Archive for July, 2007

Disaster Planning and Security

Posted on July 26th, 2007 in Computer Security, Technology | No Comments »

Bruce Schneier’s latest article for Wired talks about disaster planning as an important part of the security process. Specifically, he’s talking about picking a disaster that has a reasonable likelihood of being mitigable. For example, it’s pointless for an individual or business to “plan” for a nuclear winter, but that might be exactly the sort of thing that should be in the scope of planning for a government. The article is excellent, but he does fail to mention in this article something which he has talked about in the past: the utility of disaster planning as both a recovery mechanism and a security mechanism.

In many cases, it’s easier to get money to do security related things than it is to get money to do disaster recovery related things. Unfortunately, a good disaster plan can help out in case of security events, natural events, accidents and other unforeseen problems while a security defense mechanism usually only tries to prevent something bad from happening.

Also, it can sometimes simply be easier and more cost effective in terms of time, money and reliability to implement the disaster recovery plan rather than the security incident response plan. This is the sort of logic behind Brian Krebs’ article about cleaning out a virus versus just reinstalling Windows.

CNN – YouTube Democratic Debate

Posted on July 23rd, 2007 in Politics and Law, Television | 1 Comment »

I just got done watching the CNN – YouTube Democratic Debate and was blown away at how well the format worked. I think there are a lot of things about current American Politics that would disappoint the Founding Fathers, but this format for the debate certainly wouldn’t be one of them. The format also harkens to shades of what Al Gore mentions in his book, The Assault on Reason, about the Internet restoring democracy in America. I am very much looking forward to the Republican Debate in September.

I don’t want to get too much into the politics of it because that could be like writing a book, but I will say that I thought Obama did the best in this debate. He came off as both a young and revitalizing JFK-style candidate and a fighter for the people Teddy Roosevelt-style candidate. I thought Mike Gravel performed admirably as the semi-crazy foil to the Democrats, but really I think Ron Paul has the semi-crazy foil award wrapped up in his role as that to the Republican party.

I am a bit bothered that the debate wasn’t on a major network. Perhaps the popularity of user generated content will push to make future debates on network TV rather than cable. I’m not holding my breath though.

I was kinda surprised that there were less than 3,000 videos posted online about the debates. A one in 3,000 chance of being able to ask a question to the Democratic Presidential Candidates and have it answered on national TV is pretty good. Plus, with the popularity of the format, I am going to go out on a limb and predict that there’s at least 30,000 videos submitted for the Republican Debates.

You can see the questions that were chosen here and you can see the other questions that were asked here. I also would like to see the entire debate posted online, and if I can find a link to it, I’ll add it here. I’m sure eventually those links will break, but they look like they will be good at least until the next presidential election.

Colts Left Tackle Glenn May Retire

Posted on July 21st, 2007 in Entertainment, Sports | No Comments »

This could be bad, bad news. Glenn has been an outstanding offensive lineman for years for the Colts. He went to the Pro Bowl last year. He’s been there for Manning’s entire professional career. Although my friends and I have joked that he’s always good for at least one false start per game, he’s a legit 330+ pound dude that protects Manning’s blind side at an elite level. Now there’s a chance that he could retire with a year left on his contract right before training came, and the Colts don’t have anyone lined up to replace him.

[Edited to add: It looks official now. However, this does kinda make the choice to trade up and draft Ugoh at this years NFL Draft seem a bit more prescient. If you recall, I was a bit confused about that move.]

The Simpsons Ice Cream

Posted on July 20th, 2007 in Life, Movies | No Comments »

I have commented before about the how cool Ben & Jerry’s is (pardon the pun), but it’s worth bringing up again because they are introducing a Simpsons brand of Ice Cream. The flavor will be called Duff & D’oh-nuts and it will only be available in Springfield, VT on their all-day movie premire celebration. They are also renaming their Chocolate Chip Cookie Dough to Chocolate Chip Cookie D’oh for the day.

