Archive for the ‘Opinion’ Category

The “Barretbyte”

Tuesday, July 20th, 2010
A number of years ago while I was creating the billing and stats system at BitGravity, I ran into a small conundrum on how to calculate what constitutes a Gigabyte of data. There has been a lot of confusion as to what the policy is for calculating various measures of data transfer, due to the fact that there is no “hard” policy on if a GB is 1000 or 1024 MB.

There are two different definitions of gigabyte in general use:

1,000,000,000 bytes or 10^9^ bytes is the decimal definition, used in telecommunications (such as network speeds) and most computer storage manufacturers (such as hard disks and flash drives). This usage is compatible with SI.

1,073,741,824 bytes, equal to 1024^3^, or 2^30^ bytes. This is the definition commonly used for computer memory and file sizes. (This is equivalent to 1,024 megabytes, where one megabyte is 1,048,576 bytes or 2^30^ bytes.) Since 1999, the International Electrotechnical Commission (IEC) recommends that this unit should instead be called a gibibyte (abbreviated GiB).

I decided to do what was best for the customer and the company by splitting the difference between the two. The billing system ran well and after a year or two another developer Tim Dietrich (whom now works at 3Crowd) coined my measurement as a “Barretbyte”. At first he was rather disturbed and he thought I was over billing customers because of the averaged calculation, so I had to dig out the old code and my thinking and it turns out what we were doing as actually very fair to both the company and the customer.

The Barretbyte is (commonly misspelled as a BarrettByte) is the equivalent of a Gigabyte. It’s symbolized by GbB. The Barretbyte defines a billable Gigabyte as 1000 Megabytes, and a Megabyte as 1024 Kilobytes or 1048576000 bytes.

This is important because if your business is focused on billing in Gigabytes, it’s difficult to decided which one to choose. The GB is 6.87% less data than a GiB. The Barretbyte is somewhere in the middle at 4.63% larger than a GB but smaller than a GiB. As a content delivery network, that difference can cut heavily into the margin of the business. If a Gigabyte is calculated as a GB it harms the customer’s bill by almost 7% and if it’s calculated as a GiB it harms the CDN’s profit margin by nearly the same.

The following chart shows the math that constitutes the conversion between the various units:

8 bits = 1 byte
1024 bytes = 1 Kilobyte (KB) 1,024 bytes
1024 KB = 1 Megabyte (MB) 1,048,576 bytes
1 GB = 1 Gigabyte (GB) 1,000,000,000 bytes
1 GbB = 1 Gigabyte (a.k.a. Barretbyte GbB) 1,048,576,000 bytes
1 GiB = 1 Gigabyte (GiB) 1,073,741,824 bytes

This has become a standard in billing for data transfered at BitGravity, 3Crowd, and a number of other Content Delivery Networks.

Share

Tags: , ,
Posted in 3Crowd, Opinion, Philosophy | 3 Comments »

The Internet is Beta

Tuesday, May 4th, 2010
Beta is an engineering way of saying “almost done” – the product is good enough to use but it’s not quite finished yet. Google often releases their new products with a cute little “BETA” logo. Gmail, the Google email system used by millions, has been in beta for five years.

Like Gmail, the Internet’s core protocol should also have had a Beta tag on it for an extended time – for the past 41 years to be precise. Generally speaking, it works pretty well, but the founding fathers of the Internet could not have anticipated that the software they were building would ever become what it is now: The infrastructure for all of society.

So it appears today that some major features were left out…but not because the people behind the design made a mistake. When MIT first used packet switching in 1965 to communicate with a remote computer in California (confirming that packet switching works), the furthest thing from anyone’s mind was security, network neutrality, network education, privacy, cyber warfare, and the slurry of problems that challenge both business and individual users of the Internet today.

