Social Networks are the Matrix

First, this post about Second Life being used for business meetings and research labs. Now this story about the Supreme Court delivering official documents via Twitter. If you were the last hold out that social networks were just a fad, read on:

Court serves injunction via Twitter

Updated on 01 October 2009

By Benjamin Cohen

In a landmark decision, the high court allows an injunction to be served via Twitter in a case that could set a precedent for dealing with anonymous bloggers. Benjamin Cohen reports.

The case surrounds a Twitter account @blaneysblarney, which purports to be that of the well-known right-wing lawyer Donal Blaney, who blogs under the name BlaneysBarney.

The account, which was registered on 17 September, even features a photograph of the real Donal Blaney and posts rather provocative tweets including –

“So the Iranians were lying all along. Time for the RAF to start practicing bunker bombing…”

“Now Obama, who the eurofederasts [sic] love, is happy to leave us to the mercy of the mad mullahs…”

//

Mr Blaney became aware of the Twitter account, which has 79 “followers”, a week ago, and last night he decided to take legal action.

He told Channel4 News: “I know that is quicker to say contact Twitter and say someone is impersonating me and they’ll take the account down.

“But that’s not good enough any more. People want to know who’s doing this and to force them to stop.

“Too many people abuse the anonymity on the internet, and it’s right that they’re stopped from doing so.”

This morning the high court issued an injunction requiring the user to (i) stop posting messages on Twitter, (ii) preserve the accounts (i.e. not delete it), and (iii) contact Mr Blaney personally. (more)

Pay Attention: You Can Keep Your Private Life Private

Much of keeping your private life private is common sense. Don’t post it online. Don’t tell it to friends. Don’t send it in an email.Don’t put your personal details on Facebook and be surprised when your co-workers read them–and use them against you. Don’t even join Facebook (unless you’re a business, then by all means get your presence on Facebook, LinkedIn, all of the social network world).

And still, there are stories like this:

Cryptography: How to Keep Your Secrets Safe

Zack has decided to try out the online dating service Chix-n-Studz.com. He signs up for an account at the Web site and fills in several screens of forms detailing his personal profile and what he is looking for in a potential partner. In no time at all, the service offers him a number of possible soul mates, among them the very exciting-sounding Wendy. He sends her his e-mail address and what he hopes is an engaging opening message. She replies directly to him, and a whirlwind e-romance begins.

Poor Zack. Soon he is also getting numerous unsolicited phone calls from political action groups and salespeople who seem to know things about him, and his health insurance company is questioning him about his extreme-adventure vacations; the unscrupulous owners of Chix-n-Studz have been selling client information. Then there is Ivan, a mischievous co-worker to whom Zack foolishly showed one of Wendy’s e-mails. Zack does not know that several subsequent recent messages supposedly from Wendy are fakes from Ivan.

33.570112 -117.697436

Nazi Codes–Still Uncrackable

Encryption is a fascinating field. Since WWII, when the Allies ability to break secret messages enciphered by the German Enigma Machines contributed substantially to the Allied war-winning intel, it has captured the minds of mathematicians and scientists alike. I’ve used several myself, based on:

• musical codes (i.e., Morse Code Music)
• Palindromes
• Fibonacci Numbers and the Golden String

Up until January, 2006, there were still three uncracked Nazi Enigma messages intercepted in the North Atlantic in 1942. had no idea this was still uncracked. The M4 Project (named for the four rotor Enigma M4 used to encipher the messages), and later Enigma at Home, was created to use the power of home computers to break these last messages. The encrypted messages are:

Not unlike Fermat’s Last Theorem which was only just solved after 358 years of trying by Andrew Wiles of Princeton University in 1993.

Still trying to crack Nazi Enigma messages

Volunteers contribute spare computing cycles to crack old wartime ciphers

By Bob Brown

You can donate your spare PC processing power to dozens of cool volunteer computing projects simply by downloading some software. Enigma@home is the one that called me.

Enigma@home is based on the M4 Project, an effort spearheaded by German-born violinist and encryption enthusiast Stefan Krah. The M4 Project was designed to break three original messages generated by a famed electro-mechanical Enigma machine and intercepted in the North Atlantic in 1942. (The project gets its name from the four-rotor Enigma M4 machine presumed to be used by the Germans for enciphering the signals during wartime.) The project’s method for cracking the ciphers is described as “a mixture of brute force and a hill climbing algorithm.”

Slideshow: 12 cool ways to donate your spare PC processing cycles

Enigma@home provides access to the M4 Project using BOINC software for volunteer and grid computing. The project, which started in January of 2006, succeeded in breaking the first two messages within the first couple of months. Enigma@home is still working on message No. 3. As for why it’s such a tough one, Krah says there could be several reasons:

1. It could be a so-called Offizier message, part of which is doubly encrypted.

2. The message was badly intercepted and some letters are missing.

3. There are some messages that require the algorithm to be applied many times. This is pretty much what we are doing right now.

As for what sparked Krah’s interest in breaking ciphers, he says that in 2005 he started solving the challenge messages of Simon Singh’s Cipher Challenge – long after the actual challenge was over.

