- Monday, I am a scientist.
- Tuesday thru Thursday, I am an engineer.
- Friday, I am an artist.
- Weekend, I am a reader.
- The whole week, I am a student.

How do you know it's China?
By now everyone knows about the computer intrusions at Google and
Adobe. Both of these intrusions and 32 more yet to be disclosed ones
are squarly being blamed on China. As the "IT Guy" in my family I had
to explain why everyone thinks it's China? Here is a PG-13 answer to
this question.

[More detailed answers can be found on GhostNet paper and Northrop
Grumman China cyber security paper. Search for those keywords,
anywhere but Baidu.]

Internet is not built with attribution in mind. I believe, if it were
it would not be what it is today. Attributing a cyber crime comitted
over Internet is next to impossible. Law enforcement across nations
have to work together and usually the case move at the speed of the
slowest agency. Not every country gives the same priority for a crime
comitted elsewhere. So, it's sort of a lawless but fun place to hang
out and screw around in any developing nation.

China has the largest online (and offline) population on the planet.
Most of them came online when Internet is much more connected and
threats are more mature. Think your 1994 Internet access mindset in
2000. Also, piracy is quite rampant in the country so more than likely
most of these hosts are not very well protected either. Any country
with an environment like that is statistically bound to have most
numbe of infected hosts. So, yes you can blame some of these attacks
on kids havin fun or other nations using these infected hosts as
stepping stones.

In a stepping stone scenario a hacker hops from one machine to another
multiple times before reaching the actual target. Therefore, from
victim's (Google or Adobe) point of view the attack came from the last
hop but the attacker is a few more hops behind-- mostly unknown to the
victim. Usually, an intrusion for the purpose of stealing trade
secrets have two routes out of the victim. One command and control
route that has many stepping stones and may last for days or month;
And the other an exfiltration route with fewer hops because the
intruder needs to get the data back to him quickly. In the case of
Google this latter route seemed to go from Google to Rackspace to
Taiwan to ... We don't know anything about command and control route
for Google's intrusion. So far nothing points towards Chinese
government involvement. - Numbers can certainly be stacked up against
the alleged involvement of Chinese government.

Here is a quick quiz: suppose you're a petty thief or just a bloke
want to make a quick buck. If I told you with your new found exploit
you can either make $25K now or you have a very slim chance of making
$1,000,000 3-4 months down the line. Which one would you pick?
Apparently, the exploit used to break into Adobe's computers is a
previously unknown exploit (zero day or 0day) and works on all
versions of Windows and Internet Explorer. That's jackpot for any
exploit developer. It will make you famous and rich. From the use of
this exploit we can conclude the Adobe intruder took the latter
choice. Furthermore, the intruder at Google went after source code and
intellectual property instead of credit card numbers or other person
information of millions. No matter whether the intruder is kid in the
basement or an organized cyber-squadron if the stolen data ends up in
the hands of a state government the intrusion by definition is state-
sponsored (I am not a lawyer but feel free to ask one). This
definition, a healthy dose of speculation, and history of other
related incidents are why everyone's pointing their finger at China.

There are digital forensic evidence and socio-economic evidence that
can be stacked up against China as well. Some examples, of digital
forensic evidence include:
1. Just like programs we write, exploits used to break into computers
also use Software Development Kits (SDK). These kits embed information
about primary language or country code used by the computer where a
program is developed. There have been evidence of Chinese language
SDKs used for developing exploits in the past (read that Northrop
Grumman report for more detail). Gives some idea who may be behind the
keyboard.

2. Just like software developers use debuggers exploit developers use
debuggers as well. If developing a software to do something you want
it to do without bugs is difficult imagine the difficulty of making
that software to do something it's not meant to do. Debuggers often
leave lot of useful information, like variable names, strings, file
names, etc. in the program code (and exploit). If the final result is
not carefully stripped these symbols may find their way into the final
exploit. Sure, an organized state-sponsored cyber-squadron would have
a rigorous and streamlined process to get rid of these symbols. But,
they are human and they also have deadlines.

3. Most of the time origin host's IP address is not visibile on the
victims side thanks to stepping stones in the middle. Once in a while
even the most trained person may make a mistake and type in the actual
IP address only to realize "Oopps!" That has happened in the past and
most of the time the IPs belonged to China.

4. Modus operandi of the attackers are very regimented. You will
notice the term "sophisticated" and "targeted" in the news lately
which boils down to the intruder's ability to follow through with a
predetermined path (often drawn using reconnaissance) of execution.
This comes with training and structure-- often found in military.

My stop is here. I will expand on the socio-economics later.

Sent from an iPhone.

Circulation pump of our building's heater is broken and National Grid can't fix this until tomorrow (Sat) noon. Here are some things we are doing to keep ourselves warm (besides the obvious layering, etc.):

I grew up watching a lot of BBC programmes. Horizon, Panorama, Top Gear (ever since Jeremy Clarkson was a pimpled-faced-poofy-haired-adolescent), and Mastermind are some that I recall enjoying a lot. Since I moved out of BBC's reach I haven't seen much of quality TV productions, especially documentaries. I have always been very curious about BBC's production methods. How much research they do? How many people are involved in a production? How many and how long are the interviews for each program? Well, recently I stumbled on BBC's latest production called Digital Revolution. It is indeed a revolution in TV programming. The entire process is open and transparent. Online research they have done for the program is available at delicious, there is a blog that reports on the progress, a Twitter feed for your "real-time" needs, and raw, uncut film footage of interviews with web pioneers, a mashup contest of some sort using these footage, etc. The program is not finished yet but there is already amble content on their site to keep me busy. One of the interesting interviews is the one with Estonian President discussing the cyber attack on Estonia.