In 1969, with the original workings of the Internet (ARPANET), security was simple: the network was tiny and users on the computers that were connected to it were trusted researchers. It was an open community. As Vint Cerf, one of the most notable developers of the Internet, was quote in Fatal System Error as saying, “My thought at the time, thirty-five years ago, was not to build an ultra-secure system, because I could not tell if even the basic ideas would work…We never got to do the production engineering.” The focus at the time, sensibly, was on fault tolerance, not security.
Vint Cerf – Photo by Charles Haynes

Now, nearly 41 years later, we read about Internet security issues constantly. The lack of security features in IP (Internet Protocol) has spawned entire industries, with vendors and service providers that are happy to sell you the next generation protect-all, whiz-bang software. If one were to ask a roomful of people in the security industry what they think about the security products, including their own, on the market today – if they think there are real solutions to the problems we all face – their answer would be a unified “NO”. No one thinks we are at the point where we can all just stop worrying about security.


Barack Obama
Courtesy The White House		 The disturbing fact is that the engine that enables our modern global economy is based on a really cool experiment that was not designed for security. Risks can be reduced, but the naughty truth is that the ‘Net is not a secure place for business or society.

The role that the Internet plays in our economy places it in the category of a critical resource that the government must protect – just as it does our water supply and the national power grid. A threat to Internet security is a threat to national security. In May 2009, President Obama spoke about this issue and the plan his administration has to address it. He stated that the US is “not as prepared as it should be” to defend against cyber threats and he proposed new “digital infrastructure” initiatives to “ensure that these networks are secure, trustworthy and resilient.”

But can the US Government, or any other governing authority, ever adequately protect and defend the Internet? How can that be done if the Internet Protocol itself was not designed to, in Obama’s words, “deter, prevent, detect, and defend against attacks”?

Given the world economy’s substantial dependence on the Internet, wouldn’t it make sense to create a well-funded think-tank with the brightest minds in society to design a new protocol with a new vision? This time when we start the process, we will have the benefit of 41 years of Internet beta testing and we can rethink the vision to also include things such as:

  • Security: Transmitting data safely but easily without special software.

  • Privacy: Balancing anonymity and accountability. Allowing people to communicate freely but ensuring accountability to protect against abuses and criminal activity.

  • Routing Intelligence: Routing data without neutrality issues and allowing the protocol itself to route traffic based on a myriad of metrics, conditions, agreements, and other factors.

  • Enculturation and Education: Bringing new people (children, emerging nations, etc) onto the network with a step approach to ensure that they learn about network culture and functionality before they make mistakes.

I don’t think any of us who are involved with cyber security on a professional level can see the Internet as it is today functioning successfully for the next 50 years. I can envision a world of networking much different than today’s. So why not start turning the ship now?

Is designing a better protocol difficult? Yes. Can it be done? Absolutely!

I will be writing more on this topic in the coming months. Stay tuned.

Share

Tags: , , , , , , , ,
Posted in Hackers, Opinion, Philosophy, Security | 2 Comments »

Li-Ion Motors Has Crossed The Line

Friday, April 30th, 2010

I woke up this morning to find out that (unbeknownst to me) I wrote an apology letter about my own blog post, Li-Ion Motors – The Electric Lemon. I’m not sure if I should be flattered that there’s a fake me on the Internet writing apology letters or if I should be upset that someone is out there is damaging my integrity.

It appears that Li-Ion Motors may have paid a company to publish my fake apology on India Consumer Complaints Forum. Maybe they did it themselves, I have no evidence to tie it directly to them. However, I did contact the India Consumer Complaints suggesting that they’re hosting a fake letter and they removed it.

I’m guessing they are behind it because when you search, “Li-Ion Motors” in Google, my blog comes up on their first page of results. I imagine that they’re trying to push that out of the front page. However, this is only speculation on my behalf.

If you would like to see my fake apology, I saved a PDF of the site: click here for the PDF.

What’s more disturbing is that the letter used my picture, my name, and even suggested “My hosting providers has closed down the FTP of my website.” I think it would be rather difficult for my hosting provider to shut down my FTP given I am my hosting provider.

Let me state this very clearly: By no means do I apologize for my blog post, to my knowledge everything that I wrote is factual, and in my opinion Li-Ion Motor Company, EV Innovations, Hybrid Technologies or whatever they want to call themselves — is a scam.

