Tag Archives: Soni Kabushiki Kaisha

Did Prolexic Fend Off Anonymous’s Sony Attacks?

Prolexic, a company that defends clients against Distributed Denial of Service (DDoS) attacks, says it has successfully combatted the “Largest Packet-Per-Second DDoS Attack Ever Documented in Asia”:

“Prolexic Technologies, the global leader in Distributed Denial of Service (DDoS) mitigation services, today announced it successfully mitigated another major DDoS attack of unprecedented size in terms of packet-per-second volume. Prolexic cautions that global organizations should consider the attack an early warning of the escalating magnitude of similar DDoS threats that are likely to become more prevalent in the next 6 to 8 months.”

Although it describes the customer only as “an Asian company in a high-risk e-commerce industry” it could well be connected to the recent attacks on Sony by Anonymous. A piece by Sebastian Moss – The Worst Is Yet To Come: Anonymous Talks To PlayStation LifeStyle — in April quoted an alleged member of Anonymous called Takai as reacting to unconfirmed reports that Sony had hired Prolexic to defend itself (Sony Enlists DDoS Defense Firm to Combat Hackers):

“It was expected. We knew sooner or later Sony would enlist outside help”. Pressed on whether Anonymous would take out Prolexic, Takai showed confidence in the ‘hacktavist’s’ upcoming retaliation, stating “well, if I had to put money on it … I’d say, Prolexic is going down like a two dollar wh*** in a Nevada chicken ranch  ”. He did admit that the company “is quite formidable” and congratulated “them for doing so well”, but again he warned “We do however have ways for dealing with the ‘Prolexic’ factor”.

The website also quoted Anonymous members expressing frustration at the new defences, but that they appeared to be confident they would eventually prevail. That doesn’t seem to have happened.

Prolexic’s press release says the attacks had been going on for months before the client approached the company. The size of the attack, the company said, was staggering:

According to Paul Sop, chief technology officer at Prolexic, the volume reached levels of approximately 25 million packets per second, a rate that can overwhelm the routers and DDoS mitigation appliances of an ISP or major carrier. In contrast, most high-end border routers can forward 70,000 packets per second in typical deployments. In addition, Prolexic’s security experts found 176,000 remotely controlled PCs, or bots, in the attacker’s botnet (robot network). This represents a significant threat as typically only 5,000-10,000 bots have been employed in the five previous attacks mitigated by Prolexic.

It does not say why it considers the attack over, now gives any timeline for the attack. But if it is Sony, it presumably means that Anonymous has withdrawn for now or is preoccupied with other things. Prolexic, however, is probably right when it warns this is a harbinger of things to come:

“Prolexic sees this massive attack in Asia with millions of packets per second as an early warning beacon of the increasing magnitude of DDoS attacks that may be on the horizon for Europe and North America in the next 6 to 8 months,” Sop said. “High risk clients, such as those extremely large companies in the gaming and gambling industries in Asia, are usually the first targets of these huge botnets just to see how successful they can be.”

The Proud Legacy of the New Web

My weekly column for the Loose Wire Servce.

A few things I had to do this week brought me to the same conclusion: Companies that don’t get simplicity are struggling.

First off, I have been writing a paper on social media. What we used to call Web 2.0, basically. Now that everything we do is Web 2.0 it’s kind of silly to call it that. And nerdy. But next time you use Facebook, or Twitter, or any web service that uses a clean, simple interface—nothing ugly, no bullying error messages—then you can thank Web 2.0.

Every time you are pleasantly surprised when the service you use—for free—adds more cool features and doesn’t try to sting you for it, thank Web 2.0.

Web 2.0 made things simpler, more user-centric. Its principles were share, create, collaborate (against the old world’s hoard, consume, compete.)

If you want to read more on this, download the Cluetrain Manifesto, a book written by a cluster of visionaries. A great read and a sort of call to arms for the Web 2.0 generation.