This is just another wonderful movie promotion for the Simpsons Movie, which already has the best movie promo ever under its belt. Seriously, if you haven’t done so yet, check out the pictures on the Simpsons Kwik-E-Mart blog. The makeovers are extensive.

Email Greeting Card Scam

Posted on July 19th, 2007 in Computer Security, Technology | No Comments »

I am not sure if I have mentioned it before on this site, but Brian Krebs is a journalist at the Washington Post and maintains a blog called Security Fix. If you are not a security person and you only really care about computer security issues that would affect you as a generic computer user, this is by far the best single source of information on computer security issues.

His latest post covers an important problem that I’ve already seen in my junk mail folder. Basically, these are nefarious emails that disguise themselves as electronic greeting cards. They are hoping that you’ll click on the link based on the fact that almost everyone has sent or received an electronic greeting card of some kind in the past.

Here’s the text of one of the emails that I received with the malicious URL removed:

Hi. Neighbour has sent you a postcard.
See your card as often as you wish during the next 15 days.

SEEING YOUR CARD

If your email software creates links to Web pages, click on your card’s direct www address below while you are connected to the Internet:

Link removed

Or copy and paste it into your browser’s “Location” box (where Internet addresses go).

We hope you enjoy your awesome card.

Wishing you the best,
Mail Delivery System,
GreetingCards.Com

This looks incredibly similar to the electronic greeting cards that I’ve actually received from real places, especially several years ago when few people knew much about computer security issues. Now things have changed slightly. Take a look at how Hallmark’s electronic greeting cards appear:

Hello!

NAME has sent you a Hallmark E-Card! To see it, just click the link below, or copy and paste it into your browser’s address line:

Link Removed

Or you can follow these steps:

1. Go to our homepage at http://www.hallmark.com
2. Click “E-Cards & More”.
3. Click the link that says “Pick up an E-Card.”
4. Enter your e-mail address and this number: Number Removed. Click “Display Greeting,” and enjoy your E-Card.

With best wishes,
Your friends at Hallmark

Your privacy is our priority. Click the “Privacy and Security” link at the bottom of any page on Hallmark.com to see our privacy policy.

You’ll notice that the first part is very similar to the nefarious example, but there’s an important difference in the second part. Hallmark gives you instructions on how to access your card without directly clicking on a link in your email client. Phishing scams are built around the theory that they can trick you into believing their site looks legitimate as long as they can get you to click on one bad URL.

Brian Krebs gives the following advice at the end of his post about this:

I have never been a huge fan of e-greeting cards, mainly because they condition people to click on links in e-mail, especially when malicious links are one of the broadest vectors for e-mail borne viruses and worms. I realize there are several established and legitimate e-greeting card companies that base their business on this practice. It is sad that the state of e-mail security has come to this, but Microsoft Windows users would be well-advised to simply delete any e-greeting cards that land in their inboxes.

This is pretty good advice. I always felt a bit “bad” about electronic greeting cards, automated invitations to join social networks and similar emails but have been unable to express why nearly as well as he does here. However, if you absolutely must view electronic greeting cards, I would highly recommend that you do so in a manner that doesn’t involve directly clicking on any links in your email client.

Colts Sign Freeney

Posted on July 13th, 2007 in Sports | No Comments »

The Indianapolis Colts have signed Dwight Freeney to a record contract and not one that requires him to sing. The contract is 6 years for 72 million, including 30 million in signing bonuses. John Clayton reports that as a result he will only count 5.75 million against the salary cap the next two years. The contract also means that the Colts won’t have to use their franchise tag on him, which raises the question whom will they use the franchise tag on?

Personally, I think the contract is a good move. I rate Freeney as the second best defensive end in the league with Julius Peppers the best. Since he’s signed early, the Colts can avoid the one-upmanship that might take place when other free agents at defensive end are signed. More importantly, he is the backbone of the defensive line. He fits perfectly into the style of defense the Colts play. I also think that contracts in the NFL are only really important for the first few years. It seems that they change with some regularity beyond that.