More over, in my suit Lyon vs Li-Ion Motors (read the Electric Lemon article for background), their lawyer Scott Meehan quit representing Li-Ion Motors about two weeks ago. I am guessing that had something to do with not being paid and possible liability over what they are doing now.

To wrap this up: Stay away from these guys, they’re bad.


UPDATE:

More evidence that Li-Ion Motors are trying to manipulate chat forums and sweep what has happened here under the rug. Jay Groh emailed me this today and I thought it was worth sharing:

I don’t know if you have been made aware of the recent crap this company is trying to pull on priuschat.com but I will let you know anyway.

It starts here on a topic that points to your blog about your horror story.

http://priuschat.com/forums/ev-electric-vehicle-discussion/74243-electric-vehicle-innovations-li-ion-motors-horror-story.html

I’ll give you the quick short version.

The poster is john joseph. He claims to purchase a vehicle from the company and wants the topic closed.

He then posts again and a customer saying the company is great and still wants the topic deleted.

Then he represents hims self as someone from the company and if the topic is not removed he will take legal action. LOL

He creates another account under william larry and tries the same crap.

john joseph goes on to create two more topics on how great his company is.

http://priuschat.com/forums/other-cars/80560-li-ion-motors-hybrid-electric-cars.html

http://priuschat.com/forums/ev-electric-vehicle-discussion/80562-li-ion-motors-successful-story.html

I reported this as spam to the moderators and he goes as far as calling my posts illegal. :D lol He also claimed I posted links to my website which I did not do. I’m guessing he was referring to my sig which is in all my posts.

Anyway I though you might want to add this to your site to show how low these scumbags will go. The topics have a little more detail but will only take a few minutes to read through.

I’m glad you have not removed the blog and not cave into these dumbass take down notices. Good luck in the future. I just wish you did not get screwed because this is a small setback in the EV community.


Thanks,
Jay Groh

http://www.jaygroh.com

Share

Tags: , , ,
Posted in EV, Electric Cars, Opinion | 3 Comments »

IP Crunch Time!

Saturday, August 22nd, 2009

Some people have noticed I have slowed down on my blog a bit. I’m sorry! It’s true, I have put writing on the side burner (for a couple of weeks) while I complete four more patent applications.

I’m an idea factory, without a specific employer to absorb my steady stream of thoughts and energy, I decided to create my own intellectual property. What will I do with it? The answer to that question will be rather interesting but far in the future.

I’ll be back here writing soon! I promise! Meanwhile, here’s a link to my DDoS mitigation patent that was granted recently: US 20060075491A1

Share

Tags:
Posted in Opinion | No Comments »

More Twitter Woes?

Tuesday, August 11th, 2009

Around noon today, Twitter had some stutters and on their status page they wrote:

We’re working to recover from a site outage and will update as we learn more.

Update (12:17p): We’re back up and analyzing the traffic data to determine the nature of this attack.

I am guessing as time goes on, the attacks to Twitter will be much more targeted. Attackers can update their bots to attack specific user accounts or other process-intensive working parts of Twitter which could create processing bottlenecks within the internal Twitter application itself.

It is very difficult to build large scaling databases, judging by Twitter’s current network design, I would assume their database design would be similar in stature — lack luster.

Rather than just basic attacks to Twitter’s hosting partner NTT, attackers will target the Twitter database/application weak spots via their API or via their web interface. A targeted attack on Twitter’s own application weaknesses would bring more bang for the buck and be more difficult to defend against.

As seen in the image on the left, some evidence of application fail is apparent. Twitter’s web site is doing some odd stuff; at times my followers/following stats and the trending topics applet disappear.

The strange behavior myself and others are seeing could be caused by more targeted application layer attacks. Of course this is speculation. However, something is not working right over there and people are attacking them.

Share

Tags: , , ,
Posted in DDoS, Opinion, Security, Twitter Research, Uncategorized | 2 Comments »

Twitter’s Hosting Illustrated: F*ckyeahboobies.com

Thursday, August 6th, 2009
Today was an interesting day, it started with a DDoS attack to Twitter and is ending with boobies.