We know this. Researching the paper reminded me of just how influential Web 2.0 has been. But everything else I’ve done this week has reminded me how few companies still don’t get it.

First off, I had to set up a mailing list. You know, sending out lots of emails to people. It’s fiddly if you want to do it right. Before, you’d download software and painstakingly fiddle with spreadsheets and stuff.

Now you can do it online. But not all online services are alike. I tried one, Constant Contact (which doesn’t, actually. sound that appealing a concept. Sounds like an STD or one those annoying kids who follow you around at school.)

ConstantContact was OK, I suppose. But it was fiddly. No way was this going to be fun. Then I tried something called MailChimp. The look and feel of the site was pure Web 2.0. Big buttons, nice colors, the sort of site that makes you want to get yourself a coffee and browse around.

Sure enough, the whole thing was not only a breeze, but a joy. Not perfect—they like their simian jokes, those guys at MailChimp–but so different it brought home how Web 2.0 isn’t a set of tools but a mindset. “How can we make this easier, and fun? And cheaper?”

That was the first experience. Then I had to set up an email account on Microsoft’s online corporate web service, called Outlook Web Access (known as OWA.) The acronym should have given that away. OWA, as “Oh er” or “whoa”. After five years of Gmail using this was like going back to typewriters. And not in a good way.

Clunky, ugly, lots of annoying “Are you sure you want to do this?” type messages.

It was hell. A real reminder of what email was before Google got hold of it. (And, sorry, Yahoo!, but you’re still stuck in the slow lane. I tried your web mail offering again but it wouldn’t let me send half the emails I wanted, instead accusing me of spamming. Sending six emails makes me a spammer? That makes you my ex web mail provider.)

It’s not that Gmail is wonderful. But it’s simple. And it adds features before you’ve had time to think them up yourself. It strives to get out of your way and let you get on with stuff. Very Web 2.0-ey.

Then I had to buy a video camera. It was then I realized that Web 2.0 wasn’t just about software.

I got one of those Flip video cameras three years ago. I loved it. Barely three buttons on the thing, and perfect. An antidote to complicated video cameras and smart phones that require a PhD to use. Web 2.0 on a stick.

So I went looking for a replacement. Flip has been so popular it’s a) been bought out, and b) has lots of competitors. Even Sony have one. Yes, the guys who brought you the Walkman now offer you something called the bloggie PM5, which is basically what the Sony design people think is a better Flip.

Only it’s not. It’s Sony’s view of the world, and it’s striking how anachronistic it looks.

At first blush it’s smart. The lens swivels so you can see yourself videoing yourself. Which is good. But that’s the only thing good about it.

It’s heavy. The buttons are too many in number and aren’t intuitive—I couldn’t even find the volume adjuster, and nor could the guy in the shop—and it has all the things that reminded me why I’d never buy anything from Sony again. A proprietary USB cable slot—so you can only use a Sony cable with it. Their own memory card, which means you can’t use your other memory cards like the increasingly popular SD one.

(Oh and it only records for 30 minutes at a time. Not that the manual tells you that.)

In other words, Sony talks about the bloggie-ness of their bloggie, where you can share all your stuff on Facebook and YouTube, but still doesn’t get the bigger picture: That the Flip was supposed to make all this stuff simple. Open, fun, collaborative, about the moment rather than the fiddling. And no more closed shop. No more trying to sucker you into buying more of their stuff.

I haven’t talked about Apple in all this because the jury’s out on them. They definitely make things easier to use, but they’re still proudly disdainful of everyone else—including, I suspect, their customers. Their products are a joy to use, but I think the Cluetrain passed their stop.

So Web 2.0 is a state of mind. It’s something we should demand of all our interactions with products, services, companies, officials. Simplicity. Put yourselves in the user’s shoes. Don’t put up road blocks. Make using your product, if not a joy, then at least not a pain.

Sony, Yahoo!, Microsoft, print that last paragraph out and make a banner out of it. I guarantee it’ll work wonders for you.

