I had been spending most of my public posting time on my Twitter account (@jabolins). The microblogging format worked nicely with a busy summer schedule. Now that I am back on a busy fall schedule, I'll get back to blogging here.

One of the things I was tracking this summer was the July DDoS attacks upon South Korean and US sites. Very interesting how quickly some people were blaming North Korea for the attacks and even suggesting strong measures against the dictatorship. Cyber-attribution is a tricky matter and there's a big risk of "Ready, FIRE, oh, well, aim...." mishaps.

Another interesting thing I was look at this summer was the Internet activities following the disputed Iranian elections. This included net censorship and counter-measures, people (including me) "greening" their Twitter avatars, etc.

These two things often raised the "cyberwar" theme and I will address the topic in a few weeks.

Jonathan D. Abolins

Adding some updates with indications. - 13 May 2009. More updates. - 1 June 2009.

Today, I was in the midst of info security discussions about a Chinese operating system called "Kylin". This set of discussions was launched by a Washington Times article by Bill Gertz today, "China blocks U.S. from cyber warfare". The article claimed: --- China has developed more secure operating software for its tens of millions of computers and is already installing it on government and military systems, hoping to make Beijing's networks impenetrable to U.S. military and intelligence agencies. The secure operating system, known as Kylin, was disclosed to Congress during recent hearings that provided new details on how China's government is preparing to wage cyberwarfare with the United States. ---

The hearings mentioned by the Washington Times included the 30 April 2009 US-China Economic and Security Review Commission's Hearing on China’s Propaganda and Influence Operations, Its Intelligence Activities that Target the United States, and the Resulting Impacts on U.S. National Security. At that hearing, Mr. Kevin G. Coleman, Senior Fellow with the Technolytics Institute was on the panel concerning Chinese cyber-espionage directed at the US. In his opening statements, Coleman stated:

---
Chinese authors believe the United States already is carrying out offensive cyber espionage and exploitation against China. China therefore must protect its own assets first in order to preserve the capability to go on the offensive. While this is a highly unpopular statement, WE ARE IN THE EARLY STAGES OF A CYBER ARMS RACE AND NEED TO RESPOND ACCORDINGLY!

This race was intensified when China created Kylin, their own hardened server operating system and began to convert their systems back in 2007. This action also made our offensive cyber capabilities ineffective against them given the cyber weapons were designed to be used against Linux, UNIX and Windows. Refer to our report - RED SOS.
---

(I was not able to find the RED SOS report online yet.)

Looking at my Twitter feeds throughout the day, I was seeing much tweeting about Kylin OS. Then, I mentioned the topic to Heike of The Dark Visitor blog about Chinese hackers. As I kept learning more about Kylin, it became clear that I should compile the information and post it on this blog.

The Kylin Web Site

Kylin's Web site is at http://www.kylin.org.cn/
[Rough rendition of the site into English via Google Translate]

By the way, some people have noted that, ironically, the site for a secure OS has an SQL injection vulnerability.

Kylin OS History

I learned that the Kylin OS has been around for several years, going back to 2001.

China Military Online, a Web site sponsored by the PLA Daily of the Chinese Peoples Liberation Army, reported in February 2005 of the development of Kylin as a the PRC's own operating system that could replace foreign OSes. The Kylin OS was developed by the University of Science and Technology for National Defense (affiliated with the PLA). The project began when...

---
In 2001, the central government decided to assign the mission of developing an operating system with independent intellectual property right, a major special project of the state's "863 Hi-tech Program", to the Computer Science Institute of the National University of Defense Technology. Upon receiving the mission, the institute swiftly organized a strong scientific and technological task group to brave difficulties and hardships and make bold innovations. Eventually, the group succeeded in making breakthroughs in a series of core technologies and developed the first 64-bit operating system with high security level (B2 class)-the Kylin server operating system. The system is not only compatible with the mainstream operating systems in the world, but also supports several multiple microprocessors and computers of different structures. In addition, the system is also the first operating system without Linux kernel that has obtained Linux global standard authentification by the international Free Standards Group (FSG).
---

In December 2006, Xinghua reported about Kylin OS. One of the things this report mentioned was that the University had signed an agreement with the LENOVO for production and application of the Kylin system.

