Forgot your password?
typodupeerror
The Internet

Swedish Lemon Angels 71

Posted by michael
from the social-engineering dept.
slaytanic killer writes: "Bruce Schneier addresses the "Third Wave of Computer Attacks" in a recent ZDnet article. Another step in his evolution towards looking at the human side of computer weaknesses; analyzing the dangers which come into life when humans translate syntax into meaning. Complete with links at the bottom about rigorous military analysis and Penn&Teller's exploding Swedish Lemon Angels."
This discussion has been archived. No new comments can be posted.

Swedish Lemon Angels

Comments Filter:
  • And that helps me alot... I did read the article. And that helps me how?

    I imagine that its some kind of cake or something like that, that contains baking soda and lemonjuice.. I imagine it contains flour too tho it doesn't stat that in the article. Meaning theres alot of information on Swedish Lemon Angels that is not included in the article.

    The interssting part about my post was pointing out that its acctually not swedish!. And another thing.. There isn't acctually a Swedish bikini team either.

  • Semantic attacks, and all their ilk, have only one general purpose: to mislead. However, one can be misled ONTO the correct path as well as OFF of it.

    Case in point:

    Warning: Cruel but syrupy anecdote begins here.
    This really happened many, many years ago at an outdoor event. Someone got a little overenthusiastic and fell out of a tree. He skinned his shoulder and wasn't sitting still for treatment from a woman with a first aid kit. He kept going on and on about how 'tincture of merthiolate' hurts and he doesn't want any.

    I was nearby and reassured him, "Would you relax? Solution of merthiolate doesn't hurt a bit. You barely even feel it going on."

    He listened, and settled down, and let her apply what she had in the bottle. And naturally, he yelped and flinched.

    See, what I told him was true -- solution of merthiolate really doesn't sting any. It was, however, completely irrelevant.

    He looked up at me and said, "I thought you said it wouldn't hurt!"

    I told him, "Solution of merthiolate doesn'thurt. But this is tincture of merthiolate! It stings like the dickens! But if I told you that, you wouldn't've sat through it, would you?"
    (Okay, show's over folks.)

    I could go on about how people need to check sources, and how information is only as trustworthy as the people who post it, but that should be obvious. Anyone with practice in critical thinking should know to question sources and relevance of statements someone is trying to feed them.

    But as long as people ARE going to be gullible, you might as well at least try to shepherd them in the right direction once in a while. They still won't thank you, but at least they'll be better off than they would have been had they listened to only one lie...


    ---
  • Lemon juice has weak citric acid and baking soda is a weak base. Mix them and you get a few bubbles. You need to heat it quite a lot to get any reaction and there's still only a small amount of foam you can get.
  • Nog första gången jag sett en diskussion glida in på svenska på /. =)
  • Hahaha! Perhap you would remember that William Jefferson Clinton is actually a employee for the glorious Chinese Nation Of China, much like spy and professional assasin Wen Ho Lee! Thank to Lee and work and La Alamo American Secret Netional American Lavatory, China people now have secret of Fire and will drop Atomic Bomb on United State for much glorious destruction and victory! Hahahaha!

    And alway remember, Stupid American,
    CHiCoMM phUcK1ng 0wNz j00!

  • Jag har sett det förr... med tanke på ditt user# har du nog bara haft otur.

    En gång var det ett härligt flamewar mellan höger och vänstertyper. Dessutom blev det (förstås) några svenskspråkiga inlägg senast uttalet av Linux diskuterades.

    Hm,... skriva på engelska till svenskar. Det gör jag tillräckligt på jobbet.

  • 2000-10-03 17:36:28 Schneier on "Third Wave" of Network Attacks (articles,news) (rejected)

    I plagarize this heavily when I say, "You bastards."


    --
  • You've been tricked by a Third Wave attacker.
    Moderators: please read the article before you moderate posts.
  • I think it is the general feeling among Americans that Swedish women are sexy, coupled with the fact that a famous H-anime series (H referring to the erotic in Japanese) is called Cream Lemon [tmok.com] and angel is common in the titles of both H and non-H anime and manga is what he meant.

    So, if he had said, corny H-anime, it would probably have been less confusing... or not.

  • Ättika??! Pew! Det är en av de hemskaste saker i Sverige. Ni har ingen riktig vinägar. Oj men som en engelskman jag saknar vinägar :-)

    Som tur har det ska jag besöker London om några veckor och jag kan köper tillräkligt med mina favorita vinägar laddat matvaror :-) (Heinz Slad Cream, Branston Pickle, Sarson Malt Vinegar mm.)


