Mikko Hypponen: Three types of online attack

Did you know every laser printer prints an invisible pattern of yellow dots that uniquely identifies that printer? This is so authorities can hold you responsible for what you print. I am not joking.

This TED talk probably is not what you think. From whom, for instance, will these attacks come? How about criminals, corporations and governments, just for starters.

http://www.ted.com/talks/mikko_hypponen_three_types_of_online_attack.html

THIS TALK IS REQUIRED VIEWING FOR ALL SECURITY STUDENTS.

There are censorship issues here, and copyright issues. There's the tricky issue of a political party specifically aligned with a file-sharing site. It's freedom of information versus legitimate ownership of material. There's no clear right or wrong here (like most of the world, I'm afraid), but there's a very nasty nest of snakes when you try ham-handed to censor the Internet.

It doesn't censor easily.

Read more on the as-always invaluable NakedSecurity:
http://nakedsecurity.sophos.com/2012/05/11/pirate-party-censored-from-helping-people-bypass-pirate-bay-block/

This whole business will inevitably lead to more draconian digital rights management (DRM), though frankly that's fine by me. The "record companies" will lock up their data, the rest of the musical world will share with different degrees of freedom, and if things work properly we'll all benefit.

But in the mean time, the whole exercise demonstrates the resilience of the Internet. What I want to know is this: how long will it take for people in most metropolitan areas to follow the leads of their peers in Vienna and Athens, and start setting up alternate, decentralized WiFi networks? There's lots of info on the (there it is again) Internet about putting your old WiFi access point (WAP) in a Tupperware box, with of course a hole for the power cord, and tossing it on the roof. Really. Or hanging it from your TV antenna, or what have you. All it takes is setting it to a common ESSID, and voila, instant independent networking.

I'm sorry, but for business purposes we must not trust China. Not with intellectual property, not with inside information, not with vulnerability data. Chinese culture dehumanizes outsiders, making it perfectly legitimate, for instance, to poison their babies with formula spiked with melamine. That's plastic, in case you didn't know. This kind of thing is common practice, Standard Operating Procedure, demonstrated again and again.

So, Microsoft admitted Hangzhou DPTech Technologies into a security partnership that addresses emerging cyber threats. Hangzhou DPTech Technologies got the inside scoop on an RDP patch that was forthcoming. Violating their NDA (were you surprised?), they leaked the info. Letting the crackers stay one step ahead again. Thanks, Hangzhou DPTech Technologies. And thanks again, China.

"Yes, it is a little concerning that it was a Chinese firm that leaked the Microsoft information. That being said, what did Microsoft really expect was going to happen? The Chinese do not have a very good track record of adhering to NDA and other agreements," says Paul Henry, security and forensic analyst.

Read one good article at http://www.darkreading.com/insider-threat/167801100/security/vulnerabilities/232901426/microsoft-fingers-chinese-firewall-ips-vendor-in-windows-exploit-leak.html.

And meditate, when you get the chance, on the image of Lucy holding the football so Charlie Brown can kick it.

You're stupid if you trust in the face of experience and proof. Were you really surprised?

Are you a hacker? A cracker? Someone who breaks into systems and networks for fun and profit, or for a cause? National security services all over the world are looking for you.

They want to offer you a job.

For just one of many examples, see PCPro.com's "How to become a cyberspy":
http://www.pcpro.co.uk/features/374311/how-to-become-a-cyberspy