Virus Hits British Defences

By | November 22, 2011
0 Comment

image

I wrote a couple of weeks ago about how KL’s airport information system had been infected by a virus. I shouldn’t have gotten so het up. Turns out that the UK’s air force and navy have bigger problems.

ITV News reported on Friday that the Ministry of Defence’s computer network has been shut down “because of a mysterious virus that is causing wholesale disruption of MoD sites.” Among those affected were Royal Navy ships including the Ark Royal and RAF [Royal Air Force] bases including Brize Norton.

The Register quotes a statement from the “MoD that [s]ince 6 Jan 09 the performance of the MOD IT systems in a number of areas was affected by a virus.” The Register says “no command or operational systems had been affected, though many of these are based on similar hardware. Spokespersons also stated that “no classified or personal data has been or will be at risk of compromise” due to “pre-existing security measures”.”

This is less than a month after the Royal Navy announced it had switched its nuclear submarines to a “customized Microsoft Windows system” dubbed, snappily, Submarine Command System Next Generation (SMCS NG).

In 1998 the USS Yorktown was “dead in the water” for about two and a half hours after a glitch in its new Smart Ship system, which used off-the-shelf PCs to automate tasks sailors traditionally did manually. The mishap sunk the Smart Ship initiative, which was quietly dropped a couple of years later.

A report in Portsmouth Today said the virus had affected 75% of the navy’s ships, preventing sailors from sending email and performing tasks (like finding out how many sailors are joining the ship at its next port of call). A blog on the Ministry of Defence’s website denied a report in The Sunday Times that ‘all email traffic from a number of RAF stations has been sent to a Russian internet server’ as a result of a ‘worm virus that entered MOD systems 12 days ago’. (The report makes it appear like it was a Russian attack, which is unlikely. But I’m not sure how the MoD can be so sure that emails were not diverted in that way.)

Neither do I know how they can be sure that it wasn’t a targeted attack. As Graham Cluley of Sophos points out, it’s more likely it was human error. But aside from the issues that raises—just how many MoD computers are hooked up to the Internet, and how smart is this? What kind of antivirus software do they have installed on the computers that are?—I would prefer the MoD not to jump to the conclusion that it’s not a targeted attack.

The reason? We need to stop thinking about cyberwar and malware as two different things. Governments rarely launch cyberattacks. But individuals and gangs do—and they usually do it for a mix of nationalistic and commercial motives. This case probably is just a screw-up. But it’s foolish to discount the notion that the information that may have been gleaned—accidentally, perhaps—would prove of value to a government or an agency.

(Image above is the result of my trying to search the Royal Navy website for the word “virus”. )

Articles | MoD computers attacked by virus – ITV News

Another Facebook Hole?

By | November 22, 2011
6 Comments

(Update: Facebook have confirmed the flaw—although it’s not as serious as it looks—and have fixed it. See comments.)

The complexity of Facebook makes it likely there are holes in its privacy. But this one, if I’m right, seems to suggest that it’s possible to access someone’s private data by a social engineering trick outside Facebook.

Today I received an email invite to join Facebook from someone I’ve never heard of. Weird, firstly, because this was not someone I think I’d have known. Weird, also, because I’m already on Facebook.

image

Just to make sure, I clicked on the link to sign up for Facebook and took the option there to sign in with my existing account.

That took me to my usual Facebook page. No more mention of the dude wanting to be my friend. At no point was I given any option to let this person into my life or not.

So I Googled the guy’s name and, lo and behold, I find I’m already on his list of friends:

image

Slightly freaked out, I went back to my account to see if this person was included in my list of friends. He wasn’t.

In other words, this guy can now see all my account details, and I can’t see his. Moreover, at no point have I accepted anything. All I’ve done is click on a link that said: To sign up for Facebook, follow the link below.

What I guess has happened is what happens if you click on the profile of someone who is not a friend but has sent you a message, or asked you to be a friend. In either case, I believe, that person then gets a week’s access to your profile.

I think this is dumb. But I think it’s dangerous that anyone can email me and, if I then click on a link to check out who they are, I now cede access to my information without being able to block it, or to be able to access his Facebook profile to see what kind of person can now access my data.

The Big Chill Hits Google

By | November 22, 2011
1 Comment

So is Google, like, the new Yahoo?