    "Give the anarchist a cigarette"
  • More on the cupidity and gullibility and general strangness of Computer Human Interaction [acm.org] can be found at the Risks Archive. [ncl.ac.uk] If nothing else, the fifteen-year-old definitions of Horse vs. Virus vs. Worm are interesting.

    The ACM forum on risks, the usenet risks forum (comp.risks) and others have been talking about this for years. I always go to the back page of Communications of the ACM for a hair-raising chuckle. Unfortunately, recently the columns have been self-serving ads.

    If you haven't recognized that people are the weakest link, where have you been?

  • Like most of what Penn and Teller do, the Lemon Angels joke is more significant than it seems on the surface. P & T love to play with people's assumptions, telling them up-front that what they're about to see is a scam, then fooling them anyway.

    Why do we assume that software we download from the 'net is safe, or that recipes we got from God-knows-where won't turn into foaming horrors? People who know anything at all about cooking shouldn't be fooled by the Lemon Angels trick...but they are.

    Do you have Lemon Angels on your computer?

  • First off this is just a case of social engineering. This method of manipulation has been around long before the internet and computers. Its sad that so many people like the news wire take security as an after thought.

    The internet is still in its wild west days. People are so quick to blame system administrators for not securing their machines. While this is certanitaly a bad practice its not the real problem. The locks on 99.9% of Americans homes would take me under a minute to pick. I learned to pick locks in less than an hour and could probably teach anyone to do it in the same amount of time. The only reason there isn't thousands of teenagers picking locks is because they are scared they will get caught. These guys are thieves (stealing your resources) and vandals. I've spent hours upon hours cleaning up because people failed to take my security advise.

    ISP's (especially cable and dsl) need to become more pro-active. I've helped clean up 100's of hacks and yet not one person has had to pay for their actions yet. Right now with it's almost impossible to track down these guys because people don't get it. Taking their account away doesn't solve anything it just moves them to another ISP. System administrators need to work together to get these guys put in jail. Once they realize their actions have consequences the "waves" of attacks will diminish.
  • Holy shit, that was awesome -- I'm literally LOL. Do repost later today!

    ---------///----------
    All generalizations are false.

  • It looks like a fine development to me. One of these days the trolls will be too stupid to type in www.slashdot.org All we need now is a program that tracks trolls and removes the URL from their "favorites".
  • Just try it! Mix baking soda and lemonjuice in a glass or whatever! Please try! THEN you'll know what they mean... :) Det kommer att bli en kemisk reaktion som kommer att stänka ner hela ditt kök... Det är jättekul! Vi gjorde det på kemin på högstadiet... :) Tillsätt lite diskmedel så blir det ännu tuffare! :)
  • by bellings (137948) on Friday October 06, 2000 @12:07AM (#727338)
    Recipe: SWEDISH LEMON ANGELS
    • 1 egg
    • 1/2 cup buttermilk
    • 5 tsp. baking soda
    • 1/2 tsp. vanilla
    • 1 cup lemon juice
    • 1 and 1/4 cups sugar
    • 1 cup flour
    • 3/4 cup sugar
    • 8 tbs. melted butter
    preheat oven to 375 degrees.
    1. In a small bowl beat egg until foamy.
    2. Add the butter milk and the vanilla and blend well.
    3. Add the baking soda, one teaspoon at a time, sprinkling it in and beating until it is smooth.
    4. Add the lemon juice all at once and blend into the mixture.
    5. Scoop the mixture out of the bowl useing a spatula and spread onto a floured surface.
    6. sift the flour and the sugar and work it into the mixture using your fingertips.
    7. With a floured rolling pin, roll the dough out 1/32" thick, and with the tip of a sharp knife, cut out "angel" shapes and sprinkle on some sugar.
    8. Brush with butter.
    9. Place on ungreased baking sheet and bake for 12 minutes or until the edges curl up.
    10. Let cool and serve.
    For anyone who somehow managed to miss kitchen chemistry as a kid, these are going to blooey right around step 4. Fun.
  • This part is easy:

    [root@bofh /root]# rm -rf /home

    :-)

  • Ättika går också bra...

    Bakpulver inlindat i lite hushållspapper (så reaktionen dröjer lite) och ättikssprit i en väl tillsluten c-vitamintub. Se där en kul liten fälla att lämna någonstans...

  • On my first reading of the article summary, I thought it said, "Complete with links at the bottom about rigorous military analysis of Penn&Teller's exploding Swedish Lemon Angels." Imagine my disappointment upon following the link.

    Personally, I'd be much more satisfied knowing at least a portion of the money removed from my paychecks to help fund the military was being used by them to study the potential threat Penn and Teller's antics pose to national security. Oh well.

