Quotulatiousness

January 29, 2012

China and the censorship state

Filed under: China, Government, Liberty, Media — Tags: , , , , , — Nicholas @ 12:02

Rebecca MacKinnon in the National Post on the ways and means of ensuring “harmony” in China’s corner of the internet:

In fall 2009, I sat in a large auditorium festooned with red banners and watched as Robin Li, CEO of Baidu, China’s dominant search engine, paraded onstage with executives from 19 other companies to receive the “China Internet Self-Discipline Award.” Officials from the quasi-governmental Internet Society of China praised them for fostering “harmonious and healthy Internet development.” In the Chinese regulatory context, “healthy” is a euphemism for “porn-free” and “crime-free.” “Harmonious” implies prevention of activity that would provoke social or political disharmony.

China’s censorship system is complex and multilayered. The outer layer is generally known as the “great firewall” of China, through which hundreds of thousands of websites are blocked from view on the Chinese Internet. What this system means in practice is that when one goes online from an ordinary commercial Internet connection inside China and tries to visit a website such as hrw.org, the website belonging to Human Rights Watch, the web browser shows an error message saying, “This page cannot be found.” This blocking is easily accomplished because the global Internet connects to the Chinese Internet through only eight “gateways,” which are easily “filtered.” At each gateway, as well as among all the different Internet service providers within China, Internet routers — the devices that move the data back and forth between different computer networks — are all configured to block long lists of website addresses and politically sensitive keywords.

These blocks can be circumvented by people who know how to use anti-censorship software tools. It is impossible to conduct accurate usage surveys, but it is believed likely that hundreds of thousands of Chinese Internet users deploy these tools to access Twitter and Facebook every day. Yet researchers estimate that out of China’s 500 million Internet users, only about 1% or so (a number somewhere in the single-digit millions — still a large number of people but not enough percentage-wise to shape majority public opinion) use these tools to get around censorship, either because most do not know how or because they lack sufficient interest in, or awareness of, what exists on the other side of the “great firewall.”

November 25, 2011

GCHQ goes public, sort of

Filed under: Britain, Technology — Tags: , , , — Nicholas @ 08:57

GCHQ grew out of the WW2 code-breaking group based at Bletchly Park and is the British equivalent of the NSA. Recently it was announced that GCHQ will start offering its expertise to private businesses:

Some of the secret technologies created at the government’s giant eavesdropping centre GCHQ are to be offered to private industry as part of new cyber security strategy being unveiled by ministers on Friday.

The idea is likely to be one of the most contentious in the plans, which could lead to the government being paid substantial sums for software developed by the intelligence agency based in Cheltenham.

Opening up GCHQ to commercial opportunities will not deflect it from defending national security, which remains its priority, ministers argue, and the agency has insisted it will not be side-tracked.

However, the new cyber strategy makes clear that the dangers posed by espionage and crime on the web cannot be faced without better co-operation between the two sectors, and that they will have to work together more closely in future.

November 19, 2011

Internet users’ password security still hasn’t improved

Filed under: Technology — Tags: , , , , , — Nicholas @ 10:03

Do you use any of the following terms as your password? If so, congratulations, you’re helping keep the rest of us from being as easily hacked as you are:

1. password
2. 123456
3. 12345678
4. qwerty
5. abc123
6. monkey
7. 1234567
8. letmein
9. trustno1
10. dragon
11. baseball
12. 111111
13. iloveyou
14. master
15. sunshine
16. ashley
17. bailey
18. passw0rd
19. shadow
20. 123123
21. 654321
22. superman
23. qazwsx
24. michael
25. football

This list is from SplashData, who produce (among other things) a password-keeper utility. Last year, Gawker published the 50 top passwords in a graphic:

Here’s a word cloud from an earlier post on passwords:

Other posts on this topic: opportunities for humour with your bank’s secret questions, xkcd on the paradox of passwords, Passwords and the average user, More on passwords, And yet more on passwords, and Practically speaking, the end is in sight for passwords.

August 19, 2011

If you want to take the moral high ground, you must live up to it

Filed under: Britain, Media — Tags: , , , — Nicholas @ 15:27

James Delingpole has a bit of advice for the BBC and the Guardian:

The liberal-Left has many vices. But surely the most noisome one of all (in a crowded field) is its rank hypocrisy. If you’re going to take the moral high ground — as Lefties will insist on doing at every opportunity — the very least you owe the world in return if you have a shred of compunction, decency or intellectual consistency is to demonstrate more integrity than those you are impugning. And if you can’t do that, then bloody well shut up.

In the last few months, you can’t have helped noticing, the liberal-Left media, led by the BBC and the Guardian, have been dwelling on the News International phone hacking scandal with a shrillness and hysteria and foaming moral outrage out of all proportion to the nature of the offence.

Am I defending phone hacking or the leaking by police of confidential information to newsapers? Of course I’m not. I think it’s a horrible, grubby practice which must have left all the people who were victims of it feeling soiled and discomfited. But a) as we saw in the cities of Britain last week (and we’re also seeing on the stock markets) there are many problems far more deserving right now of the media’s crusading attention. And b) it’s not as if News International’s imprints which were the only newspapers playing this game. The gutter end of journalism is, of necessity, an unscrupulous, highly competitive business. Tabloid hacks stand or fall on the number of scoops they get over the opposition. It would be stretching the bounds of credulity to claim that other papers, besides those owned by Murdoch, have not engaged in similar dirty tricks.

July 13, 2011

Anonymous decides they’re against Ethical Oil

Filed under: Cancon, Environment, Media, Technology — Tags: , , , — Nicholas @ 10:13

I guess all the popular targets have already been hit, so the rumour is that Anonymous is going to be going after companies working in the oilsands:

In related news, Anonymous said it planned to attack oil firms and banks supporting the controversial extraction of oil from sand in Alberta, Canada. Exxon Mobil, ConocoPhillips, Canadian Oil Sands, Imperial Oil, and the Royal Bank of Scotland have been put on notice that they are likely to be targeted in Anonymous’ latest operation, dubbed Project Tarmageddon.

Anonymous began with attacks on the Church of Scientology in early 2008 before it made headline news last year with attacks on financial service firms that blocked donation to WikiLeaks following the release of controversial US diplomatic cables. Another long-running campaign has targeted entertainment industry firms that hassled file sharers or console modders, most notably Sony.

July 11, 2011

The highly localized outrage in the News of the World affair

Filed under: Britain, Media — Tags: , , — Nicholas @ 09:09

Frank Furedi points out the amazingly restricted view of the media:

The furore that surrounds the demise of the News of the World has little to do with the specific morally corrupt practices at that tabloid. Rather, as with other highly stylised outbursts of outrage in recent years — from ‘cash for questions’ to the MPs’ expenses scandal to bankers’ bonuses — this is a media-constructed and media-led furore. The main reason the sordid phone-hacking affair has become the mother of all scandals is because the media assume that anything which affects them is far more important than the troubles facing normal human beings.

It’s understandable: media folks frequently point out that politicians and celebrities move in “bubbles” which rarely bring them into contact with ordinary people — yet only occasionally seem to be aware that the media lives in its own set of bubbles.

Outrage-mongering, which is essentially an accomplishment of the media, is parasitical on today’s depoliticised and disorganised public life. In the absence of true political conviction, of any meaningful political alternative, strongly held views have been replaced by expressions of frustration and outrage. In such circumstances, the cultural elite can substitute its own agenda for that of the public, and in effect an outraged media reality becomes the reality.

