Thursday, August 29, 2013

DESTROYING ANGEL ranks high on Amazon after just one day

Amazingly, Destroying Angel ranks #10 in "Crime Fiction" and #32 in the "Action & Adventure" categories after just one day in the free promotion category:
Yeah, I know. Free is free. But something is resonating out there with my "deep dive into Black Box Portability" of computer virus technology (see my Principle #7 of the Perfect Virus here).

Wednesday, August 28, 2013

My 1st Novel DESTROYING ANGEL available free on Amazon until Sunday, 9/1/2013

In case you're wondering if you should spend $2.99 on Amazon for Daddy's Little Felons, here's your chance to see if you like my style at all. My first novel, Destroying Angel, is available free through Sunday at Amazon (click here for the link).

Best wishes,
Rick Bennett

Tuesday, August 27, 2013

If I Were a Jihadist, Part III (Adios New York Times)

Back on Valentines Day 2011, I waxed poetic/operatic and changed the words to a song made famous by Johnny Cash as well as Bobby Darin (see the post here), changing the lyrics of If I Were A Carpenter to If I Were A Jihadist. I pointed out that I wouldn't have to painstakingly hack specific target sites. I'd just take down the Domain Name Servers. I called it the "…(cyber) nuclear option."

Well, guess what? That whacky Iran-supported FTW Syrian Electronic Army with their backs against the wall have done a small version of just that. They didn't have to hack the New York Times. They just went after vulnerable DNS servers (see the Time Magazine story here). Et tu Huffington Post and Twitter feeds of The Associated Press, Al-Jazeera English and the BBC.

The guy I passed in New York's Times Square had the right idea as he waved his bible and shrieked, "The End is Near!" He did give me a funny look I winked at him and said that I'd been saying the same thing. He might not have been some poor soul off his meds, after all. When I said he must know how the Old Testament prophets felt, he kind of recoiled. Then all I did was raise my hand to straighten my hair and he started to run away. Go figure.

So my question is, are you willing to leave world cyber security up to a bunch of politicians and generals who don't know an outer join from a double hernia, and who sit around a table wringing their hands after each "extinction-event scenario dry run"just as real as the Armageddon movie comet headed for the earth, or might you at least participate a public debate on Real Internet Security and the Enforcement of Such by Licensed and Bonded Cyber Privateers?

I concluded my article with these words:
One way or another the Internet is probably going to cease to exist as we know it. Either because of a physical pygmy in North Korea or a mental pygmy in Tehran. And remember, in a world full of emotional pygmies, the patient man is king. 
Think "DNS Security" my friend. Then just try to get a good night's sleep.

Selah.

Monday, August 26, 2013

"Hell no, we're not in the #&@*%$ cloud!"

With all the hype about investing in cloud technology, I have yet to see any software firms say "Hell no!" to the cloud. Given Saturday's UK Guardian story on the incestuous relationship between the NSA and Silicon Valley cloud vendors (see the story here), maybe somebody should put that skunk on the table.

Wednesday, August 14, 2013

Google: Gmail users have no "legitimate expectation of privacy."

Today's Time Magazine story makes the NSA inroads to Silicon Valley rather unambiguous (see Time's story here). In Google's motion filed on June 13, 2013 regarding class action complaints that "…allege the company violates wiretap laws by poking around in email…" we read:
Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use web-based email today cannot be surprised if their communications are processed by the recipient’s ECS [electronic communication service] provider in the course of delivery. Indeed, “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties."
Hey, I don't mind unambiguous. Good for Google. I just wish our government would be equally unambiguous and let us stop playing defense-only tactics with people trying to hack our systems.

In fact, realizing that some übersnooper is looking at my email for keywords, I've had some ideas about responding to spam that would put a national security bullesye on spammers. For the time being, I'll keep those to myself.
 