  • People will almost always believe things that are being told by an "authority". This happens on TV, in newspapers and nearly every other source of information. The only way this is going to change is by shoving down their throat the difference between an authority and a phony, and that's just not going to happen. People want to believe what they're being told, instead of having to think on their own.
  • I don't know of any instance of someone breaking into a newspaper's article database and rewriting history, but I don't know of any newspaper that checks, either.

    Anyone pick up the 1984 reference, or am I being paranoid? What's really to stop person or organization from selectively editing history. With much of our text-based news coming from just a few on-line sources, such a future is conceivable, I think.

    Along those lines, not too long ago there was an article in The New Yorker discussing how libraries are destroying or giving away their vast archives of newspapers. Without such hard copies, we make ourselves vulnerable to such attacks.

    "Who controls the past controls the future; who controls the present controls the past." -- George Orwell, Nineteen Eighty-Four, pt. 1, ch. 1
  • It's a practical joke. It's called "swedish" just to make it sound foreign and intresting. A swede would probably have called it "Amerikanska citronänglar" One tends to overlook bizarre things in a recipie and simply figure it's a foreign thing.

    Baking soda and the acid from the lemon juice will cause a messy reaction in your kitchen.

    Nothing to do with the swedish chef either (bort-bort-bort)

  • The underlying problem is we don't seem to be able to program common sense. I've seen something similar in modeling target capture by bats. How do they localize and track their targets? Working from a sonar or radar model leads us to model the process using a tracking filter. Tain't so. The bats listen to the target until they think they understand what the target is doing, and then they go eat it. Works much better than any radar system, but suggests bats behave more like hackers than computers...
  • Put the mixture in a glas jar, pour lemon juice on close jar, duck. :-)
  • the onslaught of bad laws.

    Whenever people can't think for themselves, they look to their political leaders to protect them. The politicos always see this as a chance to grab for power.

    Case in point. Shyesters go around selling magical elixers that cure everything from snoring to herpes. Usually, the potions do more harm than good. Foolish people fall for the shenanigans time after time after time.

    The super-amazing, ever-vigilent Congress comes to the rescue. Their solution? No one is allowed to sell anything as a drug that isn't approved by the FDA. The shyesters disappear, but as a side effect innovation is shot full of holes. If I am a cancer victim with 3 months to live, I have to find a way to Mexico in order to try a new experimental drug, since the FDA hasn't determined if the drug will kill me or not. The point isn't that the Mexican cure most likely will, but that the FDA now has the power to make the choice for me.

    The better solultion, IMHO, would be for the FDA to have an approval process. No one be allowed to claim FDA Approval, with the approval signifying that the medicine has been proven to be safe and effective. Now, as soon as the shyester rolls in, you ask to see his seal of approval. When he can't produce it, you walk away. I still get to decide if the guy is legite, but I do have some authority from knowledgeable people to guide me.

    Now we are saying the same thing about computer networks. Some people are misrepresenting themselves. Be on the lookout for politicos to pass laws that will limit our choice and freedoms while increasing their power in order to save us from these miscreants.

    BTW, the shyesters are still in operation, despite the FDA. If in doubt, visit a health food store or your local gym and read the labels of some of products they sell.

  • It's a tradgedy that something like this occurred to you, but the root of the problem is:

    The individuals in our society (American, mostly) do not want to take responsibility for their own actions.

    They want to blame it on somebody else, or disregard issues that affect them in a detrimental way. It is a form of greed and selfishness.

    Until each and every one of us wakes up and realizes that we are not in our own little world, and that the world doesn't revolve around us, such tradgedies will continue to occur.

    I support the EFF [eff.org] - do you?
  • Actually, I believe there was one terminal, long time ago, that did have such a key (ADDS ViewPoint keeps popping into my head, but it may be another, even more obscure terminal). I remeber seeing an ad or an article about it in a very old BYTE magazine...

    I support the EFF [eff.org] - do you?
  • by 2RockStars (81005) on Thursday October 05, 2000 @08:21PM (#727350) Homepage
    Seems like Slashdot itself is responsible for a number of "Third Wave" attacks... and at the same time, is a perfect vector for a third-party Third Wave...

    Too lazy to look up examples - fire away...
  • by Twid (67847) on Thursday October 05, 2000 @08:38PM (#727351) Homepage
    I realize that Bruce needs to structure some sort of narrative around his article, but this "third wave" of "semantic hacking" is hardly new.