Over the past week, many have claimed that the News of the World’s phone-hacking practices have offended the British public. Time and again, journalists claim to have detected a powerful public revulsion against the machinations of News International. Even a sensible columnist like Matthew d’Ancona argues that ‘David Cameron and Rupert Murdoch are swept up in a public fit of morality’. In truth, this ‘public fit of morality’ is actually confined to a relatively narrow stratum of British society. People in the pub or on the streets are not having animated debates about the News of the World’s heinous behaviour. Rather it is the Twitterati and those most directly influenced by the cultural elite and its lifestyle and identity who are emotionally drawn to the anti-Murdoch crusade.

July 8, 2011

A contrarian view on the News of the World closure

Filed under: Britain, Liberty, Media — Tags: , , , — Nicholas @ 09:28

Well, somebody had to point out the cloud to this lovely silver lining that everyone else is enjoying:

Around the world, miles of column inches and hours of television and radio debate have been devoted to the closure of the News of the World. And yet the gravity of what occurred yesterday, the unprecedented, head-turningly historic nature of it, has not been grasped anywhere. A newspaper of some 168 years’ standing, a public institution patronised by millions of people, has been wiped from history — not as a result of some jackbooted military intrusion or intolerant executive decree or coup d’état, but under pressure from so-called liberal campaigners who ultimately felt disgust for the newspaper’s ‘culture’. History should record yesterday as a dark day for press freedom.

In a civilised society we tend to associate the loss of a newspaper, the pressured shutting down of a media outlet, with some major corrosion of public or democratic values. We look upon the extinction of a paper for non-commercial reasons, whatever the paper’s reputation or sins, as a sad thing, normally the consequence of a tyrannical force stamping its boot and its authority over the upstarts of the media. Yet yesterday’s loss of a newspaper has given rise, at best, to speculative analysis of what is going on inside News International, or at worst to expressions of schadenfreude and glee that the four million dimwits who liked reading phone-hacked stories about Wayne Rooney on a Sunday morning will no longer be at liberty to do so. Many of those politically sensitive commentators who shake their heads in solemn fury upon hearing that a newspaper in a place like Belarus has closed down have barely been able to contain their excitement about the self-immolation of a tabloid here at home.

Many people, including us at spiked, had reservations about the News of the World’s mode of behaviour, especially following this week’s revelations of deplorable phone-hacking activity involving murdered teenager Milly Dowler and the families of dead British soldiers. The paper undoubtedly infuriated many people, too. Yet this was a longstanding public institution. Just because a newspaper is the private property of an individual — even if that individual is Rupert Murdoch — does not detract from the fact that it is also a public institution, with an historic reputation and an ongoing political and social engagement with a regular, in this case numerically formidable readership. That such a public institution can be dispensed with so swiftly, that a huge swathe of the British people can overnight be deprived of an institution they had a close relationship with, ought to be causing way more discomfort and concern than it is. How would we feel if other public institutions — the BBC, perhaps, or parliament — were likewise to disappear?

July 7, 2011

British tabloids

Filed under: Britain, Liberty, Media, Politics — Tags: , , , , — Nicholas @ 09:19

Brendan O’Neill views with some puzzlement the degree of outrage at the News of the World phone-hacking compared to earlier tabloid excesses:

Even some of those involved in the campaign recognise that there is a disparity between their earlier reaction to breaches of morality by tabloid newspapers and their reaction to this one. The campaigner who has successfully managed to get some big corporations to withdraw their advertising from the News of the World says she had previously learned to live with a ‘generalised, low-level irritation with the content of some of the tabloids’, yet following the Milly Dowler revelations those ‘years of irritation were transformed into rage’. Others have referred to the Dowler claims as ‘a tipping point’, arguing that we knew Murdoch’s tabloids were value-free and ethics-lite, but we didn’t know ‘they were this bad’.

