This leads me to ask two questions.

1.  Why is our electrical grid on the internet?

This question is ridiculous that I have to ask it.  But at the very least if you are going to put the computers that run the electrical grid online, you could put some security in place. 

 2.  Why do we STILL not have a national firewall? 

I’ve been harping on this since I started this blog.  Why don’t we have a national firewall?  We should be severely restricting access to our US based networks from other countries.  This makes sense for a number of reasons.  First we’d kill most spam outright.  But more importantly, we would keep attackers from breaking into computers in the US.  The estimates vary, but probably a large number of servers and home computers are compromised as part of large botnets.  Some of these are being run from countries around the world.  Then we read of things like this, where our electrical grid is compromised?!  We should be blocking a lot of the traffic coming from overseas.

 You would think by now we’d be moving away from the internet’s wild west period….

 There is a continuum of legality for copyright.  Somewhere along the continuum is the ability to use something in a work that you make.  For instance, a 30 second youtube video with a baby dancing to a Prince song.  Somewhere along the line is outright copyright infringement.  For instance, posting an entire Prince song on Youtube, with original video.

 Somewhere in the middle lies Youtube content.  I don’t know which way this whole thing will go.  I just hope that we don’t lose more freedoms than we already have.  I can’t tell you how many older people than I have told me how many freedoms we no longer have compared to them. 

 I think the digital revolution could be the best thing yet for democracy.  It allows people to communicate directly without having to incur a large cost.  This democratization is happening all over digital media.  From blogs, where you can post a news story within seconds of it happening, and within minutes it can be linked to and copied all over the world.  To the democratization of digital video.  This allowed me recently to film, direct, edit and produce my own Documentary Pawtucket Rising.   As I get closer to the release, I will post more about my documentary.  But, this is such a great time to be alive.  So much is changing so fast.  It must be what it felt like to live in the 60s. 

 Based on other information we’ve seen about spam recently, I wonder how much money he was making on spam.  I wonder if the IRS will be looking into his finances.  It seems low to only charge him 180k for his crimes.  What about all the money he must have made on this scheme?  Unless  he wasn’t very good I guess.

Recently some of the top names of the industry have come together to work on fixing a bug in DNS.  A bug that has apparently been there for a very long time.  It affects many dns systems across many platforms.  Translation:  It is huge.  The amazing part is that it was found quietly by a security researcher.  All of the biggest names in DNS including Microsoft, Cisco, Nominum, Neustar and OpenDNS got together to simultaneously release a bug fix for their platforms.  There is now a patch for all the major dns systems.  If you are using Bind8 upgrade, otherwise get to patching your systems asap.  It doesn’t appear to be only isolated to the dns servers, they want everyone to patch their pc’s as well.

Basically what the vulnerability will do is allow what is called DNS Cache poisoning, but on a grander scale than which we are accustomed.  It will allow an attacker to change the location you go to when you type in a domain name.  So for instance if you type in blog.logicalorderofchaos.com you will be sent to somewhere the hacker (known as a Phisher) sends you.  This has been used to trick unsuspecting users into giving up their credit card information, and social security numbers.  Imagine if it weren’t some tech guy’s blog, but instead was bankofAmerica.com.  You can see where this could be a problem. 

Phishing happens all the time, but usually newer browsers can tell if it is a trick or not based on the way the url is formed or domain or IP reputation, and can stop you from going there without warning.  However, this will actually allow the attacker to change the location you actually go to, when navigating to a trusted domain.  This is bad because many sites use multiple IPs for one domain Even if they have a static IP it isn’t easy to find out what it is supposed to be once the dns is poisoned.

 The short of this is, patch your system.  Patch your system now, today, before the end of the month.  You have to do it, because this could be potentially really really bad.  End of the world kind of bad, so bad in fact that…

Ok there, I was alarmist.  But for good reason.  So get to it, now!

There is a voluntary ban on speculation as to what exactly the issue is, since they don’t want the bad guys to figure it out before the good guys get to patching their systems.  I will follow up on this in a month or two when we have more information.

For now though, So long, and thanks for all the bugs…

“Our research has revealed a smoking gun that shows that Storm and other botnet spam generates commissionable orders, which are then fulfilled by the supply chains, generating revenue in excess of $150 million per year.”

 That’s Million.  With an M.  It is a lot of money, and that is why you get spam. 

This report links canadian drug sales, or probably placebos, with the Storm virus.  These groups capture large amounts of computers running on desktops all over the country, and use them as BotNets.  This allows them to send out emails from several different locations at once, or at different times.  So, blocking specific IP addresses is useless. 

 One would have thought this would have been fixed with XP SP2.  However, it appears botnets will be with us for a while.  As long as you make it lucrative for someone to send spam, you will get spam.