FreeBSD Roots?

Information Warfare Monitor has a post "Kylin operating system plagiarized from the FreeBSD5.3?" and pointed to the Dancefire site with it comparison of Kylin and FreeBSD 5.3. The similarities between the two OSes reportedly reached 99.45 percent.

The interesting Kylin information is under the Dancefire site's News section, which is in Chinese. The good news for those of us who cannot read Chinese is that Google Translate does a passable rendition of the texts. (Kylin is rendered by Google as "Kirin". I don't think it has anything to do with the Japanese beer. Does it?)

ADDED 1 June 2009: Jumper at The Dark Visitor blog has been taking a look at Kylin and has a good posting there.

How "Secure" is This "Secure OS"? [added 13 May 2009]

Much of the reporting about Kylin, including the PRC's PR about the OS, seems to take the claims it is a "secure OS" at face value. But I have not yet come across any extensive security testing of Kylin. Also, I am wondering how much ongoing security support for Kylin is there. I mean things such as security patches, forums, etc.

Security researcher Dancho Danchev raises several excellent points that challenge the notions that the PRC's (or any other country's) "secure OS" poses a real threat to the US cyber-offensice capabilities.  Danchev writes regarding the "re-branding" of FreeBSD as Kylin and about the limits of "national security OSes":

---
All warfare is indeed based on deception, especially when you’re re-branding.

The rush to participate in the “national security operating system” arms race is pretty evident across the world, with the European Union’s secure OS Minix, the U.S Air Force new ‘secure distribution of Windows XP‘ and Russia’s interest in a similar secure OS.

What everyone appears to be forgetting is the fact that security is proportional with usability, and as well as the fact that complexity is the worst enemy of security.
---

Then, Danchev provides the example of a US penetration test of a US government site and found "763 high-risk, 504 medium-risk, and 2,590 low-risk vulnerabilities, such as weak passwords and unprotected critical file folders.” The assortment of applications on the systems and their complexity gave ample footholds for exploitation. Then, there are human factors, including human foibles, that can affect security. Although better designed or hardened OSes can help, they are but one component of security.

So is the PRC's Kylin a Part of Cyber-Warfare, Cyber-Security, or Both?

It's both. (Note, I am leery of the cyber-warfare term. It can encourage massive, costly projects and bad analogies.)

I understand Mr. Coleman's concerns about cyberwarfare aspects and how the PRC's cyber-defence could hinder US cyber cababilities against their systems. But, we should not deem overall attempts to have more secure operating systems as "warfare" in a sinister sense per se. Improving cyber-security is something that we all should be doing. Being "peaceful" in the networked world does not mean having servers running unpatched Windows. The US, UK, etc. should be encouraging their government, corporate, and infrastructure systems to be better secured. (The US has done projects such NSA's work on Security Enhanced Linux. Some might call that as an example of US cyber-warfare.)

Special thanks to

• The Information Warfare Monitor [Web] [Twitter]
• "Heike" on The Dark Visitor
• Richard Stiennon for the @Cyberwar tweets on Twitter.
  Added 13 May 2009:Stiennon has a good posting, "Kylin reports unsubstantial" on his Threat Chaos blog. That post references my post here.

Regards,
Jonathan D. Abolins

Normally, I'd be speaking about computer "pathogens" but, for a change, I'll speaking at the New Jersey Infragard chapter April meeting. The meeting's theme is Pandemic Flu Planning.

My presentation is:

Lessons for the 21st Century from the 20th Century History of the Flu:

There were three major influenza pandemics in the 20th Century. The 1918-19 "Spanish Influenza" was particularly deadly, killing anywhere between 30 and 50 million people around the world. The 1957-58 Asian flu was not as deadly, but still killed about 70,000 Americans. The "mildest" pandemic, Hong Kong Flu of 1968-69, caused about 34,000 US deaths. Then there was the 1976 "Swine Flu" abortive pandemic and a nationwide vaccination program which some called a fiasco.