In truth, there has been a distinct lack of journalistic integrity amongst some of the tabloids (and other media outlets) for many years now. For example, in 1988 the News of the World hounded the mentally ill EastEnders actor David Scarboro, not only revealing that he was in a psychiatric institution but also publishing photos of the institution and describing Scarboro as ‘mad’. Forced, under the glare of tabloid publicity, to flee the institution, Scarboro committed suicide by leaping off Beachy Head. He was just 20 years old. More famously, or rather infamously, the Sun libelled Liverpool football supporters following the Hillsborough disaster in 1989, falsely claiming that they had pickpocketed and urinated on dead and dying fans. There are many other instances over the past 30 years where the tabloids have used harassment and intimidation to get stories that have sometimes ruined people’s lives or denigrated the dead.

Yet none of those episodes gave rise to a widespread anti-tabloid campaign that galvanised prime ministers, opposition leaders, the respectable media, political activists and lawyers, as the Milly Dowler revelations have. Nor did they result in three-hour emergency debates in the House of Commons, with politicians battling it out to see who could express the most vociferous disdain for tabloid culture. The most striking thing about the anti-Murdoch campaign that has been so speedily consolidated over the past 48 hours is that it includes a smorgasbord of people who are normally at each other’s throats — from Conservative MPs to left-wing agitators, from big businesses such as William Hill and Coca-Cola (which are withdrawing their adverts from the News of the World) to religious spokespeople.

June 28, 2011

Government attempts to censor and control the internet spawn opposition

Filed under: Government, Liberty, Media, Technology — Tags: , , , , , , — Nicholas @ 12:06

Loz Kaye makes the point that the recent ratcheting-up of freelance subversion of government and corporate web sites and online communities is a direct reaction to attempts to control the internet:

LulzSec wasn’t an isolated or unique phenomenon. People with passionate beliefs have been using new technological tools to effect change out of a sense of powerlessness. In the last year, I’ve watched 38 Degrees using the strength of association online to change government policy, WikiLeaks force transparency on those who’d rather run from it, even the amorphous mass that is Anonymous taking a stand on whatever issue they feel deserves their attention.

These tools are now themselves under attack. Lord Mandelson’s last gift to us, the Digital Economy Act, is just one of a raft of “three strikes laws” worldwide that threaten to cut off households from the web. Buried in the coalition’s Prevent strategy is the assertion that “internet filtering across the public estate is essential”. Nor is it solely a British issue; Nicolas Sarkozy called for global online governance at the eG8 in his attempt to civilise the “wild west” of the web.

We’re starting to see what this civilising process entails. Open Rights Group revealed that Ed Vaizey and lobbyists held a secret meeting discussing the future of web blocking powers. There was no public oversight and no one asked the net natives. Vaizey has relented a little via Twitter, consenting to open up the discussion — the Pirate Party and I welcome that invitation. It will take more, however, than getting a few NGOs around a table to ease the real sense of anger poisoning the online community.

We’re quickly coming up on a time when we’ll need to enshrine access to the internet (or equivalent data sources) as a formal constitutional right. If we don’t, we will always have this urge to control and to censor on the part of petty authoritarians and bureaucrats.

June 27, 2011

Bodyhacking is closer than you may think

Filed under: Science, Technology — Tags: , — Nicholas @ 12:15

An occasional meme in science fiction stories is someone being able to control the actions of another using remote control. We may be closer to that, um, “vision” than we expect:

Now that pacemakers are to be loaded with firewalls and bionic-man body parts are appearing on production lines, the concept of body hacking has become a spooky possibility. Researchers in Japan have begun to try to teach people how to play instruments by remotely controlling their hands.

Developed by the University of Tokyo and Sony Computer Science Labs, the aptly named PossessedHand stimulates muscles that move our digits, New Scientist reports.

A belt with 28 electrode pads is strapped to the arm, sending signals to the joints between the three bones of each finger, with two for the thumb.