“The Enigma message in Singh’s challenge is in many ways relatively easy to break and subsequently I improved the algorithm so that real world messages could be broken. In summer of 2005, a publication by Geoff Sullivan and Frode Weierud helped to refine the algorithm further.(More about decoding)

Biggest Threat to Network Security: People

Network security is becoming more and more difficult to maintain. Even as firewalls and spy detection programs get better at beating back cybercriminals, they just don’t work against the loose lips of employees. It’s human nature to gossip. Even before we became human, we liked to share secrets, though at that time it was called ‘grooming’–sitting together, grunting and barking, as we picked lice and dirt from our best friend’s fur. Now, that’s replaced with emails, blogs, tell-all websites. They accomplish the same social network stuff, but on a much larger scale.

Here’s a report from the Wall Street Journal that expands on this growing problem:

Email Still the Biggest Threat for Insider Leaks, But Blogs, Video on the Rise

A report from security firm Proofpoint shows that email isn’t the only inside threat companies face — confidential information is leaking out via blogs, mobile devices and social-media sites.

AFP/Getty Images

In a survey of some 220 companies, Proofpoint found that email is still the No. 1 offender when it comes to data leaks. About 43% of respondents had investigated an email-based security breach during the past year. Nearly one-third of the companies surveyed had fired an employee for violating email confidentiality policies, a 26% increase from 2008.

Blogs and videos are increasingly channels for leaks as well, with 18% of respondents saying that they looked at those media when investigating an information leak. Social-networking sites such as Facebook and MySpace have also seen jumps in privacy-related incidents — 17% of respondents reviewed social-media hubs, up from 12% a year ago.

In a Proofpoint video, the company’s director of market development, Keith Crosley, said that shrinking information-technology budgets and the economic downturn itself contribute to the problem. “Layoffs themselves are often the cause of data breaches,” he said. “When employees leave a company, they sometimes take confidential information with them.”

Half of the survey respondents said that cuts in their IT staff had damaged their ability to protect confidential information, and 42% said that ramped-up job cuts heightened the risks of data leaks.

And while nearly half (48%) of surveyed companies with 20,000 or more employees have hired workers to read or analyze outbound email, only 38% of companies overall employ such staff. That figure, however, is the highest Proofpoint has seen in the study’s six-year history.

While most companies had policies for the use of email (96%) and messaging overall (90%), fewer had developed rules for the acceptable use of blogs and social networking — 72% and 67%, respectively.

33.570112 -117.697436

You Know You’re a Geek if…

I’m there, with my sister WordDreams blogger. Continue reading ‘You Know You’re a Geek if…’

33.570112 -117.697436

What is a ‘hacker’?

I got this from my fellow WordDreams blogger, the writer. This post won’t come out until tomorrow, but it’s right up my line. I decided I’m not a hacker, but Eitan in my lab is. Read on:

If you had a character who was a hacker (or a cracker), how would you make him convincing. To be  believable, you have to enter their mindset. Here are some ideas I’ve gotten from my computer friends and The New Hacker’s Dictionary:

• They want to write their native language well. Though it’s a common stereotype that programmers can’t write, a surprising number of hackers are very able writers.
• They read science fiction and go to science fiction conventions (try it; it’s a good way to meet hackers and proto-hackers).
• They know a martial-arts form (Did this surprise you? Me too). The kind of mental discipline required for martial arts seems to be similar in important ways to what hackers do. The most popular forms are Tae Kwon Do, Kung Fu, Aikido, or Ju Jitsu. The most hackerly martial arts are those which emphasize mental discipline, relaxed awareness, and control, rather than raw strength, athleticism, or physical toughness.
• They study a meditation discipline. The perennial favorite among hackers is Zen. Other styles may work as well, but choose one that doesn’t require you to believe crazy things.
• They have an analytical ear for music, might appreciate peculiar kinds of music, might play some musical instrument well, or even sing.
• They appreciate puns and wordplay. Very neologistic. They nounize verbs and verbize nouns.
• For true hackers, the boundaries between “play”, “work”, “science” and “art” tend to disappear.

If you want to show a fake ‘hacker’, include these traits:

• A silly or grandiose user ID or screen name.
• Have them get in flame wars in their online communications
• Have them self-describe as a ‘cyberpunk’
• Have lots of spelling errors and bad grammar in their posts

33.570112 -117.697436

Enterprise Security Today | Symantec Warns of Wireless Keyboard Security Threat

I posted about security threats a couple of days ago. Here’s another of several monster holes in our network security:

Enterprise Security Today | Symantec Warns of Wireless Keyboard Security Threat

Shared via AddThis

Five Little Known Ways to Hack a Computer

Scientific American printed an article (May 2009–see website here) about how cybercriminals and other clever folk can get

Sophisticated Hacking

around today’s sophisticated firewalls and encryption. In short:

• decode the unique sound of each keyboard key
• capture reflections of the screen from a reflective surface behind the monitor (i.e., eye glasses, even eyeballs)
• take a movie of the typing hands and find out what keys are typed
• capture the data as it goes to the printer (who would think to encrypt that)
• tap into the webcam

Scary, but true.