    The attack on Internet Wire was just an insider abusing the system. It's been going on for quite a while, and shame on Internet Wire for having lax enough security than an ex-employee could abuse the system. Social Engineering has also been a common practice for years: call the helpdesk from the CEO's phone and demand that your password be reset. Easy stuff, old practices. In fact, social engineering, manipulation of the press, and misleading the public are practices that predate the internet by a few thousand years:

    "What of this again, that these people are experts in flattery, and will commend the talk of an illiterate, or the beauty of a deformed, friend, and compare the scraggy neck of some weakling to the brawny throat of Hercules when holding up Antaeus[12] high above the earth; or go into ecstasies over a squeaky voice not more melodious than that of a cock when he pecks his spouse the hen? We, no doubt, can praise the same things that they do; but what they say is believed."
    - Juvenal's Satires [fordham.edu]

    What's new is that the interconnectedness of the internet community is allowing these practices to migrate to the internet in powerful ways. At least one person believes that this is cause for deep optimism: [hyperorg.com]

    "All the bad things we hear about the Web are true. There really are people online who'd like to lure our children into shadows. There really are hucksters who'll steal not only your money but your identity. There really are people who'll take pictures of you in a public bathroom and publish the pictures to the world. Every human vice
    we can imagine finds its way onto the Web, which seems to spur the world's most lurid imaginations even further. But the reason for this should be a cause for optimism."

    You can check the article out yourself for more, but I agree with the premise. The internet continuing to mirror the "real" world is generally a good thing, and the "forces of good" can harness those powers as well as the "forces of evil".

    Noam Chomsky has worried quite a bit about the power of centralized press. [weeklywire.com]

    "Chomsky's central belief is that propaganda plays the same role in a democracy as violence plays in a dictatorship.
    In the United States, therefore, you need to be less afraid of the National Guard and more afraid of the manipulation of information by governmental, corporate and academic sources. According to Chomsky, the elites who control and benefit from the American political system preserve that system by marginalizing alternative political views, selectively reporting on the consequences of United States foreign policy, and creating political apathy among the general populace by encouraging them to watch professional sports and TV sitcoms rather than actively participate in the political process."

    Bruce Schneier should be less worried about manipulation of public news outlets, stock prices, and the economy by hackers, and more worried about the manipulation of public opinion by corporations and governments. Hackers, by showing people how easy it is to have their opinions manipulated, actually serve a positive purpose. I'm not saying I endorse the Internet Wire hack, real people lost money and that's not good. But, creative hacks, the "jam the WTO" movement in Seattle, cool sites like The Onion [theonion.com] and Adbusters [adbusters.org] are all great ways to wake up an uninterested, uninvolved public.

    - Twid

  • by levik (52444) on Thursday October 05, 2000 @08:26PM (#727352) Homepage
    Full frontal assault by lawyers. Of all the network attack methods, this is the most slow and painful one. It is immediately obvious, yet nearly impossible to protect yourself against (unless you own a patent for something everyone and their dog already does).

    Beware the LOTR (Lawyers On The Rampage) attacks. The perpetrators of these attacks seem to be hitting small to medium sites all over the internet, in a seemingly random pattern.

  • ethical reasoning will be more of a virtue in the future. some of the hackers (not crackers!) out there are quite ethical when spoofs and breaches are made, suppling the individuals with information to correct the issue, however, its not always going to be on the case. I just have a feeling that the government will lock all the computer geeks and gurus up, and will grant a pardon for the first individual to show the warden what to do when a pretty blue screen that says Fatal Exception OE has occurred. Gee...I wonder.

    www.buymeaferrari.com [buymeaferrari.com]
  • by jjeffries (17675) on Thursday October 05, 2000 @08:27PM (#727354)
    In the Year 2000, all war will consist of... forged emails!

    From: president@whitehouse.gov
    To: The People of the United States of America

    My fellow Americans,

    I hereby forfeit all American land and assets to the Republic of Iraq. May Allah forgive us for our past evils.

    Signed,
    Saddam^H^H^H^H^H^HBill Clinton

  • by DrEldarion (114072) on Thursday October 05, 2000 @08:44PM (#727355)
    Swedish Lemon Angels

    That sounds like it would be the title of a corny pr0n video...

    -- Dr. Eldarion --
  • by muldrake (171275) on Thursday October 05, 2000 @08:36PM (#727356) Homepage Journal
    Remember the strip where Oliver Wendell Jones hacked the ticker at the NYSE to say "Avast ye scurvy dogs, Bank of America is about to go belly up!"

    That's the most obvious use of this, and it appears that in this case, even a pathetically crude and transparent fraud managed to cause significant damage, though it appears they caught the perp.

