Category Archives: Security

Security

Motley Crue’s Nikki Sixx on Risk

Leave a comment

I couldn’t help but notice the perspective Sixx puts on his latest work:

“We have managers and record company people saying that there was this massive machine and nobody was willing to take it off the road and fix the broken wheel,” he said. “It would have cost them money. It was more important to keep the business rolling than confronting me. I was left out there to die. ‘Hey, let him shoot up, and don’t ruffle his feathers. I want my 15%.’ That’s how it works.”

Sound familiar? How many industries do not operate in this fashion? Ends justifies the means. The bigger question, perhaps, is how he would suggest it change. Regulations?

Here is an interesting twist to the story:

A portion of the proceeds from the book will go to Running Wild in the Night, a fund-raising initiative for Covenant House California, which aids struggling youth. “Heroin” will be accompanied with what Sixx calls “a soundtrack,” an album of songs inspired by the book and recorded with his band Sixx:AM.

Sixx is aware that many fans will be more drawn to the “Behind the Music”-like tales of the book rather than the look at a junkie caught up in a music machine.

“You have to be drawn to the car race because you think there’s going to be a car crash,” he says. “So if that’s what it takes, fine. If people want to read this book to see how fucked up my life was, and to see how many drugs I took, and to read about my crazy sexcapades, then fine. But in the end, every time the book sells, it’s going to put money into a bank account to keep some kids off the street.”

Sounds good, sort of…isn’t that more ends justifies the means? It doesn’t always work out so well, as in the case where the car crash actually kills the people who are trying to contribute.

Security

Whale-Feces Research and Security

Leave a comment

Here is a funny perspective on the life of the security response staff at Microsoft:

What do whale-feces researchers, hazmat divers, and employees of Microsoft’s Security Response Center have in common? They all made Popular Science magazine’s 2007 list of the absolute worst jobs in science.

Come on now. Whale-feces research can’t be that bad, can it?

Popular Science says “we salute the men and women who do what no salary can adequately reward”. However, the Microsoft employees quoted in InfoWorld hardly give any indication that they lack satisfaction:

Microsoft’s Mark Griesi considers ranking among the worst as a badge of honor, in part because his grandfather read the story and thought it was “pretty cool to see my team on the list,” he said.

Look gramps, no security!

Energy, History, Poetry, Sailing, Security

Dover Beach

Leave a comment

by Matthew Arnold (1822-1888)

The sea is calm to-night.
The tide is full, the moon lies fair
Upon the straits; on the French coast the light
Gleams and is gone; the cliffs of England stand;
Glimmering and vast, out in the tranquil bay.
Come to the window, sweet is the night-air!
Only, from the long line of spray
Where the sea meets the moon-blanched land,
Listen! you hear the grating roar
Of pebbles which the waves draw back, and fling,
At their return, up the high strand,
Begin, and cease, and then again begin,
With tremulous cadence slow, and bring
The eternal note of sadness in.

Sophocles long ago
Heard it on the A gaean, and it brought
Into his mind the turbid ebb and flow
Of human misery; we
Find also in the sound a thought,
Hearing it by this distant northern sea.

The Sea of Faith
Was once, too, at the full, and round earth’s shore
Lay like the folds of a bright girdle furled.
But now I only hear
Its melancholy, long, withdrawing roar,
Retreating, to the breath
Of the night-wind, down the vast edges drear
And naked shingles of the world.

Ah, love, let us be true
To one another! for the world, which seems
To lie before us like a land of dreams,
So various, so beautiful, so new,
Hath really neither joy, nor love, nor light,
Nor certitude, nor peace, nor help for pain;
And we are here as on a darkling plain
Swept with confused alarms of struggle and flight,
Where ignorant armies clash by night.

Why do the pessimists always seem to get it so right?

History, Security

Malware attacks on virtual world greater than on real world

Leave a comment

MetaSecurity’s latest post cites McAfee:

McAfee now sees more malware programmed to steal passwords for World of Warcraft now than trojans aiming for banking information, said Craig Schumager of the McAfee research labs.

This is highly misleading, I say. Banking is not just a brick-and-mortar building with furniture from the 1980s, bad art, and air-conditioning in overdrive. The exchange of funds in the virtual world, in online forums, etc. is now reaching proportions that it rivals or even replaces more traditional forms of access. Call it a back-door to the same assets, if you will. MetaSecurity hints at this perspective in the same post:

In talks with Erik Larkin at PCWorld.com, he outlined why fake game gold is more attractive than real money. Primarily, there’s less risk of getting caught and easier punishments for hacking World of Warcraft than Bank of America, but the gold is still easily commutable to real-world dollars and cents.

It goes deeper than that, as they point out in terms of a “secondary” market:

As Brock Pierce of Affinity Media (formerly IGE), put it “Fraud in the secondary market is rampant. On eBay, secondary sales were resulting in 10 percent fraud at one point I think. Someone in Russia could login through a proxy to a server in the US and make a purchase with a stolen card, turn around and resell it on the secondary market, and sell it for 75 percent in a matter of minutes. Organized crime is involved, and it’s anonymous.“

Or as Raph Koster put it: “I described this years ago at a social policy conference. And they [the government representatives] said, ‘Well it’s not drug money, but it is terrorist money.’ The government will get interested.�

Good for Koster.

I see the core of the story as malware aimed at finance is shifting to the newer less regulated methods of banking. This is not really about a move from banking to non-banking, but a move from attacking bank A to bank B, and that is a big difference in security perspective if you are a bank.

I remember arguing in political science classes about what the lifetime would be for the nation-state and its boundaries (as introduced by the medieval Italians). Will virtual worlds be dragged back into the constructs that we use today (real-world banks operating virtual-world branches) in order for us to make sense of how to regulate them, or is a whole new paradigm needed (real-world banks displaced by virtual-world challengers)?