Week of June 20, 2006
Last time around
Bye Bye Scott McNealy
Phishers up their game
UK cabby 'outs' Clash fan
Workers expose company data on infected home PCs
The 'Enemy Within' is computer savvy
We survived crazed mutterings that a conflagration was nigh as the 666 date (06.06. 2006) came and went (strangely enough this rumour surfaced as the remake of The Omen hit the big screen; will Hollywood stop at nothing?) only to wake up to the news that several young (and one not so young) Canadian Muslims want to kill us all.
Or at least they want to kidnap and behead PM Steven Harper - who took the alarming news with alacrity. But then this is a man who survived suggestions that he would burn working women and gays at the stake and assume his true form as the Living Anti-Christ, if elected to run his conservative government.
So he isn't quaking in his boots over a trifle like a CBC 'live' -albeit at gunpoint - Beheading Special'. Even his own.
'Let them just try', you can verily hear him say.. They are tough out West (even if he actually grew up in Ontario).
But what has emerged to date - the details seem to get more salacious by the minute-is that these characters are not dummies.
At least one of them has been described by the Globe and Mail as a math and science wizard; it also seems clear that they may have become radicalized through the Internet- as 1000s of sites exist to fuel their fires and give them blow by blow instructions on how best to kill us all.
Wiretaps will be critical
Supposedly the RCMP have a mile of wiretaps where the protoganists discuss, amongst other things, flying a plane into 'unspecified federal buildings'. In these types of cases, where the targets have been under surveillance for years, the wiretap evidence will likely be crucial to obtain a conviction.
News reports (The Toronto Star- June 10, 2006) indicate that Asad Ansari, 21, one of the alleged co-conspirators used his ' technical and computer skills' to make a training camp video to inspire the motley crew and maintained 'security on group members home computers'.
The Star also states that Zakaria Amara, 20, was watched by investigators 'using the Internet at public libraries', where they found him 'looking up chemical suppliers and searching Al Qaeda, ammonium nitrate and nitric acid.'
On a more alarming note, it is also stated that one of the group, Shareef Abdelhallen, 30, a computer programmer, emigrated from Egypt when he was 10, with his father, 'now an engineer who works on contract with Atomic Energy Canada'. One can only hope that the elder Mr Abdelhallen does not take his work home, or discuss it with his progeny.
In other arrests around the world, there have been claims that radical Muslims plotted to take out the global GPS system, to attack the financial sector (a finding buried in the report by the UK Commission that investigated the London subway bombings).
And more recently when Al- Zarqawi met his maker, the Star reports that ' memory sticks and hard drives' were recovered either at the scene or nearby.
Heads in the sand?
So surely the time has come to stop proclaiming that cyber-terror doesn't exist? It may not have the legs (yet) to be a stand- alone tactic for terrorist strategists, but it sure is a useful channel to market.
It may be tempting to visualize these modern day medievalists as neanderthals without any connection to the world we live in, but this would be, as the 911 Commission Report found, a gross and dangerous 'failure of imagination' on our part.
Notorious insider on trial
The trial of the notorious insider (no spring chicken at 63) who allegedly disabled critical IT systems at Paine Webber – since acquired by Swiss behemoth UBS, is underway in New Jersey, 4 years after he was arrested. It is unclear why there has been such a delay in trying him.
It is alleged that in 2002, Duronia deposited a ‘logic bomb’- 50-60 lines of malicious code- from a remote location, at his former workplace. It was calculated to delete data on critical servers (powerful company computers), including backup systems, over several months after he quit in pique over compensation issues.
He also supposedly raced into a brokerage house to place what amounted to a bet that the Paine Webber stock price would plummet in the wake of his attack: he was wrong. However, the bomb was frighteningly effective, according to testimony from employees left holding the baby, in no small part due to what seems to have been abysmal security at the institution. It locked out 8,000 brokers around the US and sent IT staff scrambling to fix the resulting mess.
Poor security used as defence
Unfortunately for a defiant Duronia, “you had it coming” is not a defence to charges under the US hacking law, and is unlikely to do him much good.
However, it is hardly a confidence building exercise for past and existing UBS Paine Webber customers to learn that several critical servers had no backup systems in place and that IT administrators signed on with root access- the highest level of access- and walked away leaving the session running, for anyone to pick up and do their worst.
Duronia seems to have been caught red-handed, as a search warrant executed at his home yielded a ‘hard copy of the logic bomb's source code on the defendant's bedroom dresser’ and ‘the source code on two of his four home computers’.
And the Pete Townsend defence....
If the Feds can make the connection between the damning evidence and Duronia, valiant attempts by his counsel to argue that ‘anyone could have done it’ (in light of the lax approach to security that seems to have prevailed at his workplace at the time) are unlikely to succeed.
But hope dies eternal.
(UPDATE - June 16 2006- Alas, "the I didn't do it" defence, as predicted, doesn't appear to be going well. The defence has been reduced to claiming that Cisco or @Stake (a reputable security consulting group acquired by Symantec, I recall, back when) "did it" during work either or both carried out for UBS Paine Webber.
While this premise (apparently as yet unsupported by the evidence) is not quite in the realms of science fiction, it might be considered 'reaching'.)
And more. The latest in the gripping 'who dunnit' saga is that an unknown hacker with unlimited super computer powers spoofed Duronio's address to wreak havoc on UBS servers and cracked the encryption on a VPN session... . Here is a good analysis as to why that just can't be so.. Unless he really is Superman...
Of course, if Duronio truly is an innocent man, we wish him well. But complex conspiracy theories are devils to prove. Still, all you need is a reasonable doubt.
PaineWebber alleges it spent $3.2 million on recovery efforts and testimony from current staff suggests that problems continued to surface long after the event.
