Feeds

Reid declares net safe as Paris's bits are hidden away

And Vint Cerf drops us a line

  • alert
  • submit to reddit

High performance access to file storage

Letters We at El Reg are used to hobnobbing with the cream of internet high society [er, we are? - Ed], so we were not surprised at all when one of the Founding Fathers dropped us a note in response to an article we'd written about the threat of botnets, as highighted to the World Economic Forum. So used to it, in fact, that we thought we'd run it as our headline letter on Letters this fine Tuesday.

Behold, Vint Cerf writes:

John,

Thanks for a balanced article. I think the botnet herders typically lease out small groups of 10-20,000 computers for various attack modes. So one would want to distinguish between the total botnet army and the "battalions" of ten or twenty or fifty thousand that might be engaged in a particular attack. It would be terrific if we had tools to identify more accurately that any particular computer is infected.

A speculation: if you had the ability to analyze all the packets flowing to/from a particular computer and identify traffic indicative of a trojan horse or worm, consumers could be warned if their PCs were infected. The perpetrators may simply find new ways to disguise the traffic used to control the botnet or to effect the attacks. It's quite a challenge to identify and clean up infected machines.

Among the more pernicious aspects of infection is that the infected machine may not exhibit any particular deficiencies since any one "bot" may contribute only a small amount of traffic to the target. It is the huge total number of bots in any one battle group that causes the problem - a few messages per seconds from one bot times 50,000 bots is several hundred thousand messages per second to the target.

And, of course, the bots can be virtually anywhere so it isn't always possible to identify a locus of attack.

Vint


There was a lawsuit got settled this week. Don't know if any of you noticed it - something about Apple, trademarks, DRM and music. Possibly the most interesting thing about the case at the time was the springing to fame of one Guy Goma, but that is besides the point:

Hello: Your article's headline, "Apple settles with Apple", seems to imply that the Beatles label has reached a settlement with the computer company, while all other news organizations seem to prefer the alternative version of "Apple settles with Apple", conveying the message that the computer company settled with the Beatles music label. Is there any reason for your bias? Is it because of your British roots that you choose to raise Apple above Apple? Why shouldn't it be the other way around? Why not mention Apple first, as opposed to the other Apple? Or perhaps, none should have preference, and you should opt instead for a more neutral "Apple settles with Apple"?

Cheers, -dZ.

You are, of course, entirely wrong. "Apple settles with Apple" is not only more correct than "Apple settles with Apple", but it is funnier, too.


"Apple Corps lost, with a judge ruling that the iPod and iTunes did not breach their deal because they were merely ways of conveying music and nothing to do with the creation of the music itself. "

I quite like this (in a perverse sort of way).

What is it Apple Records did? Create *and produce* records. They conveyed the music to listeners by means of flat plastic disks.

And they were called Apple.

Can we use this to get P2P off the hook: copyright is about creating new copies of the music and limiting this to one supplier. However, Bearshare is merely ways of conveying the music and has nothing to do with creation of music itself.

Mark


Three men get time in chokey for plotting evil deeds in a chatroom. Thank goodness for stupid people, really:

"The logs came to light when [..] Beavan told [...] police about the plot" and: "This case should act as a really stark warning that the internet is not a hiding place to plan and participate in criminal acts."

From what I've just read the police wouldn't have found out about people hiding and planning until after the event were it not for somebody directly involved in the plan walking upto them and telling them!

- Alan


And now that those three are locked away, the internet must surely be safer.

Don't "Internet Safety" days always make you cringe?

The attempts to make people safer by registering the e-mail addresses of sex offenders are ridiculous. How hard is it to register one e-mail address and use a different one? I've got 3 e-mail addresses without even trying. No, wait. 4? 5? 6 maybe. Heck, I don't know. Another pointless thrust by a government that tries to regulate a field it knows nothing about. Or is it just an offering to make the public think they're actually doing something?

And as for registering chat handles - I can see some bad mojo coming from that. I often use a character from a book as my chat handles. Other people use this same chat handle. How long until the Daily Moron start publishing lists of "evil kiddy fiddler" chat handles? If one of them used the same handle as me, I could see my net life getting....interesting. I already get grief because I share the same moniker as some twit that wrote an IRC virus.

