Monthly Archives: December 2007

Cisco Open IOS

cisco.gif In quite a change from 2.5 years ago, when Cisco went to great lengths to try to prevent Michael Lynn from revealing details of Cisco’s code, Cisco is opening its software:
Since its debut more than 20 years ago, IOS has largely been a closed, proprietary, tightly guarded jewel in Cisco’s lockbox. But the company’s ambitions to make the network the platform for all IT operations and become a software force are in turn forcing Cisco to give up a little in return – like making IOS more than just a platform for Cisco-developed services.

“It’s a significant step forward for us,” said Don Proctor, senior vice president of Cisco’s newly formed Software Group, at last week’s C-Scape 2007 analyst conference. “Software turns out to be a key way that we can do what [we’ve] been talking about for some time, which is link business architecture to technology architecture in a meaningful way.”

Cisco opening up IOS, Looks to make software third-party friendly, Network World, 12/12/07

Wow, who could have imagined that technology architecture could be related to business architecture? Continue reading

SCO Delisted

scologo.gif Suing your customers could be a risk of getting your stock delisted:
The SCO Group, Inc. (“SCO”) (Nasdaq: SCOX – News), a leading provider of UNIX® software technology and mobile services, today announced that it received a Nasdaq Staff Determination letter on December 21, 2007 indicating that as a result of having filed for protection under Chapter 11 of the U.S. Bankruptcy Code, the Nasdaq Listing Qualifications Panel has determined to delist the company’s securities from the Nasdaq Stock Market and will suspend trading of the securities effective at the open of business on Thursday, December 27, 2007.

SCO Receives Nasdaq Notice Letter, Yahoo! Finance, Thursday December 27, 1:24 am ET

This is not unexpected after SCO’s recent layoffs. The trouble started much farther back, when SCO decided to sue for intellectual property infringement instead of producing a product people wanted to buy.


Disruptive Innovation Viewed as Good Risk Management

Costa_Rica_Surfing_650.jpg As expected, the FCC approved more media consolidation, this time of newspapers and TV stations. That’s one approach to disruptions in a market: game the regulatory apparatus to permit consolidation of two failing industries (even though one of them, the one being bought, newspapers, is still hugely profitable).

There’s another approach, from the wilds of south Georgia:

The statewide papers from Atlanta and Jacksonville have pulled out of this market back to their own communities leaving a void of state and national news from a print media. When I was growing up, The Atlanta Journal “covered Dixie like the dew” and the Atlanta Constitution covered Atlanta. Today the “dew” stops in Macon and the Journal is now just the Constitution. The Florida Times-Union several years ago started the Georgia Times-Union with distribution across the bottom third of our state. Now, with the pullback coming soon, their distribution will be limited to Southeast Georgia or east of Waycross.

From the publisher: Disruptions are opportunities, By Sandy Sanders, Valdosta Daily Times, Published December 09, 2007 01:28 am –

So what does this small city newspaper do? Run to Congress or the state legislature to let it merge with a TV station? Nope: Continue reading

Traffic Control Viewed as ISP Risk

pirates.jpg Certain ISPs plan to spend a lot of money throttling, stifling, policing copyrights, campaigning and lobbying to control content of information flow through their networks. They might want to look at what’s happening in China:
Beijing has recently added a new weapon to its arsenal of surveillance technologies, a system it believes to be a modern marvel: the Golden Shield. It took eight years and $700 million to build, and its mission is to “purify” the Internet — an apparently urgent task. “Whether we can cope with the Internet is a matter that affects the development of socialist culture, the security of information, and the stability of the state,” President Hu Jintao said in January.

The Golden Shield — the latest addition to what is widely referred to as the Great Firewall of China — was supposed to monitor, filter, and block sensitive online content. But only a year after completion, it already looks doomed to fail. True, surveillance remains widespread, and outspoken dissidents are punished harshly. But my experience as a correspondent in China for seven years suggests that the country’s stranglehold on the communications of its citizens is slipping: Bloggers and other Web sources are rapidly supplanting Communist-controlled news outlets. Cyberprotests have managed to bring about an important constitutional change. And ordinary Chinese citizens can circumvent the Great Firewall and evade other forms of police observation with surprising ease. If they know how.

The Great Firewall: China’s Misguided — and Futile — Attempt to Control What Happens Online, By Oliver August, WIRED MAGAZINE: ISSUE 15.11, 10.23.07 | 12:00 AM

And if they don’t know how, that article provides tips. Continue reading

Sony Rootkitting: How It Happened

sonyrootkit.gif Here’s a paper about Sony and the Rootkit:

While Sony BMG’s customers first became aware of the dangers posed by the rootkit through media reports following Russinovich’s October 31 announcement, the company was on notice that its product contained a rootkit, at the very least, four weeks earlier.12 Finnish anti-virus software developer F-Secure contacted Sony BMG on October 4, 2005, alerting it to the presence of the rootkit.13 Of course, First4Internet, as the developer that chose to incorporate the rootkit into its design, necessarily knew of its presence from the outset.