Richard Stiennon (over at Threat Chaos) and I started looking into the attacks and dug a little deeper into Twitter’s architecture.

We noticed that the status.twitter.com page did not go down. That’s because it’s hosted in RackSpace (far away from their web servers) on some guy’s computer. What’s fun about that (as Stiennon noticed) it also hosts Fuckyeahboobies.com (WARNING: link NSFW). Yes, that’s right, Twitter’s corporate status page is also the same server that hosts Fuckyeahboobies.com.

www.fuckyeahboobies.com. 3600 IN CNAME fuckyeahboobies.com.
fuckyeahboobies.com. 3600 IN A 72.32.231.8

;; ANSWER SECTION:
status.twitter.com. 60 IN A 72.32.231.8

Let’s be fair, hosting the status page away from Twitter’s hosting infrastructure is a very good idea. However, mixing it with 14,476 other hosted sites on the same machine may not be so bright. Those other sites can attract problems. If someone were to hack the group hosted machine and modify the status.twitter.com page, it could be harmful to the value of Twitter. One needs to ask the question: “Does this bring value to Twitter? Does saving a few thousand a year in hosting cost outweigh the risks?” Personally, I would expect a company that has $55 million in funding to strive towards world class design. At this point it’s not bringing value to their shareholders by cutting corners on critical infrastructure.

Anyhoo, over the morning, I constructed this basic diagram of Twitter’s hosting architecture (below) to help people understand what happened during their DDoS attacks. I must admit, it started out well with the boobies site, but when I started looking into their network I was a bit disappointed. They have a rather flat network that appears to be completely managed by NTT/Verio.

The sections in red are the paths that the DDoS would have taken. I would guess something in their load balancing farm was not configured to deal with the attack or this would have just been absorbed without much notice. The upstream routers were doing just fine when I ran tests during the DDoS attack. I get the feeling that their load balancers are doing most of the request validation.

When you look at the TCP handshakes for www.twitter.com, it responds on any port, which indicates they are running some sort of blind syn cookies (weeds out spoofed SYN floods). Again, I am assuming their load balancer or an upstream firewall is doing this. Along with their SYN cookies, they are doing a 302 redirect cookie (web server lingo for, “hey get the page over here instead”):

GET /
HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: /?c3abf020

The assumption is that a real web browser will follow the new location cookie (”?c3abf020″ in my case). If you don’t follow the cookie, then you’re assumed to be a bot and denied access to the site. In some cases I have seen this setup eventually put repeat offenders on a blacklist, this could be determinate to Twitter.

This is a cleaver DDoS defense mechanism, however, there are thousands of scripts and tools written around Twitter’s API which don’t understand how to follow a 302. Thus, they are going to lock out lots of non-browser based clients. This includes my front page twitter update PHP script, Tweetdeck, Power Twitter, Seesmic, and the list goes on. I’ll fix my script now, but it looks like there was a lack of preparation for these attacks.

It’s pretty clear they are ready for a redesign. They need their own autonomous network, bring in bandwidth from many different providers, and have several layers of security. Building a strong ACL border and a nice mitigation layer would make a lot of sense. I also don’t think abandoning the shared cloud services model is a good idea, but having control over the heart of the operation makes sense.

Facebook has been doing a much better job at this as they were not crippled from the same attacks.

It just goes to show, there needs to be a blend of cloud services (like AWS) along with good in-house design.

UPDATE: 302 redirects were countermeasure fail

Posted on Google Developer Talk, Twitter developer Alex Payne stated:

Alex Payne
Aug 11, 5:00 pm
We’re aware of these issues; sorry.
Our ops team tells me that the countermeasures that are being put in place
should not cause the 302 redirect behavior that impacted OAuth and other
services late last week. If you’re seeing that behavior, please post here
and we’ll coordinate with them to eliminate it.

