Comcast Customer Security Assurance
Comcast Cable Communications, LLC
1800 Bishops Gate Blvd., 3rd Floor East Wing
Mount Laurel, NJ 08054 U.S.A.
Phone: (888) 565-4329
Fax: (856) 324-2940

For more information regarding Comcast’s copyright infringement policy, procedures, and contact information, please read our Acceptable Use Policy by clicking on the Terms of Service link at http://www.comcast.net.

Sincerely,
Comcast Customer Security Assurance

Copyright work(s) identified in the notification of claimed infringement:

Infringing Work : Graduation
Filename : Kanye West – Graduation – Stronger.mp3=20
Filename : Kanye West – Graduation – Stronger.mp3=20
First found (UTC): 2011-02-10T12:21:17.61Z
Last found (UTC): 2011-02-10T12:21:17.61Z
Filesize  : 7583872 bytes=20
IP Address: 76.25.159.42
IP Port: 17677
Network: Gnutella
Protocol: Gnutella    =20