posted Sep 7, 2015, 7:55 AM by Sami Lehtinen
updated Oct 2, 2015, 8:32 PM
- Finland enhances cyber crime legalization and punishments. Now it's even
easier to get convicted from cyber crimes in Finland. Including identity
theft, causing danger to cyber systems, damaging cyber systems,
destroying / corrupting data, cyber privacy violations, disturbing ict
systems and data theft / hacking (cracking). Now it's possible to get
five year convictions from these crimes. Botnets are also mentioned
separately or if key infrastructure is being attacked.
- RSA CRT leaks -
Well well. Nothing new. It's so normal that different (vital) steps are
skipped in processes. Very common and usual vector in software. Essential XKCD. Smile. Yet it's nice to
notice that GnuPG and OpenSSL are doing the verification step
- C-Lion (Sea Lion?) fiber optic submarine cable between Finland & Germany has been accepted by Finnish Government. I wonder if Russian Optical Trans-Arctic Cable System (ROTACS) will
be built by PolarNet at some point and if it will go via Finland to
Germany or will it be connected to UK directly.
- I often wonder what's the percentage of securely configured systems.
Even if there are very basic guidelines how to configure systems
securely, it seems that people responsible for security mis-configure the
systems most of time, even if there's constant external monitoring and
nagging about the thing. So unless there's external monitoring, I would
assume that at least 90% of systems are absolutely insecurely
configured. This doesn't count the systems, where password is NOT
default, but it's still something extremely stupid and guessable.
- I personally think that the information security stuff is funny field.
On the other hand there's all that tinfoil stuff, in theory they could
do that. Worries about ciphers and hidden zero day bugs. Then there are
all those talks by security gurus telling about how to make ultra secure
systems. Then there's the somewhat relaxed basic instructions which
would reduce attack surface a lot. But nobody even gives a s*t about
those. Then there's the reality where everything is more or less
insecure and mis-configured, not following even the relaxed basic rules.
Allowing very simple automated botnets to brute force administration
accounts / passwords of the systems quite easily. And the only reason
why there isn't major security disaster is that nobody's really trying.
It's just like in the article about electronic voting systems. Basically
anyone could hack it, if they just would want to. Any news? Nope? I
guess not. I'm just today once again baffled about the reality of ICT
security. Truth is anyway, that making things secure requires extra work
and causes costs, and nobody really wants to have seucre systems because
it costs something. If totally insecure works as well, it's just stupid
to waste money on system security. And we've all seen where this leads
to in news.
- Death to bullshit. A very nice post and
valid points. I've done that 'cut down' several times. Just checking
which things are such that those only consume mental energy and time and
strictly cut those out. No more this and that, I'm done with it, and so
on. Relax, enjoy and select high quality but low volume sources. I've
also learned to click email delete button very quickly.
- Xinhua News - Seems to be using China Cache CDN network now. - Yet China Cache's web
page talk about PoPs they're launching in 2013. That's lame, really
outdated information. Makes whole company look really stagnant.
- Does CloudFlare use different 'user tiers'? I guess they do, CacheFly
seems to be doing same. Smaller (Free / Promo) sites using the CDN
network won't get same number of PoPs to use than larger (or paying)
sites. This doesn't mean that performance would be bad. But it still
makes big difference if site is being served from every PoP or just a
few major ones around Europe and US where bandwidth is cheapest. Not
surprising at all, I would probably do the same. You'll get what you pay
for. As well as smaller sites might get so few hits that using all PoPs
could at least in theory mean worse performance because it would mean
almost always a cache miss.
- Internet Map - By as2914 (NTT Communications). As
you can see, there are only a few major stars on Internet, which will
connect you well around the globe.