Netizens-Digest Tuesday, April 1 2003 Volume 01 : Number 450 Netizens Association Discussion List Digest In this issue: Re: [netz] Somewhere to get news [netz] Can this be netizenship? Re: [netz] Somewhere to get news Re: [netz] Can this be netizenship? Re: [netz] Can this be netizenship? Re: [netz] Can this be netizenship? Re: [netz] Can this be netizenship? ---------------------------------------------------------------------- Date: Tue, 1 Apr 2003 11:17:42 -0500 (EST) From: lindeman@bard.edu Subject: Re: [netz] Somewhere to get news Howard, > I'm not a political scientist although I have been known to play one > on TV. :-) Could you suggest better terminology for the > reconciliation of information from a set of (usually secondary) > sources that have either open or subtle biases? I'll gladly accept a > better term. As for myself, I cringe at both "lefty" and "righty" > rhetoric. No facetiousness intended, but better than what? [Jay's terms weren't intended to convey this meaning, if I read rightly.] The historians would probably call it "source analysis," which seems OK to me at a high level of generality. [big snip on intelligence analysis, etc.] > In networking, one of the formative research studies was Radia > Perlman's doctoral dissertation on decision formulation in the > presence of partially errored data. This is available online from the > MIT Laboratory of Computer Science as Technical Report > MIT/LCS/TR-429, although the URL is escaping me. I can send a PDF if > need be. Her research, "Network Layer Protocols with Byzantine > Robustness," builds on a principle in high-availability system design > that shows that simply increasing redundancy does not improve, and > may decrease, reliabiity, if the underlying control information is > not completely trustworthy. In other words, the Goebbels-style "big > lie" technique has no place in information theory. This reminds me of critical responses to the Condorcet jury theorem. The CJT basically holds that, if an individual's probability of being correct about something is greater than 0.5, then a majority's probability of being correct approaches 1 as the number of people voting increases. Unfortunately, if the individual Ps, or many of them, are _less than_ 0.5, this felicitous result no longer obtains. > >Personally (I can't speak for Jay), right now I'm more interested in > >what could > >be called subjective information -- exploring the political ramifications > of > >the war. > > May I interpret that to mean the interaction of communications on the > political process in general, or are you also thinking of matters of > ideology and content? The former would suffice; I'm not quite sure what you mean by "matters of ideology and content," but it sounds more subtle than I often have time to get. > If you refer to such things as a rectangle with an X in it, those are > standard military symbols. Yeah, just really big -- and I can't tell whether that size is signal or noise. (I.e., does it represent the area that the forces could cover and/or the uncertainty in placement?) > But this is a very high-level map. Yes, right, I haven't seen anything at the city level -- not that I've looked. Mark ------------------------------ Date: Tue, 01 Apr 2003 11:55:46 -0500 From: "Howard C. Berkowitz" Subject: [netz] Can this be netizenship? If the threat of hacktivism I quote below materializes, and I consider it credible because there have been similar attacks from the same country, is this activity "protected speech" within the context of Netizenship? Is it equivalent to a march that shuts down access, which may or may not be protected speech? I claim it is not, and, indeed, is interference with the value of the net in the political process. If I am correct, at least at the policy level, how should Netizens react? I can also get into technical countermeasures, but that's another level of detail. At 10:14 AM -0500 4/1/03, Declan McCullagh wrote: >Date: Mon, 31 Mar 2003 17:09:39 -0500 >From: Robert MacMillan >To: declan@well.com > >Hi Declan - We just ran this a little while ago - > >http://www.washingtonpost.com/wp-dyn/articles/A60363-2003Mar31.html > > >Feds: Chinese Hack Attacks Likely > > >By Brian Krebs >washingtonpost.com Staff Writer >Monday, March 31, 2003; 3:27 PM > > >Chinese hacker groups are planning attacks on U.S.- and U.K.-based Web >sites to protest the war in Iraq, the Department of Homeland Security >warned in an alert that it unintentionally posted on a government Web >site today. > >The hackers are planning "distributed denial-of-service" attacks, >which render Web sites and networks unusable by flooding them with >massive amounts of traffic. They also are planning to deface selected >Web sites, according to the alert, though the government said it did >not know when the attacks would occur. > >The Homeland Security Department said it got the information by >monitoring an online meeting that the hackers held last weekend to >coordinate the attacks. > >The department sent the alert to government and industry officials >over the weekend, but accidentally posted the link this morning on the >homepage of the National Infrastructure