Lost in the Flow of The Digital Word

my weekly column as part of the Loose Wire Service, hence the lack of links.

By Jeremy Wagstaff

A few weeks ago I wrote about the emergence of the digital book, and how, basically, we should get over our love affair with its physical ancestor and realize that, as with newspapers, rotary dial phones and reel-to-reel tape decks, the world has moved on. Digital rules, and ebooks now make more sense than papyrus.

Not everyone was happy. My bookseller friends won’t talk to me anymore, and don’t even mention my author ex-buddies. One person told me I was “brave” (I think he meant foolhardy) in saying something everyone else thought, but didn’t yet dare mention.

But the truth is that a lot of people have already moved on. Amazon is now selling more ebooks than hardbacks. It’s just about to bring out a Kindle that will sell for about $130. When it hits $100—by Christmas, probably—it’s hard not to imagine everyone getting one in their stocking.

By the end of next year, you’ll be more likely to see people reading on a digital device than a print version. Airlines will hand them out at the beginning of the flight instead of newspapers, along with a warning during the security demonstration not to steal them. (I was on a flight the other day that reminded people it was a serious offence to steal the lifejackets. What kind of people take planes and then steal the one thing standing between them and a watery grave?)

But what interests me is the change in the pattern of reading that this is already engendering. (The ereading, not the theft of flotation devices.) I go to Afghanistan quite a bit and it’s common to see Kindles and Sony eBook Digital Book Readers in the airport lounge. Of course, for these guys—most of them contractors, aid workers or soldiers—the ereader makes a lot of sense.

There are indeed booksellers in Kabul but it’s not exactly a city for relaxed browsing, and lugging in three or four months’ worth of reading isn’t ideal—especially when you can slot all that into one device that weighs less than a hardback, and to which you can download books when you feel like it.

Those who use Kindles and similar devices say that they read a lot more, and really enjoy it. I believe them. But there’s more. Amazon now offers applications for the iPhone (and the iPad) as well as the Android phone and the BlackBerry. Download that and you’re good to go. 

The first response of friends to the idea of reading on a smart phone is: “too small. Won’t work.”

Until, of course, they try it. Then opposition seems to melt away. One of my Kabul colleagues, no spring chicken, reads all his books on his iPhone 4. When the Android app came out a few weeks ago I tried it on my Google Nexus One.

And that’s when I realized how different digital books are.

Not just from normal books. But from other digital content.

I look at it like this: Written content is platform agnostic. It doesn’t care what it’s written/displayed on. We’ll read something on a toilet wall if it’s compelling enough (and who doesn’t want to learn about first-hand experience of Shazza’s relaxed favor-granting policies?)

We knew this already. (The fact that content doesn’t care about what it’s on, not how Shazza spends her discretionary time.) We knew that paper is a great technology for printing on, but we knew it wasn’t the only one. We also knew the size of the area upon which the text is printed doesn’t matter too much either. From big notice boards to cereal packets to postage-stamps, we’ll read anything.

So it should come as no surprise that reading on a smartphone is no biggie. The important thing is what Mihály Csíkszentmihályi defined as flow: Do we lose ourselves in the reading? Do we tune out what is around us?

Surprisingly, we do. Usually, if I’m in a queue for anything I get antsy. I start comparing line lengths. I curse the people in front for being so slow, the guy behind me for sneezing all over my neck, the check-in staff for being so inept.

But then I whip out my phone and start reading a book and I’m lost. The shuffling, the sneezing, the incompetence are all forgotten, the noise reduced to a hum as I read away.

Now it’s not that I don’t read other stuff on my cellphone. I check my email, I read my Twitter, Facebook and RSS feeds. But it’s not the same. A book is something to get absorbed in. And, if you’re enjoying the book, you will. That’s why we read them.