Friday, August 9, 2013

Appeals Court Whacks 1800CONTACTS' Attempt to Hijack the Internet

On December 30, 2010, I reported that Federal Court Judge Clark Waddoups "got it right" when he ruled against 1800CONTACTS' attempt to hijack the Internet (see my story here). Would you believe 1800CONTACTS appealed the ruling? Only in Utah, where church and business are so incestuously linked that the if-I-think-it-then-it-must-be-the-will-of-God-and-I-will-fight-to-the-death-as-a-matter-of-principle attitude prevails in our theatre of absurdity. Well, the Tenth Circuit of the United State Court of Appeals has ruled on the case (see the full ruling here). Net net, they told 1800CONTACTS to get an eye exam and possibly a new legal team.

1800CONTACTS has spent HUNDREDS OF THOUSANDS OF DOLLARS suing Lens.com for having the audacity to buy Google AdWords to poach leads from 1800CONTACTS. Imagine the gaul! Competing for business on the Internet. How dare they!

If you don't have time to dissect the ruling, here are a few knee-slappingly funny points:

  1. The total business generated by a Lens.com affiliate who did indeed use the 1800CONTACTS name in their ad copy was less the the price of a used Yugo!
  2. The appeals court ever-so-diplomatically suggested that 1800CONTACTS' law firm blew it when, on page 17 of the ruling, they write:  "…1-800's only clearly expressed theory of infringement was initial-interest confusion. Although it asserts on appeal that Lens.com's acts of direct infringement included purchasing merely generic keywords and then failing to designate the 1800CONTACTS mark as a negative keyword, that theory was not raised in district court."Translated: "Too bad your legal geniuses missed a more cogent argument."
  3. The appeals court again slaps 1800CONTACTS' brilliant legal team on page 29 when they write: "But this argument misreads the district court's order." Translated: "Learn to read, morons!"
  4. Finally, the appeals court is downright effusive in their praise of Judge Waddoups original ruling: "We affirm for substantially the reasons set forth in the district court's thorough and cogent order" [I added the emphasis in the last four words of that sentence].
What's next? Only in Utah my friends, only in Utah does the I-will-fight-to-the-death-because-it's-right mentality rear it's inbred head. Somewhere, I can hear a lot of pounding on the conference room table as 1800CONTACTS lectures the legal lackies for which they are paying an aggregate $2,000 an hour: "I don't care if it costs us another million dollars and we take this to the United States Supreme Court, Baby Jesus came to me last night and said this is the right thing to do." Okay, I couldn't resist poaching a phrase from Will Farrell's Ricky Bobby role in the movie Talladega Nights. But you get the idea.

Throwing 1800CONTACTS a bone, the appeals court ruled that Lens.com was guilty of contributory negligence because they took too long to figure out the who and where of the actual affiliate infringement, and did not do a simple blast email to all their affiliates telling them to never EVER use 1800CONTACTS in their advertising. So this will go back to the Federal Court for another run with the bulls. But again, the actual bull-goring of 1800CONTACTS from this contributory negligence was less than the price of a used Yugo. 

Hey, it's the principle that matters! And, of course, the attorneys being able to afford country club memberships for their trophy wives and far-away private schools for the kids to keep them from ogling their stepmother's latest cosmetic surgery. How about we at least castrate the attorneys so their rancid genes can't produce more blights on humanity?  

I now return from this comic opera to again focus on the critical cyber security issues facing this fragile world. 

