It's remeron medicine a biosimilar of adalimumab (Humira), which is a treatment option flovent for moderate or severe HS recommended by the American Academy viagra for order of Dermatology. People concerned about themselves or someone else should cheapest robaxin speak with a doctor or mental health professional as soon zyprexa low price as possible. A person can use short-acting antimuscarinic agents (SAMA) artane prescription for immediate symptom relief or long-acting antimuscarinic agents (LAMA) as buy cheap methotrexate online maintenance therapy. Keep in mind that does not mean vitamin glucophage approved interactions won't occur or be recognized sometime in the future. ampicillin for sale Regarding food safety, it is important to use caution and quinine without prescription avoid foodborne illnesses that can exacerbate IBS symptoms. There is no.

I am sitting in the meeting of the Internet Safety Technical Task Force at the Harvard Law School, in Pound Hall. Meetings go on the rest of today and through noon tomorrow, and are free and open to the public. There are two separate issues: How can you tell if someone claiming to be a child (when registering for a Myspace account, for example) really is a child (rather than a child predator, for example). And how can you tell if someone claiming to be an adult really is an adult (rather than a 13-year-old boy, for example, trying to look at dirty pictures).

I find the level of interest and investment in these questions quite remarkable, in the absence of data showing that child predation is on the increase or that the number of young adolescents trying to satisfy their curiosity can be decreased. The session was kicked off with remarks from the Attorneys General of both Massachusetts and Connecticut.

And there is almost no acknowledgment of the social costs of heavy identity verification technologies — for example that children who want to learn whether it’s really true that you can’t get pregnant the first time, as they’ve been told by their social peers, will be discouraged from finding the truth on the Internet if their parents don’t want them to get it. It’s neither practical nor (I think) lawful to keep older children away from information they want to get, but that seems to be the way the world is moving. The AG of Connecticut put a grand challenge to the group: “If we can put a man on the moon, we can find a way to make the Internet safe.” Sure — if you don’t mind restricting the free flow of lawful information between willing speakers and willing listeners.

A lot to think about here.

Apparently, a college student in Tennessee reset her password. (This was one of the possibilities I raised, but doubted, in my previous post. I am surprised to learn that Yahoo!’s security questions aren’t stronger, and that it uses this method for resetting passwords at all.) Here is Wired’s account of how easy it was:

‚Ķ the Palin hack didn’t require any real skill. Instead, the hacker simply reset Palin’s password using her birthdate, ZIP code and information about where she met her spouse — the security question on her Yahoo account, which was answered (Wasilla High) by a simple Google search.

How much trouble is he in? Probably not too much, according to authoritative sources quoted in another Wired story.

As has been widely reported online, someone managed to access personal email accounts of Alaska Governor Sarah Palin. ¬†Wired Magazine’s blog has a clear summary of the contents. That account and a number of other reports suggest that the governor was using her private account to conduct government business in order to avoid public-records laws.

What was retrieved (by no means all the email that was in the account) you can¬†download yourself from the Wikileaks site. Go ahead — you’ll feel a little naughty, and it will make you think. How many copies of those emails do you now suppose are out there? Those bits are not going away, ever.

Wikileaks anonymously posts documents that have been “classified, confidential, censored or otherwise withheld from the public,” and are “of political, diplomatic, ethical or historical significance” (in the view of whatever anonymous soul runs the site). Of course, the documents may have been illegally obtained; that is the first thing the McCain campaign shouted. (How about a comment on government business happening on Yahoo! mail, and whether that’s the way the open, transparent new Washington government we’ve been promised will be run?)

We have a long history in this country of illegally obtaining documents that reveal illegal or unethical behavior. Thinking back on the publication of the Pentagon Papers in 1971, I am moved to ponder how much simpler it would be today. The question of prior restraint would have been moot before it could even have been raised, had someone scanned them in and posted them to Wikileaks.