Share

Tags: , , ,
Posted in DDoS, Hackers, Opinion, Security, Twitter Research | 8 Comments »

The Google Bubble

Sunday, August 2nd, 2009
TechCrunch just released an article about their ad revenue and openly discussed the current online ad recession.

The amount of money advertisers are willing to pay for a keyword (you know, search for the word “Disney” and you get ads related to the keyword “Disney”) has been drastically reduced.

The less advertisers pay for keywords, the less people make from online advertising. Basic stuff, the cause for weakness in keyword pricing may be due to what I call, “The Google Bubble”.

I have been fascinated about the concept of a bubble created by the very nature of how Google AdSense operates: A keyword starts at a minimal price, you purchase that keyword, then a competitor comes along and starts a bidding war. The pricing on the keyword goes up and up as the competitors battle for control, until, it hits them; the price is too high — it’s not worth it for anyone. The bubble pops as advertisers decide to stop buying the expensive keywords or they simply reduce their pricing on the word, causing contraction. Simply put, the bursting bubble results in advertisers bidding drastically less for the keywords than before.

The bubble theory Is loosely confirmed by reports of advertisers spending less on advertising, The Wall Street Journal writes, “U.S. search advertising spending fell 8% in the fourth quarter of 2008 from the same period in 2007″, which is significantly more than the contraction in GDP. The effect is also seen on TechCrunch’s posting, along with a spattering of other sites, which are reporting far less ad revenue. Granted, ad revenues have fallen due to general economic reasons, but it may have been exacerbated by bubble effects such as the consequences of the bidding war built into AdSense.

The housing market has the exact same bubble: when the economy is good, people bid up houses until there is a breaking point. This natural propensity means that Googlenomics will be difficult to control, but easy to predict.

If I am right, the Google Bubble will expand and contract very quickly, bidding on keywords will increase until something like a bad economy, a competitor, or fraud causes it to tip over. I also think that each time the Google Bubble pops, other ad networks will gain new advertisers and participants because keywords on the alternative ad networks may not have been through a vigorous bidding war.

Enjoy the expansion of the next bubble, but don’t be shocked when it pops.

Share

Tags: , , , ,
Posted in Opinion, Philosophy | 3 Comments »

Digital Assassination – The Ultimate Revenge!

Thursday, July 30th, 2009

All examples included in this posting are for educational purposes only and should never be put to practice or used. In other words, do not do them!

Death by Ethernet Given that today is the opening day for DEFCON 17 (a hacker conference), I figured I would pay homage by exposing some cyberwar techniques that are more social in nature, easier than writing amazing meterpeter exploits, but just as (if not more) impactful.

These days, cyber bullying is popular. Cyber bullying is when a bully makes fun of a kid online using MySpace, email, posting jokes, etc. Cyber-bullying is so harmful to a child’s mind and online persona that it has led several victim children to suicide. Cyber-bullying was brought to light when Megan Meier’s suicide was attributed to cyber-bulling via MySpace.

Children are not the only possible victims of cyber-bullying; someone’s online persona is also a great target. An online persona is an important commodity these days; a Google search on someone’s name is almost the modern day resume. These online personas are part of a larger group of what I term Digital Natives. The Internet has simply amplified older techniques used by intelligence agencies and governments.

Attacking someone’s online persona or discrediting someone using their online persona could have horrific consequences.

With communication and social media, there are new attack vectors, and cyber-bulling can be taken to a new level, something I call “Digital Assassination”. Digital Assassination, which is not anything new per-say, takes old methods and some new methods to manipulate, embarrass, cause jail time, discredit associations, politicians, corporations, or (in some people’s minds) have the ultimate result by invoking someone to commit suicide.

I had an internal struggle about writing this post. I do not condone the methods I discuss, nor have I ever practiced them. I hope this posting is used merely as a mean to inform people and protect them from being victims, rather than encouraging unethical, illegal, or nefarious actions.

There are a lot of tricks to the SEO (Search Engine Optimization) trade. Most of them involve manipulating Google, embedding data on pages to cause Google to think your site is more important than another site. This is what I call “search engine de-optimization.” What if the same techniques used in SEO were used to power a disinformation (or smear) campaign designed to destroy or manipulate someone or something’s digital existence? What if those techniques were combined with hacking, social manipulation? The result is scary.

