|Ken Novak's Weblog
Purpose of this blog: to retain annotated bookmarks for my future reference, and to offer others my filter technology and other news. Note that this blog is categorized. Use the category links to find items that match your interests.
Subscribe to get this blog by e-mail.
New: Read what I'm reading on Bloglines.
Saturday, February 28, 2004
Will IM be the next security culprit? "IM-based attacks present particular danger because they would not cause the changes to machines or networks that make an attack visible. In fact, compared to past attacks, they would need very few connections for full infection. Today's worms take time to spread because they must find hosts to infect through scanning, e-mail distribution and file sharing--in the process creating a lot of unproductive traffic. .. In contrast, an IM-based attack eliminates nuisance traffic almost completely. Once it has infected a machine, the code gains direct access to your buddy list and learns who is currently online. Once it has infected a machine, the code gains direct access to your buddy list and learns who is currently online. The code needs only to send a few small requests to the online users.. This would not raise alarms because the Internet would not be clogged with useless attempts at infection or propagation. Also, the infected computers would not suffer poor performance or change their behavior in any way."
One early example is reported, "Trojan horse advertising program, called BuddyLinks, masquerades as a news Web site with a story on [Osama bin Laden's] capture in an attempt to fool users of America Online's instant-messaging program into downloading software and receiving advertising." These invitations to websites could leverage browser vulnerabilities in disturbing ways. 11:48:46 PM
Michael Helfrich's Weblog: Groove and the Tactical Edge: Part 1: First installment of the story of how Groove came to be used for humanitarian operations in Iraq. Starting in late 2002: "The day after Eric's talk, a very eclectic group of Groove employees formed for the first time to offer their evenings and weekends to develop Groove applications that could be used in disasters, both natural and man-made. We built 11 over the next six months. These ranged from applications to reunite families dispersed across refugee camps, to casualty evacuations to be used by coalition forces and NGO's. The final application was a set of capabilities in Groove that was used during the Super Bowl in January of 2003 to link first responders, California law enforcement, hospitals in San Diego, and Secret Service personnel in Washington...
[For Iraq, Eric's] challenge was a need to link 134 people from 43 different civil-military organizations, representing multiple nations, each on their own private, albeit it internet-connected networks. UNDP had managed to have all 43 organizations agree on a common data collection set that became what was known as the Rapid Assessment form [on] when and where relief supplies would be distributed..
On Sunday March 16th, Eric took delivery of a Groove-based Rapid Assessment form. .. By Thursday morning, 120 users in Washington, Qatar, New York, Washington DC, London, and Kuwait City were up and running in Groove, many of them were forward deployed near the Iraq border in the south.
Early in the morning on March 25th, a Groove notification fired in my Windows system tray. The first Rapid Assessment form had come in after coalition forces overran Talil airfield near Al-Nasiriyah in southern Iraq. Within minutes, almost 50 people had streamed into the Groove Rapid Assessment shared space and the chat pane exploded with message traffic. The UN, the Red Cross, 1st MEF members, and others had received the same notification and swarmed into the space to begin the task of getting humanitarian assistance into the area. As a technologist, it was an incredibly surreal moment to see our technology being used at such a historic moment..." 11:14:35 PM
Shirky: The RIAA Succeeds Where the Cypherpunks Failed: "For years, the US Government has been terrified of losing surveillance powers over digital communications generally, and one of their biggest fears has been broad public adoption of encryption. If the average user were to routinely encrypt their email, files, and instant messages, whole swaths of public communication currently available to law enforcement with a simple subpoena (at most) would become either unreadable, or readable only at huge expense. ..
The RIAA is succeeding where the Cypherpunks failed, convincing users to trade a broad but penetrable privacy for unbreakable anonymity under their personal control... encryption is now becoming a background feature of collaborative workspaces. Because encryption is becoming something that must run in the background, there is now an incentive to make its adoption as easy and transparent to the user as possible. It's too early to say how widely casual encryption use will spread, but it isn't too early to see that the shift is both profound and irreversible.
People will differ on the value of this change, depending on their feelings about privacy and their trust of the Government, but the effects of the increased use of encryption, and the subsequent difficulties for law enforcement in decrypting messages and files, will last far longer than the current transition to digital music delivery, and may in fact be the most important legacy of the current legal crackdown. " 10:49:51 PM
Legal Services and Networking
: How a law firm benefited from social networking software. "One of your employees might be the golfing partner of a key contact at a prospect's company, and a point of leverage for closing a deal. Software from vendors like Interface and Spoke is meant to expose such connections by, inter alia, combing through Outlook folders to see who knows whom and render it searchable by others.
"In the past year, we've had a couple of instances where the software identified an existing relationship we'd never have been aware of otherwise," says Sobin. "One of those engagements generated more than a million dollars in new business."" The software also distills a common view of the relationship with a customer from everyone's email files, so all staff are "reading from the same page." 10:24:46 PM