How did the account get compromised? No one is saying, but I noted some of the problems with password security a few days ago. There are some speculations; perhaps someone tricked the service into revealing her password (most unlikely, as passwords are ordinarily encrypted at the server). Or resetting it (more possible — remember that Paris Hilton’s T-Mobile account was compromised because the name of her dog was the answer to the I-forgot-my-password-give-me-a-new-one security question). But still improbable for a Yahoo! mail account. She might have been the victim of a phishing attack (but if she is so credulous that she fell for one of those “this is your account manager speaking, please type your password here so we can verify it” scams, heaven help us if she winds up negotiating with Putin).

I would tend to look for a simpler strategy if I were trying to break in. Try a password like “Todd.” A lot of people still use them, even though most services demand that passwords be more complicated than that.

P.S. This example makes it clear what it means to say that the president needs to understand information technology. He doesn’t need keyboarding dexterity or familiarity with Excel macros. He needs to be able to understand this blog!

Passwords are a nuisance. As a security technology, they have many problems.

1. If they are complicated, or consist of meaningless strings of symbols, we forget them.
2. So we pick strings that are easy to remember, our children’s names or our birthdates. Then either
   1. They are easy for attackers to guess, and aren’t secure at all, or
   2. (As now commonly happens) the site won’t let us use such a simple password, and we have to come up with something stronger.
3. If we try to make passwords easier to remember by using the same password for multiple sites, then the security of the password is only as strong as the security with which the most amateur of those sites protects the password data. So if you are asked to create a password for access to a web site that seems sketchy, don’t use the same password as you use for your financial data, because it could be a scam; the scam artist may be able to figure out your bank or credit card number from a statement you threw out in the trash and may try the password with that account.
4. Because passwords are a nuisance to keep re-entering, single passwords sometimes give access to lots of information that could be split up to increase security.
5. For the same reason, some services don’t log you out after a period of inactivity. This is one of the worst security problems with Facebook. If you forget that you have left yourself logged in and allow someone else to use your computer, even days later, they have access to your profile — and also to all the information that your login enables you to see about your “friends.”
6. Systems with default passwords, so that they work “right out of the box” but advise you to change the password for security reasons, are extremely vulnerable. Anyone who knows the default password, perhaps because they used to work with the supplier or have used the device or system themselves, or can guess it ¬†(“admin” and “0000” are good to try),¬†can break into yours if you take the easy way. Here is a nice story about someone stealing gasoline from a pump that had not had its security code reset by the gas station proprietor.

Personally, I have several passwords, and I try a pyramid approach: A low-security password for a large number of sites that have no information on me worth protecting; a high-security password for a very small number of sites with very valuable information, such as credit card companies and banks; and a couple of layers in between. A lot of people I know seem to use a scheme like this.

But here’s a nice idea used by one fellow I know. He uses an algorithm to combine the name or URL of the web site with some personal information to produce site passwords that are different for every site. To take an overly simple example (he didn’t tell me his exact method), if this site (bitsbook) needed a password, I might append my first name to it, to create the password “bitbookharry”. That would be too simple — you’d need to break up the words, insert some nonalphabetic and capitalized characters, etc. But the basic idea of just having to remember a single algorithm, which you can apply to the URL along with some easily remembered personal information, sounds like a good trick.

But really, we need a different security mechanism (and there are some; perhaps more on that later).

Personal data on all 84,000 prisoners serving time in England and Wales has gone missing. New York Times story here.

On a memory stick. A flash drive. A thumb drive. Those little things that you can put on a keychain to carry your documents when you don’t want to lug your computer.

The government is embarrassed, because this sort of thing has happened before in the U.K. We discuss at some length the case of some disks that went missing and still haven’t been accounted for, disks containing data on virtually every child in the country. That rocked Tony Blair’s government, and this breach may be rocking Gordon Brown’s.

The details are interesting. The government knows about encryption. When it engaged the services of a private consultant, it delivered the data to the consultant in encrypted form. The consultant apparently decrypted it to work on it, and put it on a flash drive.¬†Don’t know what happened next; maybe someone took the stick with him and it fell out of his pocket.

According to the New York Times, “officials said that appeared to be a breach of government rules.”

