|
| |
|
| |
|
|
|
|
TCHS 4O 2000 [4o's nonsense] alvinny [2] - csq - edchong jenming - joseph - law meepok - mingqi - pea pengkian [2] - qwergopot - woof xinghao - zhengyu HCJC 01S60 [understated sixzero] andy - edwin - jack jiaqi - peter - rex serena SAF 21SA khenghui - jiaming - jinrui [2] ritchie - vicknesh - zhenhao Others Lwei [2] - shaowei - website links - Alien Loves Predator BloggerSG Cute Overload! Cyanide and Happiness Daily Bunny Hamleto Hattrick Magic: The Gathering The Onion The Order of the Stick Perry Bible Fellowship PvP Online Soccernet Sluggy Freelance The Students' Sketchpad Talk Rock Talking Cock.com Tom the Dancing Bug Wikipedia Wulffmorgenthaler       |
|
bert's blog v1.21 Powered by glolg Programmed with Perl 5.6.1 on Apache/1.3.27 (Red Hat Linux) best viewed at 1024 x 768 resolution on Internet Explorer 6.0+ or Mozilla Firefox 1.5+ entry views: 1560 today's page views: 766 (45 mobile) all-time page views: 3246236 most viewed entry: 18739 views most commented entry: 14 comments number of entries: 1214 page created Thu Apr 17, 2025 22:18:08 |
|
- tagcloud - academics [70] art [8] changelog [49] current events [36] cute stuff [12] gaming [11] music [8] outings [16] philosophy [10] poetry [4] programming [15] rants [5] reviews [8] sport [37] travel [19] work [3] miscellaneous [75] |
|
- category tags - academics art changelog current events cute stuff gaming miscellaneous music outings philosophy poetry programming rants reviews sport travel work tags in total: 386 |
| ||
|
- Mr. Eugene Kaspersky, getting it right from the start  No, Jackie Chan didn't visit too (sadly) Unscheduled update here on Tuesday's talk, "Taking Responsibility For The Internet" by the Eugene Kaspersky of Kaspersky Anti-Virus (KAV) fame (personally haven't tried it though). I haven't attended too many such events in my time at college, therefore once I got wind that it was just before the algorithms lecture anyway, I decided to be a good academic citizen and sit in. Mr. Kaspersky began by identifying four classes of people: Victims (i.e. us), E-criminals who seek to prey on the victims, the IT Threat protection (ITTP) industry which tries to shield the victims from attack, and the police, with whom the ITTP cooperates with, and who nab the E-criminals. Now, so says Mr. Kaspersky, the reason that E-criminals can thrive is because modern operating systems are flexible but insecure. Secure OS-es, like Symbian 9 and BREW, combat malware by demanding that all software developers get their applications certified. Of course, the trade-off is the cost of certification and the delays involved in bureaucracy. It then comes down to what developers and users value most - flexibility (and convenience) or security. Apparent system slowdowns from resident protection and time-consuming scans aside, the balance is tilted towards the former from past experience, with Novell Netware's decline cited as an example of the perils of neglecting the software community. It was suggested that iPhone/Blackberry's intransigence in this respect may yet prove fatal against Windows Mobile/Google Android's more permissive policies. This is all the more likely as operating systems are expected to become near-homogeneous in coming decades as the industry matures, with Mr. Kaspersky showing near-indistinguishable screenshots of Windows/Mac OS/some Linux GUI for emphasis. A historical parallel was drawn with automobiles, with the Ford Model T being dominant 70 years ago, but with dozens of functionally near-identical brands nowadays. Bad news for security buffs, but likely good news for Kaspersky Labs in business terms. The next visionary insight was on the rise of smartphones, as computing power shrinks into ever-smaller packages, such that in twenty years, our basic computer may well be a handphone, with dumb terminals consisting of just a monitor, keyboard and mouse provided for us to plug our phones into (seems more viable than pure cloud computing to me; I also doubt that netbook-equivalents will die, at least until holographic projection technology arrives, as we have probably reached the practical human limit for miniaturization - how much smaller can they make buttons and screens before the device becomes unusable?). Of course, the malware problem will follow wherever computers go, as Mr. Kaspersky illustrated magnificently with several examples:  Downloading new device drivers from Windows Update... (Source: Communications blog by Brough Turner) And what is the motivation? Long ago, virus authors were mainly young lads who couldn't get laid on a lazy Saturday night flexing their l337 skillz for cred and kicks. Nowadays, such innocence is no more, and it's all about the money. This new breed of hackers might reprogram exchange rates to extract cash from ATMs (or use cloned cards, which has happened in Singapore), or even just send out a bazillion spam emails (which does earn big, say over US$200000 a year, conservatively). N.B. The Facebook Mobile Web spammers could have just inquired on rights to my status update, I'm sure we could have worked something out... In this, Mr. Kaspersky reveals that the criminals help (and compete with) each other, in what he terms C2C: Criminal-to-Criminal. For instance, if some well-funded nationalistic organization needs a botnet to shut down some other country's government sites with a denial of service attack, it does not need to go through the trouble of building one of its own. It can just rent botnet time from a botnet provider, which may provide terms of service and offer technical support like any legit company! Sidetrack: Mr. Kaspersky notes that