Filtering Doesn't Work. Education Might.

Internet filtering will not keep your children safe. Your children probably know more about computers than you; they will find or make holes in your software. Even if you whitelist, ban chat and p2p programs, block Google image search, and block every video and image hosting website, you'll never come close to blocking everything. If that's your strategy, you might as well just call up your ISP and cancel. Even then, you cannot monitor your children at their friend's house, at the library, or when they grow up. Filtering can prevent you from stumbling into undesired materials, but it cannot stop someone from breaking out. Teach your children how to use the internet safely. Teach them to be good. Then trust them to make the right decisions. I call it parenting.

Teaching Hacking in School

Here is a video I made to show why Computer Security must be taught in school.

Smart DRM—Starcraft 2

People should be paid for their work. Technology has fundamentally changed the way we use media, yet unimaginative, manipulative executives believe that monolithic copyright laws and ineffective DRM technologies will keep their antiquated business models alive. Video games are among the most pirated software: the key verification algorithm can be reverse engineered, and key generators can be developed. Blizzard's Starcraft 2 has a better approach to this problem. You can take your Starcraft II disk and install it on any machine you want. However, in order to play you must log in with your battle.net account, which you have associated with the Starcraft II licence you purchased. The key verification algorithm is safe(r) on Blizzard's server, and you can play from wherever you'd like without having to worry about keeping track of your key; everyone wins. The key is adapting business models and copyright laws to the technology—not the other way around.

You Go, Girl!

It warms my heart to see women in computer science, like this hacker who was programming in x86 and C by age 14. It is baffling that there are so few women in computer science: its flexibility makes it a great profession whether you are career driven, a traditional stay-at-home mom, or anywhere in between. I don't know whether it's the misconception that computer science is for nerdy guys, or some biological difference in women's brains; all I know is a lot of women are missing out on computer science, and computer science is missing out on a lot of women.

There is Good

I wish we lived in a world where we could keep the front door unlocked. Sometimes in my obsession with the vulnerabilities of technology I become so overwhelmed by paranoia and distrust that I forget computers can be a force for good. For every advance made in security, it seems as if attackers make two advances. However, we can't let ourselves be discouraged; people are using computers for good. Perhaps we should count the number of ways that computers bless our lives. Then, armed with a spirit of optimism, continue to harden defenses, improve transparency, and educate users. It's easy to lose faith, but let's have hope that good will prevail and computers will continue to make our world a better place.

Scrambling the Cuckoo's Egg

One of the earliest computing honeypots was created as Clifford Stoll allowed the Hannover hacker to waltz through Berkeley's network unchecked—little did the attacker know he was being watched. Using their network as a high-interaction honeynet, Stoll reverse social engineered attackers into requesting information about the fabricated SDINET project; this provided more information about the scope and severity of the attacks. Many modern attack vectors rely on social engineering. Honeypots could be rigged to provide records of fake employees—each associated with social media accounts, email addresses, and phone numbers. This falsified information would then be closely monitored so that social engineering attacks could be observed. These honeypots would require more resources than conventional honeypots: automation is difficult; and humans need to respond directly to attackers in some cases, such as phone calls. Still, the results would be interesting.

Grow Up

Many jumping on the Anonymous bandwagon are teenagers with too much time and too little skill. Seeking acceptance and respect from their peers, they are seduced by an alluring sense of community—a mob with no direction, no leaders, no code of ethics, and no cause. Armed with illusions of grandeur, this hive mind trolls about the internet, brandishing the banner of freedom. They fool only themselves. Ironically, the Guy Fawkes mask they wear is intended to symbolize the fight against tyranny; they also believe this mask will hide their accountability. Notwithstanding, they are easily caught with their hands in the cookie jar.

Apple_Security++

Recent hires by Apple reveal an increasing emphasis on security. The rise of mac malware, botnets, and research in mobile attacks indicate the need for Apple to take security seriously. Genius hackers like Charlie Miller and Dino Dai Zovi have already been researching Mac vulnerabilities for some time now, and many more are on the way. Hopefully this influx will introduce more tools. Good tools are already available—IDA Pro was recently released natively for OS X—but we need more freely available tools to fuel research and open the doors to more researchers (such as poor students like myself). OS X needs tools like OllyDbg and Immunity debugger. Paterva needs to hurry up—I can't wait any longer. It's an exciting time to be a Mac. Let the fun begin.

Vigilante Justice

Recently the Jester (th3j35t3r) has come under increased public scrutiny as a result of his wikileaks attack and ensuing scuffle with Anonymous. His behavior is illegal, but legal and ethical are not always synonymous. The internet is a lawless frontier much like the wild west: the government cannot police it, but citizens cannot simply allow themselves to be thrown to the wolves. We have the right to defend ourselves and the responsibility to defend others when the government can or does not. For example, Batman is a one-man vigilante; still, he is typically viewed as a hero—we find something noble and good in him. The Jester has similarly inspired others: people leave words of support on his blog; some ask how they can help; and others are thinking of more villains, such as child pornography, to target next. Vigilante justice is a complicated beast. Are the Jester's actions lawful? No. Are the Jester's actions ethical? Considering that his attacks aid law enforcement, hinder terrorist communication, protect lives, and cause no collateral damage, I would be inclined to say that they are.