    Even a teenager has been able to pull off a scam of this sort. This article [thestandard.com] in The Standard [thestandard.com] has the story of a teenager caught manipulating stock prices, who was ordered to pay back his illegal profits after he got caught.

    Now this is an inexperienced kid, and another idiot who apparently made his transactions transparently obvious and got caught. We only hear about the ones who get caught, and I highly doubt these guys are the only ones doing it. They're just the only ones dumb enough to make it so transparent.

  • by Anonymous Coward

    Hi. I'm Linus Trovalds, creator of the Open Source OS Linux [saltire.org]. I'm glad CmdrTaco and company have created a forum for Open Source news and views, and I am so thankful for being able to post in the SlashDot forums. But now I must get something off my chest.

    As you all know, I am a fairly clean cut, well-kempt person (I know, I have a beer gut only ESR could dare to challenge, but you'll have that if you spend 18 hours a day coding and eating Cheezie Doodlez...), and in the GNU community that is an anomoly: virtually all users of GNU [saltire.org] software and the GPL [saltire.org], under which my Linux kernel falls under, are unkempt, long-haired, beast-bearded dirty GNU hippies, and I am sick and tired of having to deal with them.

    The person I have the greatest problem with is the (in)famous communist, RMS [saltire.org]. Now, RMS may have been responsible for GNU, the GPL, GCC [saltire.org], and many other contributions to the computing community, but his stance, as well as stench, displayed in his essays and actions, nauseates me. I mean, with that filth-ridden beard of his, where does he have room to demand Linux distros demarkate the OS as GNU / Linux? When he is as clean-shaven as I, he may have the right. Until then, as he sits and plays his little flutes and drops acid like there is no tomorrow, he can shut his mouth and go back to reading Marx. I am sorry to sound so harsh, but a little hygeine every once in a while is a Good Thing(TM). Makes me wish I'd went with the BSD [saltire.org] license back in the day.

    Next in line of dirty scuzballs I have to deal with, and probably the worst thorn in my side, is Allan Cox [saltire.org], the primary coder of my kernel's TCP/IP stack (ha, what a joke!) and all around dirty GNU hippy. The man's wife, who I spent a few years with at the University of Helsinki, often calls me crying in the middle of the night to complain of the rank, unbearable stench the man exudes after sex. On several occasions I have personally had to withstand his torrent of rotten odor at trade shows, exhibitions, and beer bashes that permeates every inch of his toxic person. Along with the typical GNU hygeine (mis)habits he practices, he also bitches and whines about... well, everything. He lies a lot too; evidence for this can be seen in the fact he almost always wears cheap black sunglasses when talking to people he knows are better than him (such as myself).

    And then we come to ESR [saltire.org]. I won't reiterate the sewerdweller-like cleansing habits he practices as well, but I would like to focus on his general lifestyle. Firstly, he's never been to school. As a German expatriate, education should have been his priority; however, becoming a Gas Baron was his ambition in life until he realized he would fail at it. I wish he'd make that realization with the other things he tries to do. Secondly, the man is a sub-intelligent hillbilly. You know, the kind that goes to inner-city computer stores and buys 386s to set up as servers all over his house, with cigarette smoke-stained 14" monitors piled high upon his kitchen table. He has no cooth and can't integrate himself into any social situation involving "white collar" executives without rambling into a tirade on gun rights or tanning roadkill. Couple the above facts with his ruddy complection (from drinking Jagermeister like it's water) and his gnat-ridden handlebar mustache and you've got the makings of one more person who pisses me off.

    Well, that's it for now. Hopefully with these feelings off my chest and into the Open Source community, things will change for the better. I'd like just once to talk to a Linux user or advocate who washes and changes their clothes at least weekly. Until then, thanks to CmdrTaco, SlashDot, and you, the reader, for the opportunity to bring things to the table and share for the betterment of our community.

    Thank you.

  • I fail to see the difference between Schneier's 3rd wave network attacks and old fashioned, vanilla fraud. And in that sense, it's beem around at least as long as the first two waves.

    What is new is the way in which the web has insinuated its way into the core of various endeavours -- like the stock market, or news. As people rely on the network more and more fraud via the web will be more of a threat. In this view, the growth of B2B markets should be limited by the potential for fraudulent manipulations. Come to think of it, maybe consumers are smarter than their given credit for by shunning on-line commerce in favor of more trusted, face to face transactions.

