February 25, 2005
Now out in Britain: a dustbin (that's English for "garbage can") that reports how much rubbish (that's English for "garbage") you are creating.
February 24, 2005
- Hallmark would have gone out of business back in in 1947
- St. Patrick’s day would be a National Holiday.
- So would the day after Superbowl Sunday.
- Valentine’s day would be abolished.
- “She irritates me“, “she talks too much” and “she expects me to get on with her parents” would be valid grounds for divorce.
- The top-selling vacuum cleaner would be a riding model.
- Synchronized swimming and Ice-Dance would be removed from the Olympics.
- They would be replaced with Lawnmower racing, dwarf tossing and beer drinking.
- The Triathlon would consist of all three.
- Cats would be an endangered species.
Still think it’s a man’s world? Visit Saudi Arabia – where they have their women right where they want them…
February 22, 2005
- If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore.
- If a bad guy can alter the operating system on your computer, it’s not your computer anymore.
- If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.
- If you allow a bad guy to upload programs to your Web site, it’s not your Web site any more.
- Weak passwords trump strong security.
- A computer is only as secure as the administrator is trustworthy.
- Encrypted data is only as secure as the decryption key.
- An out-of-date virus scanner is only marginally better than no virus scanner at all.
- Absolute anonymity isn’t practical, in real life or on the Web.
- Technology is not a panacea.
February 21, 2005
A story worthy of the most tawdry tabloids, except that it is true.
Proof that Mother Nature can be quite cruel – not to mention somewhat psychotic.
February 16, 2005
Interesting story. A computer belonging to Joe Lopez is hacked and the hacker then transfers ninety grand to an account in Latvia.
Lopez is taking his bank (Bank of America) to court to recover his money, stating that the bank “knew the risks”.
While I sympathize with Mr. Lopez, it appears to me that the bank actually did nothing wrong. It was not the bank’s systems that were hacked, but Mr. Lopez’s machine. BofA did not actually commit any crime. Bofa maintains that since this is a business account with large sums of money going in and out, the wire did not trip any internal alarms.
“Bank of America knew of the coreflood virus,” said Lopez’s Lawyer, “Why not tell their customers?”. That statement shows a tenuous grip on reality – there are literally thousands of viruses and trojans out there, with more coming out every day – does he seriously expect BofA to inform their customers about every one? If they did, their customers would be deluged with “Chicken Little” warnings… and would ignore them. Sounds to me like he is looking for deep pockets.
$70k of Joe’s money is still frozen in a bank in Latvia. Any action to recover the funds would require “a request to Latvia’s Office of the Prosecutor for a criminal investigation”. This would be a whole lot easier for BofA than it would be for Joe, but since the bank has sustained no loss, it has no reason to do so, and if it did, it would set a precedent.
Of course, this should not have happened, but Mr. Lopez and his Lawyer are asking the wrong questions. The real question is whether or not BofA should have allowed a wire transfer to Eastern Europe to go unchallenged. If so, they are in the clear. If not, they are at fault. Trying to blame them for a user’s lack of security, however, is just plain wrong.
f nothing else, this has exposed several holes in the system. One quick and obvious way to avoid this sort of thing in future is to have the bank verify any automated transfer over a predetermined amount by calling the accountholder. While not foolproof, this would cut down a lot on this sort of thing.
Unfortunately this will not be popular with the Banks, who will have to eat the added expense of such a system.
February 14, 2005
Remember that story about the guy that ended up in court because a lawyer didn’t like him telling lawyer jokes? The good news is that grand jury showed some horse sense; they decided that there was no case to answer, and voted to dismiss.
The only fly in the ointment was that the lawyer who was responsible for this whole comedy of errors has managed to keep his name out of the limelight. Personally I think he should be made to pay the court costs for wasting everybody’s time… and then flogged as an example to the rest of ‘em.
February 9, 2005
Keith Richburg is an American. He is a reporter. And he is black. This book is his travelogue of Africa, where he spent several years in various countries on the dark continent.
- Being black, he thought that he could “blend in” with the local populace. That was before he found out how the local populace lived.
- He believed that the western powers could fix things…. until he saw them try and fail disastrously in Somalia.
- He believed that sending aid to poor countries helped… until he saw most of that aid being diverted into the pockets of the local warlords.
This is the story of a man who has seen, first-hand, the devastation caused by the wars that have wracked nations where no-one counts the bodies. A man who returned home proud and grateful to be an American.
February 8, 2005
All of us have personal information that we need constantly but cannot risk – usernames, passwords, account numbers etc.
Personally I recommend using a tri-level username/password system
- A standard easy-to-remember combination for websites where I post help, feedback and opinions, and would lose nothing if someone were to impersonate me.
- A second level for services that I pay for, such as phone, cable service etc. If someone were to hack this (somewhat more secure) password combination they could cause me some grief but no major headaches. If someone wants to pay my phone bill, I say let them.
- A third-level password that has letters, numbers, mixed-case and special characters and is as "uncrackable" as I can make it, is used to access the most secure personal or financial data. This password is used ONLY where strictly necessary; the less places it is used the less chance that it can be compromised and stolen.
However, that approach is not enough. Some websites insist on assigning us peculiar usernames that we cannot change, and some have different password standards, so one username/password combination does not work, nor should it.
With this in mind, we need a way to store such information such that it is easily accessible yet safe from prying or curious eyes. Password Safe is my preferred solution. Verified by Bruce Schneier, the author of the Blowfish and Twofish encryption algorithms, Password Safe is an small Windows program that unzips into a directory, required no installation and stores your data in a small, tightly-encrypted file. I keep mine on a flash drive. The program takes up 290k, my database (which has 32 entries) is 5k in size.