6/1/2011 7:20 PM
Subject: In regards to your "Computer Hacking" story

To whom it does concern,

To start I would like to say: I've been a fan of PBS for years and for the most part I appreciate the dedication and the impartiality of the PBS News Hour staff. In addition I make my living working in IT and have a sizable level of experience in regards to Computer Security. However on a less congratulatory note, I just finished watching your "Computer Hacking" discussion that was broadcast on the PBS Nightly News on 2011/06/01 @ 6 PM EST and I was appalled. I've seen very few pieces on the "Nightly News" that I would characterize as lacking and/or shoddy. However this discussion was appalling in the unchallenged slant that was presented.

Computer security is a problem, of that there is no doubt. It is most certainly a problem of what I would refer to as unrealized importance. Most people simply do not take this situation seriously. In the case of what happened to the PBS servers over the last few days, I sympathize with you and your staff. Admittedly I am a great fan of Wikileaks as well as so-called hactivist groups such as Anonymous. However the Front Line story the responsible group is taking issue with, was not nearly so bad as they want people to believe. It was a different viewpoint than I would've picked, but a valid one nonetheless.

That having been said, I think you all would benefit from spending a greater amount of time considering the circumstances surrounding these hacks. In each case the situation differs, but is still worthy of consideration. However in all of these situations regardless of whether the victim is PBS or Sony, there is one common thread: The IT personnel responsible for the network failed to protect that network. One of the members of your panel tonight made the claim that college kids can just Google how to break into systems and he is absolutely correct on that front (though very little else). In truth, the question you should be asking yourselves is:

"Why did my own IT people not Google how to break into systems and make sure our systems were impervious to these attacks?" Now of course this is a bit of a generalization since the specifics of the attack itself in each instance have not been made clear. I don't know whether or not the hackers used social engineering, a well known software security hole, a zero day exploit or exploitation of a configuration oversight to obtain their access. However it has been my personal experience that the majority of security breaches are preventable and therefore not the result of zero day exploits and more often than not a result of oversight and/or laziness on the part of the IT department.

In your particular situation, you addressed the responsible groups motivation and that was good. However in the case of other high-profile hack attacks that were mentioned such as the Sony attacks, the motivation was not addressed. Let me be clear: Sony is not the victim here. Sony was hit but two attacks simultaneously. One was a DOS (Denial of Service) attack from the hactivist group, "Anonymous". This attack was initiated in response to a war that Sony has been and continues to wage against it's own users in regards to what constitutes a legitimate use of the hardware (i.e. the PS3 and PSP units) that customers have purchased from them. Bottom Line: Sony wants to sell you hardware and then tell you what you can and cannot do with it. From a technology standpoint, it is unprecedented, comparable to the war AT&T tried to wage on third party phones plugging into their network many many moons ago.

In regards to the second attack, Sony is still not the victim. Sony's customers on the other hand, are the victims. Sony as a company failed to protect the interests of those customers by failing to protect their personal information. If Sony loses business (as they should) then it hardly seems fair to solely blame the hackers. The hacker simply broadcast the failure of Sony and turned their incompetence into a public affair. Just as was the case with PBS, the IT department failed. As it became evident later on, their software developers also failed. Neither group appears to be very knowledgeable on the subject of security. This is the Achilles heel that you all completely glossed over. In addition individual users have to take some level of responsibility for their actions and the consequences associated with those actions.

Finally, one of your panelists argued that the industry needs to build a better piece of software that would be so susceptible to these kind of attacks. To be frank, while there are improvements that can be made (in regards to the reduction of technical exploits and the like) the majority of hack attacks occur through the exploitation of mis-configured services/software and/or social engineering. He compared the failure of the software industry to the failure of the car industry to make roads safer. I find this to be a non-sequitur. Much like the statement that was made about hackers "misappropriating" security tools for their own nefarious purposes, that comparison is missing the point. Cars, security tools, software and swords can all be used in good ways and they can also be used in bad ways. For example, I can use a sword to defend myself from an attack but I can also use that same sword to decapitate somebody. The same concept applies to cars, security tools and all of software to consider.