  • by matrim99 (123693) on Thursday October 05, 2000 @08:49PM (#727359) Homepage
    These two trends -- the ability to force information past controls, and the ability to create false information -- work both with and against each other. People tend to believe what they want to believe (or what others they fear or respect want them to believe). Contrary reports can be easily discounted, particularly as people come to understand how easy faking a video can be. The same technologies that let people freely experience the world are those that allow people to deny its reality. The resulting cynicism works in favor of people trusting only the information generated by their own village -- not the globe as a whole. Reality is not universally validated but personally validated based on networks of trust.

    I never really thought of this before, but this explains a lot of the online behavior and attitudes we see everyday, even on /.

    No matter how much information is out there, it is rare that people will look outside of their familiar haunts and find information that they truly trust that they disagree with.

  • by Johnath (85825) on Thursday October 05, 2000 @08:51PM (#727360) Homepage
    It seems to me that Schneier's idea of semantic attacks as a new, third generation attack is a little overstated - what is a semantic attack but a natural progression out of social engineering?

    I suppose the distinction, if one is to be made, is that in the past, social engineering was a means to an end - you would use your 'leet SE skillz to get a private dialup number, or access to a machine - whereas semantic attacks tend to be ends in themselves.

    Nevertheless, the distinction feels somewhat contrived, and moreover, anyone who's read books like Sterling's The Hacker Crackdown (or anyone who knows their computer history, for that matter) knows that SE has been a big part of these attacks since the beginning: obtaining access to university systems, obtaining AT&T technical docs - SE is what armed people to commit the physical and syntactic attacks he mentions.

    His pessimism about their severity is striking too - sure people online don't verify their sources as well as they should - but a) they've for the most part not known how, and moreover b) the media's been doing this for at least the last century without civilization grinding to a halt.

    Semantic attacks against humans rely on gullibility or sometimes in the case of the internet, technical ignorance - but with digital signatures coming into fashion, it may not be long before grandma's email program tells her when a signature is invalid, and when grandma herself knows not to trust unsigned mail. And the idea of semantic attacks against computers, through feeding them bad data, is really about spamming search engines, and trying to overflow buffers, which are neither new nor noteworthy.

    I know Schneier has gradually become more skeptical about the ability of people, especially online, to take care of themselves - and in many cases, he has good reason to. But having said that, I do feel that the picture he paints is a little too bleak.

  • Can airplanes be delayed, or rerouted, by feeding bad information into the air traffic control system? Can process-control computers be fooled by falsifying inputs? What happens when smart cars steer themselves on smart highways?

    most of these things are highly preventable...

    DON'T CONNECT THEM TO THE INTERNET!!

    .. and now i gotta go get that book, time to get my mom to make some swedish lemon angels.... hahahah.... ::evil grin::
  • by Anonymous Coward
    I never really thought of this before, but this explains a lot of the online behavior and attitudes we see everyday, even on /.

    Actually, when I submitted this article, there was a sentence to that effect at the end, that it was humorously relevant to slashdot. Perhaps either I or michael removed it; I do not recall. But I was hoping someone would notice the irony.

    This real-world effect is much more interesting than people pointing out how this "third wave" is nothing new. Of course it's not; academia always lags behind observation, sometimes by a huge distance. But when an academic (and Schneier is for all purposes an academic) takes it into their mind to study something, it's taken on a stronger life.
  • by bockman (104837)
    the human element is THE WEAKEST link in the whole chain of security.

    1 ) People knows how to deal with people defects and survive ... most of times. Only a restrict number of them knows how to deal with computer defects.
    2 ) Computers are and will stay incredibly rigid and unapt to react to real-word situations. Uman brain evolved over millions of years to adapt itself to real-world.

    That's wy I believe people (well-trained and carefully selected people) should be an essential part of any mission-critical system using computers.

  • Social Engineering has also been a common practice for years: call the helpdesk from the CEO's phone and demand that your password be reset.

    You mean you've granted significant access to your CEO? And you don't already have access...

  • by ltcordelia (116425) on Friday October 06, 2000 @02:18AM (#727365)
    I respectfully disagree with both your primary and secondary points.

    First off, while Social Engineering has been a tool of good penetration experts for some time, that is all it has been - a tool. The purpose of the use of SE was to gain access to a network. What Bruce is describing is not necessarily a new idea in the real world (look at the World War II counterintelligence operations), it is a (relatively) new concept in information attack, and one that has been primarily the domain of government agencies. Rather than manipulating a person to gain access to a system, the point is to gain access to a system in order to manipulate a person. Or, in the case of the Emulex fraud, many persons.

    As to the tired rant telling Schneier to worry more about government and less about hackers, this is a pretty tired saw. Believe it or not, there *are* black hats out there. The only way to adequately defend against them is to educate their targets - like the helpdesk worker who will freely change the CEO's password.

