Tag Archives: Microsoft

Great Entrepreneurs Break the Law

Or at least bend the rules…  It has to do with the very nature of innovation; pushing the boundaries, trying new things, doing it different, living outside the box. But the tragic death of 26-year-old hactivist, Aron Swartz, have highlighted some very interesting perspectives on the relations between law and regulation on one hand, and innovation and entrepreneurship on the other. As it turns out, three of the greatest entrepreneurs of our time,  Steve JobsBill Gates, and Mark Zuckerberg, start by innovating near the edge of the law.

“The word “hacker” has an unfairly negative connotation from being portrayed in the media as people who break into computers. In reality, hacking just means building something quickly or testing the boundaries of what can be done.”

Mark Zuckerberg

swartz

And the fact is, if these titans of industry had faced the same sort of overly aggressive prosecution that the late Aaron Swartz did, they could have been threatened with being locked away and branded felons before ever starting AppleMicrosoft, or Facebook. They might have even faced a ban against their use of computers, rather than using them to create hundreds of thousands of jobs. 

Steve JobsBill Gates, and Mark Zuckerberg. All three are credited with creating some of the most successful businesses in the history of the Internet, but they also have something else in common: they got their start by doing something that probably would have been classified as “illegal” by the same authorities that threatened Aron Swartz with 35 years in prison and drove him to commit suicide.

In the aftermath of the Aron Swartz’ death, several online communities have joined a campaign that aims to reform the US computer law – known as the CFAA.

The Electronic Frontier Foundation (EFF) is a driving force behind the campaign, and according to the EFF  the CFAA and other computer crime laws shouldn’t allow overzealous prosecutors to lock away the next Steve Jobs or Aaron Swartz for years, or even to threaten to do so in order to force them to plead guilty.

“In all of their names, it’s time we bring some proportionality back to computer crime laws, both in their scope and in the penalties they provide,” Trevor Timm at EFF.org writes on their website.

“The CFAA can (and should) reach serious computer intrusions that cause real damage, as should related laws criminalizing identity theft, stealing trade secrets, or engaging in massive fraud. But the law needs to recognize the difference between commercial criminals and those who are merely “testing the boundaries” or engaging in youthful indiscretions. Right now, it hands prosecutors the same sledgehammer regardless.”

EFF.org have also made some interesting comparement between the greatest IT entrepeneurs of our time – Steve JobsBill Gates, and Mark Zuckerberg.

The conclusion is even more interesting: If they had been subjected to the same treatment as Aron Swartz, there would be no Apple, no Microsoft or no Facebook today.

FULL POST@Rational Arrogance

inmate_innovators_0

 

Advertisements

2 Comments

Filed under International Econnomic Politics, Laws and Regulations, National Economic Politics, Technology

Microsoft Confirm: We’ve Been Hacked, too

We are not surprised, Microsoft writes in a statement released friday afternoon.  Quite frankly, neither am I…

As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion.” 

Microsoft Security Response Center

hack-the-planet

When trying to log on to my online banking service this morning, I was met by a message that said that the service was down due to technical problems. It may, or may not, be related, but somehow I got a feeling it perhaps was more to this story than met my sleepy eyes.

And I really hate to tell you; I might be right.

On the Microsoft security pages, I found the following statement, issued on Friday afternoon:

As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion.

The IT giant goes on explaining:

 During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations.

Microsoft also says that the company has “no evidence of customer data being affected and our investigation is ongoing.”

Personally, I don’t find these standard press release statements very reassuring

In fact, I find the following line more interesting:

This type of cyberattack is no surprise to Microsoft and other companies that must grapple with determined and persistent adversaries.

Compared to the banking industry‘s attempts to convince me that online banking is totally safe, it seems rather clear that they are not telling me everything…

Here’s the prior analysis of emerging threat trends by Microsoft.

(Full statement)

4 Comments

Filed under International Econnomic Politics, Laws and Regulations, Technology

Fortune 500 Companies Leaked 20GB of Sensitive Information

The following story is just a big LOL: And once again a document of how ridiculously easy is to be a profitable cyber criminal today. Luckily for the prominent corporations that makes up the famous Fortune 500 list, these guys were not hackers – they are IT security researchers.

“If  in six months we were able to collect 20 gigabytes of data, imagine what a malicious attacker could gain.”

Peter Kim – Garrett Gee

All they did was to by internet domain names that was almost identical to the well-known global corporations – just missing a dot. It wasn’t long before emails, containing everything from trade secrets, business invoices, personal information about employees, network diagrams and passwords, started to pour in…

Security researchers Peter Kim and Garrett Gee have captured 120,000 emails intended for Fortune 500 companies by exploiting a basic typo.

“The emails included trade secrets, personal information, network diagrams and passwords, started to pour in,” the website Naked Security (by security firm Sophos) writes.

The researchers did this by buying 30 internet domains they thought people would send emails to by accident (a practice known as typosquatting).

The domain names they chose were all identical to subdomains used by Fortune 500 companies save for a missing dot.

Having purchased the domains they simply sat back and watched as users mistakenly sent them over 120,000 emails in six months.

Kim and Garrett have not identified their targets but have revealed that they were chosen from a list of 151 Fortune 500 companies they regarded as vulnerable to their variation of typosquatting.

However, the list is jam-packed with household names like Dell, Microsoft, Halliburton, PepsiCo and Nike.

The emails they collected included the following sensitive corporate information:

  • Passwords for an IT firm’s external Cisco routers
  • Precise details of the contents of a large oil company’s oil tankers
  • VPN details and passwords for a system managing road tollways

The researchers also warn of how easy it would have been to turn their passive typosquatting into an even more dangerous man-in-the-middle attack.

Such an attack would have allowed them to capture entire email conversations rather than just individual stray emails.

The two “White Hats” describe they’re metode as “passive email attack”.

And they write:

“During a six‐month span, over 120,000 individual emails (or 20 gigabytes of data) were collected which included trade secrets, business invoices, employee PII, network  diagrams, usernames and passwords, etc. Essentially, a simple mistype of the destination domain could send anything that is sent over email to an unintended destination.”

“If in six months we were able to collect 20 gigabytes of data, imagine what a malicious attacker could gain.”

Well, I’m not sure that would be good for every CEO amongst the Fortune 500’s – it might be bad for their blood pressure, or something…

Because; the report by Kim and Gee do also indicate that they probably not is the first computer geeks who have thought of this:

“After reviewing the WHOIS information from all Fortune 500 companies, we noticed some of the largest companies were already registered to locations in China and to domains associated with malware and phishing. While it is unknown if these domains are used in a malicious fashion, it is apparent that some targeting is happening here.”

Peter Kim and Garrett Gee’s paper “Doppelganger Domains” is available to download from Wired.

Related by the EconoTwist’s:

 

 

2 Comments

Filed under Laws and Regulations, National Economic Politics, Technology