A Brief Blogroll from the Weekend

| 2 TrackBacks

I'm increasingly finding that there's just too much news to share. The easiest way to follow what I'm finding interesting is to subscribe to my Google share feed. Barring that, here are a few stories of interest. BTW, I'm working on a more extensive blog post on encryption key management, which I hope to have up by mid-week, along with a retrospective on how I'm doing thus far on my new year resolutions. :)

Stories of interest (links and comments below):
* Fourth Undersea Cable Taken Offline In Less Than a Week
* Mega-D Botnet Overtakes Storm, Accounts for 32% of Spam
* SSL Is Useless.
* Tesla.
* Free Speech and Net Neutrality: Separating Fact from Fiction

Fourth Undersea Cable Taken Offline In Less Than a Week
The number of undersea cable cuts in the past week are providing excellent conspiracy theory fodder. Martin McKeay @ Network Security Blog first suggested that this was all getting a bit suspicious. What I wonder is this: how often do cuts occur? Certainly 4 in a week is a big suspicious, unless these things happen all the time, just not in such a concentrated region. I wonder if we'll hear anything about commonalities in the cuts and if there's reason for suspicion?

Mega-D Botnet Overtakes Storm, Accounts for 32% of Spam
The Storm has been one of the most prolific botnets over the past year, but this article suggests that the Mega-D botnet has overtaken The Storm in amount of spam generated. The Storm has been attributed with most spam surges over the last 12 months, often timed with US holidays or other world events.

SSL Is Useless.
Cross-site scripting (XSS) is a flaw in a web site that allows text with script tags to be inserted into site content, or fed through the URL. In a functional attack, the script will then be fed to the client as if it originated from the server, and will be executed accordingly. For a far better description, see this description at OWASP. http://www.owasp.org/index.php/Cross_Site_Scripting This article from 0x000000 talks about the myth that implementing SSL on a site will eliminate the need to test for XSS. Nothing can be further from the truth. XSS runs rampant on the Internet and reflects a general sloppiness in coding practices.

Tesla.
Another posting from 0x000000, but this time of a Scientific nature. Nikola Tesla was a brilliant man, as the embedded video demonstrates. If you're a fan of Science, Engineering, and innovation, then it's worth taking a few minutes to few the documentary.

Free Speech and Net Neutrality: Separating Fact from Fiction
This post is a couple weeks old now - I meant to post something on it sooner. Net neutrality is an interesting political topic these days, and one that I find frustrating. The ACLU does a decent job of explaining the topic, with their own slant. Where I think the coverage of the topic often falls short is in representing the perspective of the business. In particular, there are two key issues that are often neglected.

First off, bandwidth is not unlimited, no matter how much people would like think otherwise. There is only so much traffic that can go through backbone connections, and the fact of the matter is that those limits are being neared. Digital cameras have increasing resolutions, resulting in significantly larger file sizes. P2P and streaming traffic has taken off amazingly over the last few years. All of this puts tremendous strain on the ISPs. This situation is challenging, as ISPs tend to run on very slim margins, meaning that they don't have a lot of financial room for adding infrastructure. One must consider that it's often necessary to replace entire backbone router systems in order to support larger bandwidth requirements. Each piece of big iron equipment can run anywhere from $10-50k each, and most good network architects will deploy 2 per connection for redundancy (as consumers, we expect uptime). Multiply this across multiple access points and the money adds up quickly. Thus, the desire to restrict or otherwise control use of bandwidth is a viable business option, and has been done for years (though not to the degree of blocking specific types of traffic, as has recently become an issue).

Second, on this last point of blocking specific traffic, there is another business consideration: legal liability. Thus far, ISPs have been exempted from legal pursuit over allowing suspicious traffic of a potentially offending nature. However, one has to wonder how much longer the RIAA and MPAA will be kept at bay. Organizations like Napster were successfully prosecuted for facilitating the exchange of infringing materials. Putting aside the argument of whether or not the infringement cases are right, it is a valid and reasonable legal concern for ISPs who are carrying this traffic. P2P networks are increasingly defuse and complicated, meaning the ISP backbones become the common point. add to this the ongoing threat from botnets such as The Storm and Mega-D, and we see a composite that isn't appealing. Oh, and don't forget that spam now accounts for the lion's share of bandwidth utilization. If the ISP can reclaim 50% of bandwidth by taking out the channels used by botnets, then why shouldn't they be allowed to do so.

People need to stop assuming that businesses are making these decisions maliciously, with the desire to hinder what consumers can do. Instead, consumers need to understand that actions taken by orgs like Comcast are done for the purpose of self-preservation. If you look at this discussion through the eyes of the ISP business, then perhaps you will better understand the challenges posed in the net neutrality discussion.

2 TrackBacks

As I mentioned here, conspiracy theories are arising about the nature of the 4 undersea cable cuts in the past week. Security veteran and sage Steve Bellovin comments on the conspiracies here. His closing quote about sums it up for... Read More

About this Entry

This page contains a single entry by Ben Tomhave published on February 4, 2008 9:39 AM.

New England Who? How 'Bout Them Giants! was the previous entry in this blog.

American Ballet Theatre: The Sleeping Beauty is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Monthly Archives

Pages

  • about
Powered by Movable Type 6.3.7