The Stereotyped Beauty Model

If women/girls didn't hate each other so much, they could rule the world. Nice ad counter-attacking the entire "chickness ad model". Feels like Unilever got so successful promoting it, so that now they have to reposition themselves as a socially oriented company, not masters of Photoshop whose virtual creations directly influence McDonald's business model.

Registered Sex Offenders on MySpace

Should you be filtering online predators, prosecuting them, or monitoring their activities to analyze and model the behaviour of the rest of them? Seems like Kevin Poulsen's been data mining MySpace using the Department of Justice's National Sex Offender Register, and the results are a Caught by Code MySpace Predator :

"The automated script searched MySpace's 1 million-plus profiles for registered sex offenders -- and soon found one that was back on the prowl for seriously underage boys.Excluding a handful of obvious fakes, I confirmed 744 sex offenders with MySpace profiles, after an examination of about a third of the data. Of those, 497 are registered for sex crimes against children. In this group, six of them are listed as repeat offenders, though Lubrano's previous convictions were not in the registry, so this number may be low. At least 243 of the 497 have convictions in 2000 or later."

These findings indicate the offenders' confidence in MySpace's inability to take the simplest measure - match the publicly accessible data with its database - just in case. It's also worth mentioning that according to a recently released comScore analysis "more than half of MySpace visitors are now age 35 or older", and that according to their analysis, Facebook, and Xanga have much younger audiences, namely represent a top target for online predators.

The most important issues however, remain the moment when a kid losses the communication with its "folks", and the huge amount of information kids share on any social networking site, thus unconsciously creating more contact points for the online predator.

Internet Safety for Kids - a presentation for adults, is full with handy tips for educating and building awareness on the problem.

CIA's In-Q-Tel Investments Portfolio

In a previous post "Aha, a Backdoor!" I discussed the "exemption" of publicly traded companies from reporting to the SEC the usual way, and particularly their investments related to national security. The strategy is visionary enough to act a major incentive factor for companies to both, innovate, and supply the homeland security and defense markets.

However, publicly obtainable data can still reveal historical developments:

"A relatively unknown branch of the CIA is investing millions of taxpayer dollars in technology startups that, together, paint a map for the future of spying. Some of these technologies can pry into the personal lives of Americans not just for the government but for big businesses as well.

The CIA's venture capitalist arm, In-Q-Tel, has invested at least $185 million in startups since 1999, molding these companies' products into technologies the intelligence community can use.

More than 60 percent of In-Q-Tel’s current investments are in companies that specialize in automatically collecting, sifting through and understanding oceans of information, according to an analysis by the Medill School of Journalism. While In-Q-Tel has successfully helped push data analysis technology ahead, implementing it within the government for national security remains a challenge, and one of In-Q-Tel’s former CEOs, Gilman Louie, has concerns about whether privacy and civil liberties will be protected."

In a related Red Herring article, In-Q-Tel points out that :

“We don’t just invest in equity of companies,” said Scott Yancey, the firm’s interim chief executive. “That’s kind of the hallmark of who we are in terms of being the strategic investor.”

Observers said the payments don’t fit with the typical venture model.

“To the extent that In-Q-Tel incentivizes its portfolio companies or employees otherwise, it sounds like from an outsider’s point of view that they’ve needed to create some artificial incentives that wouldn’t otherwise be necessary in a traditional venture model,” said Scott Joachim, a partner with the law firm Drinker, Biddle, & Reath."

The Intelligence Community realizes that innovation will come from outsiders working for insiders, and with "more than 130 technology solutions to the intelligence community", CIA's In-Q-Tel seems to have made quite some sound investments.

A true angel investor in the "silent war". And yes, even you can submit a business plan looking for seed capital -- and a "tail" to ensure you're developing in the right direction?

Observing and Analyzing Botnets

Informative and rich on visual materials, research presenting a "A Multifaceted Approach to Understanding the Botnet Phenomenon"

"Throughout a period of more than three months, we used this infrastructure to track 192 unique IRC botnets of size ranging from a few hundred to several thousand infected end-hosts. Our results show that botnets represent a major contributor to unwanted Internet traffic—27% of all malicious connection attempts observed from our distributed darknet can be directly attributed to botnetrelated spreading activity. Furthermore, we discovered evidence of botnet infections in 11% of the 800,000 DNS domains we examined, indicating a high diversity among botnet victims. Taken as a whole, these results not only highlight the prominence of botnets, but also provide deep insights that may facilitate further research to curtail this phenomenon."

Botnets' security implications are often taken as a phenomenon, whereas this is not the case as distributed computing concepts have been around for decades. Some interesting graphs and observations in this research are :

- Breakdown of scan-related commands seen on tracked botnets during the measurement period
- The percentage of bots that launched the respective services (AV/FW Killer) on the victim machines
- Distribution of exploited hosts extracted from the IRC tracker logs

What botnet masters will definitely optimise :
- disinformation for number and geolocation of infected hosts
- alternative and covert communication channels compared to stripped, or encrypted IRC sessions
- rethink of concept of performance vs stealthiness
- rethinking how to retain the infected nodes, compared to putting more efforts into infecting new ones
- for true competitiveness, vulnerabilities in anti-virus solutions allowing the code to remain undetected for as long as possible
- synchronization with results from popular test beds such as VirusTotal for immediate reintroduction of an undetected payload

The future of malware stands for solid ecosystem and diversity, whereas, both, researchers, the Pentagon, and malware authors are actively benchmarking and optimising malware, each having seperate objectives to achieve.

Go through a previous post "Malware Bot Families, Technology and Trends" in case you want to find out more about botnet technologies, and update yourself with the most recent case of DDoS extortion.

North Korea's Wake-up Call

"Hey Dick, do you know what time it is? It's Time to Bomb Kim Jong!"

Hunting the Hacker - Documentary

Here's a recently released documentary -- in Russian -- entitled "Охота на хакера", or Hunting the Hacker, discussing IT security, cyber crime, malware authors, onlie scams etc. It also features Eugene Kaspersky commenting on various trends. Don't forget, Russian hackers and Eastern European ones are not just responsible for the sky-rocketing cyber-crime cost "projections", but for the global warming effect as well. I often come across biased comments on wrongly structured research questions such as : "Who are the best hackers in respect to nationalities?", where it should have been formulated as "How vibrant is the IT security landscape, so that the changing dominance lifecycle of a nation could be measured at a particular moment in time?"

True hackers don't have nationalities, they're citizens of the world. Download or stream it from Google Video.