New update available! Click here to download now! From virus signature updates that identify competing products as a trojan, to operating system updates that break core functionality, there has been no shortage of quality control failures in updates released by vendors. Many of these updates are delivered to the user’s computer via automatic update mechanisms. That means these problematic updates are delivered to millions of computers quietly and efficiently, typically without user interaction. It’s always welcome to see security bugs fixed or better rules released in the products we use. But when the price of that fix is at best an annoyance and at worst a complete system failure, we’re not so sure it’s worth it. At the very least, users should be aware of the various types of failures and the frequency with which they occur. While mistakes happen to everyone, we’ll leave it as an exercise to the reader to notice any trends from repeat offenders.
Though machines with 4GB are not yet the typical purchase for home or business use, they are readily available from major manufacturers and it won’t be long before they are the typical purchase. But there are problems. You don’t have to stand for long in a computer shop to hear a sales assistant talk of 4GB as some sort of limit for 32-bit operating systems, and it won’t be long before this sales patter develops into outright promotion of 64-bit Windows as the only way to get past this limit.
A new lawsuit from the EFF seeks to shed light on the mysterious “Other Intelligence Activities” that the NSA was engaged in after 9/11, and that the DoJ eventually found to be illegal. Based Ars’ reporting of the government’s datamining efforts, we suggest that it probably looks a lot like social network crawling.
Customers were left puzzled as to why Amazon would reach out and delete e-books from their Kindle readers, and the situation was made ironic given that the books were Orwell’s 1984 and Animal Farm. Ars reports why this happened, and how the future will be different.
A government audit (PDF) has pinpointed more than 3,800 vulnerabilities — 763 of which are high-risk — in the Federal Aviation Administration’s Web-based air traffic control system applications, including some that could potentially put air travel at risk.
The Torpig botnet was hijacked by the good guys for ten days earlier this year before its controllers issued an update and took the botnet back. During that time, however, researchers were able to gain a glimpse into the kind of information the botnet gathers as well as the behavior of Internet users who are prone to malware infections.
The NoScript Firefox extension faced a major backlash last week when users discovered that it was surreptitiously disrupting the operation of AdBlock Plus. The developers behind the two extensions turned the browser into a battleground as their conflict escalated. Mozilla has responded by proposing a new policy that sets boundaries for appropriate extension behavior.
That’s the question on the mind of Robert Darnton, who runs Harvard University’s library system. For years, the Google Book Search project has digitized millions of books from libraries around the world, running into copyright law and a class action lawsuit from the Association of American Publishers in the process. When Google reached a tentative settlement of the suit in October, Darnton got nervous and refused to abide by the settlement; at least, not until he studied it a little more. Now, after poring through all 134 pages and 15 appendices, he’s feeling even queasier and has written a lengthy explication of his fears (what he calls a tension between “jeremiad” and “utopian enthusiasm”) in the New York Review of Books. Google, Darnton ultimately worries, cannot be trusted. Because the history of literature and publishing since the Enlightenment shows that no one, however noble, can be trusted with control of the entire corpus of human thought.
Earlier analysis (see the “The Optimal Size of a Terrorist Network” for more) indicates that the disruption of al Qaeda network mega-hub in Afghanistan has put strict limits on the size of the surviving virtual network elements. This size limitation may represent a barrier to attacks on the US, but is likely well within the capabilities of what is necessary for limited regional attacks. However, new innovations in group dynamics and the emergence of new unaffiliated guerrilla networks in Iraq may provide a method for regaining strategic capability.
CYBERSPACE is ideal for spies. Digitally disguised and undeterred by borders or passports, they can pick locks anywhere in the world, pilfer secrets without trace and even leave toxic traps for the unwary. Security chiefs are very worried; NATO’s new cyberwarfare think-tank in Estonia gets requests for help from across the world. And for researchers outside the charmed circle of high-security clearance, establishing hard evidence of mischief on the net is even harder.
The cyber arena is filled with the effluvia of vendor driven agendas and political wrangling for budgetary dollars. As a topic cyber security is especially vulnerable as the waning leadership and expertise is so centralized in so few individuals that consensus can be driven literally from people sitting in one room. Consider the recent testimony by Dr. Eugene Spafford to the Senate Commerce Committee on how few doctoral students graduate from the academic setting. The cyber security arena may be the one last place that a person with relatively little academic training can be a substantive contributor. Though that model has not served so well with over 40 years of computing and little to have moved us forward toward a secure environment.
I am here before the subcommittee today to provide testimony on 21st Century security threats. I
hope this testimony is of value despite its brevity. My analytical method is to provide
frameworks for decision makers to help them make sense of rapidly changing environments.
These frameworks are intended to provoke high quality thinking — agreement or disagreement
with their specifics works equally well to achieve this.
Researchers in Toronto have released a document that describes what may be the first real evidence of a government-operated cyber-espionage network in action. In a ten-month investigation, the team documented the operation of what they dubbed GhostNet, and its various worldwide infections.
Canadian researchers have uncovered a vast electronic spying operation that infiltrated computers and stole documents from government and private offices around the world, including those of the Dalai Lama, The New York Times reported on Saturday.
As might be expected, GDC dominated the gaming news this week. Here’s a rundown of the most important gaming stories from the past week.
