August 18th, 2010
Dan Guido: The hacking community is a brutal technical meritocracy. Dino Dai Zovi: If you say you’re hot shit, you better mean it.
I sat down at Brooklyn’s lovely General Greene for a conversation with Mac attacker Dino Dai Zovi and Dan Guido, the Professor Snape at NYU-Poly’s computer science lab. Guido is training an army of ninjas in pen testing. The hacker-turned-infosec-professionals — Dino is an independent consultant and used to work at @stake; Dan is with iSEC Partners — talked about NYC’s hacker subcultures, the Defcon landscape and the “brutal meritocracy” that is hacker culture. Edited excerpts from the interview for the Brooklyn Star:
read more »
August 14th, 2010
Getting a free MacBook frame, being two people at one time on Gmail, avoiding people that are hacking into your life.
read more »
August 12th, 2010
Anxieties about War.inc reached fever pitch last month. Is belt-trimming just a reaction?
Defense Secretary Robert Gates announced that the Pentagon will trim private contracting costs in the military — just after it moved to add 20,000 employees to oversee future contracts.
A politically motivated reaction to the burst of scrutiny? The implications of War.Inc have always been a running theme in the media. But that reached fever pitch a month ago when the Post launched Top Secret America, an investigative project about the unwieldy post-9/11 landscape of private contractors.
Now Gates is using a bludgeon at the chopping board, without a real sense of how these costs will benefit the war effort, contractors say. The 10 percent cut in contractors will affect those primarily in IT sectors — maintenance and upgrading of computer networks, upkeep at military bases and command posts, intelligence analysis, and cyber-security work.
NPR’s Intelligence Squared tried to debate whether the threat of cyberwar was for real. The debate devolved — like that terribly-lame argument at the end of a romance — into a maze of useless semantic battles. There’s a lot at stake in this question. But no one can answer it honestly. They’d rather not.
August 2nd, 2010
Forbes’ Andy Greenberg writes that
A semi-secret government contractor that calls itself Project Vigilant surfaced at the Defcon security conference Sunday with a series of revelations: that it monitors the traffic of 12 regional Internet service providers, hands much of that information to federal agencies, and encouraged one of its “volunteers,” researcher Adrian Lamo, to inform the federal government about the alleged source of a controversial video of civilian deaths in Iraq leaked to whistle-blower site Wikileaks in April.
Chet Uber, the director of Fort Pierce, Fl.-based Project Vigilant, says that he personally asked Lamo to meet with federal authorities to out the source of a video published by Wikileaks showing a U.S. Apache helicopter killing several civilians and two journalists in a suburb of Baghdad, a clip that Wikileaks labeled “Collateral Murder.” Lamo, who Uber said worked as an “adversary characterization” analyst for Project Vigilant, had struck up an online friendship with Bradley Manning, a former U.S. Army intelligence analyst who currently faces criminal charges for releasing the classified video.
Uber’s Wikileaks revelation is one of the first public statements from the semi-secret Project Vigilant. He says the 600-person “volunteer” organization functions as a government contractor bridging public and private sector security efforts. Its mission: to use a variety of intelligence-gathering efforts to help the government attribute hacking incidents. “Bad actors do bad things and you have to prove that they did them,” says Uber. “Attribution is the hardest problem in computer security.”
April 16th, 2010
Till Congress figures out how to deal with itself, you can bet the National Broadband Plan isn’t going to happen.
Yesterday’s Senate hearing that dealt with the question: How much regulation is needed as the U.S rolls out its ambitious National Broadband Plan for universal access to high-speed Internet? “Bend the curve if you have to,” thundered Sen. John Rockefeller, D-W.Va. I love Rockefeller. He’s a curmudgeon on the floor, speaks on the fly–a Hill reporter’s darling. The Republicans were not too happy.
Cybersecurity legislation is basically all about balancing private/public roles. Which means digging right into this sore point in this country: the Dem’s case for big government fist-locked with the Republican argument for private businesses. Till Congress figures out how to seal this gaping wound, nothing much is going to happen.
April 1st, 2010
Every cyber-thug has his role written for him. Don’t we love Kungfu hackers and Hispanic gangsters?
I find it endlessly interesting that Asian hackers are always portrayed as an amorphous, nameless mass. When Google announced today that Vietnamese activists opposed to a Chinese mining investment in their country were targeted in a cyberattack, McAfee Chief Technology Officer George Kurt blogged about them like blind communist dogs: ”The perpetrators may have political motivations and may have some allegiance to the government of the Socialist Republic of Vietnam.” After the Chinese hacks of Google, CNN went further, with a lede that resembled an awesome CSI script.
[insert CSI soundtrack] They operate from a bare apartment on a Chinese island. They are intelligent 20-somethings who seem harmless. But they are hard-core hackers who claim to have gained access to the world’s most sensitive sites, including the Pentagon. In fact, they say they are sometimes paid secretly by the Chinese government — a claim the Beijing government denies.
Kungfu hackers! How awesome is that? Looking the same (all Asian people look the same, duh) has its perks. You are super badass. You are also insulated and protected.
read more »
March 25th, 2010
Singapore is devising an (online?) video game to teach children about the dangers lurking online.
In a Straits Times article , “A ‘park’ to teach kids cyber safety,” Chua Hian Hou writes:
primary school pupils here will have a website to visit to be clued in on the dangers lurking online. Modelled after the Road Safety Community Park in the East Coast which welcomes groups of students for road-safety lessons in a scaled-down road network, the Virtual Cyber Security Park will show today’s increasingly wired children how their seemingly innocuous actions on the Web can come back to haunt them. The online park will use 3-D technology to re-create scenarios young ones encounter while online, from creating social networking profiles to playing online games.
Besides warning the young ones against falling prey to sexual predators, spammers and hackers, the Government will require Internet service providers here to be audited for responsiveness to cyber attacks –
OK woah, wait a minute, before we go on, a video game that warns primary school kids of sexual predators? It sounds all rather thrilling to me. Forbidden fruit is such a sweet, sweet thing. What would Singaporeans do without the Government (those naughty men in white) leading the way?