cybercrime has no known links to traditional organized crime yet, but what with the recession and even the Yakuza introducing pen-and-paper exams, I would venture that this might not hold for long. This is furthermore sad news for the less academically-inclined, who may have felt that a devotion to the principles of brudderhood, and no particular affection for random fingers, would surely earn them a rewarding career as a big-shot gangster. No escape for those who got "destroyed" by the PSLE Maths paper, then. A more visible instance of cybercrime would be something like the mass blackouts in several Canadian and American cities back in 2003, which coincided with the Blaster worm outbreak (one variant created by a bored 18 year-old). Officially, it was denied to be the cause, but in theory, it might well have been. On to the solutions, and the bad news is that some attacks, such as distributed denial of service, are impossible to really protect against, though some measures may be taken. This is a consequence of the design of the Internet itself, which Mr. Kaspersky asserts, is wrong. He reasons as such: the Internet is just another public network, such as the transportation, electricity, water or financial (ahem) ones, which all have their own regulations and policing. Why not for the Internet, then? The key issue, Mr. Kaspersky says, is anonymity. This might be discontinued by, among other requirements, allowing only trusted applications to run, assigning Internet passports (reminds me of Windows Live ID's ill-fated former name) to individuals and demanding accreditation for businesses, and mandating the temporary storage of requests for possible examination by an Internet Interpol. Certainly, this would halt a lot of the current abuses prevalent on the Internet now. There would be no more malware, no more unsolicited spam, no more illegal activities like filesharing (perhaps not a particularly popular consequence), and no more organized crime using the Internet for communications. If extended to the degree that people have to reveal their passport (and thus real identities) in discourse, I would expect that many flamers and griefers who troll messageboards would quickly self-moderate their behaviour.  Empirically verified in DotA games! (Source: Penny Arcade) However, I think that this is at its heart a philosophical and not a technological problem, and Benjamin Franklin's famous quote springs easily to mind: "They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." In practice, it is very possible for OS developers and hardware manufacturers to produce components that require all applications to have valid cryptographic keys to operate, and for authorities to implement protocols that require very strict end-user authentication. Not easy, but completely possible. Before we proceed, it should be mentioned that right now, the average user actually has next to no privacy where the Internet is concerned, anyway; It is almost a given that his ISP would have a record of all websites or services he has visited, at least recently, and any savvy E-criminal could gain access to such information by sneaking malware onto that computer. Indeed, some ISPs, much less countries, are already staking their claim to possibly control what users can or can not see on the Internet. But the reworking of the Internet, if it comes, would still be highly symbolic. What it would express is that some authority, somewhere, has the right to monitor any individual (right now, sufficiently smart or determined users can cover their tracks to a large extent). This is analogous to most decent citizens having nothing much to hide, but still being understandably unwilling to have their private mail correspondence read, or homes searched in absentia, at whim. Quis custodiet ipsos custodes etc etc. There are already moves in this respect in regard to intellectual property (see Richard Stallman's "Right to Read" take on schemes such as Microsoft's Palladium initiative) Thus a tenuous balance prevails between security and irresponsibility, or freedom and tyranny, depending on who you speak to. Mr. Kaspersky by all accounts wants more security and order. Others like Mr. Stallman desire liberty or death. Maybe there is some ingenious third way that preserves both security and liberty, such as Ron Rivest's fascinating ThreeBallot voting system that claims to provide both verifiability and anonymity, previously thought to be an incompatible combination (which actually, it may well remain). I won't be holding my breath on that, though. Mr. Kaspersky correctly identifies when the balance might be tilted in favour of security - after a massive cyberterrorism attack that creates perhaps a widespread blackout, or even a nuclear plant meltdown; observe how quick Americans were to sign away many of their civil liberties (see the Patriot Act) after 9/11. So, are Mr. Kaspersky's views right? Evidently, he strongly believes so. There are the people who, upon seeing a wallet upon the ground, will pick it up and ask whose it is. Then there are the people who will pocket it, and the people who will actively strive to get wallets out of others' pockets. Mr. Kaspersky self-identifies with the first kind of person, and one can do no more than strive to do what one thinks is correct. Good luck to him, then. He'll at least have Jackie Chan by his side, and from all those New Year action movies, those are good odds. Next: Half Dozen Of One
Linkback by LwEi's World
Trackback by Try the best tablet PC and tablet PC with quad cor...
|
|
|||||||||||
 Copyright © 2006-2025 GLYS. All Rights Reserved. |
||||||||||||