This reminds me of what General Turgidson tells the president in Dr. Strangelove. “That’s right, sir, you are the only person authorized to do so. And although I, uh, hate to judge before all the facts are in, it’s beginning to look like, uh, General Ripper exceeded his authority.”

This case (and the others listed in the NYT story) illustrates how hard it is to control bits when they are handed around. Strict protocols are especially hard to enforce across organizational boundaries.

The New York Times features “bits” stories today that are two sides of the same coin. On the front page, tech writer John Markoff reports that the shooting war between Russia and Georgia was preceded by a cyberwar — specifically, a “distributed denial of service” (DDOS) attack, aimed at critical computers in Georgia. A DDOS is simply a bombardment of Internet-connected computers with messages in such enormous quantities that even figuring out that the messages should be ignored overwhelms the computers’ network bandwidth and processing power. What makes it “distributed” is that the messages are coming not from a single source but from hundreds or thousands of machines, perhaps distributed around the world. And that’s what makes it hard to draw the natural conclusion, that the attack was coming from Russia, or even that Russian hands were on the trigger. Tracing the origins of an attack like this is very difficult, since the machines sending the messages may themselves have been taken over for this purpose by a remote attack, without the owner’s knowledge.

On the Opinion page, Garrett Graff — with whom I had friendly relations when he wrote for the Crimson — has an interesting analysis of the story behind Obama’s promise to text-message his VP choice. That database of contact info is hugely valuable in a political campaign, especially now that many young voters don’t have landlines. Badger them with text messages and they are more likely to vote. It’s how organizing now happens, and campaigns are about organization. McCain doesn’t seem to have figured that out yet. As far as I can see (the search window on his web site is broken), McCain sees information technology as mostly something to be feared. The only reference to the Internet is on the “Sanctity of Life” page. Reports keep coming (e.g. from Kevin Werbach here) that McCain’s technology policy will be announced any day now. But even when and if it comes, comparisons like the one Graff makes leave doubt that McCain really gets it in a way that will usefully guide government actions.

Bits leak. Of course that’s just a metaphor. Bits wind up where their creators didn’t intend them to be for lots of different reasons. Sometimes they are left unsecured, and sometimes security measures are overcome by determined aggressors. And sometimes there are human errors, especially in complex systems involving multiple corporations or government, where control is agreed upon among peers, not imposed by a strict command hierarchy.

The video coverage of the Olympics combines many features that make it ripe to go wandering. It’s a high-value digital asset; NBC is has paid almost a billion dollars. It’s copious, comes from decentralized sources, and is destined for multiple TV distributors around the world. Hundreds of millions of people want to see it, some of them technically savvy. And it’s on a 12-hour tape delay, which many would love to skip.

As the New York Times reports, some of the pipes have sprouted leaks. A digital plumber in Germany left a spigot open. Videos are popping up on YouTube, and being taken down quickly after NBC complains. From the sidelines, it’s fairly amusing to watch — ¬†an electronic (and much safer) version of the impoverished inhabitants of oil-producing countries such as Nigeria tapping the pipelines.

“Bits want to be free,” Nick Negroponte famously said. We are in the middle of an epic contest to defeat that will. There are another 8 days for the contest to be played out. Who will win — and who will win four years from now? This is the first digital Olympics, and it will likely be the last one where these questions have uncertain answers. As with so much else of the digital world, the arguments are going to be settled soon, and we’ll be living with the resolution for a long time.

Every major news source is carrying the story of the indictment of 11 persons for a massive data theft, in which more than 45 million credit card records were stolen — perhaps many more. We explain on page 176 of Blown to Bits that part of the problem was that in 2005 TJC was still using WEP encryption for its wireless communications, even though WEP had been known to be insecure for three years by that time, and a substitute was widely available.

