German Donald Outshines US Duck

The Deutsche Welle tries to explain why Donald Duck, ‘modern Sisyphus,’ still Germany’s darling at 75

In their earliest days in Europe, comic books were looked down upon as lacking intellectual rigor and were thought to be bad for children. So when it first started publishing Donald Duck, the German publisher Ehapa asked Fuchs to make her translations more erudite.

And erudite she was. The German Donald quotes Goethe and Schiller, Hoelderlin and Wagner. He uses frequent alliterations and has coined phrases that have since worked their way into the language on the street. Moreover, Fuchs often gave the stories a more political tone than they’d originally had.

I can only imagine a cartoon duck quoting Goethe.

The deed is everything, the glory is naught.

Perhaps the following quote is more likely. Imagine Donald’s voice as he says:

We know accurately only when we know little, with knowledge doubt
increases.

The article explains several of the elements that Germans find appealing in their version of the Duck character. First, perseverance:

Gerhard Severin is the acting president of the Donaldists. For him, Donald Duck represents a “modern Sisyphus, who always keeps trying. Despite constant setbacks he starts over again, and shows us that you should never give up.”

Second, a hot temper is said to be something Germans admire. Third, although I might be going out on a limb here, Donald has no pants. Maybe it would be more accurate to say Donald’s pants are down. Get it? Down. Either way, I bet this is also a factor that resonates with the German perspective on life.

T-Mobile Breach

News is circulating that T-Mobile servers have been breached. An anonymous message to the Full Disclosure mailing list on Saturday was the start of the topic. This message included a claim that T-Mobile has been owned for some time, and that the attackers “have everything” up for sale to the highest bidder. It also included a list of 511 production server details such as their hostname, IP address, OS and applications.

This situation raises two distinct questions. First, how can an organization best anticipate and detect breaches? The second question is how an organization can best respond to a breach, especially with regard to preventing another.

Before answering those questions, a quick look at the spreadsheet of servers raises several other questions. For example, do the 511 servers in the message have anything in common? Are they managed from a particular department or under a specific project? This kind of analysis could help reveal that the attack was a leaked document rather than a breach of network security. A quick review shows all of the systems listed are a UNIX flavor. Either the attackers did not want to reveal a more representative sample from their victims or they may really just have found a UNIX project manager’s USB in a parking lot.

Back to the core questions, the best way to anticipate and detect breaches is by analyzing logs. If the attackers were trying inventory systems on the network, for example, this activity would leave a trail of evidence in those system logs. All 511 servers listed should have the same or similar footprint left by the attackers. The network devices connecting the servers also would have log information to help identify attacks. This means a robust log archive and analysis system would need to be in place when attacks begin in order to capture enough information to identify the problem and alert administrators before the breach is successful or spreads. Log management is no longer just about operating systems and network devices, however. It also needs to incorporate detailed user information from identity systems, especially with regard to shared or system accounts. Identity integration means that if the attackers compromise the “root” account, logs can be correlated to show which user was really using root.

Log management is also critical in responding to a breach. Proving that there was no attack requires an archive of logs that can go back several years. This can be used to counter any claims that the servers have been breached for “some time”. The logs could show that a breach actually did not happen. On the other hand, the ability to identify attack signatures, as mentioned above, also helps with avoiding future breaches. When the attack vector is thorougly understood, an alert can be programmed into Security Information and Event Management (SIEM) systems. Every time a log or set of logs has a particular attack, or even just similarities to other attacks, the SIEM can send out an instant alert or start a watch list for administrators to investigate.

Perhaps most important of all is to recognize the potential cost of disruption from this kind of message. Does your organization have a system in place to rapidly assess the validity of an attack claim? Without an effective system of managing logs and security information, an anonymous message to a forum could pose a significantly high risk even without any validity or proof. The T-Mobile message raises a number of important points that organizations should reflect upon as they review their logs tonight.

Lessons from Flight AF 447

Spiegel Online has the best analysis I have seen so far on the Air France crash. They highlight the Call for Airborne ‘Black Box’ Data Stream

If search teams fail to recover the flight recorder, which consists of two metal devices that record flight data and cockpit conversations, this question may never be answered. “It would be a real shame for aviation,” says Robert Francis, the former vice chairman of the National Transportation Safety Board, the agency that investigates aviation accidents in the United States. “If we want to avoid dramas like this in the future, we have to know what went wrong,” says the safety expert. For this reason, Francis wants to see all important flight data transmitted via satellite in the future, using ACARS technology. “This crash demonstrates how valuable this technology could be,” he says.

The technology exists today. A simple change to the black box program is all that would be necessary.

Krishna Kavi, an engineer and professor at the University of North Texas in Denton, presented the US Federal Aviation Administration (FAA) with a similar system 10 years ago. “The cost is low,” he says. For the 256 parameters recorded by a black box, Kavi came up with a volume of data requiring transmission of four to eight kilobits per second. “This is a fraction of what mobile wireless devices transmit today,” says Kavi.

There will be debates about the bandwidth necessary, the level of information to send, etc. just like with log management. This is a fascinating way to look at the problems that most organizations face everyday. Are you logging the right level of information to detect a failure in time and to avoid a repeat? It is not clear that AF 447 would have been avoidable with better monitoring systems, but it would certainly help with the speed and cost of post-incident analysis. Note that it is the pilots who seem to object most to increasing the signal rate and using surveillance. They claim privacy rights, to which the response obviously should be encryption.

Chimpanzee Spatial Memory

The BBC tells how Chimps mentally map fruit trees

Chimpanzees remember the exact location of all their favourite fruit trees.

Their spatial memory is so precise that they can find a single tree among more than 12,000 others within a patch of forest, primatologists have found.

More than that, the chimps also recall how productive each tree is, and decide to travel further to eat from those they know will yield the most fruit.

Amazing. I’ll have to incorporate this into my next presentation on network monitoring. Although it seems thorough, the study left some things undone.

Intriguingly, female chimpanzees travelled shorter distances to eat than males. The researchers don’t know why, but speculate that it is either because females better remember the locations of trees, or because males simply compete with one another by ranging more widely through their territory.

Technology and data analysis can only get you so far, apparently, as the researchers leave this one open to interpretation. Who can crack the mystery of gender-based differences in chimpanzee navigation? Perhaps the females stop to ask for directions?