Pogue’s attitude is unfortunately far too common

According to David Pogue, since hacking a car is “nearly impossible,” we shouldn’t talk about it anymore.

That, my friends, is precisely what’s wrong with security and security awareness today. Flying to the moon is nearly impossible, after all, and you could easily kill yourself trying. David Pogue has never done it. But Neil Armstrong and Buzz Aldrin did.

Read more

Change a headline, go to prison

A former journalist whose track record includes being fired from the Tribune Co. and from Reuters is facing two decades in prison for giving the hacking group Anonymous credentials to log into a Tribune web site and change stuff.

Anonymous changed one headline, and it took about 40 minutes for someone at Tribune Co. to notice and change it back.

It reminds me of something that happened at the newspaper where I used to work.

Read more

Minor-League hacking in the MLB

So, about a year ago, the Houston Astros announced their internal player database had been breached. This week, more details emerged, pointing right at the St. Louis Cardinals.

It wasn’t a terribly sophisticated attack. You knew I’d write about this, but I’ll explore it from an IT security perspective more than from a baseball perspective.

Read more

FTDI needs to be charged under the Computer Fraud and Abuse Act

FTDI is a company that makes computer chips for USB peripherals. Their chips are frequently cloned, which is an issue they have a right to deal with. But they have to be careful.

Breaking suspected cloned chips that consumers bought in good faith is the wrong answer. If I did that, it would be called hacking, and I would be sitting in jail right now, and probably would be facing a quarter-century in prison. Read more

I want to feel for this ad executive, but I can’t

There’s a problem in this world, according to Mike Zaneis. It’s ad blockers.

On one level, I can relate to the guy. Ad blockers cost me between $500 and $1,000 a year, personally. But on another level, I have no sympathy for him. Because there’s so much problematic advertising out there. If you ever try to download something from one of the major download sites, good luck. There are 14 download buttons. 13 of them are ads that deliver something other than what you want, or ridealong stuff you don’t want. Somehow, Mike Zaneis thinks that’s OK, but blocking ads is wrong.

How about misleading ads that talk about government programs that don’t exist? I see an ad promising me a mortgage bailout every day. I’d love for Mike Zaneis to explain to me how this is ethical.

There are hundreds, if not dozens, of spammy news stories that are really just advertisements, preying on ignorant people, spreading misinformation and damaging society, littering the web today. Stop eating cumquats and lose 20 pounds! Buy gas at precisely 7:05 AM and gain 4 MPG! Here’s how Warren Buffet is preparing for the apocalypse! These things don’t work, and I haven’t figured out how these newsvertisements make anyone any money except perhaps through profiling, and I’d love for Mike Zaneis to explain this. There’s a guy named Kevin Trudeau who made a career of spreading this kind of stuff. He’s in prison now. The difference between Trudeau and this stuff is that Trudeau pitched it in late-night infomercials charging $19.95 rather than giving it away for free and turning the people who read it into the product–something Mike Zaneis denies anyone thinks is a problem.

But the worst of all are malvertisements–advertisements that plant malware on your machines. If I run computer code on someone’s computer who doesn’t belong to me, I’ll be hanging out with Kevin Trudeau in prison for the next 20 years. But for some reason, it’s ok to do this in the name of advertising. I’d love for Mike Zaneis to explain this, too.

But unlike Mike Zaneis, I’m not complaining. It might be nice to be a professional blogger, but I’m better off with my day job than I would ever be as a pro blogger. It’s nice when I make a little money off this web site, but a lot of what I write is to support that day job–I can find what I need at a later date very quickly if it’s on the blog. That content never makes me a dime. I have some niche content that makes virtually all of the revenue I see, but I’m hesitant to elaborate much further lest someone like Mike Zaneis launch a site and steal all that traffic.

But that’s the thing. I adapt. I have to do that in everything I do. I can whine about how I don’t make the kind of revenue I made in 2005, but the fact is, if I were willing to change a few things, I probably could make more now than I did in 2005. About 5% of what I write accounts for all of my revenue. If I could devote 20% of my content to those subjects, I’m sure I would make considerably more. Since that would require me spending four times as much time thinking about and doing different things from what I do now, I haven’t made that shift. But if I ever needed to, I could.

Mike Zaneis thinks people who create and use ad blockers are out to extort him. They aren’t. They’re trying to encourage certain limits on acceptable behavior. That’s one reason I’m careful about the kinds of ads I let run on this site. There are certain categories–profitable categories–that I don’t allow, such as ads for gambling sites, political ads, prescription drugs, and get-rich-quick schemes. Some of those categories were profitable for me before I discovered my account was using them, but taking money from those behaviors would be wrong, so I stopped doing it. There was nothing illegal about those ads, but there was nothing ethical about them either. So I draw the line there, because some things are much more important than money.

Mike Zaneis draws the line at a different place, and he’s trying to start a war. I’m not convinced it’s a war he can win, and I have no reason to root for him.

What keeps a good security guy from turning to the dark side

I’m reading the excellent Blackhatonomics right now. And one thing I read in it reminded me of a question that someone asked me last year. I was probably the third or fourth guy with an advanced security certification he’d met, and he asked me one day what it is that keeps us from turning criminal.

I said, “Well, for one thing, good guys have much longer careers.”

I didn’t cite a specific example, but Blackhatonomics cited the case of Albert Gonzalez, the infamous hacker convicted of breaking into TJX, Dave & Buster’s, and others. His crime spree, which ended when he was captured in 2008, netted him $2.98 million.

He was convicted in 2010, and had to give back what was left of his fortune, and now is serving 20 years in a minimum-security prison.

I like my approach better. Read more

Somehow I started it

Friday night, my wife and I attended a baseball game with several of my new coworkers and their families. We rode Metrolink–St. Louis’ light-rail train–to the stadium to avoid traffic. The ride to the stadium was peaceful and relaxing. The ride from the stadium was peaceful and relaxing too, except for a brief interruption between the second and third stops.

It started with an obscene gesture and a lewd request, stated loudly. I assume he was hitting on a female rider sitting in front of him, though I don’t know who it would have been, since all of the female riders on the train appeared to be riding with their husbands or boyfriends. This action predictably failed to win him any affection, or even much attention, from any of the female riders, though several of the male riders took notice. Read more

WordPress Appliance - Powered by TurnKey Linux