Anon


"Hello, computer. Initiate self destruct"....it might not be quite that simple, but we discovered this week that speech recognition in Vista might just be hijackable, if that is even a word:

Oooookaay, so this 'sploit is involving the speech recognition system actually recognising speech and is analogous to someone shouting at your computer from across the room...

Apart from the fact that Vista allows you to mute individual programs, Internet Explorer would be a good example; this is far more likely to be a problem cross platform, rather than an exploit of a specific OS.

How long to the first genuine exploit? Taking all bets....

Fraser


"Microsoft is playing down the possibility that the speech recognition system in Windows Vista could be hijacked to delete files or perform other unauthorised [sic] actions."

Given the massive difficulty most users face trying to get voice recognition to do *authorized* actions, I doubt this will be much of a threat.

Steven

Fair comment, but for the love of all that is shiny and based on silicon, "authorised" is NOT spelled incorrectly. Do we really need to revisit the UK vs US spelling war, or can we all just try to get along?


In your article, you quoted a Micosoft security researcher:

"There are also additional barriers that would make an attack difficult including speaker and microphone placement, microphone feedback, and the clarity of the dictation,"

This does not necessarily pose much of a problem as it is possible to read input directly from the sound card. There are a number of applications geared toward doing this as a way to circumvent audio file copy protection measures. Granted, this is cumbersome as an exploit, but it does show that the "security researcher" is either unaware, unimaginative, or uninformative.

Sam


More stories about Vista security mean more emails from you about it too:

I hate Microsoft.

It's okay to buy third party software to secure your computer but I have an issue with their One Care Product.

It is by definition "paying money to have Microsoft fix their own mistakes and buggy code".

The bugs in their code now bring around a direct financial gain.

It's immoral and I have an issue with it on principle. I will therefore be jumping on the Ubuntu bandwidth heading for Nixville as I believe it's called.

Phil


Paris manages to halt the sale of her worldly goods. Or at least, the ones she forgot about in a storage locker that included some rather incriminating videos, apparently:

Sir,

I feel an error has been made, since Miss Hilton is an American I'm sure she would have said "I get ****ed in the *** for coke.", not "I get ****ed in the **** for coke." since generally they spell arse incorrectly, preferring ass. Of course, she could have been referring to something else, in which case I apologise in advance.

- Steve


Well, it is topical, so we've let this one in:

Farming? Bird flu? Hungary? Look no further.

- John


And, for once, El Reg is taking the view that good news is indeed news. We justify this on the basis that good news surrounding government systems is so remarkably rare, and news is supposed to be stuff that is uncommon:

I get to go abroad news week on business, so I applied online for a European Health Insurance Card (EHIC). It said they can take up to a week so I was slightly worried that it wouldn't arrive in time.

Well I applied on Thursday, and it arrived in this mornings post (Saturday).

It was a similar story when I renewed my passport last year, sent all the paperwork off, got the old passport back in two days (ie it was posted back the same day they got it), and my new passport arrived the day after.

So there you are, in spite of all the bashing we give them, some of the systems the government have put in place do work - very well. We should give them credit where it's due.

Simon

PS: Oh yes, and can I also add that buying my tax disk online was similarly easy, quick, and efficient ?

Well, there you go. More on Friday, so stay in touch. ®

High performance access to file storage

More from The Register

next story
Forget the beach 'n' boardwalk, check out the Santa Cruz STEVE JOBS FOUNTAIN
Reg reader snaps shot of touching tribute to Apple icon
Oz bank in comedy Heartbleed blog FAIL
Bank: 'We are now safely patched.' Customers: 'You were using OpenSSL?'
Happy 40th Playmobil: Reg looks back at small, rude world of our favourite tiny toys
Little men straddle LOHAN, attend tiny G20 Summit... ah, sweet memories...
Lego is the TOOL OF SATAN, thunders Polish priest
New minifigs like Monster Fighters are turning kids to the dark side
Dark SITH LORD 'Darth Vader' joins battle to rule, er, Ukraine
Only I can 'make an empire out of a republic' intones presidential candidate
Chinese company counters pollution by importing fresh air
Citizens line up for bags of that sweet, sweet mountain air
Google asks April Fools: Want a job? Be our 'Pokemon Master'
Mountain View is prankin' like it's 1999...
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.