Just got around to the NYTimes and found this piece - definitely related to the post below. "Guerilla warfare, waged with code."

"They are computer scientists who have principled causes," said Ronald J. Deibert, an associate professor of political science at the University of Toronto who has studied the activities of such groups and runs the Citizen Lab, a political science technology laboratory that supported Mr. Villeneuve's work. "They are developing technologies not for commercial purposes, but for political purposes."

posted by mt at 15:09

Doc Searls links to an interesting article on how the media covers hacking. The paper's abstract follows.

Hacktivists or Cyberterrorists? The Changing Media Discourse on Hacking by Sandor Vegh
This paper scrutinizes the language of government reports and news media sources to shed light on their role in forming a negative image of politically motivated hacking in general, and online political activism, in particular. It is argued that the mass media's portrayal of hacking conveniently fits the elite's strategy to form a popular consensus in a way that supports the elite's crusade under different pretexts to eradicate hacking, an activity that may potentially threaten the dominant order.

posted by mt at 10:24

Some busy days ahead, this week and next, so I'm sure the posting will drop off. A move, some articles and lots of work. I'll try my best though.
posted by mt at 09:24

A twist on the honeypot, as we've discussed before, but now with a cute name - wartrapping. The setup described in the article is very basic, but I'm interested in the results.

A "honeypot" trap consisting of a Wi-Fi-equipped laptop is the latest weapon against drive-by hackers. Set up at the London headquarters of consultants KPMG, the laptop looks to the outside world like a simple wireless access point, but contains monitoring software designed to determine the level of illicit activity.

posted by mt at 09:23

Looks like MS considers it to be a feature. I'm not surprised by this, in tough times, people push whatever sells. Right now, security is a feature some people are willing to place a premium on - and rightly so. But shouldn't it be built into a server operating system?

Asked why it has taken Microsoft 25 years to get trustworthy computing into the forefront of its efforts, he said: "Because customers wouldn't pay for it until recently." Admitting this was a flippant answer to a flippant question, Mundie said that chief information officers had only recently begun to demand security, and it is only in the last ten years that Microsoft has attempted to play in the security-requiring worlds of banking payroll and networked systems.

posted by mt at 09:12

Sendmail was trojaned.

These files began to appear in downloads from the FTP server ftp.sendmail.org on or around September 28, 2002. The Sendmail development team disabled the compromised FTP server on October 6, 2002 at approximately 22:15 PDT. It does not appear that copies downloaded via HTTP contained the Trojan horse; however, the CERT/CC encourages users who may have downloaded the source code via HTTP during this time period to take the steps outlined in the Solution section as a precautionary measure.

The Trojan horse versions of Sendmail contain malicious code that is run during the process of building the software. This code forks a process that connects to a fixed remote server on 6667/tcp. This forked process allows the intruder to open a shell running in the context of the user who built the Sendmail software. There is no evidence that the process is persistent after a reboot of the compromised system. However, a subsequent build of the Trojan horse Sendmail package will re-establish the backdoor process.

posted by mt at 09:06

The Wall Street Journal has a piece on hiring hackers. Here's the link, but I think you need to be a subscriber. It's also in the print edition, check it out.
posted by mt at 08:37

Blogger is having some trouble today - they tweaked a bunch of code. The titles are messed up, couldn't publish from some of their servers. Hopefully this will be fixed soon.
posted by mt at 09:19

The NYTimes has a cool article on a technique used to jam surveillance cameras - with a laser pointer. An interesting and active response to Big Brother...

His is a Little Brother response: using inexpensive laser pointers to temporarily blind those omnipresent electronic eyes. He plans to post his 13-page, single-spaced treatise on the subject this week on his Web site, www.naimark.net.

posted by mt at 09:17

Yikes - has it been 5 days? It's been real busy - apologies for the lack of posts. We're in the process of moving and I'm working on a new article. Look for it in a week or two - mitigating distributed denial of service attacks. In the mean time, check out this story on "hackers".

If the hacker mentality were applied to mail, a mailbox would have to be armor plated, chained and locked so no one could possibly open it. Imagine how difficult it would be to build a mailbox at your home or office that was invulnerable to anyone who wanted to take out a letter "just to see if he could"?

Our national mind-set is what makes mail secure. The same should be true for information on a computer. Just because it's possible to get at electronic information doesn't give anyone the license to do it any more than being able to open someone's mailbox gives anyone permission to do that.

posted by mt at 09:49