At first you may feel that the general concept seems somewhat “out there”, but let’s look at some of the possible implementations.

Blog Pressure and Disinformation

    If an attacker is trying to eliminate a movement or politician’s influence, what better way is there to do so than ruining the essence of the movement or tainting the politician’s reputation? Someone can hire a team of paid bloggers; say 150 of them, working in India. There are companies that provide small blogger armies (just Google “paid bloggers”). They all operate on the Internet as if they come from different parts of the world (via proxy servers to make it more convincing), and all they do is post negative sentiments.

    The more this is deployed, the more the victim’s name in Google becomes associated with these negative blog postings. Thus, a Google search for the victim reveals blog postings about how he or she is an alcoholic, child molester, a physical abuser, etc.

    This can be amplified by using mailing list postings and USENET.

    Taking that further, one can link each blog comment to each other and create a more articulated web of links, which will help Google optimize the data.

    Likewise, what if you wanted to start marital troubles for someone? The attacker could start posting about the victim on dontdatehimgirl.com or various places such as twitter:

    “This guy is an asshole, we met at a corporate dinner three years ago, have been having an ongoing affair, and he’s been telling me that he was going to leave his wife, now he just cut me off! I want to expose for who he really is.”

    Or

    “I met last week at the conference, it was an amazing, romantic whirlwind. Now I am pregnant he refuses to return my calls or emails. Help!”

    What’s worse is this could be used via Facebook or even via pure email to the wife. With a little Photoshop help, by creating fake caught-cheating photos, it may be a hard to disprove

    Taking the caught-cheating photos and placing them on various sites will also help Google cache them in images.google.com. Further, if the images are named after the person’s name, it will help them come up first in a Google search.

    Cheating can also be replaced with other actions like industrial espionage, bad associations (having dinner with people you should hate). Imagine photoshopped photos of a VP of a company handing documents to the CEO of a competing company.

Jail Time

    Another method requires a little more work and some hacking skills that some people may not have. Yet it’s one of the most powerful methods one could use. This method basically involves hacking someone’s computer or taking it over remotely, implanting a lot of child porn on the computer, and posting that same child porn on USENET with the victim’s real email address.

    USENET is patrolled so carefully for this type of material that the result would be an FBI agent’s knock on the victim’s door, jail time, public embarrassment, maybe a pile of felonies, and to top it off… everyone thinks the victim is a pedophile.

    There are other methods such as filling a USB Drive full of child porn and simply dropping it near the victim’s car where he or she may pick it up. The attacker then tips off the police.

    In essence, the attacker frames someone for a crime. With the anonymous nature of the Internet, Operating Systems, and general digital accounting, it’s easy to put these crimes on the shoulders of the victim.

Fake Logs

    Another vicious attack vector would be simply to make-up an attack. Create logs of someone uploading child porn to a web site, making fake posting to your blog threatening to kill the president, or just a fake hacking attempt. System logs are all text, so typing up a log that looks real would be very simple and law enforcement can use that information as evidence.

    If fake evidence is introduced, it could have more power than actually attempting to frame someone for a crime.

Rogue Disinformation

    Hacker groups, governments, terrorist groups, politicians, businesses, and other activist groups use the Internet to spread their propaganda, turning their web sites into recruiting machines.
    What better way is there to disrupt them by using disinformation to discredit and fragment the momentum?

    One can hack their web site, and rather than a full website defacement, only change the wording a tiny bit, just enough to turn people off. Doing so will make their followers go, “huh?” and it may take a while for the changes to be caught.

    As an example (which should never be done and is fictitious), on a Governor’s web page, there is usually an about section. Let’s just say the text officially reads, “People who know me know that besides faith and family, nothing’s more important to me than our beloved Alaska.”

    IF one were to change that text to read; “People who know me know that nothing’s more important to me than my liberal views and beloved Alaska. In my life, I reject faith and family.”

