Sunday, August 10, 2008

The meming of security

Stanford law professor Lawrence Lessig threw an interesting anecdote into a recent panel discussion, claiming the internet has a Patriot Act of its own waiting in the wings:
Lessig: "I had dinner once with Richard Clark at the table and I said 'is there an equivalent to the Patriot Act -- an iPatriot Act -- just sitting waiting for some substantial event just waiting for them to come have the excuse for radically changing the way the Internet works?' And he said, 'Of course there is' -- and I swear this is what he said, and quote -- 'and Vint Cerf is not going to like it very much.'"
Cerf had a huge part in founding, and some call him the father of, the internet.

Okay, we expect our government to be proactive, to plan ahead. How many would argue, for instance, that the Patriot Act sprang full-blown from someone's head in three weeks following 9/11? (It took six weeks to be enacted.)

Crackpot theory? Paranoia? Stay tuned while you can. More at boingboing, including some interesting discussion.

Into your heart it will creep

That's a somewhat minor internet meme, and I've tracked a few of its threads, but there's a wider meme that comes into play: the constant drumroll bemoaning identity theft and general internet security.

A honking big vulnerability in the Domain Name System has been in the news lately, finally making it to the mainstream media in articles like Leaks in Patch for Web Security Hole. (New York Times)

Foremost to the MSM? Security for banks and financial institutions. Ominous background music please:

"The root of the problem lies in the fact that the address system, which was invented in 1983, was not meant for services like electronic banking that require strict verification of identity," moaned the Times.... "A number of Internet security engineers point out that if a solution is found for the deeper problem of identity and authentication on the Internet, it will go a long way toward stopping many of the identity-related crimes that are now commonplace."

"It is now almost certain that there will be an escalating number of attacks, Mr. Woodcock said. Before the patch, which has now been distributed to more than three-quarters of the affected servers in the world, it would have taken as little as one second to insert false information into the address database. Now, even with the patch, attacks will be possible in a matter of minutes or hours, he said."
What's the response if this allows a major attack on a few big banks?

But that's just paranoia.

5 comments:

yobro said...

repeat the mantra...

"Chinese Hackers Made Me Do It"


now to get that into a domain name before the deluge ;)

chihamm.com

course that's just chinese hackers made me...

yobro said...

and here's how it's done, a computer utility (mac users) called 'Freedom'.

"Freedom serves a simple purpose: It disables all wireless and Ethernet networking on your Mac for up to six hours at a time. After the time you specify is up, Freedom re-enables your network adapters and display a confirmation. "

Freedom link from BoingBoing

yobro said...

I'd like to snark, but you just can't keep up with the internets when it comes to reality...

yobro said...

and then I get this when I try my service providers google based email...

"We’re sorry, but your Gmail account is currently experiencing errors. You won’t be able to use your account while these errors last, but don’t worry, your account data and messages are safe. Our engineers are working to resolve this issue.

Please try accessing your account again in a few minutes.

Try Again Sign Out"

KAP said...

I like the comment on boingboing that Freedom is something like a gastric bypass-- a replacement for willpower.