What lessons for today can we glean from these events decades ago? This presentation will point out lessons to help us to better prepare for future pandemics.

Also speaking will be Heather Benamati, MPH, CHES, Health Services, Human Services Coordinator of the Bernards Township Health Department. She focus upon public health aspects of pandemic flu preparedness. There will be a third speaker who'll cover business contingency planning.

Date:		Tuesday, April 21, 2009
Time:		9:30 am to 10:00 am - networking session 10:00 am to 1:00 pm - the Chapter meeting
Location:		AFFINITY FEDERAL CREDIT UNION 73 Mountain View Boulevard Basking Ridge, New Jersey 07920. [Map] [Directions] Parking will be available at the Credit Union for attendees.

If you are near Central New Jersey and are interested in creative ways to improve energy use, environmental sustainability, "reducing your carbon footprint", and similar topics. you might like this meeting

From a MAKE:Princeton announcement...

<<---
All,

We have a MAKE:Princeton meeting tomorrow! This one will be inside
and away from flame as we discuss sustainability, energy, and ways to
make your home more energy efficient. Discussion will include an
analysis of (1) how energy is used in a home, (2) how energy is wasted
in a home, (3) how wasted energy can be reduced or reclaimed, and (4)
different ways to think about energy efficiency.

And, since this is make, feel free to bring your projects to show and
tell and bring a friend.

Where: Room 039, East Pyne Hall, Princeton University Campus [Visitor Info]
When: Tomorrow, 15 April 2009, 7:00pm
What: MAKE:sustainability
Who: You and your friends.
--->>

I am one of the MAKE:Princeton members. The group has some bright, creative people and the sessions are interesting techie brainstorming learning sessions. You don't have to be coder, engineer, or a techno-geek to enjoy the meetings. We are looking for creative people who like to find new ways of solving problems or doing cool things. Tinkers, Hackers, Artists, what-have-you.

Alas, I have other obligations for Wednesday nights until mid-May, so I won't make it out to this meeting. But I encourage interested people to attend.

Cheers,
Jonathan "J.D." Abolins

Recent studies of teenagers' online behaviour report that one in five teens have snet nude or semi-nude images of themselves to others via mobile phones or computer networks. In the midst of several child pornography prosecutions of teenagers for "sexting" in the US, this 1 in 5 statistic is jolting.

But this 1 in 5 stat might be misleading as Carl Bialik, the "Numbers Guy" of the Wall Street Journal, explains. Among the things he brings up are:

 

• The self-selecting factor in which teens are more likely to answer the survey. The online poll-takers are more likely to be "Internet cowboys & cowgirls" who might be more likely to do sexting than other teens.
• The definitions of teens included 18 and 19 year olds, who are technical both teens and young adults.
• The definition of "semi-nude" is vague and the stats don't break out the number of respondents who sent nude images versus those who sent "semi-nude" images. One psychology professor commented, " "Most of the mainstream media uses semi-nude models to sell us things -- so why is it surprising if teens have modeled this?"

Interesting column.

Jonathan D. Abolins

It was bound to happen...

The Guardian abandons the printing press in favour of Twitter tweets!

1 APRIL 2009: Twitter switch for Guardian, after 188 years of ink

<<---
The move, described as "epochal" by media commentators, will see all Guardian content tailored to fit the format of Twitter's brief text messages, known as "tweets", which are limited to 140 characters each. Boosted by the involvement of celebrity "twitterers", such as Madonna, Britney Spears and Stephen Fry, Twitter's profile has surged in recent months, attracting more than 5m users who send, read and reply to tweets via the web or their mobile phones.

[...]
"[Celebrated Guardian editor] CP Scott would have warmly endorsed this - his well-known observation 'Comment is free but facts are sacred' is only 36 characters long," a spokesman said in a tweet that was itself only 135 characters long.

[....]
A mammoth project is also under way to rewrite the whole of the newspaper's archive, stretching back to 1821, in the form of tweets. Major stories already completed include "1832 Reform Act gives voting rights to one in five adult males yay!!!"; "OMG Hitler invades Poland, allies declare war see tinyurl.com/b5x6e for more"; and "JFK assassin8d @ Dallas, def. heard second gunshot from grassy knoll WTF?"
--->>

Although this blog will stodigly continue with its more than 140 characters posts, I realise that much of the world is heading towards compressed communications. The growth of information flowing around the globe makes the nuances and details of tradition prose actually dangerous to the average human brain. The extra bytes threaten to cause the brain to dump its core, leaving the victim drooling and babbling.

Biographies would benefit from Twitterisation as well. Once everybody's bio is reduced to 140 characters or less, we'll learn how much alike we all are.

Tweet dreams!
Jonathan D. Abolins

Tonight, CBS-TV (US) programme 60 Minutes just ran a segment on "The Conficker Worm: What Happens Next?"

<<---
The Internet is infected. Malicious computer hackers have been creating more and more weapons that they plant on the Internet. They call their weapons viruses and worms - they're creepy, crawly toxic software that contaminate our computers without our ever knowing it. You can be infected by simply visiting your favorite Web site, or just by leaving your computer on, overnight while you're asleep.

[...]
One of the most dangerous threats ever, a computer worm known as "Conficker," is spreading through the Internet right now. By some estimates, 10 million computers have been infected worldwide.
--->>

While the segment had a couple of interesting moments, I did not find it to give a good understanding of what's going on with Conficker.c worm.

I found Washington Post's Brian Kreb's piece, "Conficker: Doomsday, or the World's Longest Rickroll?" to give a better perspective:

<<---
Computers already infected by the worm are supposed to be automatically updated with some unknown software component on April Fools Day. That's more or less the sum of what computer experts know about the rhyme or reason behind this worm, but it hasn't stopped pundits and the press alike from issuing ominous warnings.
--->>

Krebs points to various examples of press reports with dire warnings of things such as "an undercurrent of potential chaos building - a malicious piece of code that has already prompted the French military to ground some fighter planes."

(George Hulme's Information Week security blog had similar overview of Conficker.c FUD reports.)

Much of the speculation is coming out the mystery concerning the worm's author's motives. So far, nothing obvious, such as financial gain from spams & scams, has been noticed. The code, especially for the c variant, is rather clever and sophisticated. (SRI International has an excellent technical analysis of the Conficker.c code and behaviour. Note: due to the worm's interaction with various Internet sites, even good analyses such as this one cannot predict what will happen later on.)

Krebs noted that perhaps the biggest impact of the Conficker worm will be it serving as a motivator to get international cooperation in trying to block the registration of domains to be used for the worm.

<<---
What I find most fascinating about Conficker is that its real legacy may well turn out to be beneficent. To date, there really hasn't been a threat that has given countries on opposite ends of the globe a unifying, urgent reason to work against a single Internet menace. Yet, due to the work of the Conficker Cabal and affected parties, that is starting to change.

"We're literally relying on people in Latvia to protect computer networks in Brazil, and the other way around, too, so each country has some capability and some responsibility once they understand the role they can play here," Wesson said. "No matter what happens with Conficker, it's created something here....a beautiful opportunity to bring cyber security to the kitchen table."
---->>

I, too, think is a great development.

Other Resources

• F-Secure has a helpful Conficker FAQ and a free Conficker removal tool.
• Byron Acohido's Conficker Timeline.

Regards,
Jonathan D. Abolins

Recycling is good when it is papers, plastics, and metals. But recycling old Hotmail addresses that haven't been used in over a year, can cause problems as I'm learning from a LiveJournal news item Keeping Your Journal Safe:

<<---
Recently some journals and communities have been broken into, their contents deleted, and their owners locked out. We want to explain how this can happen and give you some steps you can take to help prevent this from happening to your journal or community.

First of all, we would like to dispel the rumor that these break-ins have something to do with the accounts that have recently been friending large numbers of users (sometimes called friending bots). We do not believe these are related. The problem appears to stem from Hotmail's policy of recycling inactive email addresses.

The recent break-ins resulted from hijackers finding and accessing lapsed Hotmail accounts that were used with LiveJournal accounts and publicly displayed on Profile pages in the past. You should be aware that Hotmail recycles email addresses that haven't been used in more than a year. If you validated a Hotmail address for your journal and displayed it publicly in the past, but then let the address lapse, someone who finds and re-registers that address can use it to obtain control of the journal.
--->>

The new "owner" of the Hotmail address could use the LiveJournal services' help for lost passwords to the get the password info sent to the Hotmail address. LiveJournal has no way of knowing that the email address has been recycled.

Other sites may be vulnerable to the recycled Hotmail address exploitation of the "forgot password" functions. All too often, there's an assumption that only you will have access to the email address associated with you. (Then there is the security economics where for most sites it is more cost effective to email the password info than to do extensive checks of the requesters. If it's a free email service, what do you expect?)

Some countermeasures:

1. Review online accounts at Web/blog hosting, online banking, etc. services periodically to make sure that the email and other contact info is still correct.
2. Use additional security features, such as "secret questions" for your online accounts, if available.
3. If abandoning an email address, let your more important contacts know so they don't send anything sensitive to the old address. Abandoning an email account does not mean it will never resurface.

Remember to recycle those electrons!
J.D. Abolins

Good practical advice in this New York Times tech article. It covers problems such as

• mobile phone losing its charge
• remote car key transponder doesn't have enough range to reach the vehicle
• dried up inkjet cartridge
• mobile phone took a dive into the loo
• extending WiFi reach (has a link to http://freeantennas.com/projects/template/)
• dirty CD or DVD disc -- no, not smut, but schmutz. (a nice excuse for keeping a small botlle of vodka in the office desk. "It's for cleaning my discs, yes, indeed. Oh, the smell on my breath?  Hmmm.....")
• camera flash too bright
• crashed hard disk disk drive.

The site: http://www.modernliberty.net/
Cory Doctrow's post on Boing Boing: http://www.boingboing.net/2009/02/27/tomorrow-is-britains.html

The Modern Liberty site explains why the convention is needed:

We are entering a dangerous period in our country. Economic turmoil threatens profound hardship and disharmony. Disenchantment with politics is growing and even legitimate protest is threatened by an unprecedented programme of challenges to our rights, freedoms and democracy. Sixty years ago Britain was a proud co-author of the Universal Declaration of Human Rights and Fundamental Freedoms. Now it is increasingly centralized, abandoning its historic principles some of which date back to the Magna Carta.
The Government’s continued stated determination to extend detention without charge in terrorism cases to 42 days is one symbol of the damage done to our hard-won rights and freedoms. The Regulation of Investigatory Powers Act 2000 (RIPA), which gives hundreds of agencies access to people’s records without their knowing, is another. The collection of all available records on a huge central database for the use of the authorities is a third.
We believe that such threats can be overcome but only if the public is woken to the dangers. While we may be impatient for action, the issues must be addressed in an open-minded way with as thorough and accessible public debate as possible.
Therefore we invite you to join a Convention on Modern Liberty. It will ask three broad questions:

• Are our freedoms and rights threatened by an over-powerful state and if so how do we defend ourselves from this?
• Are dangers to our security from terrorism and other threats, from climate change to pandemics being used to attack our rights, and how can we best defend ourselves?
• How can we arouse sustained public interest?

We are making Modern Liberty a convention not a conference. We want to bring as many people together to see what common ground can be reached in defence of our freedoms. The Guardian is the main media partner. The Rowntree Reform and Charitable Trusts and the Rowntree Foundation are initial supporters. A wide range of organisations are joining the event from across the political spectrum.
Fundamental rights and freedoms are common to us all. The Universal Declaration recognises ‘the equal and inalienable rights of all members of the human family as the foundation of freedom, justice and peace in the world’. In Britain such values have an even longer history. We are indeed the inheritors of an inspiring tradition of liberty.
At the same time technical advances from information technology to explosives and the threats of catastrophic climatic change have altered the framework of power and fear.
This calls for a renewal of our democratic self-confidence. This is the purpose of the Convention on Modern Liberty. Whether you agree or not we hope you will join us to debate these issues.

British liberties and privacy issues might seem irrelevant to those of us in the US. But I see interplays with what goes on in the UK and in the US. For example, the pervasive public surveillance of British society is often cited as a good example for the US. Unfortunately, the lessons learned in Britain about what works and what doesn't with surveillance don't get noticed as well in the States.

Also, with the new US President and Administration, I believe we will see much reshuffling about privacy, security, and liberties. 20th Century concepts of these values might not hold up well in the 21st Century. It will be important for citizens to learn about the issues and get involved. Learning from other countries' experiences can be helpful.

If you are not able to attend the meetings, the Modern Liberty site will have video and photos.

Here's looking at you,
Jonathan D. Abolins

Nick O'Neil suggested "10 Privacy Settings Every Facebook User Should Know" at the AllFacebook blog.

This was quite timely. Over the past several months, I've had discussions about social network site and blog mishaps and problematic disclosures. One set of discussions recently was the wisdom of blogging if one is seeking to work in the security or law enforcement field.

Some people say that people heading for such careers would do best to stay off the blogs and social network sites. There are all too many examples of people disclosing too much personal information or posting rants for the world to see.

Then there is the matter of the easy global availability of one's photos and biographical details making a career with covert or undercover work more difficult. An opinion piece in the UK edition of SC Magazine wonders about the impact of social network sites upon available recruits for UK security services. Ken Munro writes:

Donald Pleasance as Bond villain Blofeld. The photo is on this BBC page.

Imagine the scene. James Bond enters the HQ of a criminal mastermind intent on world destruction. Waiting for him are a host of henchpersons, all armed to the teeth. “We've been expecting you, Mr Bond,” says the evil Blofeld, stroking his white Persian cat. “We saw your Twitter update.” The UK's universities are a prime recruiting ground for our intelligence services. Clever, well-versed students apparently make excellent espionage agents. Herein lies the problem: if you're planning on having a second identity for undercover work, it doesn't help if your photos, friends and real name are splattered all over various social networking sites. Try finding a student at a university who hasn't done just that. >>

This concern seems to be more of a British one than an American one. Americans are more talkative than the Brits. Even a look at the two countries intelligence services' Web sites reflect such differences. (Here are the links to the CIA and the NSA for the US and the MI5, MI6, and GCHQ for the UK. Interestingly, both of the US sites have kid's pages, something that seems to be a US only phenomenon for intelligence service sites.)

In this era, people -- especially young people -- who are totally offline are relatively rare and the data holes might draw even more attention. Security service will find ways to adapt. Data profiles might be cultivated to fit cover identities or stories covering data holes might be developed. Some services are finding the value of internal social network tools such as wikis and blogs. And so on.

Still, no matter what is one's career direction, it is wise to learn how the tools one uses work and to manage the message that goes out.

J.D. Abolins

I know Dr. Katherine Albrecht from various privacy & cyber-rights conferences. She is the co-author of Spychips: How Major Corporations and Government Plan to Track Your Every Move with RFID. Now, she has a new project as as announced in this BusinessWire press release:

For Immediate Release
January 27, 2008

Dr. Katherine Albrecht to Head US Media Relations for Ixquick.com
Noted privacy expert will help raise awareness for privacy-friendly search engine

The world's most privacy-friendly search engine, Ixquick.com, announced today that Dr. Katherine Albrecht will head up the company's US media relations and marketing outreach efforts.

Dr. Albrecht is a respected expert in the privacy arena, with a decade of experience as a privacy researcher, activist, and frequent media commentator. She is a perhaps best known for her work on privacy issues associated with RFID (radio frequency identification) and retail data collection. Albrecht co-authored the best-selling book "Spychips," and hosts a daily, syndicated radio talk show. Her writings on privacy have appeared in several notable publications, including Scientific American and the Denver University Law Review.

"I'm excited to be working with Ixquick because I'm a huge fan of their product," said Albrecht. "Ixquick.com guarantees to delete all search data so it can't be abused by Big Brother bureaucrats and snoopy marketers. I've been using Ixquick as my own search engine for months, and I can't wait to tell others who care about privacy as much as I do."

Albrecht is in a good position to spread the word, having granted literally thousands of interviews to radio, print, and television journalists worldwide. Executive Technology Magazine calls her "possibly the country's single most vocal privacy advocate and staunchest opponent of technologies that track consumers," and Wired.com calls her a "PR genius."

Albrecht will work from New Hampshire and report to Ixquick CEO Robert Beens at the company's headquarters in the Netherlands. She will be responsible for strategy, execution, and management of all media communications and marketing initiatives in the US.

"We are thrilled to have Katherine on board," said Ixquick CEO Robert Beens. "Her knowledge of privacy and her media experience will be a tremendous asset to Ixquick. We are confident that she will do a great job of educating the American public about search engine privacy and how Ixquick.com can help."

Albrecht holds a Doctorate in Consumer Education and a Masters in Instructional Technology from Harvard University. She received an undergraduate degree in International Marketing from the University of Southern California, graduating with magna cum laude honors.

About Ixquick

Ixquick.com is the world's most private search engine, leading the industry with its promise to delete all user IP addresses within 48 hours of collection. The company's innovative privacy policy and stringent data handling practices have been certified by an independent third-party auditor. Ixquick is the first and only search engine to earn the prestigious European Privacy Seal, which is awarded for adherence to exemplary privacy standards.

Ixquick is owned by Surfboard Holding BV, a Dutch company. Further information on Ixquick can be found at www.ixquick.com Further information on the EU Privacy Seal can be found at http://www.european-privacy-seal.eu/about-europrise

For press inquiries please contact:

Dr. Katherine Albrecht
U.S. Media Relations
877-434-3100 [US toll free]
+1 973-273-2125 [for International access]
kma@ixquick.com

# # #

I have not really used ixquick.com metasearch site much, but now I'll definitely check it out. Whilst Google has many useful features, it also raise many privacy questions. So I am interested in seeing how ixquick.com compares. Their explanation of how ipquick.com protects your privacy is interesting. More on this later.

J.D. Abolins

The posting's title sounds like a joke involving changing lightbulbs. Something like, "How many techies does it take to wipe a disk clean?...."

But, seriously, disk wiping is a valuable procedure for security, privacy, and confidentiality. A common answer to the number of writes question has been the US Department of Defense's standard seven passes. But is this really necessary for most purposes?

Heise Security reports that one pass will suffice. This is based upon the study Overwriting Hard Drive Data: The Great Wiping Controversy by Craig Wright, Dave Kleiman, Shyaam Sundhar R. S. Heise Security summarised:

They concluded that, after a single overwrite of the data on a drive, whether it be an old 1-gigabyte disk or a current model (at the time of the study), the likelihood of still being able to reconstruct anything is practically zero. Well, OK, not quite: a single bit whose precise location is known can in fact be correctly reconstructed with 56 per cent probability (in one of the quoted examples). To recover a byte, however, correct head positioning would have to be precisely repeated eight times, and the probability of that is only 0.97 per cent. Recovering anything beyond a single byte is even less likely.

Seven passes will, of course, achieve the disk wipe after the first pass. But it will waste time with the additional passes.

Some people and organisations may have to do more than one pass because of legal and/or policy requirements until the laws and policies are adjusted to reflect the new study.

Elsewhere on the Web:

• Craig Ball of the EDD Update blog comments upon the reseach, saying "Told Ya So!"
• Craig Wright, one of the researchers, has posted some technical background about the research.

J.D. Abolins

Patrick McGoohan, the creator & star of The Prisoner and starred as John Drake in Danger Man (AKA Secret Agent man), died on 13 Jan 2009.

John Leyden of The Register wrote a good obituary of McGoohan. focusing upon his role as Number Six on the Prisoner. I remembered watching The Prisoner as a child, enjoying it but not fully understanding the programme's depth. Looking back at some of the episodes, I seeing interesting things I missed back then. Having dealt more with security, privacy, and liberties matters, I now better appreciate Prisoner Number Six's struggle.

"I will not be pushed, filed, stamped, indexed, briefed, debriefed, or numbered! My life is my own."

Elsewhere in the series was this exchange between Number Six and Number Two: 6: Where am I? 2: In the Village. 6: What do you want? 2: We want information. 6: Whose side are you on? 2: That would be telling, we want information, information information. 6: You won't get it. 2: By hook or by crook, we will. 6: Who are you? 2: The new Number 2. 6: Who is Number 1? 2: You are Number 6. 6: I am not a Number, I am a free man! 6: Who is Number 1? 2: You are, Number 6. 6: I am not a Number. I am a person.

Some other The Prisoner and Danger Man items:

• Some say that Number Six was really John Drake and that the Danger Man and The Prisoner series were connected to each other.
• The art design theme of HOPE Number Six in 2006 was, appropriately, The Prisoner series.
• The theme music for Danger Man was an instrumental piece quite different from the Secret Agent Man song by Johnny Rivers used for the US version of the series.
• I liked the ahead of its time technology in The Prisoner. Although the electromechanical filing device depicted in the series intro is retro today, it was quite amazing back then.
• The Village in The Prisoner was filmed in Portmerion, North Wales.A beautiful resort... even if you're a prisoner. Better, if you are a free person.

I am a person, not a number - be it rational or irrational, prime or not!
Jonathan "J.D." Abolins

The US Federal Bureau of Investigation's 2008 code breaking challenge is at
http://www.fbi.gov/page2/dec08/code_122908.html

The page also has a link to a nice intro to analysis of simple ciphers and codes, "Analysis of Criminal Codes and Ciphers" by Daniel Olson.

NOTE: I found a problem with the FBI page's display in Firefox 3 (both on Linux and Windows). By looking at the HTML, I found out that the ciphertext is presented via a Flash file. Going directly to the Flash file worked.

Cryptically yours,
J.D. Abolins

The Trenton Times reports today on Alex Barnard, a Princeton senior who has been studying dumpster diving and "freegans".

Freegans -- name coming from "free" and vegan -- scavenge through dumpsters, bins, curbside castoffs, Freecycle posts, and such, seeking items that can be re-used. Some freegans will eat food they find thrown out by supermarkets and restaurants. (Sounds unhealthy but they say much of the food is fine.) Freegans have an activist viewpoint, seeing their reclaimations as way to reduce the amount of stuff that ends up in landfills and as an anti-consumption act by reducing the demand for newly manufactured consumer goods. (There are other aspects of freegan activism, see freegan.info for more information.) In a way, freegans are "the conscientious objectors of capitalism", to use a phrase the Time got from Bernard.

Although I find some aspects, such as squatting, of freegan activism a bit further on the edge than I'd care to go, there is much worth learning from them. (Well, if the economy tanks further, squatting in buildings that are empty might not be so far out on the edge.) There is a lot of waste that is accepted as "normal" when it shouldn't be. Also, the push for "everything's gotta be brand new" overlooks the value of good design so things do last and of efficient design.

Alex Barnard, a sociology major, has been studying various activist movements, including the freegans. For his research, Barnard won the Barnard won the 2009 Daniel M. Sachs Class of 1960 Graduating Scholarship. He plans to use the award to pursue a master's degree Oxford. There, he hopes to continue studying alternative ways of living. Excellent!

Trying to reclaim my dignity and recycle it,
J.D. Abolins