Google is closing some of its services, or at least no longer supporting them. Which for me is a tad sad, since I’ve always loved prodding around inside the Googleplex, convinced that one day all these disparate services would come together in the same way Google Docs, Calendar and Gmail have. I thought Chrome would be the centerpiece of all this. Now, maybe not.

But no. Jaiku is now open source, meaning it’s not going to become Google’s competitor to twitter or anything like that. For me Jaiku had tons of potential because it seemed to understand that many of us work from our cellphone as much as our laptop. Anyway, it’s not going to happen.

Google Notebook is also on the deathlist. Another shame: While I never used it as much as I should have done, I have been busy divining a catch-all answer to everything, and the Notebook app, and its Firefox extension, was a key part of it. Google has said it’s no longer supporting it, but existing users will be able to continue to add and access their material.

The other thing they’re dumping is Google Video. It always took a back seat to Youtube, but for me that was a good thing. No inane comments, and no restrictions on file size. The result was a mostly classy collection of videos. Gone.

So what should we use instead?  Well much of what you do in Google Notebooks could as easily be done in Evernote, while others recommend Zoho Notebook. Jaiku? Well, Facebook and twitter, and I guess FriendFeed, have already moved into the space that Jaiku looked so likely to dominate, once upon a time.

I feel sorry for the guys who started Jaiku. They were an impressive and fun bunch, when you could understand them. I hope they walked away with a decent stash.

Directory of Distraction-free Writing Tools

By | November 22, 2011
7 Comments

(2009 June: added two no delete editors)

Editors

A working list of tools to reduce writers’ distraction. I’ve been using some of them for a while; I was inspired by Cory Doctorow’s latest post on the matter to collect what I could together. All are free unless otherwise stated. 

No backspace/delete editors

Typewriter “All you can do is type in one direction. You can’t delete, you can’t copy, you can’t paste. You can save and print. And you can switch between black text on white and green on black; full screen and window.” Freeware, all OS.

Momentum Writer Same idea, really. “Momentum Writer is the ultimate tool for distraction-free writing. Like a mechanical typewriter, users are prevented from editing previously written text. There are no specific formatting options, no scrolling, deleting, or revisions. Momentum Writer doesn’t even allow you to use the backspace key. Momentum Writer forces you to write, to move forward, to add new words. It halts the temptation to linger, revise, and correct. Momentum Writer is a typewriter for your PC.” Freeware, for Windows.

Multiplatform

JDarkroom (works on Windows, Macs and Linux, thanks. Tris): “simple full-screen text file editor with none of the usual bells and whistles that might distract you from the job in hand.”

Windows

TextEdit (there seems to be a Mac product of the same name. The Windows website is under reconstruction so I can’t grab a description, but downloads are available.)

NotePad ++ “a generic source code editor (it tries to be anyway) and Notepad replacement written in c++ with win32 API. The aim of Notepad++ is to offer a slim and efficient binary with a totally customizable GUI.”

EditPad “a general-purpose text editor, designed to be small and compact, yet offer all the functionality you expect from a basic text editor. EditPad Lite works with Windows NT4, 98, 2000, ME, XP and Vista.” Lite is free; Pro is $50

PSPad code editor

And some so-called ‘dark room apps’ which blank out the outside world:

WestEdit “a full screen, old-school text editor and typewriter. No fuss, no distractions – just you and your text.”

Dark Room: “full screen, distraction free, writing environment. Unlike standard word processors that focus on features, Dark Room is just about you and your text.”

Q10: “a simple but powerful text editor designed and built with writers in mind.”

Mac

TextMate: “TextMate brings Apple’s approach to operating systems into the world of text editors. By bridging UNIX underpinnings and GUI, TextMate cherry-picks the best of both worlds to the benefit of expert scripters and novice users alike.” ($54)

The Mac dark room is WriteRoom “a full-screen writing environment. Unlike the cluttered word processors you’re used to, WriteRoom is just about you and your text.” ($25)

GNOME etc

image

gedit

Distraction reducers

Write or Die: “web application that encourages writing by punishing the tendency to avoid writing. Start typing in the box. As long as you keep typing, you’re fine, but once you stop typing, you have a grace period of a certain number of seconds and then there are consequences.”