    If the site massaging is not detected, the new text would sit for a few weeks would spread some serious disinformation.

    It’s also possible to register web sites that appear to be supporting a victim, gather viewing, and then negatively morph the message over time. For example, register supportgovernorname.com, copy the full text and content from other governor support sites. Link the site in places such as Wikipedia and other political blogs. Once there is traffic and linking going directly to the site (people are reading it/using it), slowly morph the text to make her messaging appear negative. Using DDoS attacks to shutdown the official web site to force people to the alternative fake site would also help force people to your messaging.

    For “informal movements” such as “the anti-sec movement”, a few well-placed postings usually derail them quickly. I suggested in a previous post that their threat of finding exploits to OpenSSH may have been someone not with the anti-sec movement anonymously posting using their name as a smear campaign. This hurt their public reputation.

Moving on…

There are many other examples of using Digital Assassination to control situations. I’m sure my readers could think of many other methods of using the Internet to control people and movements. I would be interested in hearing these ideas and attribute them in this page.

What you see, read, and link to may not always be reality.

Share

Tags: , , , , ,
Posted in DDoS, Hackers, Opinion | 6 Comments »

The Anti-Sec Non-Movement

Wednesday, July 22nd, 2009
A group calling itself “The Anti-Sec movement” released this statement over 48-hours ago:

“In 48 hours, the anti-sec movement will publicly unveil working exploit code and full details for the zero-day OpenSSH vulnerability we discovered. It will be posted to the Full-Disclosure security list.”

A number of people thought it was a joke, yours truly included. Yet there was a “what if” scenario which could have been ugly, so it should not have been completely ignored.

The post to the Full-Disclosure security list may have been done to harm the reputation of the “movement”, something of a disinformation campaign. It also could be that they are just a bunch of script-kiddy kids.

Anyway, for some mid-week entertainment, I put out an open call for Anti-Sec to use their new cool exploit to hack my personal server:

“In fact, if it’s not FUD… use your uber cool 0-day sploit to hack my server please! blyon@blyon.com port 22. Prove it!”

Of course the hack never happened, I had a few people trying to brute-force logins for accounts that did not even exist.

HELPFUL TIP: Look, kiddies, if you’re going to try, at least use the username I provided to start with.


I think anti-sec failed basic logic 1A, I mean… holy flawed logic Batman: In the ImageShack hack, their manifesto demands zero public disclosure on exploits, but then they contradict their own words by saying, “It [their OpenSSH exploit] will be posted to the Full-Disclosure security list.”

As for their OpenSSH exploit: Anti-sec proved they have too much free time on their hands during the summer. The anti-sec movement needs to have a movement back to school. At least some people used it as an opportunity to cleanup their system configs.

Share

Tags: , , , ,
Posted in DDoS, Hackers, Opinion | 3 Comments »

Apple, Amazon, and NetFlix can save traditional media!

Tuesday, June 23rd, 2009

 

Let’s face it, average consumers are not glued to their computers. They enjoy reading books by the pool, watching programming on their TVs, and generally don’t modify their behaviors around new technology. At least, that’s what I learn from my wife. However, as technology continues to improve, helping streamline consumers’ interaction with digital media, a shift is starting to occur.  

I recently brought home a new Kindle2 and was disappointed with my wife’s lackluster excitement for the device. She quickly stated she would not trade her paperback for a new high-tech gadget. However, once she started playing with it, she actually found it very similar to a book, especially the way in which text is displayed on the electronic paper.

Aside from being user-friendly, I explained to her how the device allows me to be a responsible news reader. As newspaper subscriptions continue to decrease as more and more people get their news for free from places like Yahoo! News and Google News, the flow of cash has decreased for traditional media. Income from online ads is just not replacing the conventional full page or double-truck that used to be the staple of the print news industry. In fact, according to Hollywood Reporter, a double-truck ad in the New York Times costs $100k, much more costly than the self-service online advertising they also provide. Thus, when you read your news online, you’re hurting the very social service that we need — responsible journalism. However, when you pay for your news subscription through Amazon, you’re helping old media become new again. That’s why the Kindle is such a great example of a device that not only supports the needs of consumers, but the needs of society as well. 