Burr-Hamilton Duel

Posted on July 11th, 2007 in Life, Politics and Law | No Comments »

Today is the 203rd anniversary of the Aaron Burr – Alexander Hamilton Duel. (Or is it the Alexander Hamilton – Aaron Burr Duel?) Either way, this duel is probably still the most famous in American history. I used to think as a kid that this was yet more reason to think that politicians were crazy because they got so worked up about things that didn’t really matter all that much. For the most part, I still think this is true. It’s good from time to time to take a few steps back and recognize that most of the time the things we are worried about aren’t really all that important.

Fourth of July

Posted on July 5th, 2007 in Life | No Comments »

Yesterday was Independence Day for America, which is quite possibly my favorite holiday. It always seems to sneak up on me though because summers seem to be bustling and pass by too quickly. However, it is the one holiday that I think we can celebrate without reservation. There are cookouts, fireworks, and happiness all around.

With other holidays, there’s always a group that’s left out. Mother’s Day is for moms. Father’s Day is for dads. Christmas is for Christians. Halloween is for kids. St. Patrick’s Day is for Irish folk. St. Valentines Day is for lovers. Of course, Independence Day is for Americans, but since I celebrate in America, it is much harder for me to run into someone else who can’t really celebrate. Also, I don’t think that many people outside of America notice the holiday, so hopefully it doesn’t get in their face and bother them the way other holidays sometimes seem to do.

Plus, this is a holiday that celebrates a human accomplishment. It’s not like we actively did anything to make those other holidays important. I certainly they are the result of something incredible that was done, but most of the time we can’t fully understand how it happened. We are almost celebrating them because we feel so lucky or so blessed that they actually happened outside of anything we did. However, Independence Day is the result of something that Americans thought up, created and won.

I am already looking forward to next year. I hope to celebrate it “with peculiar delight.”

History Repeats and Other Lessons About Data Reuse

Posted on July 4th, 2007 in Life, Politics and Law, Technology | No Comments »

There’s an excellent article about Data Reuse on Wired by Bruce Schneier. In the article he talks about the American use of census data to populate Japanese-American internment camps. Of course, he very easily could have been talking about the German use of census data in the Holocaust, which was going on at the same time.

Either way, the point is the same: Data Reuse can be a very ugly and oppressive thing. It is also a complex problem to solve that involves both law and technology. In the American case, there were laws preventing this sort of use of the census data. Those laws were suspended. In the German case, the data was organized in such a way that it was difficult to access efficiently. The technology was improved.

Solutions to problems like this aren’t easy to create, particularly in an instant gratification culture. The Cathedral of Chartres was built over a 75 year period. When it was completed, the people must have thought it would last forever. Projects are not built with that view of history anymore. People of that era never built things thinking they would be obsolete in a few years anyhow. The Colosseum in Rome was used as a stadium for 500 years. Market Square Arena in Indianapolis was used for 25 years.

I understand that planning for the future in an era where the future seems to change so rapidly before our eyes is not easy, but if we do not pause for a moment, think about the broader historical context of what we are building, then we will are setting ourselves up for failure.

Schneier closes with some well-worded thoughts about this:

History will record what we, here in the early decades of the information age, did to foster freedom, liberty and democracy. Did we build information technologies that protected people’s freedoms even during times when society tried to subvert them? Or did we build technologies that could easily be modified to watch and control? It’s bad civic hygiene to build an infrastructure that can be used to facilitate a police state.

Alamo Drafthouse Downtown Closes

Posted on July 2nd, 2007 in Life, Movies | No Comments »

All good things come to an end. Even though I no longer live in Austin, I admit that I feel no small twang of sadness that the Alamo Drafthouse Downtown closed its doors. Perhaps that is a little melodramatic because they are simply changing locations, but this is the original. As the original Alamo blog implies, it’s hard to beat the original. Certainly the spirit of the operation will carry on, even if the location is different.