So it doesn’t really matter what the device is, so long as the content is good (and this is why talk of turning ebooks into interactive devices is hogwash. All-singing, all-dancing multimedia swipe and swoosh is not what flow is all about—and what books are all about.)

This is what differentiates book content from other kinds of digital content. We’re actually well primed to pick up the thread of reading from where we left off—how many times do you notice that you’re able to jump to the next unread paragraph of a book you put down the night before without any effort? Our brains are well-trained to jump back into the narrative threat a book offers.

There’s another thing at work here.

Previously we would only rarely have considered picking up a book to read for short bursts. But the cellphone naturally lends itself to that. You’ll see a few people in queues reading physical books, but the effort required is often a bit too much. It looks more defiantly bohemian than cozy. Not so with the phone, which is rarely far from our grasp.

This is one reason why friends report reading more with these devices. They may carve the process into smaller slices, but the flow remains intact.

And one more thing: The devices enable us to keep several books on the go at once. Just as we would listen to different music depending on our mood, time of day, etc, so with books we switch between fiction and non-fiction, humor, pathos, whatever. Only having a pile of books in your bag wasn’t quite as practical as having one by your bedside.

Now with ebooks that’s no longer an issue.

This is all very intriguing, and flies in the face of what we thought was happening to us in our digital new world: We thought attention spans were shrinking, that we weren’t reading as much as before, that we were slaves to our devices rather than the other way around.

I don’t believe it to be so. Sure, there are still phone zombies who don’t seem to be able to lift their gaze from their device, and respond to its call like a handmaiden to her mistress. But ebooks offer a different future: That we are able to conquer distraction with flow, absorb knowledge and wisdom in the most crowded, uncivilized of places, and, most importantly, enjoy the written word as much as our forebears did.

Praise be to Kindle. And the smart phone.

Vista: Preloaded With Gunk

My colleague Walt Mossberg writes a scathing piece about preloaded Vista machines; definitely worth a read. I’m trying installing Vista on a virgin machine, and the experience isn’t much better so far.

clipped from ptech.wsj.com

I have set up many computers over the years, so I wasn’t shocked that the out-of-box experience was less than ideal. Still, I was struck by just how irritating it was to get going with the new Sony Vaio SZ laptop I bought about 10 days ago. It was the first new Windows machine I’d bought in a few years, because I had been waiting for Microsoft’s new Windows Vista operating system. I was amazed that the initial experience is still a big hassle.

Journalists’ Phobia of Digital Recorders

The AP picture that accompanies this OPEC story says it all: Journalists still don’t seem to have switched from cassette recorders to digital, even though prices have dropped amazingly in the past five years and features risen impressively. (I’ve just bought an Olympus DS-20 for a quarter of the price I paid for a DM-1 back in 2001.)

OpecThere’s one, possibly four, digital recorders in this picture (the mic dangling on the left might be attached to one, and there’s possibly one over Mr Daukoru’s left shoulder. Another might be below the Sony relic in the bottom right. But they’re definitely outnumbered by the cassette and micro cassette recorders. OPEC meetings are big news for financial news services, so these journalists would be measuring their success or failure in getting the story to screens in seconds.

I think part of the reason is that journalists are crusty types who prefer to stick with what they know. But there are more compelling reasons that may simply make digital recorders less useful than the old cassette, and, given that journalists would seem to be the biggest single market for these devices, I would have thought Olympus, Sony et al would do well to ponder them:

  • cassette tapes are easier to wind forwards and backwards, scanning (or cueing) through the tape as it plays. This is done at a standard speed, with enough of the audio audible, so to speak, for the listener to get a pretty good idea of where they are in the recording. This is vital for the journalist, who may need to find that Edmund Daukoru quote about getting out of autopilot before the other guys do. Digital recorders do offer this feature, but not having a visual clue (the tape spool itself) and the varying speed of the forward/backward wind (my Olympus apparently jumps in three- and then 15- and then minute-long- increments when you hold the FF or REW buttons down) makes it hard to find what you’re looking for quickly;
  • digital recorders let you transfer your recordings to a computer, where it’s easy to store them (and easier to transcribe them.) I suspect few journalists do this because they’re in a hurry, they don’t always work from the same computer, and, probably, their tech staff won’t allow them to install external software on their PC. The other issue is that it may just be easier to keep a pile of cassettes in your drawer in chronological sequence as a record of your work, so if, say, you’re hauled to court you can easily find the interview in question. Journalists are living proof that just because something is made easier, it may not be more convenient.
  • another issue is that news organizations usually provide the recorders that journalists use, and I’m guessing they’re not over-anxious to increase their budget for such a trivial article. On top of that, a tape recorder is often left next to a speaker, or on a podium, and you never know when a light-fingered colleague may take a shine to your svelte device.
  • often the internal speakers on these digital devices are not as powerful as those on their analog forebears. Journalists can’t be bothered with earpieces, so that’s another turnoff.

To me these problems are quite easy to fix. And better positioning of the indexing button on digital devices (which allow the user to mark a certain point on the recording for easy return to later would help. Most often times the button is either too small or not easily distinguishable from other buttons (and so raises the danger of pressing “stop” instead of “index”) for it to be a viable option.)

A better option altogether would be the incorporation of gun microphones into the body of the recorder, so a user could point it across the room and pick up the speaker clearly without having to join the scrum. That’s what I’d call an advance.

Footnote: A much better approach, of course, would be to include a record function into the cellphone (as some do have, and have had for 10 years; my first cellphone, a Panasonic, had quite a generous record time) so that reporters can point their phone at the subject, both recording his words and sending them back to a colleague who could bash out the appropriate quotes directly. In fact, I thought most such doorstops were covered this way nowadays. Apprently not.

Suspected Fraudsters Behind the Sony DRM Virus Arrested

Three men have been arrested in the UK and Finland following an investigation into internet fraud. The three are a motley bunch, according to The Sunday Times: a 63-year-old from England, a 28-year-old from Scotland and a 19-year-old from Finland. Together they are alleged to have formed a gang called M00P. They are accused of being behind a virus known as Ryknos, Breplibot or Stinx-Q, which apparently allowed the gang access to commercial information through a back door. Thousands of computers, most of them in the UK, were infected. Infection here means total control over the computer in question. The virus was first spotted in November 2005.

What’s particularly interesting about this, and doesn’t seem to be mentioned in the mainstream press, is that the virus used a vulnerability created by Sony’s much despised DRM copy-protection software — a program installed as part of software to play Sony’s CDs on computers, but which would secretly install extra code designed to protect the CD from being copied beyond a limited number of times. The virus basically piggybacked the hole left by Sony’s software, so unless users who had installed Sony’s software had removed it, they were at the virus’ mercy.

The virus was well targeted and used clever social engineering tricks. It was tailored to businesses, disguised as a requested update for a photo attached to an email that read, in part, “Hello, Your photograph was forwarded to us as part of an article we are publishing for our December edition of Total Business Monthly. Can you check over the format and get back to us with your approval or any changes? If the picture is not to your liking then please send a preferred one. We have attached the photo with the article here.” Who’s not going to click on that? I know I nearly did.

If those detained were involved, it’ll be interesting to hear what they’ve got to say about the Sony rootkit (which has long been abandoned. Great piece on the saga by Wade Roush in this month’s Technology Review.

The End of the Sorry Sony Saga?

Sony to recall copy-protected CDs, according to the BBC:

Sony BMG is recalling music CDs that use controversial anti-piracy software. The software was widely criticised because it used virus-like techniques to stop illegal copies being made.

Widespread pressure has made the music giant remove CDs bearing the software from stores. It will also swap bought CDs for copies free of the XCP anti-piracy software. Sony is also providing software to make it easy to remove the controversial program from Windows computers.