Today’s accounts indicate that the alleged crimes go much beyond that business of the 45 million credit card records. It is a bit hard to discern what actually happened, however. The Wall Street Journal describes the defendants as having “hacked into a wireless computer system at an unidentified BJ’s Wholesale Club store.” “Hacked” is one of those portmanteau words which journalists use to describe almost anything. In its original sense it isn’t even derogatory — it just meant a clever, contrarian piece of programming. “Hacked into” suggests something quite aggressive and destructive, but it seems that what really happened may be nothing more than someone driving around listening for wireless routers and finding one that hadn’t upgraded its encryption software — and then using the by then well known methods for decrypting WEP. (I am not defending it — it’s a crime, and should be — but the language would then be a bit like saying that someone had “broken into” a house by opening the door and walking in. Bad thing to do, but not the way it sounds.

But this was far from the end of the story. The defendants in this action are alleged to have “gained access to the computer system used at a Marshall’s department store” and then, “With access to the server, the defendants installed ‘sniffer programs’ that captured data.” At that point they could, and allegedly did, pretty much help themselves to whatever the company had in the way of customer financial data.

It’s the “gained access” that interests me. It could be a software error, but my gut tells me: inside job. The easiest way to “gain access” to a computer system is to have someone give you a password, or give you physical access to the machine. It’s not the only way, but if I were bent on “gaining access” to a computer, I’d try the easy way first — perhaps bribing someone using the money I’d already made with those credit card numbers.

Finally, all this data wound up on international servers, as part of a shadowy underground bits economy. This fascinating report by Symantec details the operation of these sites from which credit card numbers and and other sensitive data can be bought in bulk. The table on page 32 reports that US credit card numbers cost $1-$6, UK credit card numbers twice as much (apparently the return on the investment is better). Email addresses, by the way, go for $5 per 20,000. Lots of other good information about the ways that computers can be compromised, and where the attacks seem to be coming from.

Politico reports today on Congressional efforts at data security. The story is prompted by claims from Rep. Frank R. Wolf (R-Va.) and Rep. Chris Smith (R-N.J.) that computers used by their staffers had been “hacked” by the Chinese government because the good congressmen supported the speech rights of Chinese citizens.

Unfortunately, as far as I could tell, the congressmen did not provide any forensic evidence about what the “hack” was or where it came from. These are not trivial matters; even if an attack looks like it is coming from China, that could be a spoof — the actual attacker might be half a world away.

More importantly, I suspect this incident reveals more about the sloppiness of congressional offices than about the sophistication of Chinese hackers. I don’t doubt that the Chinese are sophisticated, but even sophisticated criminals prefer soft targets to hard ones. Was it necessary for multiple staffers to have sensitive data, unencrypted, on their computers? Had any of the staffers opened any questionable attachments or gone to any virus-infected sites lately? Note that Supreme Court Justice Stephen Breyer’s recent identity theft happened because a staffer at an investment firm used the same computer for client records and music file sharing. Share one file, share ’em all.

The bad guys are out there, for sure, but when a Congressmen starts creating an international incident out of something that happened two years ago and won’t disclose the details, remember Pogo’s profundity, which I quote in the Politico article: “We have met the enemy and he is us.”

The horrible, sad story of Megan Meier has been widely reported. Meier was 13 years old when she took her own life after being taunted by a MySpace friend named “Josh,” who turned out to be a fiction. Who exactly “Josh” really was, and whether that person committed a crime by telling Meier that the world would be better off without her, are matters now to be determined in a court of law.

According to an early police report,¬†Lori Drew, the mother of a friend of Megan’s, acknowledged “instigating” and monitoring the MySpace account, though she denies creating it. But officials in Missouri, where Drew and Meier lived, couldn’t find a statute under which Drew could be prosecuted. Now creative prosecutors have indicted Drew under federal statutes, claiming that she was engaged in interstate fraud. Why interstate? Meier and Drew lived within blocks of each other, and it would seem that whatever happened was purely the province of state and municipal authorities. But the MySpace servers are in California. Drew was, according to the theory, transporting bits across state lines to fraudulently inflict emotional distress on Meier, and that would be a federal crime.

One observer describes this use of federal fraud statutes as “aggressive,” which is legalese for “a stretch.” It will be interesting to see how this plays out. But it signals a much larger development. As Cyberspace unites the nation and the world, there will be many more cases in which federal and international authorities will be able to take an interest in what used to be local matters.¬†