TCLP 2009-06-07 News

This is news cast 179.

In the intro, a quick review of J.C. Hutchins and Jordan Weisman’s new book launching this Tuesday and more details on how you can contribute to my upcoming anniversary show and possibly even win a prize for doing so. Visit J.C.’s site for more details about his work and for the prequel novella he is podcasting for a taste of what to expect in the novel. The reason I am reviewing this book, other than the fact that I am friends with one of the authors, is that Jordan Weisman is a giant in the gaming industry, largely responsible for fleshing out the genre of Alternate Reality Games but going all the way back to table top and RPG games and having worked with video games and some very recognizable franchies. PE:DA includes an ARG that ties in with the very compelling psychological thriller that is the novel itself.

This week’s security alerts are a mass drive by injection attack and the .org zone moving forward with DNSSEC.

In this week’s news gathering support for native media support in HTML5, Knuth speaks out against software patents, the EFF launches a terms of service change tracker, and a dreaded intellectual monopoly for fashion bill is resurrected including a form you can use to lodge your complaint and even an email address of a House Judiciary Committee member looking for feedback.

Following up this week the Bilksi appeal moves forward and a preview of the Jammie Thomas re-trial.

[display_podcast]

Grab the detailed show notes with time offsets and additional links either as PDF or OPML.  You can also grab the flac encoded audio from the Internet Archive.

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

5 Replies to “TCLP 2009-06-07 News”

  1. cmdln, you freaking RULE. Thanks for generous endorsement, all the kind words, and for offering a copy of Personal Effects to your audience. I can’t thank you enough for the support and encouragement!

    1. J.C.: My pleasure. First and foremost, I try to only recommend books, games and films on the show that I enjoy myself first hand. Honestly, why would I recommend something if I didn’t like it myself? My only other criterion is that it be something that I think my audience, folks interested in hacker culture and computing technology would find interesting. All of my friends’ projects clear the first bar by a mile but not all of them fit the second category as cleanly. As an exploration of alternate reality gaming, especially one this compelling, PE:DA happily clears that second bar by a huge margin, too.
      I am still digging into the clues I have been able to uncover and am on the final third of the novel itself. (I haven’t even had the book a full week yet.) I hope to do a spoiler free re-visit soon to recap my more complete impressions of the ARG component of the project and how they affected my experience of the mainline narrative. I already have some pretty insane theories and can’t wait to see how close to the mark I get.

  2. I just listened to the podcast this morning on my commute, and was surprised to hear you say that google-analytics.com is actually a malware distribution site and should be blocked using noscript. Whatever one may think of of Google Analytics, that domain is, in fact, legitimate and used by the GA service. Blocking it, while potentially beneficial from a privacy point of view, won’t protect you from malware.

    1. Noah: I never said Google Analytics was malware, though I was perhaps not clear enough on that point. According to the Zero Day article, the attackers are using a domain name very similar to that of Google Analytics to try to make their exploit site seem legitimate.
      The *only* domain name mentioned in the article was the one with the hyphen. When I visited my own Google Analytics account, it was served by a site at the standard Google domain, not google-analytics.com.
      I will do some more research and issue a correction/clarification in my next episode. The issue definitely is not whether or not Google Analytics is malware, or more properly an exploit site, but rather what similar seeming domain name these attackers have set up their exploit site as and make sure that the subtly incorrect domain name is the one you block to prevent yourself from being harmed.

      1. Noah: OK, I just re-read both the Zero Day piece and the alert from WebSense and the way they worded this is very confusing. They say the exploit site is *similar* to the domain name for Google Analyitcs, then they put the legitimate URL as a parenthetical remark. I assumed the parenthetical was the attack site (again, not that Google Analytics access via any of its correct names is anything other than a legitimate statistics service).
        You are correct, Noah, google-analytics.com is just apparently a CNAME alias for google.com which is then used to bounce users to the analytics page on the main domain.
        Neither Zero Day nor Websense actually reveal the name of the active exploit site. In fact, if you try to suss it out from the screen shot on the Websense alert, they have intentionally blurred out the domain name of the attacker. This is infuriating as there is no practical way to verifiably defend oneself from this attack.

Leave a Reply

Your email address will not be published. Required fields are marked *