Why SOPA and PIPA Are Bad Ideas.

Hello my IT friends –
Regardless on which side of this you land, I hope you understand the issues behind Wikipedia’s (and many sites’, including mine) “blackout” yesterday  in protest of the Stop Online Piracy Act (SOPA) in the House and the Protect Intellectual Property Act (PIPA) in the Senate.

These bills are what we in the information security community call “Trojan Horses.” They look like an effective way to keep sites from dealing in stolen music, movies and so on – which is a good motivation, with lots of good arguments behind it. Unfortunately, these bills would basically create new Federal powers that everyone across the political spectrum would protest: they eliminate two key Constitutional protections that are critical to our rights as citizens.

Due Process is what we’re talking about when we say “you can’t search my house without a warrant.” I kinda like having that right, personally. But in the case of websites, all it takes is a complaint, and whammo, that site is gone for good. No judge, no warrant, no consideration, nada. I do not like the Feds getting this kind of practice enshrined in law.

Redress means I get to know my accuser, and I get to see the charges against me. It also means that I have legal freedom to defend myself and to pursue monetary damages if those charges cause me harm and turn out to be false. If they were knowingly false, then there’s extra money involved. But under SOPA/PIPA, all someone has to do is file a complaint, and blammo, Google is down. Just like that.

It may sound like I exaggerate, so please don’t take it from me:

“This means that YouTube, Facebook, Wikipedia, Gmail, Dropbox and millions of other sites would be ‘Internet sites…dedicated to theft of U.S. property,’ under SOPA’s definition. Simply providing a feature that would make it possible for someone to commit copyright infringement or circumvention…is enough to get your entire site branded as an infringing site.”

Ben Ray Lujan supports SOPA in the House.
Jeff Bingaman supports PIPA in the Senate.
Tom Udall supports PIPA in the Senate.

The Pirate Bay: PIPA/SOPA Won’t Stop Us!

“Supporters of the pending PIPA/SOPA anti-piracy bills often use The Pirate Bay as a prime example of a website that can be taken out under the new legislation. But is that really the case? The Pirate Bay team has been silent on the issue, until now. As it turns out, the people behind the popular torrent site don’t believe the laws will do much to stop them, but they do fear for the future of the Internet.”

Read the whole article here: http://torrentfreak.com/the-pirate-bay-pipasopa-wont-stop-us120117/

The Shocking Facts About The Government’s Move To Censor The Internet

Let me repeat this:

The Shocking Facts About The Government’s Move To Censor The Internet:


How do you feel about the Great Firewall of China? It does nothing more harmless than keep Chinese from seeing things their government doesn’t want them to see. Sounds Communist, doesn’t it? Because it is.

How do you feel about the USA doing the same thing? One complaint to the Feds could get a website blocked forever, no due process, no recourse, in direct violation of the Constitution.

This is exactly what our legislators want to do in the parallel PIPA and SOPA acts. See the banner at the top of my site to see exactly whom is sponsoring the movement to take away your freedom, and restrict what you can see and know. Because that’s totalitarian, and what many people who died to keep us free would recognize as Communism.

Can the Feds force you to decrypt your laptop?

I promise this is going to be a watershed case. The circumstances: a woman being arrested for mortgage fraud charges had a laptop beside her when the bust went down. The laptop became evidence, but given that you (in theory) cannot be compelled to testify against yourself, can the Feds force this woman to decrypt her laptop for them? SOMEONE is going to decide:

Fed. Judge to Decide if Gov’t Can Force Defendant to Unlock Encrypted Laptop


DOJ: We can force you to decrypt that laptop


Five principles to improve security monitoring

I like very much that this methodology starts from psychology:

“Five Principles To Better Your Security Monitoring” at Darkreading.com.

  1. Know yourself
  2. Know the terrain
  3. Know where to defend
  4. Know the enemy
  5. Measure security, not work

If you’ve read The Art of War, this will sound very familiar. Read the details:


APTs: Advanced Persistent Threats go mainstream

How many of you out there have had your personal information compromised? Raise your hands.

Now put them back down, and everybody else raise your hands.

You are the people who have been compromised and don’t know it.

And that’s just personal data. Companies need to realize this too:

An advanced persistent threat (APT) attacker probably already has infiltrated your network: That’s the new normal in security. But what can you do about it?

It’s a matter of moving beyond the traditional mindset of thinking purely in terms of prevention. “We’re trying to help people to think beyond intrusion prevention to post-infection detection and mitigation,” says Will Irace, director of research for Fidelis.

Accepting the premise that the attackers are already inside can be unsettling — even shocking — to some organizations, but the reality is that these cyberespionage attacks have evolved from a military/Defense Department problem to one plaguing various corners of the commercial world as well.

Your company or employer has very likely been pwned. You too. The question is, what are you going to do about it?

It’s not just China hacking the US, it’s India hacking China, China hacking India…

I feel so much better now:

A recent DarkReading article discusses the danger of thinking only China is hacking us. Elements in India (at least to surface appearance), particularly the Lords of Dharmaraja, are hacking us as well. One target of this particular group is very interesting: the U.S. China Commission. This suggests they weren’t after us, but information on China, India’s major trade rival. See it at

Friday the 13th Security

Friday the 13th carries a load of spooky connotations, not the least of which is that it’s been a target date for several exploits over the decades. Of course we’re all aware that there’s no reasonable basis for getting spooked. And very many of us are, regardless. It’s a good time to think about trust and security.

“We need to be talking to our friends and family – and colleagues, and our bosses, and the people who work for us – all the time about security, because if we don’t, the crooks are going to win….Every little step that each of us takes actually makes things much harder for the cybercrooks.”


DarkReading.com: Government Official Predicts Catastrophic U.S. Cyber Attackm:

Department of Confidence Inspiration:

“As a member of the House Intelligence Committee, I am often asked what keeps me up at night, and one of the key issues is cyber threat,” commented Rep. Ruppersberger. “Some of our top officials predict, and I agree, we will have a catastrophic cyber attack within the next year. Whether it’s an attack on a banking system or a grid system, it is going to happen and we need to be sure we protect ourselves.”


Stealing an Identity in Seven Easy Steps

Department of Thanks for the Step-By-Step Instructions:

It’s also critical to remember that once you put data online, it’s almost impossible to delete it later. The more you blog about yourself, the more details you put in your social networking profiles, the more information about you is being archived, copied, backed up and analyzed almost immediately. Think first, post later.