June 22, 2011

Carr: LulzSec versus the CIA

Filed under: Government, Technology, USA — Tags: , , , , — Nicholas @ 07:50

Paul Carr is somewhat dismissive of the hacking exploits of the LulzSec group:

For the past few weeks, a hacker collective called LulzSec has been leading American and British authorities a merry dance. The group’s targets are seemingly random – Sony, the CIA, contestants of a reality TV show, the Serious Organised Crime Agency (Soca) – but their stated motive has remained constant: “we’re doing it for laughs”, or, to put it in internet parlance, “lulz”.

If one is to believe the media coverage – particularly here in the US‚ no one is safe from the ingenious hackers and their devilishly complex attacks. The truth is, there’s almost nothing ingenious about what LulzSec is doing: CIA and Soca were not “hacked” in any meaningful sense, rather their public websites were brought down by an avalanche of traffic — a so-called “distributed denial-of-service” (DDoS) attack. Given enough internet-enabled typewriters, a mentally subnormal monkey could launch a DDoS attack — except that mentally subnormal monkeys have better things to do with their time.

Even the genuine hacks are barely worthy of the word. Many large organisations use databases with known security holes that can easily be exploited by anyone who has recently completed the first year of a computer science degree: it’s no coincidence that so many of these hacker collectives appear towards the end of the academic year.

June 17, 2011

DARPA’s “National Cyber Range” on schedule

Filed under: Government, Technology, USA — Tags: , , , , — Nicholas @ 10:07

In order to determine ways to fend off or prevent attacks on the internet, DARPA is hoping to have their scale model of the internet ready sometime next year for testing:

The US defence agency that invented the forerunner to the internet is working on a “virtual firing range” intended as a replica of the real internet so scientists can mimic international cyberwars to test their defences.

Called the National Cyber Range, the system will be ready by next year and will also help the Pentagon to train its own hackers and refine their skills to guard US information systems, both military and domestic.

The move marks another rise in the temperature of the online battlefield. The US and Israel are believed to have collaborated on a sophisticated piece of malware called Stuxnet that targeted computers controlling Iran’s nuclear centrifuge scheme. Government-authorised hackers in China, meanwhile, are suspected to have been behind a number of attacks on organisations including the International Monetary Fund, French government and Google.

[. . .]

Darpa is also working on other plans to advance the US’s cyber defences. A program known as Crash — for Clean-slate design of Resilient, Adaptive, Secure Hosts — seeks to design computer systems that evolve over time, making them harder for an attacker to target.

The Cyber Insider Threat program, or Cinder, would help monitor military networks for threats from within by improving detection of threatening behaviour from people authorised to use them. The problem has loomed large since Bradley Manning allegedly passed confidential state department documents to WikiLeaks, the anti-secrecy website.

Another is a Cyber Genome, aimed at automating the discovery, identification and characterisation of malicious code. That could help figure out who was behind a cyber-strike.

May 29, 2011

Jim Treacher calls for investigation into hacking of Rep. Anthony Weiner’s Twitter and Facebook accounts

Filed under: Law, Politics, Technology, USA — Tags: , , , — Nicholas @ 11:13

He’s quite right: this sort of thing must be stopped:

I don’t agree much with Rep. Weiner politically, but he’s a congressman and this is a serious crime he’s alleging. Not to mention that identity theft can happen to any of us at any time. Therefore, Rep. Weiner must call for an official investigation. He owes it to himself, to all other victims of cybercrime, and to his fellow members of Congress who might also be at risk. Defrauding someone’s online accounts in order to embarrass and defame them is unconscionable. The culprit must be brought to justice.

And if Rep. Weiner doesn’t want an investigation, somebody should ask him why not.

If you haven’t been following this, the smart money is betting that he won’t want any such investigation to be launched.

May 11, 2011

How resilient is the internet?

Filed under: Economics, Media, Technology — Tags: , , , — Nicholas @ 09:57

Richard Clayton summarizes a recent study by European Network and Information Security Agency (ENISA) on the internet’s ability to cope with disruptions. Among the ways the internet is vulnerable are:

First, the Internet is vulnerable to various kinds of common mode technical failures where systems are disrupted in many places simultaneously; service could be substantially disrupted by failures of other utilities, particularly the electricity supply; a flu pandemic could cause the people on whose work it depends to stay at home, just as demand for home working by others was peaking; and finally, because of its open nature, the Internet is at risk of intentionally disruptive attacks.

