Liudvikas Bukys

VentureBlog: Putting The “Power” In PowerPoint:

if you want to understand the “power” in PowerPoint, watch a Lawrence Lessig presentation. They are a fantastic combination of content, art and brand (if you’ve seen one of Professor Lessig’s PowerPoint presentations, you’ll forever associate the white typewriter font on black blackground with Lessig

So I watched the presentation at

http://randomfoo.net/oscon/2002/lessig/

and what can I say except What a great talk, what a great presentation.

Joe Stewart (LURHQ):
Migmaf Reverse-Proxy Spam Trojan

In late June 2003, spam-fighters from the news.admin.net-abuse.email Usenet group noticed a particular spammer seemed to be able to move his websites around at will, minute-by-minute. This activity was also pointed out in an article by Richard M. Smith of computerbytesman.com.

It appeared at first that the spammer had managed to infect thousands of systems with a small webserver trojan – rotating them in and out of the DNS for the domain names he owned every 10 minutes. It made it nearly impossible for ISPs to track and shut down, as the IP addresses were largely owned by dialup users, so ISPs would be fighting a constant battle to keep track of all the reports.

The sites being advertised in the emails were generally Russian porn sites, and Richard Smith pointed out the same servers were involved in a Paypal scam email he had seen.

LURHQ was able to obtain a copy of the trojan – detected from suspicious activity originating from a VPN user on a firewall on a network we monitor. What we found was the trojan was not a webserver at all, but instead: a reverse proxy server. Instead of hosting the content on the victim’s computer, the spammer instead maintained a “master” webserver. We have dubbed this trojan “Migmaf”.

John Graham-Cumming: ActiveState – ActiveState Field Guide to Spam

Peter Norvig: Teach Yourself Programming in Ten Years
«
Researchers (Hayes, Bloom)
have shown it takes about ten years to develop expertise in any of a
wide variety of areas, including chess playing, music composition,
painting, piano playing, swimming, tennis, and research in
neuropsychology and topology. There appear to be no real shortcuts:
even Mozart, who was a musical prodigy at age 4, took 13 more years
before he began to produce world-class music. In another genre, the
Beatles seemed to burst onto the scene, appearing on the Ed Sullivan
show in 1964. But they had been playing since 1957, and while they
had mass appeal early on, their first great critical success,
Sgt. Peppers, was released in 1967. Samuel Johnson thought it
took longer than ten years: “Excellence in any department can be
attained only by the labor of a lifetime; it is not to be purchased at
a lesser price.” And Chaucer complained “the lyf so short, the craft
so long to lerne.”
»

A recent Harvard Business Journal article by Nicholas Carr entitled
IT Doesn’t Matter is rebutted by Michael Schrage in CIO Magazine in Why IT Really Does Matter.

I’d say that good IT management is scarce enough to be relevant. The evidence: The ever-growing list of IT failures, many of which are for projects “that have been done before.” On the positive side, consider companies in commoditized industries, for which IT management is the only explanatory variable. (Schrage cites some good examples.)

Eric Rescorla rebuts the arguments for giving up on SMTP: Should we dump SMTP?:

«
The movement to ditch SMTP strikes me as more of a howl of frustration at our collective inability to deal with spam than an actual reasoned argument for change.
»

[Via Ed Felten: Email Redesign Not Helpful]

The big design issue is not transport security or authentication. It is whether spontaneous association is a desired feature, and how such associations are managed or controlled. Since most mailboxes do want to be found (that’s why people publish email addresses in directories and on web pages), re-doing SMTP might yield fresh transport and identity protocols (already available as succinctly described by Rescorla), but would be just as vulnerable to spam, unless something is done to improve association management and its hooks to content filtering. And, while it is interesting to describe a new world in which I can only correspond with people to whom I have been introduced and with whom I maintain a web of credibility, there is a very important question:
Do people really want this, or do they only say they want this?

Philippe Oechslin:
Making a Faster Cryptanalytic Time-Memory Trade-Offs
«In 1980 Martin Hellman described a cryptanalytic time-memory trade-off which reduces the time of cryptanalysis by using precalculated data stored in memory. This technique was improved by Rivest before 1982 with the introduction of distinguished points which drastically reduces the number of memory lookups during cryptanalysis. This improved technique has been studied extensively but no new optimisations have been published ever since. We propose a new way of precalculating the data which reduces by two the number of calculations needed during cryptanalysis. Moreover, since the method does not make use of distinguished points, it reduces the overhead due to the variable chain length, which again significantly reduces the number of calculations. As an example we have implemented an attack on MS-Windows password hashes. Using 1.4GB of data (two CD-ROMs) we can crack 99.9% of all alphanumerical passwords hashes (2 37 ) in 13.6 seconds whereas it takes 101 seconds with the current approach using distinguished points. We show that the gain could be even much higher depending on the param-eters used.
»

[Via SecurityFocus HOME Mailing List: BugTraq]

Wired News: Computer Groupthink Under Fire:
«
Critics at a House Science Committee hearing in July on the status of supercomputing in the United States claimed that federal agencies are focusing too heavily on developing and deploying grid computing and clusters, and not investing enough in development of true supercomputers.
»

The Register:
«
Northwestern University law professor Anthony D’Amato has issued a strong caution to universities, calling on them to consider students’ privacy before shipping them off to the RIAA sponsored legal gulag.
»

The Aggregate: KASY0 Home Page