Yet Sony apparently thought that they could still sneak a rootkit onto CDs its customers paid for. The customers knew better, because Amazon reviews told them, and sales CDs plumetted as soon as rootkit-infested versions were issued.

This maybe illustrates three points:

Continue reading

Media Security: Consolidation or Diversity?

Despite unanimous vote of the Senate Commerce Committee to delay, and direct question from one of its members, (not to mention overwhelming opposition in meetings across the country), FCC Chairman Kevin Martin plans to go ahead with the media consolidation vote scheduled for tomorrow, 18 December, which, given the 3-2 Republican-Democrat makeup of the Commission, will almost certainly result in more media consolidation.
Not only John Kerry, but even Trent Lott and Ted Stevens spoke against Martin’s plan. Martin, pretending not to know that newspapers are one of the most profitable industries (and nobody on the Commerce Committee thought to ask him directly whether he knew that; they only asked him if he had seen a specific report that said that), claims that the only way to save newspapers is to let them buy television stations. The New York Times published Martin’s op-ed to this effect. (Today the Times did at least publish their own editorial criticizing his position.)

Meanwhile, three members of the House Judiciary Committee have written an op-ed calling for the impeachment of vice-president Cheney, and no major newspaper will carry it, even though one of them, Wexler of Florida, collected more than 50,000 names for it over one weekend (up to 77,000 as of this writing).

Were it left to me to decide whether we should have a government without newspapers, or newspapers without a government, I should not hesitate a moment to prefer the latter.

Letter to Nathaniel Macon, Thomas Jefferson, January 12, 1819

What would Jefferson have thought about newspapers that wouldn’t publish a call for impeachment by members of the committee that is supposed to bring such charges? And why, given such a press, is anyone even considering more media consolidation? Which is better for the security of the Republic: more media consolidation or less?


Chinese Honeynet Project: Botnets Are Sneaky and Evolving; Need Adaptive Distributed Counter

lifetime.png The subject is my interpretation of a sixteen page paper by a joint Chinese-German project to examine botnets in China.
Botnets have become the first-choice attack platform for network-based attacks during the last few years. These networks pose a severe threat to normal operations of the public Internet and affect many Internet users. With the help of a distributed and fully-automated botnet measurement system, we were able to discover and track 3,290 botnets during a period of almost twelve months.

Characterizing the IRC-based Botnet Phenomenon, Jianwei Zhuge1 , Thorsten Holz2 , Xinhui Han1 , Jinpeng Guo1 , and Wei Zou1 Peking University Institute of Computer Science and Technology Beijing, China, University of Mannheim Laboratory for Dependable Distributed Systems Mannheim, Germany, Reihe Informatik. TR-2007-010

The paper provides many interesting statistics, such as only a small percent of botnets are detected by the usual Internet security companies. But the main point is exactly that a distributed and adaptive honeypot botnet detection network was able to detect and observe botnets in action and to get data for all those statistics. Trying to deal with an international adaptive botnet threat via static software or occasional centralized patches isn’t going to work.

Some readers conclude that this paper shows that reputation services don’t work,because they don’t show most botnets. I conclude that current reputation services don’t work because they aren’t using an adaptive distributed honeypot network to get their information, and because their published reputation information isn’t tied to economic incentives for the affected ISPs and software vendors, such as higher insurance rates.


Firing Range or Virus Aquarium?

xkcdnetwork.png DARPA wants to build cyber firing ranges:
DARPA is interested in the full spectrum of network range capabilities, from network simulations and virtual test ranges that simulate future range architectures and protocols, to physical implementation of networks. Additionally, DARPA is interested in the full spectrum of testing environments – from individual hosts, to single enclaves and local area networks, to world-wide Wide Area Networks (WAN).

DARPA seeks network firing ranges for cyber weaponry, Keep out, war-warez test in progress, By Lewis Page, The Register, Published Tuesday 4th December 2007 13:50 GMT

Hey, looks like Randall Munro already proposed the single enclave part of this in his comic, xkcd. Somebody’s going to make a bundle selling cyber ant farms and leasing DARPA the rights to shoot cyber bullets at them.


ResNet for the Home: Why Don’t Last-Mile ISPs Detect, Clean, and Insure Home Machines?

resnet.jpg Colleges and universities often provide residential networks (resnets) for their students. There are companies that do that, such as Apogee Networks, plus value added services such as patching, installing, and configuring secure and virus-free software. Last-mile ISPs could do that too. They could go farther: they could detect, clean, and insure home machines.

Now they may not want to do this because they might incur legal liability. But that’s what insurance is for. And they might not want to do it because it’s not their core competence. But they could offer such services through a third party. Why don’t they?