Protection Center (NIPC). The >alert was pulled early this afternoon. > >Homeland Security Department spokesman David Wray said the information >was not supposed to be released to the public. "This was an >inadvertent release and the information -- while not classified -- is >sensitive," he said. >... [snip] > > >------------------------------------------------------------------------- >POLITECH -- Declan McCullagh's politics and technology mailing list >You may redistribute this message freely if you include this notice. >To subscribe to Politech: http://www.politechbot.com/info/subscribe.html >This message is archived at http://www.politechbot.com/ >Declan McCullagh's photographs are at http://www.mccullagh.org/ >Like Politech? Make a donation here: http://www.politechbot.com/donate/ >------------------------------------------------------------------------- ------------------------------ Date: Tue, 01 Apr 2003 11:55:37 -0500 From: "Howard C. Berkowitz" Subject: Re: [netz] Somewhere to get news >Howard, > >> I'm not a political scientist although I have been known to play one >> on TV. :-) Could you suggest better terminology for the >> reconciliation of information from a set of (usually secondary) >> sources that have either open or subtle biases? I'll gladly accept a >> better term. As for myself, I cringe at both "lefty" and "righty" >> rhetoric. > >No facetiousness intended, but better than what? [Jay's terms >weren't intended >to convey this meaning, if I read rightly.] The historians would >probably call >it "source analysis," which seems OK to me at a high level of generality. I can live with that quite easily. It's the rhetoric about left-wing or right-wing or jingoistic or indy that makes me nervous as content-deficient. > >[big snip on intelligence analysis, etc.] > >> In networking, one of the formative research studies was Radia >> Perlman's doctoral dissertation on decision formulation in the >> presence of partially errored data. This is available online from the >> MIT Laboratory of Computer Science as Technical Report >> MIT/LCS/TR-429, although the URL is escaping me. I can send a PDF if >> need be. Her research, "Network Layer Protocols with Byzantine >> Robustness," builds on a principle in high-availability system design >> that shows that simply increasing redundancy does not improve, and >> may decrease, reliabiity, if the underlying control information is >> not completely trustworthy. In other words, the Goebbels-style "big >> lie" technique has no place in information theory. > >This reminds me of critical responses to the Condorcet jury theorem. The CJT >basically holds that, if an individual's probability of being correct about >something is greater than 0.5, then a majority's probability of being correct >approaches 1 as the number of people voting increases. Unfortunately, if the >individual Ps, or many of them, are _less than_ 0.5, this felicitous result no >longer obtains. > >> >Personally (I can't speak for Jay), right now I'm more interested in >> >what could >> >be called subjective information -- exploring the political ramifications >> of >> >the war. >> >> May I interpret that to mean the interaction of communications on the >> political process in general, or are you also thinking of matters of >> ideology and content? > >The former would suffice; I'm not quite sure what you mean by "matters of >ideology and content," but it sounds more subtle than I often have >time to get. Let's leave it simple. > >> If you refer to such things as a rectangle with an X in it, those are >> standard military symbols. > >Yeah, just really big -- and I can't tell whether that size is signal or >noise. (I.e., does it represent the area that the forces could cover and/or >the uncertainty in placement?) It's not well drawn. Let me try in ASCII. || +-----+ |\ /| | \ / | 5 +--X -+ | | would be the symbol for 5 antitank battalion (just one easy to draw) That specific symbol identifies its headquarters. Its area of responsiblity would show on the map as various lines like: 5 ------------||---------- 6 where 6 AT Bn would be responsible south of the boundary. The coverage area should be defined completely by unit boundary lines like this, or geographic barriers. > >> But this is a very high-level map. > >Yes, right, I haven't seen anything at the city level -- not that I've looked. And those, unfortunately, are the level of detail we'd need to try to come up with some objective analysis of the targeting and collateral damage. ------------------------------ Date: Tue, 01 Apr 2003 13:14:14 -0500 From: Luis De Quesada Subject: Re: [netz] Can this be netizenship? Hello: I can't speak for others (netizens) but I know how I react to this" hacktivism". It would be an assault and interference with many of those who have nothing to do with the war, like most if not all of us on this list. Hacktivism is not a march, it is intimidation and attempts to censor. I would hope that those hacktivists in the PRC, who for some time now have been looking for any excuse to assault us electronically, would concentrate in solving their own problems, like democratizing the regime they live