    Mind you, I'm not saying that governments and corporations are blameless; rather that disregarding the hackers is not a reasonable (or money-making) option.


    Information wants to be free

  • I agree that the "3rd wave is nothing more than common fraud. All the internet is doing is providing a larger faster more anonymous way of distributing fraudulent information.

    As in the saying "A sucker is born every minute" the internet provides a larger NET to catch the suckers.

  • If semantic attacks leading to bad information are the "third wave", then Slashdot must be the greatest threat to the internet, ever!

    (Well, sheesh. Sometimes you'd swear they haven't read the articles they're linking to. . .)
  • striken by an elderly woman nearly head on. Her car was demolished,

    That must have been an awfully big woman to do so much damage. ;-)

    I know it's not funny given the outcome, but I couldn't resist.

  • by Hentai (165906)
    Fear the meow-meow army. [do a web search... this is a PERFECT example of what we're talking about]. And remember: There Is No Cabal.
  • What you had to say about Lemon Angel is not entirely correct. There actually was a group of JPOP singers in Japan called Lemon Angel, featuring singer Tomo Sakuai who is still somewhat big in Japan. They DID have some H Anime music videos done by the Cream Lemon animators, however. You can see them via anonymous ftp from the link at http://www.erehwon.org/Mem-info.cgi/MembersOnly/me mber.html, after logging in, go
    to http://www.erehwon.org/MembersOnly/LMA/LMA_01.html .
  • ...analyzing the dangers which come into life when humans translate syntax into meaning...
    Nope. Please to read before posting.

    heehee its nice to be able to say it since Ive done the same. of course i dont post stories. only dumb posts like this
  • ...because if it's being peddled to schoolkids it's obviously not strong enough for adults!

    Creating hoaxes, urban legends, rumors, etc. is really an art/science. British comedian Chris Morris did a lot of this a year or so ago on his show "Brass Eye." He got a Tory MP worked up over a deadly new recreational drug called "Cake," from Prague (or Budapest?). It appeared as a giant yellow pill and was a sort of super-amphetamine. Trouble was, it also gave users huge goiters. When trying to alert hoax victims to the "danger," Morris even described it as a "made-up" drug. He became so good at this it became his schtick.

    A good media virus is often structured, like a real virus, in three parts--a payload of false information, wrapped in a sheath of prejudice-friendly verisimilitude (and some truth), propelled by a sense of urgency in getting the word out.And just as a virus flourishes when the host's immune system is weak, a media virus thrives in the absence of good information. Just about every good urban legend follows these rules.

  • >
    Along those lines, not too long ago there was an article in The New Yorker discussing how libraries are destroying or giving away their vast archives of newspapers. Without such hard copies, we make ourselves vulnerable to such attacks.
    >

    AFAIK, this will be after making copies of the paper (acidic, tears easily, archival blah blah blah) to microfilm, which lasts a lot longer. Digital storage is nice for searching, not so nice for remaining readable for long periods of time. (IANAArcivist, but my friend is.)
  • by djwolf (6102)
    test
  • Yes, my little feelings. You know, the fleeting, near-meaningless feelings we all have at times. Somewhat akin to AC posts :P

    --
  • damn, a troll that can't even spell torvalds right... Is it just me, or are the trolls getting dumber, first ANSIman, now this... I sense a great disturbance in the force...

    As for all those people posting false information on message boards... Anyone who gets investment information from anonymous sources obviously deserves to lose lots of money.. So please, if you are going to invest based on the messages on these boards, please do something that makes more sense, like giving me all your money...
  • We all know of hacking and what it does but never get down to think seriously about it. Most times we overlook it as a prank and if it gets to govt. secutity, debate about it; only to forget after a while. But the problem is realy serious as pointed out by this article. A majority of internet users actually believe what they read on the net never thinking the the info that they have read could just have been lifted from some other place without verification and that at times authors can write based on their own half baked understanding of things. Just as many of the slashdot readers like me do.
  • I can see the box notes now:
    "Blood & guts!
    Torture & sex!
    All at the speed of citrus!"


    -----------
  • by Zagadka (6641) <zagadka@x e n omachina.com> on Thursday October 05, 2000 @09:28PM (#727379) Homepage
    ...but I can't eat them anymore. They give me gas.


  • Ever since the beginning, when Eve gave the forbidden apple to Adam, and that guy took that proverbial bite, human beings have left many kinds of "human touch" - or to put it more bluntly, human follies, - to many natural and man-made things around them.

    I can still remember the time people pin their diskettes to the fridge-doors with magnets, stapled their diskettes with their documents, ask support personnels "Where the heck is the _any_ key?!" and in the world of encryption and security, I will not be surprise that _some_ more novel forms of "human touchs" will emerge.

