Well it is indeed a big hole in security, maybe not the biggest but we’ll run with it. Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like America’s NSA.

The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination.

The method conceivably could be used for corporate espionage, nation-state spying or even by intelligence agencies looking to mine internet data without needing the cooperation of ISPs.

This type of attack known as man-in-the-middle exploits BGP to fool routers into re-directing data to an eavesdropper’s network.

Wired explains the security hole as follows:

The issue exists because BGP’s architecture is based on trust. To make it easy, say, for e-mail from Sprint customers in California to reach Telefonica customers in Spain, networks for these companies and others communicate through BGP routers to indicate when they’re the quickest, most efficient route for the data to reach its destination. But BGP assumes that when a router says it’s the best path, it’s telling the truth. That gullibility makes it easy for eavesdroppers to fool routers into sending them traffic.

Here’s how it works. When a user types a website name into his browser or clicks "send" to launch an e-mail, a Domain Name System server produces an IP address for the destination. A router belonging to the user’s ISP then consults a BGP table for the best route. That table is built from announcements, or "advertisements," issued by ISPs and other networks — also known as Autonomous Systems, or ASes — declaring the range of IP addresses, or IP prefixes, to which they’ll deliver traffic.

The routing table searches for the destination IP address among those prefixes. If two ASes deliver to the address, the one with the more specific prefix "wins" the traffic. For example, one AS may advertise that it delivers to a group of 90,000 IP addresses, while another delivers to a subset of 24,000 of those addresses. If the destination IP address falls within both announcements, BGP will send data to the narrower, more specific one.

To intercept data, an eavesdropper would advertise a range of IP addresses he wished to target that was narrower than the chunk advertised by other networks. The advertisement would take just minutes to propagate worldwide, before data headed to those addresses would begin arriving to his network.

The attack is called an IP hijack and, on its face, isn’t new.

 

Alex Pilosov and Anton "Tony" Kapela the two men who brought this news to the masses are looking at solutions in cooperation with security agencies and other expert groups. However Douglas Maughan, cybersecurity research program manager for the DHS’s Science and Technology Directorate, has helped fund research to resolve the BGP issue, But has had little luck convincing ISPs and router vendors to take steps to secure BGP.

Tony Kapela states;

"Providers can prevent our attack absolutely 100 percent, They simply don’t because it takes work, and to do sufficient filtering to prevent these kinds of attacks on a global scale is cost prohibitive."

A

So looks like the good people at NASA have got themselves into a spot of bother. That spot namely being the Gammima.AG virus which has made the 8 minute journey to Orbit in July quietly hidden aboard some laptops. This is not the 1st time a virus has gone into space and most certainly won’t be the last!

BBC News reported:

Space news website SpaceRef broke the story about the virus on the laptops that astronauts took to the ISS.

Nasa told SpaceRef that no command or control systems of the ISS were at risk from the malicious program.

The laptops infected with the virus were used to run nutritional programs and let the astronauts periodically send e-mail back to Earth.

Nasa is working with partners on the ISS to find out how the virus got on to the laptop in the first place.

The ISS has no direct net connection and all data traffic travelling from the ground to the spacecraft is scanned before being transmitted.

It is thought that the virus might have travelled via a flash or USB drive owned by an astronaut and taken into space.

The space agency also plans to put in place security systems to stop such incidents happening in the future.

All sounds like fun and games in space!