The same concept applies with music, which is already playing out. Take Apple for example, the iPod and iPhone are perfect devices for the non-technical and the technical alike. It adapts to the consumer and not the other way around. Music, applications, and everything that was a physical purchase is now a simple “tap” and it supports the industry that produces the media. Phil Schiller announced in his Macworld 2009 keynote speech that over 6 billion songs had been downloaded since the service first launched on April 28, 2003.

Now consider video. There are great models that support the movie and video industry: NetFlix, Apple TV, iTunes, and yes, even a set-top box, FyreTV, that caters to consumers looking for more adult-centric entertainment. As devices become available for the consumer to make their living room function as it did in the past, as an all-inclusive entertainment center, people will use it and pay for it.

What happens if Apple produces a device that’s like a large iPhone, a hybrid between a PC and a phone, and adds books and newspaper subscriptions to iTunes? That’s a game changer. Now there’s a device that allows users to do anything; scribble notes, read a book, type an email, and download a word processing application directly from Apple’s online store.

An iTablet would be an amazing change to the world’s media. Everything will be in the hands of the consumer all because a few thoughtful companies figured out how to bridge the gap between the consumer and traditional media. As a result, everyone benefits and prospers!


I wish this iTablet existed.

I’m inspired! Let’s go do it!

Let’s face it, the average consumer is not glued to their computers. They enjoy reading books by the pool, watching programming on their TVs, and generally don’t modify their behaviors around new technology. At least, that’s what I learn from my wife. However, as technology continues to improve, helping streamline consumers’ interaction with digital media, a shift is starting to occur.  
I recently brought home a new Kindle2 and was disappointed with my wife’s lackluster excitement for the device. She quickly stated she would not trade her paperback for a new high-tech gadget. However, once she started playing with it, she actually found it very similar to a book, especially the way in which text is displayed on the electronic paper.
Aside from being user-friendly, I explained to her how the device allows me to be a responsible news reader. As newspaper subscriptions continue to decrease as more and more people get their news for free from places like Yahoo! News and Google News, the flow of cash has decreased for traditional media. Income from online ads is just not replacing the conventional full page or double-truck that used to be the staple of the print news industry. In fact, according to Hollywood Reporter, a double-truck ad in the New York Times costs $100k, much more costly than the self-service online advertising they also provide. Thus, when you read your news online, you’re hurting the very social service that we need — responsible journalism. However, when you pay for your news subscription through Amazon, you’re supporting old media helping it become new again. That’s why the Kindle is such a great example of a device that not only supports the needs of consumers, but the needs of society as well. 
The same concept applies with music, which is already playing out. Take Apple for example, the iPod and iPhone are perfect devices for the non-technical and the technical alike. It adapts to the consumer and not the other way around. Music, applications, and everything that was a physical purchase is now a simple “tap” and it supports the industry that produces the media. Phil Schiller announced in his Macworld 2009 keynote speech that over 6 billion songs had been downloaded since the service first launched on April 28, 2003.
Now consider video. There are great models that support the movie and video industry: NetFlix, Apple TV, iTunes, and yes, even a set-top box, FyreTV, that caters to consumers looking for more adult-centric entertainment. As devices become available for the consumer to make their living room function as it did in the past, as an all-inclusive entertainment center, people will use it and pay for it.
What happens if Apple produces a device that’s like a large iPhone, a hybrid between a PC and a phone, and adds books and newspaper subscriptions to iTunes? That’s a game changer. Now there’s a device that allows users to do anything; scribble notes, read a book, type an email, and download a word processing application directly from Apple’s online store.
It would be an amazing change to the world’s media. Everything will be in the hands of the consumer all because a few thoughtful companies figured out how to bridge the gap between the consumer and traditional media. As a result, everyone benefits and prospers!
I’m inspired; let’s go do it!
Share

Tags: , , , ,
Posted in Opinion | 6 Comments »