Second, there are concerns about sustainability of the current business models. Internet service is cheap, and becoming rapidly cheaper, because the costs of service provision are mostly fixed costs; the marginal costs are low, so competition forces prices ever downwards. Some of the largest operators — the ‘Tier 1′ transit providers — are losing substantial amounts of money, and it is not clear how future capital investment will be financed. There is a risk that consolidation might reduce the current twenty-odd providers to a handful, at which point regulation may be needed to prevent monopoly pricing.

Third, dependability and economics interact in potentially pernicious ways. Most of the things that service providers can do to make the Internet more resilient, from having excess capacity to route filtering, benefit other providers much more than the firm that pays for them, leading to a potential ‘tragedy of the commons’. Similarly, security mechanisms that would help reduce the likelihood and the impact of malice, error and mischance are not implemented because no-one has found a way to roll them out that gives sufficiently incremental and sufficiently local benefit.

Fourth, there is remarkably little reliable information about the size and shape of the Internet infrastructure or its daily operation. This hinders any attempt to assess its resilience in general and the analysis of the true impact of incidents in particular. The opacity also hinders research and development of improved protocols, systems and practices by making it hard to know what the issues really are and harder yet to test proposed solutions.

H/T to Bruce Schneier for the link.

May 2, 2011

I think I’ll hold off on buying a PlayStation for a little while longer

Filed under: Gaming, Technology — Tags: , , , — Nicholas @ 09:17

I actually was considering buying a PS3 in the near future, as our existing Blu-Ray player doesn’t play nicely with Netflix, while my domestic gaming advisor tells me that PS3’s do. Sony’s security problems are enough to give me pause:

“It’s really scary,” said Marsh Ray, a researcher and software developer at two-factor authentication service PhoneFactor, who fleshed out the doomsday scenario more thoroughly on Monday. “It’s justification for Sony freaking out. They could lose control of their whole PS3 network.”

Ray’s speculation is fueled in part by chat transcripts that appear to show unknown hackers discussing serious weaknesses in the PSN authentication system. In it, purported hackers going by the handles trixter and SKFU discuss how to connect to PSN servers using consoles with older firmware that contain bugs susceptible to jailbreaking exploits, even though Sony takes great pains to prevent that from happening.

“I just finished decrypting 100% of all PSN functions,” SKFU claimed.

There’s no evidence the participants had anything to do with the massive security breach that plundered names, addresses, email addresses, passwords and other sensitive information from some 77 million PSN users. But the log did raise questions about the security of the network, since it claimed it was possible to fool the PSN’s authentication system into permitting rogue consoles.

On this reading, arrogance on the part of Sony executives, and complacency on the part of developers and testers are key elements of the security failure:

“If you can’t jailbreak it, then I can see a developer assuming that they don’t need a particular authorization check on what’s coming across the wire because a user can’t do that,” said WhiteHat Security CTO Jeremiah Grossman, an expert in web application security. “So if somebody managed to jailbreak their device and pop a flaw, I can see something major happening there.”

Hotz, the PS3 jailbreaker who recently settled the copyright lawsuit Sony brought against him, said in a recent blog post that the theory is plausible and that responsibility for the hack lay squarely on the shoulders of Sony executives who placed too much trust in the invulnerability of the PS3.

“Since everyone knows the PS3 is unhackable, why waste money adding pointless security between the client and the server?” Hotz, aka GeoHot, wrote. “This arrogance undermines a basic security principle, never trust the client. Sony needs to accept that they no longer own and control the PS3 when they sell it to you.”

« Newer PostsOlder Posts »

Powered by WordPress