So about 2 weeks ago I took receipt  of a new keyboard and mouse set. There was nothing specifically wrong with my previous keyboard or mouse but this was free so I couldn’t say no. The set was brand new and sealed in it’s box when it arrived and had been packaged very well. The site I got this set from was told to me by a rep of the company who visited my workplace. I would love to tell you it but I am sadly not allowed as it is not for the general public. Before I received this I had a Logitech Multimedia Keyboard Elite I was extremely happy with this keyboard and it has always worked very well. My mouse was a Microsoft Intellimouse Explorer 3.0 again this worked perfectly and I was very happy with it. I thought however I would try this keyboard and mouse set out and see if it was any good, so I unpacked it at laid it out on my desk. It is certainly a lovely looking set. the keyboard is silver and black in style and very thin (1.25 inches at it’s thickest). It has a built in non-removable wrist rest made of a faux leather material and padded with a gel like substance. There is also a removable base section that can be used to raise the wrist rest and level of the keyboard and thus improve the ergonomics of the device. I started of not using this as it seemed to make the keyboard a funny angle. I have since re-attached the base section and got used to it I reattached it because my house mate started having wrist problems from typing so much on a keyboard without one and so I thought I had better have one as I would rather avoid wrist problems! The keyboard has 105 keys in total including 6 pre-set function keys (email, web browser, my documents, my pictures, windows live call and my music) a zoom function key for well…. zooming in and out of things. It also has a “gadgets” key which is specifically designed for Vista’s sidebar gadgets (whether or not this works with a mac’s dashboard I do not know), press this key and it brings the sidebar to the forefront and all the floating gadgets too.

At the top of the keyboard are a set  of media controls and 5 programmable quick access keys. as well as a volume up down switch. These keys can be assigned to any application on your PC just by associating the .exe file you want it to open. The main keyboard section is a curved design which allows you to “Type more comfortably with this ergonomist-approved keyboard.”. This took a while to get used to but now I have it’s fine and dandy!! The feel of the keyboard is very smooth and the key presses are very soft, there is very little noise when the buttons are pressed like some cheaper keyboards produce. Personally I love the keyboard from it’s design to it’s build quality, everything about it just works well.

The mouse is also ergonomically designed and again has a black and silver design. There is a 4 way scroll wheel located between the two main buttons. There are two side buttons on the mouse which are programmable to whatever task you want. The mouse also has an invisible laser as it’s guidance mechanism so no more red light emitting from the bottom .

My conclusion on the Wireless Laser Desktop 6000 is that it’s a fantastic little set and works really well. To be honest it’s the best keyboard and mouse I have ever used, smooth working well designed and nice looking. All in all a top notch product!

When I received the device I saw it in a local IT chain store here in the UK for £79.99 ($160) but since looking on the Internet I have found it for as little as £50 ($100).

I took some reviewing shots of the keyboard and these can be seen below.

Enjoy

A

I have talked about backing up of data before on this blog and to all my past clients (from my freelance days) I always stressed the importance of having data backed up. To this very day I continue to emphasise that point to anyone who asks "Always take backups". How you go about it is not so important, there are many many ways of protecting and backing up data. What is important is how often and how completely you do it. Obviously every persons situation is different, some peoples data will only change once every month, others will change hourly. When backing up you need to take your situation into account, how often do you add, change, delete, move data on your systems. How important is the data held, what will the impact be if it was to be lost forever. From there you can decide how often and what method of backup is right for you.

I don’t want this post to be about ways and means of backing up that is not what I am trying to emphasise. I will however tell you a little story.

Around Christmas last year I had a hard drive failure, my OS drive started becoming less responsive and my PC as a result kept crashing. Eventually it gave up totally and that was that. Luckily I had all the data from it backed up. I carried out an incremental backup every night so from that I lost no data. This was not my first HD failure and it was to not be my last. With that failure I was able to identify it was happening before it totally died and thus moved some data to another drive to aid the rebuild process.

Two weeks ago however was a different story. I was on my PC (playing a game I think) and when I exited from this my data drive had vanished from My Computer. "That’s a weird thing to happen" I thought, but just assumed a conflict or something had caused the drive to vanish. So I restarted, Windows rebooted and when I checked the drive was still missing. This is when I began to worry. It was a 400GB drive and it was 70% full, including my documents folder, my pictures folder, my installers and many other important items of data. I restarted again and logged into the BIOS. The hard drive was no where to be seen. I took the drive from my PC and gave it to my house mate, he plugged it into his PC and alas it was just as dead there. Whatever way I looked at it the drive was dead as the proverbial dodo.

