Where Scanning the Internet Gets You

From awhile back, Brian Krebs talks to three researchers at U-M about their ZMap tool. An efficient and comprehensive way to scan the Internet, they’ve recently built a search engine called Censys that searches across their daily data collections from the ZMap scans.

From Krebs’ interview with the researchers (Zakir Durumeric, Eric Wustrow, and J. Alex Halderman):

“What we were able to find was by taking the data from these scans and actually doing vulnerability notifications to everybody, we were able to increase patching for the Heartbleed bug by 50 percent. So there was an interesting kind of surprise there, not what you learn from looking at the data, but in terms of what actions do you take from that analysis? And that’s something we’re incredibly interested in: Which is how can we spur progress within the community to improve security, whether that be through vulnerability notification, or helping with configurations.”

Using ZMap allows them to quickly collect this data (compared to other network scanners), but the researchers aren’t just scanning the Internet because they feel like it. They’re taking action based on the scan results—notifying people when their machines are vulnerable to the Heartbleed bug.
Beyond notification, they can take other steps:
“So, that’s the other thing that’s really exciting about this data. Notification is one thing, but the other is we’ve been building models that are predictive of organizational behavior. So, if you can watch, for example, how an organization runs their Web server, how they respond to certificate revocation, or how fast they patch — that actually tells you something about the security posture of the organization, and you can start to build models of risk profiles of those organizations. It moves away from this sort of patch-and-break or patch-and-pray game we’ve been playing. So, that’s the other thing we’ve been starting to see, which is the potential for being more proactive about security.”
Internet scan data can help us better understand organizational security posture and develop different models of risk profiles in organizations. With those risk profiles, improving an organization’s security posture could be a matter of identifying the inefficient elements and focusing on them. Security posture is culture as much as machines. While SIEMs can identify risk factors in your machines, models of organizational security posture can identify the risk factors in your culture.

Accessibility, Sound, and Communication

My birthday was yesterday! To celebrate, I ate an overly large and overly expensive steak and sorely undercooked brussels sprouts. Do yourself a favor and always roast brussels sprouts until they are caramelized and crunchy, then put some reduced apple cider and maple syrup on top. YUM!


Technology, while making the world more accessible than it has been in the past, has a lot of work to do for people with disabilities. A huge example of this is the shortcomings in OCR (optical character recognition) technology. In short, OCR sucks. And when we use it to simplify our lives (make a PDF into something that I can copy-paste into a text file), then when it fails it’s a minor inconvenience, and a silly one at that.

Just one problem. Continue reading

Reading, Drones, and Georgie Washington

Americans are still reading books, Internet and all! Younger Americans are actually reading more than older generations, which could be partially due to the fact that with the rise of texting and social media, so much of our communication is text-based, so everyone is doing a lot more reading (and writing) in order to communicate with their friends. The original study is linked in that article and in this graph:

What are some other ways to get people to read books?

Well it helps a lot if your college library not only tells you the call numbers of the book, but it gives you precise directions to the location of the book, which is pretty awesome. Much more useful when navigating a giant library, like I have access to at the university I work at, as opposed to the smaller library at the university I actually attended.

Continue reading

Parks, America, and Reading

It’s Thursday! Not Friday. Go to work tomorrow. When you don’t have to work, though, you can go outdoors! Because July is Park and Recreation month. So. If you’re not working, and it is nice outside, go outside. Weekend, planned. Just for you.

Bruce is a jungle dog.

National parks are a great place to go outdoors. The National Parks Conservation Association is taking care to recognize people who identify as LGBT+ by doing more to preserve historical locations important to the legacy of LGBT+ life in the United States. More national parks, more important history preserved, lives validated. Recognized.

Mostly white people visit national parks. Fact. As of 2011, “only 7 percent of visitors to the parks system were black.” It hasn’t always been this way. The Boston Globe interviews geographer Carolyn Finney, who is recapturing the role of African-Americans in the history of the national parks system and the environmentalist movement.

Continue reading

Algorithms, Confidence, and Infrastructure

Every so often the Oxford English Dictionary adds new words. It adds them to its online dictionary with far more frequency than its physical tome, given that a physical dictionary is quite a bit more difficult to update. It released a list of new words yesterday, and while a few are new words entirely (bikeable) others are new definitions of familiar words. The “tumblr definition” of ship is recognized (and boy is the tumblr community excited about it) and a definition of thing that accounts for the phrase “is that a thing?”

a list of web domains that begin with the word important, including their IP addresses

Daniel Temkin put together an Internet Directory with a scrolling and searchable list of all registered domains with a top level domain name ending in .com

Ted Striphas was interviewed about the effects of algorithms (such as the ones that define the order of google search results, or what shows up in your facebook newsfeed) on culture. As he puts it, “The issue may come down to how comfortable people are with these systems drilling down into our daily lives, and even becoming extensions of our bodies.”

