The mystery surrounding the Nyxem worm is starting to rattle the system. F-Secure was again first on the scene with a warning on January 20th that the growth and destructive payload of the worm were alarming. A week later all of the other large Anti-Malware firms are reporting the same thing, and security folks all seem to be looking at each other and wondering what’s the significance of February 3rd (the day it activates and deletes all your data — docs, spreadsheets, and databases), and whether this is the sophistication of attack we should expect going forward? The shift from quantity to “quality” of malware is happening right now. Who’s to blame?
Incidentally, just as we’re starting to get comfortable with using software to control the computer BIOS (very handy in the enterprise), someone points out that controls are lacking to prevent someone from BIOS attacks:
The firmware on most modern motherboards has tables associating commands in the ACPI Machine Language (AML) to hardware commands. New functionality can be programmed in a higher level ACPI Source Language (ASL) and compiled into machine language and then flashed into the tables.
While the earth gets warmer, the politics seem to get colder. According to the BBC Canada is vigorously staking its claim to the Arctic perhaps in anticipation of a waterway opening up:
The Conservative plans include the construction and deployment of three new armed heavy ice-breaking ships and an underground network of listening posts.
Listening posts, eh? It’s not clear what the US ambassador was hoping to achieve by telling Canada that they have no claim to the territory. He’s certainly given the Canadian conservatives more ammunition that they must stake a claim. Pot, kettle, black, no?
There should be one if there isn’t already. And unless someone objects, today seems like as good a day as any to celebrate the brilliance of his words, most of which I find useful in meetings about risk:
“No snowflake in an avalanche ever feels responsible.”
“Doubt is uncomfortable, certainty is ridiculous.”
“Judge a man by his questions rather than by his answers”
“The more I read, the more I meditate; and the more I acquire, the more I am enabled to affirm that I know nothing”
“It is forbidden to kill; therefore all murderers are punished unless they kill in large numbers and to the sound of trumpets” (a softer variation is that some think it’s ok to write buggy code if you write so much of it that your pride and profit keep it going in spite of inefficiency and harm)
and finally, with regard to today’s news that the FTC has fined ChoicePoint $15 million…
“Every man is guilty of all the good he didn’t do.”
Here’s to Voltaire and to his role in the age of Enlightenment!
He was a poet’s poet:
Understand idleness better. It is either folly or wisdom; it is virtue in wealth and vice in poverty. In the winter of our life, we can enjoy in peace the fruits which in its spring our industry planted. Courtiers of glory, writers or warriors, slumber is permitted you, but only upon laurels.
Obviously spam is annoying and costly, but today I received a clever spam message that had somehow morphed itself into a simple poem:
awake need teach
from swim have
He reply change
on live want
As tell know
Or fit explain
That turnoff allow
night need think
school sit understand
Which fall finish
The give know
Deep, no? I’m almost glad it made it to my inbox. Should the spammers decide that they need to resort to including poetry in their email in order to get through the filters, the sting of their messages and hostility towards them might all but subside and people could welcome spam as literary marketing. Or that might be like saying used car salesmen would be more popular if they could sing when they lied.
a blog about the poetry of information security, since 1995