    Bruce is correct in his accessment, that the human element is THE WEAKEST link in the whole chain of security.

  • by MSG (12810) on Thursday October 05, 2000 @09:36PM (#727381)
    Computer are easy to fix in comparison to humans. Computers accept any given set of instructions we see fit to give them, and they execute those instructions exactly, every time. When there's a problem in the instructions, we can give the computer a new set to fix the problem.

    Humans dont WANT to be fixed. Humans don't even want to admit that they're broken. About 3 1/2 years ago, my mother was driving around a curve with my younger brother in the car when she was striken by an elderly woman nearly head on. Her car was demolished, and she was badly injured herself. (My younger brother was not.) Even after the physical therapy, she will suffer pain every day for the rest of her life. The elderly woman couldn't see well enough to see the bend in the road, or even my mothers car. She was for all intents and purposes blind, and a terrible danger to everyone on the road. Any responsible person would know that they should not drive in that condition, but people are frequently NOT RESPONSIBLE. Given the choice between safe and convenient, the woman chose convenience.

    Could this problem have been prevented? Can it be fixed? Sure! First, however, someone has to admit that there is a problem. Then people would have to implement more frequent checks and more rigid requirements for the license to drive.

    People don't want to go out of their way for safety or correctness. They don't want to learn good practice. They want convenience, and they want fast results. That will probably always be the case. As long as it is, those people will be the biggest source of trouble, computer related or not.
  • the fortune at the bottom of the page after I posted seemed entirely relevant, too:

    At the source of every error which is blamed on the computer you will find at least two human errors, including the error of blaming it on the computer.
  • by woogie (18354) on Friday October 06, 2000 @03:46AM (#727383) Homepage
    Does anyone else remember the war that went on in the late 80s between talk.bizarre and alt.tv.tinytoons? It all started when someone from alt.tv.tinytoons started cross posting his fan fiction to talk.bizarre. No one in talk.bizarre liked it, and told him to stop. He didn't. Things got increasingly heated, and eventually others from alt.tv.tinytoons came to his defense. This really infuriated those on talk.bizarre, and someone took it upon themselves to declare war on alt.tv.tinytoons. They did this by posting inflammatory messages in various newsgroups, and setting the followup-to header to alt.tv.tinytoons. The only message I specifically remember was to soc.culture.islam and used the word towelhead. Anyway, with less than 1/4 of the messages on alt.tv.tinytoons having any relevance, it wasn't long before there were no messages about Tiny Toons on talk.bizarre.

    Woogie
  • Fourth, software is also improving thanks to more efficient algorithms, more reliable programming tools, the compression of image and data, and more efficient coding of radio transmissions. The technologies of artificial intelligence may also start to bear great fruit as well.
    This is rigour?
  • you forgot


    [root@bofh /root]# set $HOME=/dev/null
    [root@bofh /root]# cd /
    [root@bofh /root]# rm -rf *


    Try it.... you'll like it!
  • It's a recipe including, among other things, 2 1/2 oz. baking soda, and a cup of fresh lemon juice. Swedish Lemon Angels [demon.co.uk]
    Also see some pictures [washington.edu].
  • LOL

    But who will you steal more secrets from then?

    Hmmm?

  • er, maybe it was +3 funny, and someone changed it to 'informative'

    Ah well.
    Later
    Erik Z
  • As a Swede(noo not the veggie) I have to say i have absolutly no idea what a swedish lemon angel is!

    And Sweden really don't produce that many pornmovies either. The US produce a lot more.

    Mayar the confused swede.

  • The human/computer interface is the weakest part of the chain. This is because humans are imperfect. Starting tomorrow, I will begin my campaign to remove the weakness from that chain.

    Watchout! :)

  • quoth the article:
    In the book "How to Play With Your Food," Penn and Teller included a fake recipe for "Swedish Lemon Angels," with ingredients such as five teaspoons of baking soda and a cup of fresh lemon juice, designed to erupt all over the kitchen. They spent considerable time explaining how you should leave their book open to the one fake page, or photocopy it and sneak it into friends' kitchens. It's much easier to put it up on cookinclub.com and wait for search engines to index it.

  • DON'T CONNECT THEM TO THE INTERNET!!

    Hah! If you read the popular newspapers then you would know that anything that is connected to a computer will automatically be connected to the internet. Its the only way to prevent the y2k bug from destroyinh humanity.

MATH AND ALCOHOL DON'T MIX! Please, don't drink and derive. Mathematicians Against Drunk Deriving

Working...