Thursday, August 8, 2013

If I were President Obama's Speech Writer…

The president's cancellation of his meeting with Russian President Putin is a totally reactive snit over Snowden. In Chapter 17 of Daddy's Little Felons, I wrote a speech that the President of the United States (POTUS) should have been giving all along. Here is that speech, slightly edited for President Obama
“My fellow Americans,” began the president. “As most of you are aware by now, Chinese and Russian computer systems have been attacking each other for the past three days. Virtually all services in those countries that depend upon interconnected computers have failed. What little communication that is coming from those countries is over obsolete analog phone lines and human-assisted switches. Both China and Russia are blaming each other for the attacks, and the rhetoric is becoming quite heated. It is for that reason that I wanted to take some time tonight and tell you what we know about the situation, as well as how we are trying to help both parties step back from a dangerous precipice.”
“Both Russia and China have been waging an undeclared cyber war against both public and private institutions in the United States for years. Few of their attacks made headlines until early 2009. On April 8th, The Wall Street Journal broke the story detailing how our electricity grid had been penetrated by so-called spies. A little over two weeks later, on April 21st, they carried a front-page story of spies breaking into the Defense Department’s Joint Strike Fighter project and siphoning off several terabytes of data related to design and electronics systems. Since then, the floodgates have opened and new incidents have been reported almost daily. But this is the least of what I am about to tell you, tonight.” The president clicked a remote and the screen split, with him on the left and a computer presentation screen on the right.
“According to the cyber war task force formed in 2009, every single server located in the United States, public or private, however large or small, is attacked by hackers based in either China or Russia hundreds times every day. There have been three-hundred-twenty-nine extortion attempts in the past two years from international criminals. However, those same attackers are using the identical systems our cyber war task force has identified to attack strategic defense installations and which search for specific technical information that only a well-organized and well-financed government could possibly know about.”
“Until this week, our own cyber crime laws have made it impossible for individuals or corporations to do more than put up fences. Any attempt to retaliate, to disable the attacking computer systems, is not only illegal but carries stiff penalties. We call it restraint of trade if the counter attack crosses state or international boundaries. I call it stupid, antiquated, and wrong headed in today’s globalized economy. Here, now, today, I refuse to continue penalizing people who play by the rules. Our law enforcement structures make it impossible to find and prosecute the cyber crime that dwarfs any attempt at reporting and identification.”
“Last night, my former ambassador to China made a proposal I find quite compelling. In addition, the Democratic leadership in the Senate also finds the argument persuasive. Because of current international volatility, I am sending a bill to Congress for immediate action. The sponsor, Utah Senator Orrin Hatch, is ideally suited to shepherd the bill, since he sits on the Judiciary Committee, and since the mechanics of his elegant solution will be implemented by the United States Marshals’ organization under the aegis of the Justice Department.
“First, some background. We do not, indeed we cannot, condone vigilantism in America. While the right to protect yourself from imminent death or injury is fundamental to our law, the minute you aggressively go out to retaliate against a threat or an attempted intrusion, you are breaking the law. Yet our law enforcement organizations are woefully unequipped to enforce the law on your behalf. This is reminiscent of the sorry state of our Continental Army in the Revolutionary War.”
“Our country found itself outgunned, outnumbered, out financed and just about out of rope,” continued the president. “Letters of Marque were issued to bonded and licensed privateers who attacked British shipping. Privateer-generated proceeds virtually financed the entire Revolutionary War. In fact, privateers captured ten times the number of enemy ships as the Continental Navy. The numbers may surprise you. The Continental Navy operated 64 ships, while the privateers had 1,607. The Continental Navy had 1,242 guns; the privateers had almost 15,000. The Continental Navy captured fewer than 200 enemy ships; the privateers captured and, more importantly, monetized 2,283 ships. In my opinion, the profit motive can eclipse any forces this federal government could amass, and do so almost instantly.”
“Analogies aren’t perfect, and precedents require modification. I am not proposing that modern-day privateers prey upon foreign interests for profit. But consider deputizing cyber-marshals to engage in electronic hot pursuit and destruction of hostile cyber-forces anywhere in the world. These United States Cyber Deputies would work under contract for the United States Marshal organization and under the supervision of the Department of Justice. They would be bonded but for the most part simply turned loose on our enemies. Their rules of engagement will be a work in progress, and I do not want the lack of specificity in these rules or their definition to delay this legislation. Indeed, time is of the essence.”
“The most relevant legal doctrine of national sovereignty is a 1823 statement called The Monroe Doctrine. It stated that, and I quote, any attempt by European governments to colonize land or interfere with states in the Americas would be viewed by the United States of America as acts of aggression requiring US intervention, unquote. I will therefore explain a new doctrine of digital sovereignty appropriate for this day and age.
“Any attack or attempted attack by individuals or governments on American public or private computer systems will be viewed as acts of aggression requiring immediate intervention. Period. I am implementing this via executive order today.
“Are there legal ambiguities? Unfortunately, the answer is yes. Senator Hatch gave me an excellent tutorial, which I’ve validated with legal experts in my own party. International law governing hot pursuit generally deals with oceanic chase. The legality U.S. actually pursuing Pancho Villa across sovereign borders into Mexico and Israeli capture of Adolf Eichman in Argentina is hotly debated. But notwithstanding these issues, technology and globalization of the world economy demand we take a firm stand. But our stand must be clearly articulated and based upon the rule of law.”
The president paused for effect, then continued: “Therefore, any individuals or corporations who unilaterally take it upon themselves to retaliate against attacks on their computer infrastructures are in violation of law and will be prosecuted to the full extent of current cyber crime law. Thank you and goodnight.”
Later in Daddy's Little Felons, I hyperlink to The Cyber Privateer Code of Conduct (see it here), which eliminates legal ambiguity and puts into place a tightly thought-out doctrine. The question now, Mister President, is how do you want to project American power? By dancing from foot to foot about NSA spying while Snowden gives you the raspberry from Moscow, or by letting the U.S. beacon of light shine on all the cockroaches?