under, before they try to fix someone else's policies, through on line terrorism. Luis de Quesada "Howard C. Berkowitz" wrote: > If the threat of hacktivism I quote below materializes, and I > consider it credible because there have been similar attacks from the > same country, is this activity "protected speech" within the context > of Netizenship? Is it equivalent to a march that shuts down access, > which may or may not be protected speech? > > I claim it is not, and, indeed, is interference with the value of the > net in the political process. If I am correct, at least at the policy > level, how should Netizens react? I can also get into technical > countermeasures, but that's another level of detail. > > At 10:14 AM -0500 4/1/03, Declan McCullagh wrote: > >Date: Mon, 31 Mar 2003 17:09:39 -0500 > >From: Robert MacMillan > >To: declan@well.com > > > >Hi Declan - We just ran this a little while ago - > > > >http://www.washingtonpost.com/wp-dyn/articles/A60363-2003Mar31.html > > > > > >Feds: Chinese Hack Attacks Likely > > > > > >By Brian Krebs > >washingtonpost.com Staff Writer > >Monday, March 31, 2003; 3:27 PM > > > > > >Chinese hacker groups are planning attacks on U.S.- and U.K.-based Web > >sites to protest the war in Iraq, the Department of Homeland Security > >warned in an alert that it unintentionally posted on a government Web > >site today. > > > >The hackers are planning "distributed denial-of-service" attacks, > >which render Web sites and networks unusable by flooding them with > >massive amounts of traffic. They also are planning to deface selected > >Web sites, according to the alert, though the government said it did > >not know when the attacks would occur. > > > >The Homeland Security Department said it got the information by > >monitoring an online meeting that the hackers held last weekend to > >coordinate the attacks. > > > >The department sent the alert to government and industry officials > >over the weekend, but accidentally posted the link this morning on the > >homepage of the National Infrastructure Protection Center (NIPC). The > >alert was pulled early this afternoon. > > > >Homeland Security Department spokesman David Wray said the information > >was not supposed to be released to the public. "This was an > >inadvertent release and the information -- while not classified -- is > >sensitive," he said. > >... [snip] > > > > > >------------------------------------------------------------------------- > >POLITECH -- Declan McCullagh's politics and technology mailing list > >You may redistribute this message freely if you include this notice. > >To subscribe to Politech: http://www.politechbot.com/info/subscribe.html > >This message is archived at http://www.politechbot.com/ > >Declan McCullagh's photographs are at http://www.mccullagh.org/ > >Like Politech? Make a donation here: http://www.politechbot.com/donate/ > >------------------------------------------------------------------------- ------------------------------ Date: Tue, 1 Apr 2003 14:39:35 -0500 (EST) From: lindeman@bard.edu Subject: Re: [netz] Can this be netizenship? Howard, > If the threat of hacktivism I quote below materializes, and I > consider it credible because there have been similar attacks from the > same country, is this activity "protected speech" within the context > of Netizenship? Is it equivalent to a march that shuts down access, > which may or may not be protected speech? Well, I don't think that a "march that shuts down access" would be protected speech unless it's conducted in compliance with a permit. Its defenders might call it nonviolent direct action, but I doubt they'd even claim that it is protected speech. Likewise, hacktivism isn't protected speech. > I claim it is not, and, indeed, is interference with the value of the > net in the political process. If I am correct, at least at the policy > level, how should Netizens react? It might depend on the action. Some time ago, some enterprising activists hacked the site at www.godhatesfags.com, I believe to redirect to godlovesgays.com. I don't endorse such attacks, but I can't honestly say that I could muster any outrage over that one -- given (importantly) that the original site was restored within a week in all its glory. (Regardless of the merits, the motives in that instance are different than in the current case.) Is it possible to imagine a scenario in which a self-defined Netizen with decent values might defend a DDOS attack? I suppose so. But I can't think of a rationale plausible to _me_. As a matter of policy, methinks Netizens could agree on cooperating to prevent these attacks (yes, including the site hack). Mark ------------------------------ Date: Tue, 01 Apr 2003 14:49:16 -0500 From: "Howard C. Berkowitz" Subject: Re: [netz] Can this be netizenship? At 1:14 PM -0500 4/1/03, Luis De Quesada wrote: >Hello: I can't speak for others (netizens) but I know how I react to this" >hacktivism". It would be an assault and interference with many of those who >have nothing to do with the war, like most if not all of us on this list. >Hacktivism is not a march, it is intimidation and attempts to censor. >I would hope that those