Odd new form of malicious spam

Malicious email

 I received the email displayed at the right. While Larry Grinnell is indeed a friend of mine who sends me email, the sender's email address was not his. This is one of several emails I've received, all extremely brief, and all with the exact same, format. The Subject line contains an exclamation. The body text contains my name and a single URL. I started saving them and experimenting with the URLs.

The first URL led to a place in Russia that displayed a weight-loss ad. I used a VM running Chrome to open it. When I used the same VM to open the more recent one (shown above) the VM crashed. I expected that. What I didn't expect was for it to take my whole desktop down, too. 

Post category: 

Rejecting the Licensing Culture

Copyright symbol

Have you ever replied to an email message by including the sender's email message? Did you ask for a license first?

I'm sorry, but you are guilty of copyright infringement, and may be liable for prosecution, as lovingly explained whenever we watch a prerecorded video.

Yes, it's true. Copyright is completely out of control in this country. It all started with "copyright reform" in 1976 and it's only gotten worse. Cautious publishers collect permission for EVERY image, photo, or quotation that might come from somewhere else. Never mind the notion of "fair use;" many publishers pretend it doesn't exist.

As a teacher, I rely heavily on "fair use" exemptions. Some classroom materials have a clear and simple licensing regime, but a lot of things are just "out there" without a clear process for licensing. It seriously interferes with education and even free speech when everything needs a license.

Wordpress tag: 
Post category: 

GUIs: Control, Conveyance, Continuity, and Context

Windows 8 Animated EvaluationI'm a sucker for basic principles distilled into pithy prescriptions.

A freelance writer, Brian Boyko, has distilled the basic features of graphical user interfaces (GUIs) into four principles: Control, Conveyance, Continuity, and Context. He uses them to structure a well-reasoned though shrill critique of Windows 8

I've just checked a few of my favorite usability resources (Don Norman, Alan Cooper's About Face, Ben Shneiderman), plus a bit of Googling, and I can't find a "recognized GUI authority" who reduces the problem to these four aspects.

Even so, I think Boyko has hit on something good. When I tried to distill a modern set of security-relevant design principles for my textbook, I had no concise statement about usable security that was backed up by extensive industry practice. In other words, there are accepted design principles for security, but not for usable security. There are a lot of principles that outline what's nice to have, but none that trump security traditions (like impossible-to-memorize passwords).

Post category: 

Quantum Computations, Crypto, and Chicken Little

UCSB qbit processorYet again, the sky is falling.

Researchers at UCSB have demonstrated a "quantum processor" that correctly operates "Schor's algorithm for factoring primes" all of 48% of the time (Photo left, courtesy of UCSB). This has produced all sorts of dire predictions about existing cryptographic mechanisms. 

This is nonsense. We don't know enough about quantum computing to believe that a practical quantum computer architecture can follow Moore's law. And so-called "quantum cryptography" is not the answer.

Post category: 

Cyber Security Self Study

NSTISSI 4011 trainingI've deployed my training program at eisec.us

Students can earn CPE credits and a US Government-endorsed training certificate in information security. They study the textbook (Elementary Information Security, of course), discuss topics with me on the book's discussion forums if they want, and take on-line tests on the material. Once they pass all exams, they earn the certificate.

Post category: 

Drupal Feed Importer Failures

Modern web site software - like Drupal - simply provides a web-based front end to a database. For a traditional web site, the front end retrieves articles and formats them on HTML pages. A more sophisticated web site allows more sophisticated access to the database.

If we embrace this vision, we build a new web site by importing databases. On Drupal, that means we use the Feed Importer. I have finally gotten the Feed Importer to work, after several hours of banging around.

Wordpress tag: 
Post category: 

A really simple Drupal 7 example module

DrupalA couple of months back I attended DrupalCamp Twin Cities, to try to improve my understanding of Drupal. It was a good event and, thanks to an enlightening talk by Tess Flynn, I now see how the incoming path is converted into code execution. 

This week I took the next step: I wrote the simplest possible Drupal 7 module from scratch. Although I had several examples to work from, it took several attempts to get things right. And now, here it is: Rick's Testie Drupal 7 Module (zip file). 

Wordpress tag: 
Post category: 

Information Security Self-Study Program

I am putting together a self-study program for working through my textbook Elementary Information Security. 

When deployed, the program will give readers an opportunity to earn an NSTISSI 4011 training certificate, with the CNSS seal, via self-study. The program will break each chapter into two parts to be studied, and provide an on-line test to verify the reader's awareness of each part. Each successfully completed part should also qualify the student for 3 hours' worth of continuing professional education (CPE) credit. 

Wordpress tag: 
Post category: 

Drupal 7 Conversion - Finally!

Drupalcon Chicago 2011Drupal 7 was released for "production" a little over a year ago at the Drupalcon Chicago. Upon returning from that event, I put a week or so into trying to convert from Drupal 6 to Drupal 7. This produced a series of disappointed-sounding blog entries as my attempts failed. I kept trying every few months, hoping that a new D7 release, or an improvement in my Drupal skills, would yield success.

I've finally succeeded.

I implemented an AMP stack on my Mac. "AMP" means "Apache," "MySQL," and "PHP;" it required me to install MySQL and hook it all together. Then I moved the laborious conversion process to my desktop. My efforts succeeded a few weeks ago, but I was stymied when I tried to deploy the converted site onto my GoDaddy hosting. I finally tracked the problem down - where else - in the .htaccess file defaults.

Wordpress tag: 
Post category: 

Earning IACE Certification Using a Certified Textbook

CNSS certified to conform to NSTISSI 4011The U.S. government certifies courses of study in information security under the Information Assurance Courseware Evaluation (IACE) program. If a course is certified under one of the approved standards, then students are eligible to receive a certificate that carries the seal of the U.S. Committee on National Security Systems (CNSS, left) to indicate they have completed an approved course of study.

My new textbook, Elementary Information Security, has just earned certification that it conforms fully to the CNSS national training standard for information security professionals (NSTISSI 4011).

It can be challenging for an institution to get its course of study certified. Many of the topics are obvious ones for information security training, but others are relatively obscure. Several topics, like TEMPEST, COMSEC, and transmission security, have lurked in the domain of classified documents for decades.

This new text provides a comprehensive and widely available source for all topics required for NSTISSI 4011 certification. An institution can use the textbook along with the details of its NSTISSI 4011 topic mapping to establish its own certified course of study.

Post category: 

Pages

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer