#WikiLeaks “malicious search engine poisoning attacks” ?

Leaking eavestrough titled WikiLeaks

Defence staff warned to steer clear of WikiLeaks docs:

“The department fears accessing the site could expose government computers to “malicious search engine poisoning attacks” and that third parties might “collect and exploit visitor data or deliver malicious software through downloaded files.”

The Ottawa Citizen.

Yet from a computer security standpoint the WikiLeaks #cablegate downloads all seem to be in standard HTML, making the downloads relatively secure from malware because there is no javascript to execute malicious software code

Because the WikiLeaks downloads aren’t in Adobe PDF format they aren’t susceptible to the security vulnerabilities that come with the popular Adobe Reader and software.

Which makes downloading from WikiLeaks safer than downloading from many websites on the Internet.

But isn’t the Department of Defense at risk for:

“malicious search engine poisoning attacks” ?

Ahem…. what is that exactly?

SEO Poisoning” or “Search Engine Optimization Poisoning” may sound scary but what it means is tricking search engines into ranking your website more highly than it deserves.

This is done by inserting words or phrases that would get high ranking from a search engine. An example of “SEO Poisoning” might be when a webpage selling grass seed gratuitously using phrases like “Justin Bieber.”

Sometimes this dastardly deed is accomplished by including high ranking words and phrases in the same color as the background, making the text invisible to visitors and fooling Search Engines that do see these words and are fooled. This “poisons” the search results.

When I Googled “malicious search engine poisoning attacks” the were only a few direct hits, which explain it as “SEO Poisoning” used to drive traffic to scam websites.

The thing is, every time you search the Internet, using Google or Scroogle or Bing, any search engine is going to bring you results that are not what you are looking for. That’s why you get more than one answer to a search: it is far from an exact science. Poisoning is a serious problem for Google, say. But for the Department of Defense?

What WikiLeaks has done is to make classified material public. Which means that looking at some of this material will very likely violate Defense Department policy.

see no evil, hear no evil

2 out of three monkeys fro sale
This memo sounds rather like the equivalent of the “close your eyes” method of security. The only way to ensure Defense Department employees do not see any of this material online would be to disconnect from the Internet.

I would expect the Federal Government computer security staff to be aware of this. Perhaps the Department of Defense needs a little refresher course on computer security.


MEANWHILE:

WikiLeaks,org domain killed by US everydns.net after claimed mass attacks KEEP US STRONG http://alturl.com/qx8gd !wl

In other words, http://www.everydns.com/ has pulled the plug on http://wikileaks.org/

WikiLeaks may be down but they are not out.
Help keep WikiLeaks going by donating to:
https://donations.datacell.com/
http://collateralmurder.com/en/support.html

and

the Cablegate page is still up.

further reading

Australia provides some insight: Crikey: Missing the point on WikiLeaks

WL Central: an unofficial WikiLeaks Information Resource

boingboing: Amazon: Wikileaks has no right to publish the leaks and Wikileaks.org domain ‘killed’

TechDirt: Wikileaks Says Its Site Has Been ‘Killed’



Hear no evil, see no evil” Photo by Charlton Barreto on ipernity Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License

a horizontal border of red graphic maple leaves

Advertisements

Are PDFs DRM?

DRM stands for Digital Rights Management and TPM stands for Technical Protection Measures. Both of these are terms for “digital locks”. Digital Locks allow the manufacturer to control their product after we have bought them. Personally, I would think that a digital lock should be illegal, because once I buy something, I own it. But that’s another article.

Maple Leaf that says "Oh! Canada"

The Canadian DMCA has just been tabled by the Conservative government. The main provision of Bill C-32 the so-called “Copyright Modernization Act” that pretty much everyone agrees is bad is that the resulting law will make circumvention of digital locks illegal.

Which got me thinking about PDFs. A PDF is a technical protection of content locked in a digital format.

I used to be simply annoyed by PDF files. If I am getting information online, I don’t think it should be necessary to download special software in order to read it. So unless I really want the information badly, I won’t. And then I won’t use the Adobe reader which alwasy seems to have security warnings about all the ways Adobe Readers allow malware to get into our computers. How do computer viruses spread? By putting insecure things in our computers.

Everyone everywhere on the internet can read files in html without having to put software they don’t want on their computer. That’s what we see when we look at web pagees, or blogs or email.

I recently learned that the reason PDFs exist is to lock the document format for printing. So really, the only reason to put your information into a PDF file is to send it to a printer. It is not the right choice for disseminating online information.

If the information is really important to me, I will use the PDF reader I have. So it is possible for me to deconstruct important information like say an ACTA leak into html so that people can read it Shine a Light on ACTA: A.C.T.A. Anti Counterfeiting Trade Agreement Unlocked Then the information can also be indexed by search engines.

But the question is:

Is a PDF DRM or TPM?

The reason people put content into a PDF file is to preserve the formatting. A PDF file uses technical protection measures to preserve the formatting. Many people have software to deconstruct PDFs, dor me, if I want to circumvent a PDF’s TPM I have to do it the old fashioned way, by re-typing it.

So if they pass Bill C-32, deconstructing a PDF will be circumventing a digital lock. It will be illegal, won’t it?



P.S. Oh look, more warnings:

engadget: Adobe’s Flash and Acrobat have ‘critical’ vulnerability, may allow remote hijacking

ZD Net: Adobe warns of Flash, PDF zero-day attacks

United States Computer Emergency Readiness Team: Adobe Reader and Acrobat customDictionaryOpen() and getAnnots() JavaScript vulnerabilities

ars technica: Flash security vulnerability exploited in PDFs

#digicon

was #copycon futile?

Last year the Canadian Government held a Copyright Consultation to ask Canadians what we thought was important for Canadian copyright law. More than 8,000 Canadians from all across Canada made #copycon submissions. We have yet to see if we were heard, although rumour has it that the legislature will be seeing a new Canadian Copyright bill soon… possibly for June 2010. Many of us have serious concerns about whether it was an exercise in futility or not.

No.

From my perspective, even if the government does not listen and learn from the #copycon, I know I have learned an enormous amount about copyright and how we think from other Canadians who made submissions. From things I’ve read and learned from the #copycon, if I were to make a copyright submission today it would be very different. But that’s another post.

Canadians are talking about copyright, and understanding the forces at play much better. The conversation is far from over, and we need to get a handle on things and come to a consensus about before law is made.

What was said by Canadians in the formal Copyright Consultation submissions has laid the foundation of a valuable resource for all Canadians. A reference primer of “What Canadians Want”.

we don’t want bad law

But the law may be made anyway. Rumours that the government will try to push through a Canadian DMCA (a Bill C61 clone) have many citizens worried. But sometimes that happens, bad laws get passed.

Probably one of the biggest exercises in lawmaking futility was the American 1919 Volstead Act which we know more familiarly as Prohibition. God fearing law abiding solid citizens— people who wouldn’t have so much as dreamt of jay walking before Prohibition— instantly transformed into criminals frequenting speakeasies when the American law outlawing alcoholic beverages went into effect. The roaring twenties came and went before Prohibition was repealed in 1933.

Because prohibition favored the goals of a special interest group over society’s mores it just couldn’t work. Aside from fostering near universal flagrant contempt for the law among citizens, a serious byproduct was the support this bad law gave to the growth of organized crime. Before American Prohibition, the mafia was just some petty disorganized criminals. After Prohibition gangsters became rock stars. How many books, articles, movies and even musicals have grown up out of the gangster mystique. Canada’s own gangster wannabes in The Boyd Gang seem to have hatched out of the gangster mythology. Folk heroes even.

Friar Tuck and Robin Hood in Sherwood Forest, Robin In The Hood Festival
Hundreds of years later we still idolize Robin Hood

What I know of history has shown that when bad laws are passed the populace initially chafes and suffers. Although the government passing the bad law hopes that people will put up with it, one thing that they never seem to expect is that bad laws provide their opponents with points of commonality.

Often people who are ideologically incapable of co-operating are galvanized into finding a way to work together when a bad law is passed. The bad law itself becomes a visible rallying point, a specific dragon to slay.

One of the most compelling things that any bad law provides to its detractors are the martyrs.

Although I talked about this story as an example of what to expect if the secret A.C.T.A. treaty is passed, it is a real life demonstration of what is happening right now in the US under the existing American DMCA. A young woman went to jail for the crime of recording her sister’s birthday party.

And although history shows that bad laws tend to be overturned in time, I still think it’s better not to have bad laws in the first place.

In the case of copyright, the people who will be most harmed by bad copyright law are the younger generation, many of whom have not attained voting age. As a mother, this special interest group is important to me, because I don’t want to see bad things happen to our best and brightest.

As a student of history I do know that there will very soon be a time when this generation will not only be able to vote but, may well be able to form a government. When I was a teenager we thought running for student council was a big deal. Today Canada’s newest political party has been formed largely by people barely old enough to vote.

Digital Economy Consultation

In the meantime the Canadian government has again asked us for our input.

This time it is for a Digital Economy Consultation. How the Canadian Government reacts to the changes caused by the digital world will have a huge impact on our future. Our economy.

A long time ago Canada had climbed to the forefront of the world of technology with the Avro Arrow. Yet an incredibly short sighted government pulled the plug on that and well and truly killed the project. Naturally it triggered a “brain drain”, as many of Canada’s best and brightest migrated to the United States to work at NASA. Surely we don’t want to go that route again.

Acryllic on Illustration board painting by Aviation Artist Lance Russwurm
Once Canada led the world in technology...

We certainly don’t want to end up in a legislative shambles the way the United Kingdom has. Their ill advised Digital Economy Bill (know to Twitterati as #DEBill) which was rushed through the legislative procedure without proper scrutiny resulted in a hung parliament and the fall of a Prime Minister. Surely Canada doesn’t want to go that route either.

All Canadians should try to participate…

…even if we say what we think and what we want, and they choose not to hear, the ideas will still be out there floating in the ether.

Judging by the quantity and passion of the comments I’ve been reading in online articles to do with weighty issues like UBB and copyright, many of us have thought about this and have a lot of good ideas. This is a good place to put them. And what better time to be heard than when we are lucky enough to have a minority government. At times like this, governments at least try to give the appearance of listening.

Maybe that doesn’t sound like much, but as a mom I can tell you, when you ask your kid to pretend to go to sleep, before long he really is asleep. Maybe if our government starts out by appearing to listen to our submissions they will accidentally find themselves actually listening.

It’s worth a shot.

#digicon

I think that the #digicon will be just as valuable for Canadians as the #copycon was. The process isn’t quite the same as the earlier consultation. As I understand it, off topic comments (such as talking about copyright reform) are likely to be moderated out of the forums.

Read the #digicon Consultation Paper
Participate in the digicon forums – see what other people have to say
DENT about #digicon
tweet about #digicon.
Talk about it on your wall.
Then write your own submission.
**Note: They want a 250 – 500 word summary of the submission as well. I assume to make it easier to sort the piles.

the process

It seems that although the 40 page Submission Guidelines can be downloaded as a PDF, they are also available in clear HTML on the website. Yay! I love that they are asking for submissions in

text-only format or as a document upload (e.g., Word, RTF or WordPerfect formats”

http://de-en.gc.ca/submissions/

Sounds like they’d rather not get stuck in the PDF morass they had for copycon. Deconstructing all the PDF submissions is probably the chief reason why it took so long for all the submissions to be posted online.
(I hate PDFs!)

time limit

As of today, there are 49 days to make a submission. But there’s a lot to think about, so don’t leave it until the last minute (as so many of us did with #copycon)

Things you might say today may help someone else develop a brilliant strategy that would benefit us all. (Hint: that’s why re:mixing is such a good idea)

back-up

I read a comment yesterday from someone who was concerned that the comment or link they’d posted to the #digicon page had been subsequently removed (or moved somewhere else).

If you’re concerned that may happen to your comments or links, or if you’ve something you want to say about the Canadian Digital Economy Consultation that you feel may not survive their moderation, feel free to put it in the #digicon links & comments
My only rules: no spam, no personal attacks/hate mongering.

Similarly, if you have pertinent links you think may help answer questions or examine the issues, feel free to include them. If they start to pile up, when I have a minute I’ll list them under #digicon links in the sidebar.

insurance

Because some Canadians are a bit cynical, we not only submitted our formal #copycon submission to the government, we also posted it on our blogs or websites as (ahem) insurance.

As any emerging artist knows, the wider you can disseminate your art the more people will have the opportunity to become a fan. Or in this case, the more people who can see and read the argument, the more can understand the argument.

to blog or not to blog

If you don’t have one, you can get a free blog from various sources; personally I’d recommend WordPress.
If you don’t want a blog, but want to be heard, I’m willing to post submissions on the Oh! Canada blog as a guest post.

Consultation Questions

Innovation Using Digital Technologies

  • Should Canada focus on increasing innovation in some key sectors or focus on providing the foundation for innovation across the economy?
  • Which conditions best incent and promote adoption of ICT by Canadian business?
  • What would a successful digital strategy look like for your firm or sector? What are the barriers to implementation?
  • Once copyright, anti-spam and data breach/privacy amendments are in place, are their other legislative or policy changes needed to deal with emerging issues?
  • How can Canada use its regulatory and policy regime to promote Canada as a favourable environment for e-commerce?

Digital Infrastructure

  • What speeds and other service characteristics are needed by users (e.g., consumers, businesses, public sector bodies) and how should Canada set goals for next generation networks?
  • What steps must be taken to meet these goals? Are the current regulatory and legislative frameworks conducive to incenting investment and competition? What are the appropriate roles of stakeholders in the public and private sectors?
  • What steps should be taken to ensure there is sufficient radio spectrum available to support advanced infrastructure development?
  • How best can we ensure that rural and remote communities are not left behind in terms of access to advanced networks and what are the priority areas for attention in these regions?

Growing the ICT Industry

  • Do our current investments in R&D effectively lead to innovation, and the creation of new businesses, products and services? Should we promote investments in small start-ups to expand our innovation capacity?
  • What is needed to innovate and grow the size of the ICT industry including the number of large ICT firms headquartered in Canada?
  • What would best position Canada as a destination of choice for venture capital and investments in global research and development mandates?
  • What efforts are needed to address the talent needs in the coming years?

Canada’s Digital Content

  • What does creating Canada’s digital content advantage mean to you?
  • What elements do you want to see in Canada’s marketplace framework for digital media and content?
  • How do you see digital content contributing to Canada’s prosperity?
  • What kinds of infrastructure investments do you foresee making in the future? What kinds of infrastructure will you need in the future to be successful at home and abroad?
  • How can stakeholders encourage investment, particularly early stage investment, in the development of innovative digital media and content?

Building Digital Skills

  • What do you see as the most critical challenges in skills development for a digital economy?
  • What is the best way to address these challenges?
  • What can we do to ensure that labour market entrants have digital skills?
  • What is the best way to ensure the current workforce gets the continuous upskilling required to remain competitive in the digital economy? Are different tactics required for SMEs versus large enterprises?
  • How will the digital economy impact the learning system in Canada? How we teach? How we learn?
  • What strategies could be employed to address the digital divide?

Improving Canada’s Digital Advantage

  • Should we set targets for our made-in-Canada digital strategy? And if so, what should those targets be?
  • What should the timelines be to reach these targets?

a horizontal border of red graphic maple leaves


There are a lot of questions. After reading the material, listening and/or participating in the forum discussions, chatting with co-workers around the water cooler or the oil rig, or the kids in your youth group, or with your e-friends on Identi,ca, Twitter or Facebook…

Say what you think.

Our government is asking us for input. Let’s give it to them.

a horizontal border of red graphic maple leaves

[Digital Economy Simulpost: Since this will affect all Canadians, I’m posting the same post in all three of my blogs, Oh! Canada, StopUBB, and in the wind]