Continue reading

Software, Sharing, and Music

Here’s what was important this week…

Software is everywhere lately. My boyfriend asked me what I thought the next big website would be (after the success of Google, Myspace, Facebook, Twitter, etc.), and I realized it’s just as likely (if not more likely) to be a software application rather than a website. Paul Ford took some time to enshrine some works of software in a “software canon” — Microsoft Office, Photoshop, Pacman, the Unix operating system, and eMacs (which I’d never heard of until this essay came out).

Software has had a noticeable effect on our day to day lives (especially those with smartphones), but it’s also had a huge impact on music and the way it’s created, recorded, and produced. Fact Magazine went through 14 works of software that shaped modern music (electronic music started way earlier than I thought). One of those software applications is Auto-Tune, and the Sounding Out! blog happened to post about the history of Auto-Tune.

 

Continue reading

Journalism, Networks, and Grief

Here’s what was important this week….

Felix Salmon, a formers Reuters journalist, wrote a screed about why publishing news with the readers in mind is more valuable than breaking news.

As he puts it, “when journalists start caring about scoops and exclusives, that’s a clear sign that they’re publishing mainly for the benefit of other journalists, rather than for their readers. “

Even more clearly, and something that I can relate to easily, is the idea that:

“Readers come first, and all decent publications have their own readership: they shouldn’t be so meek as to assume that their readers will have invariably found the same news elsewhere, just because someone else’s version arrived a little earlier.”

When you spend most of your time on the Internet surrounded by, to borrow his phrase, media navel-gazers who lives on Twitter, everything starts to seem like unimportant, old news. But thankfully, when you talk to others outside of that arena, it is easy to remember that news that seems everywhere and overdone in one circle could be totally absent in another.

Continue reading

Women, the Web, and the App Takeover

Here’s what was important this week…

Today is Pi day. Here is more than you probably ever wanted to know about pi day.

Last Saturday, March 8 was International Women’s Day. Started as a revolutionary holiday to honor the achievements of women, International Women’s Day is recognized in many countries. However, in Nepal it is recognized by women only, rather than as a day where men pay tribute to the women. Nepal also has another holiday that only women observe:

“In early September in Nepal, Hindus – who make up 81 per cent of the country’s 30.5 million people – celebrate Rishi Panchami, a festival that commemorates a woman who was reborn as a prostitute because she didn’t follow menstrual restrictions. It is a women’s holiday, and so Nepal’s government gives all women a day off work. This is not to recognise the work done by women, but to give them the time to perform rituals that will atone for any sins they may have committed while menstruating in the previous year. (Girls who have not begun menstruating and women who have ceased to menstruate are exempt.)”

However, the interesting thing about a cultural distaste and monthly banishment that occurs surrounding menstruation, is that “they talk openly – more openly perhaps than the average teenage girl in the UK might – about what they use for sanitary protection. Some use sanitary pads, some are happy with cloths, although they dry them by hiding them under other clothes on washing lines.”

Continue reading

Identity on the Internet

Anonymity is valuable to the structure of the Internet, but as the identity of a person becomes fluid, the reputations and identifiability of someone’s online presence becomes increasingly valuable. While jobs rely on user-submitted references, as do academic applications, many also turn to your social media presence or to your search results to gauge reputation. Privacy by obscurity, as records are digitized and indexed, is no longer as viable. But, there is no consistent form of identification across the web. Each service relies on its own username as identifier, with character limits abound, and your ability to hold the same username across services relies on both the uniqueness of your username as well as the date you joined the online service. But are usernames outdated? A self-selected identifier, varying from service to service and format to format? As Mat Honan puts it, ““One of the best things about the online world is how it lets us be whoever we want to be. We shouldn’t have to sacrifice that just because someone else got there first.”

The advantage of a username is that, at least within a service, it “refers unambiguously to a particular person”. That works fine if you know the username of the person, but often you may only know their name. Luckily, with services like Facebook, a person’s unique identifier is their name, provided they haven’t pseudonymized it. Once you have connected with that person, you expect (within the relevant online service) when you type in their name, you will be returned with precisely the person you were expecting to find. The difficulty with this system is finding out the username of another person, and confirming that the person with their name online is really the person you’re looking for.

Continue reading