Circuit Writer Version 6.1 by Jim Scheef There is just too much important stuff this month. Is John McCain good for Us? Again, please note that I define "us" as people using computers both professionally and for pleasure; in other words, DACS members like you and me. Last month we looked at Barack Obama. On the Obama website, technology is a major heading under “issues.” Technology does not make the top cut for issues on the McCain website. Once you navigate to the technology page (OK, it only took two clicks rather than one), the thing that struck me first was that I had to scroll half way down the page before I found anything that dealt with end users like us. The major technology bullets, followed by my comments, are:
The main difference between Barack Obama and John McCain from our perspective is emphasis. McCain policies seem oriented more toward business with little or nothing to protect your digital rights. Instead he relies on the availability of competition to preserve net neutrality. I urge you to read the technology pages of both candidates and judge for yourself. Final comments: John McCain admits he does not use email or the Internet, but he does have an official Facebook page. Anyone want to take bets on whether he has really seen it himself? The “Is This For Real?” Department With airlines dropping flights and reducing service on all fronts, even removing the magazines from planes to save fuel, Delta Air Lines is launching a new service. Yes, soon you will be able to use Wi-Fi to surf the web and talk on Skype at 30,000 feet. The service is planned for the entire Delta domestic fleet by summer 2009. The service will cost $9.95, and lest you think that you might get a better deal on longer flights, it will cost $12.95 on flights longer than three hours. Now, haven’t we been warned for lo these many years, to turn off any device that might emit a radio signal lest we interfere with the plane’s navigation and electronics? I guess at least one airline can solve this sticky technical issue once the marketing guys develop a reason! The eWeek article mentions how the equipment provided by Aircell is “extremely light, requiring minimal space on the aircraft, and can be installed overnight” but says nothing about any testing or modifications to the plane’s avionics to ensure that the planes will not fall out of the sky the first time some guy in business class surfs to a porn site. Comcast, the FCC and Net Neutrality The FCC, in a 3-2 vote, found that Comcast violated net neutrality principles when it throttled BitTorrent traffic. While this appears to be a great victory for Internet freedom, we should not jump to conclusions. The vote was narrow to give Comcast a slap on the wrist. Meanwhile, Comcast says it is ready to change how it manages its network traffic and the ruling reduces pressure in Congress to codify net neutrality in legislation – something the large Internet providers do not want. Read the New York Times article. The “Could This Happen Here?” Department If I said that this could only happen in San Francisco, I’d be lying because I know that’s just not true. Even if I said that it could only happen in government, it would be far from honest. As you may have guessed, I refer to the situation in San Francisco where a consultant held the city’s network hostage when he set up the security so that he was the only one with access to the top-level administrative privileges. Terry Childs, a network administrator (or network designer or security expert, depending on what you read) set up the city’s new FiberWAN so that he was the only one with top level security access and then refused to give the key (the password) to the city even when sitting in jail under $5 million bail. The standoff continued for several days while experts (presumably newly hired experts) tried to crack the passwords and other experts speculated that Childs had set up a “logic bomb” that would cripple the city. The network, which contains official city email, payroll, and law enforcement information, continued to function flawlessly while Childs sat in jail. Only a secret jailhouse visit from S.F. Mayor Gavin Newsom finally convinced Childs to give up the password. Like so many stories, once the juicy parts are resolved, the coverage stops. After nine days of drama, the city regained administrative control of the network. I’m sure there is more to this story. Read the story on the New York Times and Dark Reading and see for yourself. I cannot fathom how IT management at the City of San Francisco allowed the situation to reach this point. Russian Gangs and Malware Malware needs to be taken seriously. It’s not just an annoyance like the virus that deletes your music files but a product of organized crime. Many large businesses think that it’s OK if their network is penetrated once or twice a month as that level of infection is manageable. Now a security researcher has uncovered a Russian gang that is using the same enterprise tools used by the corporations themselves to distribute a program called Coreflood. Coreflood captures and transmits keystrokes (to capture passwords) and personal information to a central database. Attacks can start with a single compromised machine on the network, possibly a laptop belonging to a visitor. Once the gang controls a machine with administrative privileges, they configure Microsoft System Center (an enterprise tool to manage networks with large numbers of servers and end user computers) or another tool to deliver and install the Coreflood program to every computer on the network. Note that this is not a flaw in System Center – it is doing exactly what it is told to do which is to install software. The fact that it is not the authorized network administrator who is in command is another matter. Read more on the New York Times. This is not the only Russian Gang malware story by any means. Most of the gangs harvest and control botnets of thousands of malware-infected computers. The botnets are often used to send spam, notably phishing attacks which lead theft of credit card numbers at the low end and identity theft at the worst. The gangs do not use the credit cards themselves. Instead they sell the number to other criminals to manufacture fake cards and sell them to petty thieves on the Internet or even on the street. The person who gets caught with the fake card is so far down the food chain, there is no way to trace the transaction back to the gangs responsible. While most of the database servers used by these gangs are overseas, the gang at the top of this article had a server in Wisconsin. When threatened, they moved it to Ukraine. Now there is new evidence they have relocated to IP blocks in China. If this is not global warfare, I don’t know what to call it. Read more at eWeek where there are links to even more. Domain Name Tasting Will End, and other Fairy Tales The practice of registering a domain name, setting up a trivial website and then monitoring the hits during the five day grace period is know as domain tasting. Often the domain names in question are ones that expire accidentally. If the real owner wants to recover his domain, the taster will ask an exorbitant ransom. While legal in the narrow sense, the practice is not ethical, especially when practiced by unscrupulous domain registrars – the very people charged with protecting those domain names for the registrant! ICANN, the quasi-governmental organization charged with managing the Internet infrastructure (domain name registration and IP addresses) has issued a couple of rules changes that may help – or may not, depending on who you ask. A full explanation is beyond our scope here so read more on eWeek and at The Coalition Against Domain Name Abuse. Serious Security Flaw In Internet Infrastructure Several months back Dan Kaminsky, the director of penetration testing for the security company IOActive, found an incredibly simple and thus incredibly serious flaw in DNS. The Domain Name System (DNS) is what translates the user friendly names we type into the address bar of our browser, like dacs.org, into the IP address of the server we want. The flaw, known as cache poisoning, tricks a DNS server into delivering the wrong IP address to a query. The user making the query then goes to the wrong server which could contain a phishing website. When this was first discovered, all DNS servers everywhere, even the root servers at the very top of the Internet infrastructure, were vulnerable because the flaw was part of the original design. Kaminsky asked quickly and privately alerted people at Cisco and other major infrastructure manufacturers. Quickly and quietly people worked to design a patch and to implement it throughout the Internet. The patch was released in early July. After the months of work, Kaminsky planned to give a paper at the Black Hat Conference in Las Vegas to announce the flaw and the work done to fix it. As so often happens, the flaw was leaked early, apparently by mistake. Since then Kaminsky has become a celebrity with an interview on NPR’s All Things Considered. It’s really good to read a story occasionally about someone who acted responsibly when confronted with a problem that affected literally the world.
|
 Click Here |
 |
 |
DacsGear!
|