Thank you for your consideration and for the most part your fine work,

Jay Little

11/3/2009 7:29 AM
So apparently there is an election where I live in Greer today. And I don't care. However when the father of one of the candidates came stumping through my neighborhood this weekend and handed me a brochure advertising his daughter's candidacy, I couldn't help but be struck by the level of nonsense it contained. For instance his daughters political party membership, views on important topics and stances and on issues relevant to Greer as a community were not included in this pamphlet. However it did mention the church she was a member of, the fact that she was a small business owner along with where she went to high school. Apparently fixing that pothole that I hit every morning crossing Highway 29 via Arlington is not a platform issue. Which is a shame because without a commitment on that particular issue, I'll be forced to ignore the election as a whole.

Hell, even her website demonstrates this total ineptitude towards running a campaign. Check it out for yourself.

Moral of the story: Elections in the real world are much like elections in high school: Pure popularity contest. Unless of course you live in a fantasy world, your name is Pedro and you have an insanely nerdy friend named Napoleon that makes the rest of us nerds seem mild in comparison :)

10/15/2009 7:55 AM
So I watched the news this morning as Annette made me a birthday morning breakfast. Thank goodness I managed to go the entire hour without hearing about Swine Flu. If I had to pick one thing I've been hearing about lately that really ticks me off, it would be Swine Flu. I mean the media and the doctors keep telling us this is a serious issue, but the fatality rate is quite low, even lower than that of the normal seasonal flu.

But but but, we all need to be vaccinated or we will die! But only a handful of people are dying, right? But apparently the disease could mutate into a much more deadly variant. Okay, I accept that possibility. I also accept the reality that the vaccine I take to protect me from today's variant, would not protect me from tomorrow's evolved super killer. But as with everything in this country (war on terror, healthcare and any other issue of the moment) fear has become the overriding factor in our discussions regarding the issue rather than the facts. What's particularly amazing about our system is the ability of politicians and others in power (i.e. lobbyists) to harness this fear for their own nefarious purposes all while leaving us as a whole up the creek when it comes time to pay the piper.

For instance all of the news shows this morning have talked about, "The Recovery". Yeah the DOW hit 10,000. Who the hell cares? What difference does it make? More people are unemployed than ever, consumer spending is down all around, foreclosures are up and commercial real estate is literally imploding while the banks to scurry to hide the losses. But it doesn't matter, we are trumpeting a recovery of numbers that are fictional indicators clearly suffering from a massive disconnect from reality. The same thing is happening in regards to "Healthcare Reform" right now. Somewhere along the way reform became the same thing as handing out large wads of cash to the private companies that have been screwing us for years and hoping for the best. Let's not even talk about "Financial Reform" which has been largely non-existent outside of a few well written speeches here and there.

Bullshit. I'm a free market capitalist. I'm a libertarian. I'm agnostic. My socially liberal tendencies aside, I would've liked to have let the market solve some of these problems. Really I would have. But in all cases, we either missed the opportunity (i.e. bailing out the banks) or ignored the obvious problems for far too long. You can't take steps to subsidize a broken system and then play the "the market will solve it's own problems" card when presented with the crappy results your strategy has produced. But that's exactly what Republicans and Democrats are choosing to do.

But hey that's what we do in America. We employ the same broken strategies time and time again, regardless of their lack of positive results. There are dozens of examples of this. The embargo on Cuba, the War on Terror and the War on Drugs are great examples for starters. But still we persist. I think part of the reason for this is because the Democrats and Republicans have spent their efforts focusing the voters on pointless hedge issues like Abortion. How many people do you know that choose one political party over another based solely upon their feelings regarding Abortion? How stupid is that? It's legal and will likely continue to be legal into the foreseeable future. Why is it even a campaign issue? Why do people make a choice of political affliation based upon an opinion regarding an issue that has no realistic merit attached to it?

Is it because America is full of idiots? Perhaps. Is it because the real issues have become too complicated for the average individual to accurately grasp? More than likely. Is because most people in this country have confused religion and politics and adopted a strategy of "blind faith" when faced with the failures incurred by "their team"? You betcha.