Mister President, if you can't afford the $2.99 for a copy of Daddy's Little Felons, let me know when and where to send you a complimentary copy.

Sincerely yours,
Rick Bennett

Wednesday, August 7, 2013

Dystopian Data Exhaust: The Feds Are The Problem, not Snowden

Three headlines popped up today in my media aggregation analytics dashboard. First, our secret government spying operation is costing cloud vendors billions in sales internatinally (see Register story here). The second story has that very same government trying to come up with incentives for private industry to "spend more money on security" (see Computerworld story here). Finally, EVERYBODY is carring the story of President Obama canceling his summit with Russian President Putin over the granting of asylum to NASA leaker Snowden (see WSJ story here). Perhaps Wikipedia should have a photo of the White House next to their definition of "Dystopia."

The United States of Dystopia is a place where expediency trumps privacy, where secrecy shreds the Constitution, and where government leaders are more interested in saving face than in finding truly workable solutions to clothing the naked emperor of cyber security. I believe my most articulate and terse solution statement was posted on July 22nd (see it here).

Net net is that an openly stated doctrine and independently policed cyber citizenship is the only way to avoid cybergeddon.

Monday, August 5, 2013

Hackable Smart Car is a Dumb Purchase

Today's Computerworld article (read it here) detailing the Defcon hack of a 2010 Ford Escape and a 2010 Toyota Pruis makes a point I discussed two years ago (read it here): "Stuxnet payback will be a b*tch." The key vulnerability in automobile computers is really architectural, as today's story says, because:
Right now, there's no authentication when car computers communicate with each other…
Time Magazine actually killed an online story posted on March 16, 2011 (see my post here) on an "MP3-trojan car-takeover"—possibly, I speculate, because it might give bad guys good ideas. Do a Google on  "mp3 trojan car takeover" and satisfy yourself that once something goes on the net, it stays there.

My question, ever so humbly asked, is: Do you want to drive a car based on Microsoft operating technology? Think "Windows Embedded Automotive Operating System" and Stuxnet payback. Oooh, my lips go numb just reading that last sentence.

Saturday, August 3, 2013

Several Hundred of You Took Advantage of This Week's Free Offer

Thank you for taking advantage of my free offer and downloading Daddy's Little Felons this week. Now, how about some feedback? You can even write a review on Amazon. And next to your review will be the note "Amazon Verified Purchase" that lets the world know that you did indeed download the book and know whereof you speak. Note, though, that I have sent several free copies directly to reviewers, whose names will NOT show them as verified purchasers.

I personally think that ebooks with hyperlinks to relevant Web content are just the beginning of a publishing revolution. As ebook readers become smarter, there is no limit to the interactive and computational possibilities an ebook can offer.

But remember, the first and foremost job of a novelist is to entertain. Has this advertising man and closet novelist come out having learned the craft? Let me know. Also, I'm well into the sequel. Stay tuned.

Rick Bennett
August 3, 2013