Will Sony ever recover from this? Probably, but it’s not going to be easy. Hopefully they’ll think hard and long about this whole sorry episode. Well done, bloggers, for making this story gain traction.

The Smell of Sterile Burning

There’s a growing noise about Sony’s apparent attempt to install digital rights management software usually associated with bad guys trying to maintain control of a compromised computer: Mark’s Sysinternals Blog: Sony, Rootkits and Digital Rights Management Gone Too Far:

The entire experience was frustrating and irritating. Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files.

While I believe in the media industry’s right to use copy protection mechanisms to prevent illegal copying, I don’t think that we’ve found the right balance of fair use and copy protection, yet. This is a clear case of Sony taking DRM too far.

The comments below Mark Russinovich’s post reveal not only growing frustration with such clumsy attempts to control what users do with CDs they buy from legitimate sources, but it may also prompt a class-action suit against the company in the U.S. since early versions of the End User Licence Agreement on the software may not have covered such software installation. A representative of SF-based Green Welling LLP has posted a comment asking to hear from “any California residents that have experienced this problem before the EULA was changed. We have looked at many DRM cases and Sony went too far with this particular scheme”. (The End User License Agreement originally, according to Russinovich, made “no mention of the fact that I was agreeing to have software put on my system that I couldn’t uninstall”.) Bruce Schneier asks whether Sony may have “violated the the Computer Misuse Act in the UK? If this isn’t clearly in the EULA, they have exceeded their privilege on the customer’s system by installing a rootkit to hide their software.”

Sony deny that their software is malware or spyware: Their FAQ says “the protection software simply acts to prevent unlimited copying and ripping from discs featuring this protection solution. It is otherwise inactive. The software does not collect any personal information nor is it designed to be intrusive to your computer system. Also, the protection components are never installed without the consumer first accepting the End User License Agreement.”

According to eWeek, the technology has a name: ‘sterile burning’. And it’s built by a British company called First 4 Internet, whose CEO, Mathew Gilliat-Smith, is quoted as saying it’s not a rootkit but part of a copy protection system designed to balance security and ease of use for the CD buyer. First 4 Internet call it XCP for Extended Copy Protection which “aims to provide effective levels of protection against the unauthorised copying of digital audio and data files without compromising sound quality and playability. XCP helps to protect the rights of Artists and Record Labels while accommodating consumer needs for ‘fair use’ copying.” More specifically, it

protects the content of an audio disc without compromising playability or quality. By using a range of methodologies, including the construction of multiple protection layers, limiting the ROM player accessibility to the provided player software and encapsulating the Red Book audio content, XCP can be used by content owners to help protect digital content from unauthorised copying.

It was first shipped by Sony BMG in March. A new version has been developed with features which, eWeek says, “respond to many of the questions Russinovich raised in his analysis” and will be available in new Sony BMG CDs. But will it be too late by then? Who in their right mind would risk buying a Sony BMG CD?

More On Fingerprint Readers

This week’s WSJ.com/AWSJ column (subscription only, I’m afraid) is about biometric fingerprint readers. Microsoft’s new offering seems to have reinjected some vigour into an otherwise obscure corner of the market.

As I say in the column, I’m not convinced that fingerprint scanners are the way to go, not least because of tested methods of fooling them, not least with Gummi Bears.

Anyway, beyond the products reviewed in the column, I’ve found a couple more:

  • The USB Fingerprint Reader from Taiwan’s Billionton, which seems to do what the others do, at around the same price (I saw on in Singapore’s Sim Lim Square for S$98, or about $60);
  • The Targus DEFCON Authenticator which includes OmniPass software, the same interface that is used by the APC model mentioned in the column. This I saw selling for about S$80, or about $50; integrated with the reader is a two-port USB hub which is a nice tweak.

I’ve found the one I’m using most is the Sony Micro Vault USM-C, which does a pretty good job of keeping nosey folk out of my computer, but can also store important files, encrypted and accessible only to people with my fingers, and/or Gummi Bears.