Entire site is worth spending some time on, so go check it out!

 

I went to bed last night trying to recall what is it that I was looking for a few days back when I thought "Umm... Google is pretty useless..." Looking back at my @kulesh I believe it must have been something to do with i18n and I recall finding what I was looking for from Stack Overflow instead.

Yesterday I found three discussions on the same topic:

• Dishwashers, and How Google Eats Its Own Tail
• Content Farms: Why Media, Blogs & Google Should Be Worried
• The End Of Hand Crafted Content
• Why Social Beats Search
• Search and the social graph

We constantly try hard to get better ranking for our content and products at Digital Assembly. Therefore, I have some vested interest in search engines and their ranking of content. More on that later.

When the keywords you're looking for return lots of advertisements on Google, rest assured the search results are pretty useless. In such cases I move on to localize my search to expert sites like Consumer Reports, Stack Overflow, and the like. Sometimes I use Google itself with site:www.example.com [my keywords] to carry on but most of the time I am on the site itself. Given that Google knows which keywords are popular among advertisers, I am sure Google can help make this process a bit easier on their users. The question is how and what can Google do that is hard to game.

Edit: Lot more conversations happening since I posted this. I have added a couple of more links above.

Every year The New York Times editors look back in their rearview mirror and pull out "the most clever, important, silly and just plain weird innovations we carried back from all corners of the thinking world."  I have missed a bunch of them this year and haven't heard about them until now. For example, did you know cows with names make more milk? Didn't think so.

Here are some of my favorites:

1. Cows With Names Make More Milk
2. The Glow-in-the-Dark Dog
3. Massively Collaborative Mathematics
4. Advertisement That Watches You, The
5. Artificial Car Noise

Here is the entire list. Certainly worth spending some time reading all of them.

I have been meaning to write this post since Thanksgiving but never got a chance. Reminded of it, again, today when I saw this little article on Washington Journal about U.S. Mint facilitating free airline miles, unintentionally of course. Here is how it worked:

At least several hundred mile-junkies discovered that a free shipping offer on presidential and Native American $1 coins, sold at face value by the U.S. Mint, amounted to printing free frequent-flier miles. Mileage lovers ordered more than $1 million in coins until the Mint started identifying them and cutting them off.

Coin buyers charged the purchases, sold in boxes of 250 coins, to a credit card that offers frequent-flier mile awards, then took the shipments straight to the bank. They then used the coins they deposited to pay their credit-card bills. Their only cost: the car trip to make the deposit.

I am surprised U.S. Mint didn't put a limit on the number of purchases per household on these items. That would have prevented this little scam.

Anyway, I was recently made aware of a risk of leaving your car with a valet that I never thought about. Whenever you leave your car keys with a valet you're essentially leaving your house key and directions to your house with the valet. Most of us leave a garage door opener in our cars and our navigators know how to get us home. All a thief has to do is hit the "Home" button on a car's navigator and he will be home and back before you! Think about it next time you leave your car keys with someone. It's almost exactly like writing down your home address on your key-chain except it is not as explicit. One way to reduce such risks is to setup a password for your cars navigator or label a friend's address as "Home" and let the friend know why you did so.

Related articles by Zemanta

• U.S. Mint to Resume Selling Some Gold Coins (online.wsj.com)
• The Count: When a Coin Doesn't Pull Its Own Weight (nytimes.com)
• Free Money From The U.S. Mint: Scheme, Scam, Or Gamble? [U.s. Mint] (consumerist.com)

[This is a copy of a previous post. I was testing Zemanta. Zemanta doesn't support Posterous; So, ended up posting this from Gmail, and had to hand-edit HTML. Defeats the purpose at the moment. Will try a few more times before quitting.]

Earlier today Google announced Google Public DNS. Change your DNS settings to use servers 8.8.8.8 and/or 8.8.4.4 to use this service. I am sure lot of people have already chimed in their analysis and opinions. For what it's worth, here is mine:

One of Steve Jobs favorite quotes is "People who are serious about software should make their own hardware" by Alan Kay. I don't know when exactly he said it but I'd say early eighties when he was at Apple. That's exactly what Apple has been doing since and it has worked well for them. Note that Apple didn't stop at hardware and software they also made languages and frameworks that help make software for their hardware; for example, Open CL and GrandCentral Dispatch.

That's the eighties and the nineties. Now if we extend Alan Kay's insight to 2010, "People who are serious about software should make their own hardware and (network) infrastructure." I believe this is exactly what Google is doing with this DNS offering.

DNS is not just name resolution. You can do wonders with and people have done wonders with it; including making it carry MP3s. It is one of the best protocols to carry meta data on the web. So, Google has its own browser, Google has its own OS, Google has its own productivity line, supposedly Google is also making its own phone (hardware). Only piece of the puzzle that's missing was infrastructure and I believe GPD is the first step towards that. It's about user experience and what you need to control to provide the best user experience.

Related articles by Zemanta

• Predictions: The Fabulous 5 for 2010 (gigaom.com)
• Introducing Google Public DNS (googleblog.blogspot.com)

I will not be posting photos to this blog/posterous. I have moved them
to photos.kulesh.org subposterous. If you're interested only in photos
please subscribe to that instead. Have a great weekend!

First responders around 18:30 on Lafaytte and South Portland (Fort Greene). Couple of trucks responding to the building on the northwest corner. Didn't see any sign of fire (or cats on any trees near by).