Subscribe to this blog in Radio:
Didn't find what you were looking for?
E-mail this blog's author, Bruce Umbaugh:  |
|
 |
Thursday, January 06, 2005 |
Linux Security.
I'm a big fan of the Honeynet Project (and a member of their board of directors). They don't have a security product; they do security research. Basically, they wire computers up with sensors, put them on the Internet, and watch hackers attack them.
They just released a report about the security of Linux:
Recent data from our honeynet sensor grid reveals that the average life expectancy to compromise for an unpatched Linux system has increased from 72 hours to 3 months. This means that a unpatched Linux system with commonly used configurations (such as server builds of RedHat 9.0 or Suse 6.2 ) have an online mean life expectancy of 3 months before being successfully compromised.
This is much greater than that of Windows systems, which have average life expectancies on the order of a few minutes.
It's also important to remember that this paper focuses on vulnerable systems. The Honeynet researchers deployed almost 20 vulnerable systems to monitor hacker tactics, and found that no one was hacking the systems. That's the real story: the hackers aren't bothering with Linux. Two years ago, a vulnerable Linux system would be hacked in less than three days; now it takes three months.
Why? My guess is a combination of two reasons. One, Linux is that much more secure than Windows. Two, the bad guys are focusing on Windows -- more bang for the buck.
See also here and here. [Schneier on Security]
10:15:42 PM 
|
|
Two fine Purportal.com Headlines:
Gmail fighting phishing. Google's Gmail service is testing out a new system designed to actively warn users when they are viewing a suspected fraudulent message. The warning appears as a yellow box at the top of the message reading, "Warning: This message may not be from whom it claims to be. Beware of following any links in it or of providing the sender with any personal information." A webmail vendor such as Gmail is in a great position to provide this type of service, since they can respond to new types of attacks almost immediately.
Citibank tops phishing list. The Anti-Phishing Working Group, "committed to wiping out internet scams and fraud" (we like them already), recently released their "Phishing Attack Trends Report." Among other things, the report lists the most-impersonated sites and institutions. The top 3: Citibank, eBay, and US Bank. The report is available as a PDF.
10:12:22 PM
|
|
King Kaufman's Sports Daily on
Two good reads: Compelling bios of boxer Jack Johnson and jockey
Jimmy Winkfield bring two of America's early black sports heroes to
life.
On those rare occasions when someone in my presence
dismisses sports as trivial, I have a stock reply, just one tiny
example of the many ways in which sports are not just not trivial, but
vitally important: It is impossible to understand 20th century race
relations in the United States without knowing about Jack Johnson, Joe
Louis and Muhammad Ali.
2:59:10 PM
|
|
Dan on Distributed Journalism's Future.
In a posting yesterday about how bloggers helped keep the pressure on U.S. House Republicans to reconsider an ethical issue, I mentioned the way two bloggers convinced average citizens to call their members of Congress and ask how they'd voted on the issue (it was a secret ballot). The inquiring citizens then let one of the bloggers know, and he posted the running results of the tally. I said this was an example of something I'm calling "distributed journalism." Chris Nolan called today to ask what I meant by this, and here's some of what I told her. I think of distributed journalism as somewhat analogous to any project or problem that can be broken up into little pieces, where lots of people can work in parallel on small parts of the bigger question and collectively -- and relatively quickly -- bring to bear lots of individual knowledge and/or energy to the matter. Some open-source software projects work this way. The important thing is the parallel activity by large numbers of people, in service of something that would be difficult if not impossible for any one or small group of them to do alone, at least in a timely way. Distributed journalism isn't new. Professionals have been doing it for a long time. When I was the Vermont stringer for the New York Times, back in the early 1980s, the paper's National Desk would occasionally put the word out to stringers in all 50 states, asking them, for example, to call state government people about some topic or another and send a memo back to New York. The same kind of thing is done all the time by major publications with their own staffers on big stories. One person may write the piece, but a collection of many, many reporters does the legwork. It's not new online, either. Bulletin boards have done some of this kind of thing, though not in a particularly easy-to-use way, by aggregating lots of data about specific issues, people, companies, whatever. The collection of knowledge often is greater than the sum of its parts if you somehow learn something valuable. The Wikipedia experiment shows the power of assembling many brains every day. The potential for distributed journalism to be a key part of tomorrow's news strikes me as immense. We in citizen journalism -- and, if we're smart, in professional journalism -- can focus the energy and knowledge of regular folks, and especially their willingness to do some small amount of legwork to help feed a larger whole, on all kinds of things. Suppose, for example, that we assemble a nationwide group of volunteers -- lawyers who are familiar with statutes -- and ask each of them to take a small section of one of those immense congressional bills that the members of Congress don't even read themselves. Suppose, further, that we could get this analysis posted before the House and Senate did their final votes. We might catch a lot of sleazy stuff before it became law. Today we're lucky if we know about any of it before it actually passes. That's just one example. I'm sure you have others. Let's talk about this below, and see if we can come up with ways to distribute reporting in ways that collectively might create real value for all of us.
[Dan Gillmor on Grassroots Journalism]
7:23:23 AM
|
|
Innovation Is Passing Library Catalogs By.....
It's Like Google Suggest, Only As A Dictionary
There's been a lot of discussion about Google Suggest, which provides potential words and phrases depending on what you type into the query box. There's a similar tool available using a couple of dictionaries instead of the Web. It's called ObjectGraph Dictionary and it's available at http://www.objectgraph.com/dictionary .
There are two dictionaries being used here; a regular dictionary and FOLDOC (Free On-Line Dictionary of Computing.) The default is regular. I started typing in esuriant and ObjectGraph began cycling through suggestions. the cool thing is that in addition to word listings, the suggestion box also contains definitions. So when you've gotten as far as esuri you'll have four relevant words and their dictionary definitions right there. [ResearchBuzz]
This kind of feature would be nice in a library catalog, especially for phrase title searches.
[The Shifted Librarian]
(Emphasis added.)
7:22:23 AM
|
|
|