Now comes the important bit, naturally being the backup evangelist I am, I had a backup of all this data close to hand didn’t I….. did I heck, the last backup I had taken of my data was in April. I had zipped up my documents folder and my pictures folder, split them into DVD size files and copied them to DVD. 15 DVD’s to be precise. Unfortunately for me however the other 200GBS of data on the drive had no backups at all and thus was gone. Also any pictures I had taken between April and July were gone, as well as work I had done and all my game save files too!!!!

At the time it happened I felt physically sick, it was truly and awful feeling but now on reflection I ask myself why I had not backed it all up??? I know how important it is I knew the importance of the data on the drive so why oh why did I not have adequate protection. Oh my OS drive was all backed up that’s fine that’s safe, just not the important stuff.

After a few days restoring data and trying to get back as much as I possibly could I sat down and re-designed my backup methods. No longer do I backup my OS drive, if that fails the likely hood of me doing a total restore of that to a new drive is almost none as that tends to cause more problems than rebuilding the system from scratch. Now my data is backed up nightly and to a removable hard drive at that. I have also invested in a new case for my PC (my current one cannot hold any more hard drives) and 2 new drives to allow me to have a mirrored RAID configuration so should one fail the other will be there looking after all my data. That will cover my data drive\but I still have the 400Gbs of media that need to be backed up and for that I am looking at either another mirrored disk the same as the data drive, a removable HD or a NAS system. That I am yet to decided on. Either way I am not going to go through what I have been through in the last couple of weeks again.

So do you backup? If so is it good enough?

A

I have not talked about this guy on my blog before. I have mentioned him on Twitter a number of times and I know Scoble has talked about him a lot. Robert first interviewed him when he was 14 years old and was a "no budget" podcaster. At that point he was managing to secure some great interviews with some top people and getting some really good hits for his podcast Apple Universe, (yes he’s a Mac person but we all have our faults   ). Since then he’s gone from that to being a CEO of a new startup and and evangelist for qik.com all while still continuing with his podcast.

"So what" I hear you say "he’s a CEO, big deal" well if I said to you, that it hasn’t been 4 or 5 years since Scoble interviewed him, he’s not 19 or 20 now in-fact he is only 15 years old. He’s still at college and relies on his parents to shuttle him from place to place, be it conferences, his office at the qik.com HQ or to school. Now it becomes a big deal, now it’s impressive. His blog bio says

Daniel Brusilovsky is the Founder and the Editor of The Daniel Brusilovsky Web Blog. Daniel has been blogging since April of 2007, and podcasting since March of 2007. In February of 2008, Daniel started working on his first start-up, Teens in Tech. In August of 2008, Teens in Tech launched.

All that and he still has time to evangelise qik.com, This kid must never sleep!! 

What he has done is truly impressive, he seems to have such a level head and a fantastic eye for business. As Chris Albrecht says "Get to know him now. After all, you could be working for him someday."

Links to more about Daniel Brusilovsky

Chris Albrecht’s Interview

Scobles original Interview

Daniels Blog

Apple Universe

I spotted this 1st on Robert Scoble’s blog and thought it was pretty neat. Lijit is a search solution for content providers and publishers. It brings up a clever interface after searching for whatever you want to search for. It trawls information from all my different publishing platforms (here, twitter, Facebook, Flickr etc) and puts them into the results. It also has an option to just search Google from the results window.

See what you think, put something in the search box on the right and press search.

Let me know what you think of it!

A

I know I said I would let you all know where I was going via this blog (well those that follow my twitter or Facebook would have known I said that) Anyway I did, and so far I haven’t.

So here is what I am up to. Currently I am flitting around the UK being a tourist of such. My cousin has come over to the UK (from Canada) for a 3 week holiday and my Mum, Dad and I are showing him all the sights and sounds of the UK. Just been down in London doing all the things that need to be done on a visit to London.

Anyway I will be dashing all over the UK over the next 3 weeks so if you want to get in touch with me either email me or call me. Other methods of communication (snail mail, twitter, Facebook, carrier pigeon) are not sure fire things as I don’t know if I will be able to check them.

Hope your all enjoying the summer months.

A