Sun Microsystems to axe jobs
We wrote last time about Scott McNealy, Sun Chief and witty raconteur departing for greener pastures, more specifically golf clubs around the world where he plans to take his message (he remains Chairman) on the road.
We expressed cautious optimism that his successor would not give into the analysts who have brayed for blood for years, looking for a 'significant headcount reduction' to cut costs and create a new lean, mean Sun machine.
Those who make these demands, that have enormous impact on those fired as well as those left behind worrying their heads about who might be next (and revamping their CVs on company time) rarely have a single good idea about how the business might actually make money, or utilize the existing workforce to come up with some ideas.
However, they have prevailed. It was announced recently that Sun will axe 11-13% of its workforce- some 5000 employees, over the next six months. More cuts have not been ruled out. The usual euphemisms were bandied about to disguise what is happening- it is a 'streamlining exercise', the fired employees were referred to as 'the cost savings'....
It will be interesting to see if the Sun employees left standing have any stomach for 'innovation' after the hatchet job. Will the pension plan be next?
And Gates retires to 'do good'
It seems Bill Gates, has stolen Scott McNealy's thunder by announcing his impending retirement to save the world.
McNealy's plans to play a mean round of golf with anyone who will buy a SUN server from him hasn't got quite the same ring to it, although he undoubtedly has the edge over Bill in the funny stakes.
But you need not be funny if you intend to save the world. It is a pity that Bill couldn't find the time to save us all from Windows before he leaves to do good elsewhere...
Perhaps we should take our collective lumps and view an investment in Windows Vista as a win for the truly destitute and abandoned. There is solace in that, methinks....
Now, if only Angelina Jolie would become interested in security..we would surely all be saved. And Namibia too.
Microsoft: No critical updates for Win 98 and ME users (and soon-no support at all)
Microsoft has said it won't fix a critical flaw in Win 98 and Me as it would be too hard to do and might break something else. In fact, in a month or so, they will stop supporting both altogether.
Now, it is always hard to tell with Redmond if they are trying to be funny, or if there is a certain Black Adder-esque humour hidden in these blank statements. But I suspect not. Gates is no McNealy.
The vast Mothership never had the slightest empathy for the plight of ordinary Windows users right from the get-go. And they aren't about to acquire some any day soon.
The characterization of this as a 'support' issue is canny, but just plain spin, certainly as far as Windows ME is concerned.
ME was a smoking bomb
Windows ME was probably the worst operating system ever released. People paid, directly or indirectly, good money for it. The 'engineers' who designed it should have their collective faces pinned up on a Wall of Shame somewhere public. For all eternity.
An OS is not peripheral to the performance of a PC- it is integral. If you bought a new computer in 2000 with ME pre-installed, you were simply screwed. It was, and is, a lemon of Meyer-esque Lemon proportions (the finest of all lemons) and should have been recalled immediately. Or users should have been offered a free upgrade to something that worked.
If users stuck with ME all these years sent Gates a bill for all the lost productivity and time wasted pulling out their collective hair by the roots, it would add up to a tidy pile of change.
So what does MS suggest abandoned ME sufferers do, now stuck with both an unstable and dangerous OS? Why upgrade of course.
Read the article below for what I believe to be the correct response to this slight.
Windows Vista to torture home users
There has been all kinds of speculation as to why the next version of Windows, named 'Vista' has taken so long to release. The date had been put back several times; latest suggestions are early 2007, but some analysts think it could be even longer.
If recent reviews of a beta version that is making the rounds is any indication, Microsoft need to go back to the drawing board one more time. A review in ComputerWorld suggests that attempts to harden security in the operating system - a good thing- come at the expense of ordinary users who won't have a notion what is going on- and will be driven mad in the process.
As someone driven mad every day by Windows Millenium- Semtex is more stable- you would think something would have changed in Redmond in 6 years; that the penny would have finally dropped that users have had it.
But if this review is any indication, users have another treat in store with Vista: 'So many things are, in fact, protected by requiring your OK that it'll drive you batty. And there's no way to say "never ask me this again about this item." If you disliked Windows XP Service Pack 2's version of Internet Explorer 6 because of its many security nag screens, you would absolutely hate Windows Vista Beta 2.’.........' ‘The whole thing is a mess'.
Anti Spyware scanning tool flawed
It seems that they can't even get the anti-spyware component right; ' the Vista Beta 2 version of Defender, like the public Windows Defender Beta 2 release for Windows XP, is buggy. Where the public Beta 2 of Defender for XP had significant installation issues and user interface controls that didn't work properly, the Vista version's woes center on scheduled scans.
Even though Defender comes preconfigured for a daily 2 a.m. scan for spyware, the scan doesn't always run automatically; and when it fails, it fails silently'.
In other words, users are lulled into a false of sense of security that the stuff actually does what it purports to do. New York AG Eliot Spitzer is suing companies that make false representations about security products so MS better at least get this one right.
Buy a MAC
I never thought I would say it, but I have come around to Walter Mossbergs' way of thinking (at the Wall Street Journal).
Do yourself a favour, go to one of the hip, shiny new MAC stores nearest you- now open 24/7 on Fifth Avenue- and feel hip and loved. Dump the god awful mess completely.
What happened to Gates' message at RSA- "we need Security that just works?” Pearls before swine?
Maybe if MAC becomes the new Dell (and who knows what is next, with Dell selling AMD powered gear and desperate for new growth opportunities), hackers will indeed rip the MAC apart, and reveal its tender underbelly to the world.
But you will have saved yourself a mile of time and grief in the interim. We really only have ourselves to blame for putting up with it.
So run, don't walk.
|
