blog.benschumacher.com

I just read an article on News.com about a number of Windows-based ATMs, manufactured by Diebold, were hit by the Welchia (or Nachi) worm, and shutdown. Check out this quote:

Computer security experts predicted more problems to come as Windows migrates to critical systems consumers rely on.

An unknown number of ATMs running Windows XP Embedded were shut down during the spread of the so-called Nachi worm, said executives at Diebold, which made the ATMs and refused to name the customers affected.

...

"It's a harbinger of things to come," said Bruce Schneier, chief technical officer of network monitoring company Counterpane Internet Security.

"Specific-purpose machines, like microwave ovens and until now ATM machines, never got viruses," said Schneier, author of "Beyond Fear: Thinking Sensibly About Security in an Uncertain World." "Now that they are using a general purpose operating system, Diebold should expect a lot more of this in the future," he said.

John Pescatore, an analyst at Gartner, agreed.

"It's a horrendous security mistake," he said of specific-purpose machines like ATMs running Windows, which is written for general-purpose computers and for which Microsoft releases security fixes on a regular basis. "I'm a lot more worried about my money than I was before this."

from Worm hits Windows-based ATMs

Why is this important? Well... aside from the obvious concern we should have for our money in banks, we should also be concerned with our ability to vote. In addition to ATMs, Diebold makes voting machines, based on Windows and already known to have a number of security problems, which could be vulnerable to viruses, as well. Chilling, eh?

PCWorld.com has an article about a "Jane Doe" that is fighting back against the RIAA. Here's the blurb:

The case represents the first challenge by an individual to the efforts of the Recording Industry Association of America to thwart online piracy by filing hundreds of subpoenas with ISPs across the United States, requesting information on individual file traders whom the group believes may be guilty of copyright infringement.

Glenn Peterson and Dan Ballard, lawyers with the Sacramento-based law firm of McDonough, Holland & Allen, which is representing the "Jane Doe," said in a statement that the RIAA's subpoena campaign has far-reaching implications in terms of consumer rights and privacy.

"The recent efforts of the music industry to root out piracy have addressed a uniquely contemporary problem with draconian methods--good old-fashioned intimidation combined with access to personal information that would make George Orwell blush," Peterson said in the statement.

from Computer User Challenges RIAA

It'll be interesting to see how this one turns out. The decision will, no doubt, have a tremendous impact on both file sharing networks, and privacy rights for internet users in the United States.

I've been wondering why I'd seen such a huge spike in the number of viruses caught by my filters recently, especially since they all seemed to be such an old virus -- Sobig. What I didn't notice is that its a new variant, called Sobig.F. Apparently, its spreading quite quickly and sucking up large amounts of bandwidth.

I'm glad my virus filters are working well, but I'm still annoyed. I've received over 50 copies of this virus in just two days -- how much more of this do I have to put up with? At least I know that if any did sneak through my filters, I'm safely (and happily) running Apple's OS X. Hopefully, one of these days, Microsoft (or M$ -- as some prefer to call it) will fix their product so this nonsense is no longer a weekly occurrence... but I ain't holding my breath.

Bruce Schneier has a new book out called "Beyond Fear: Thinking Sensibly About Security in an Uncertain World." Instead of his usual focus on computer security, this book is about security in general. It covers "the entire spectrum of security, from the personal issues we face at home and in the office to the broad public policies implemented as part of the worldwide war on terrorism." The goal seems to be to help folks realize that we need to think of security as a system of trade-offs, instead of as a system of absolutes.

This is a book for everyone. I believe that security, as a topic, is something we all can understand. And even more importantly, I believe that the subject is just too critical, too integral a part of our everyday lives, to be left exclusively in the hands of experts. By demystifying security, I hope to encourage all of us to think more sensibly about the topic, to contribute to what should be an open and informed public discussion of security, and to participate vocally in ongoing security negotiations in our civic, professional, and personal lives.

from Crypto-Gram: August 15, 2003

Based on my previous experiences with Bruce's other books -- all of them being great reads -- I'm strongly suggesting that everybody go check this one out. I've ordered my copy!

Just read an article on CNN about the Small World Project. The goal of the project is to figure out how well connected people are to others via the Internet. Volunteers try to sends emails from themselves to complete strangers, with only knowledge of their name, location, profession and some educational background. The ultimate goal is to figure out how well connected Internet users are to other Internet users. Seems like a study of whether or not technology really brings people closer together.

As a social project, it sounds really interesting. In a way, its like Friendster minus the nifty user interface, the fake people and the pictures of the folks you're trying to contact -- and its not intended to be a way to meet new people, although I imagine that will be a side effect. I've been considering joining, but am debating whether or not I'd feel comfortable asking friends, coworkers, associates and others to forward emails to their contacts in order to advance the project. I'm hedging because I figure if somebody asked me to do the same, I might just ignore the request.

Either way I go, personally, its still an interesting idea...