hacktivists in the PRC, who for some time now have >been looking for any excuse to assault us electronically, would concentrate >in solving their own problems, like democratizing the regime they live under, >before they try to fix someone else's policies, through on line terrorism. >Luis de Quesada Given such attacks, what is the proper response of Netizens? It's wise, of course, to be sure that security software is up-to-date and well-administered on the computers involved. A very substantial portion of destructive attacks exploit known vulnerabilities for which fixes exist, but haven't been employed. But assume there are no known countermeasures to this sort of attack. How do you prevent it? How might you respond to the perpetrators, given their acts are not illegal in their own country and their country may even encourage them? Of course, we have an example here of the delicate balance between privacy on the net and being able to track attacks back to their source. That's a problem for which I have no simple answers. Indeed, most such attacks are not launched directly from the attacker's computer in the attacker's country, but from a hacked computer (or series of computers) elsewhere. Finding that there can be humor in anything, I do have to share one case where various police forces tracked a cracker ring down to a group of Dutch teenagers. At the time, malicious hacking was not against Dutch law, and the hands of the police were tied. It did occur to one Dutch detective to have a long chat with the mother of one of the 14-year-old hackers. Details are sketchy, but some accounts, whether folklore is correct or not, describe a computer flying out an upper story bedroom window to crash on the pavement, and a 14-year-old who, for the next week or so, spent a great time of time rubbing his buttocks and desperately avoiding the need to sit down. > > ------------------------------ Date: Tue, 01 Apr 2003 16:06:43 -0500 From: Luis De Quesada Subject: Re: [netz] Can this be netizenship? Hello Howard: I think in this case, if there are no means available,to prevent such an attack by "hacktivists", like adequate anti-virus software and as you very well say that their government may even encourage these attacks and to go a step further, perhaps even secretly sponsor them, I think the only recourse netizens have is to condemn through communications such an attack. I love the solution that Dutch mother gave to that particular problem, however in this case I don't know if we are dealing with 14 year old mischievious kids. I suspect the problem may be greater than that. You may have a much better idea, than I on how netizens can prevent and respond to such an attack. Luis de Quesada "Howard C. Berkowitz" wrote: > At 1:14 PM -0500 4/1/03, Luis De Quesada wrote: > >Hello: I can't speak for others (netizens) but I know how I react to this" > >hacktivism". It would be an assault and interference with many of those who > >have nothing to do with the war, like most if not all of us on this list. > >Hacktivism is not a march, it is intimidation and attempts to censor. > >I would hope that those hacktivists in the PRC, who for some time now have > >been looking for any excuse to assault us electronically, would concentrate > >in solving their own problems, like democratizing the regime they live under, > >before they try to fix someone else's policies, through on line terrorism. > >Luis de Quesada > > Given such attacks, what is the proper response of Netizens? It's > wise, of course, to be sure that security software is up-to-date and > well-administered on the computers involved. A very substantial > portion of destructive attacks exploit known vulnerabilities for > which fixes exist, but haven't been employed. > > But assume there are no known countermeasures to this sort of attack. > How do you prevent it? How might you respond to the perpetrators, > given their acts are not illegal in their own country and their > country may even encourage them? > > Of course, we have an example here of the delicate balance between > privacy on the net and being able to track attacks back to their > source. That's a problem for which I have no simple answers. Indeed, > most such attacks are not launched directly from the attacker's > computer in the attacker's country, but from a hacked computer (or > series of computers) elsewhere. > > Finding that there can be humor in anything, I do have to share one > case where various police forces tracked a cracker ring down to a > group of Dutch teenagers. At the time, malicious hacking was not > against Dutch law, and the hands of the police were tied. > > It did occur to one Dutch detective to have a long chat with the > mother of one of the 14-year-old hackers. Details are sketchy, but > some accounts, whether folklore is correct or not, describe a > computer flying out an upper story bedroom window to crash on the > pavement, and a 14-year-old who, for the next week or so, spent a > great time of time rubbing his buttocks and desperately avoiding the > need to sit down. > > > > > ------------------------------ End of Netizens-Digest V1 #450 ******************************