Say Anything Blog

Turn yourself in.

Woof, I don’t think it was art that was popping up on that computer.

But still, 40 years in jail (even the potential of it) for a few illicit pop-ups hardly seems like a situation that should be going on in America.

The investigation should have been done better, it seems, because I don’t see anything that indicates that this teacher actually accessed porn on the computer.  The pop-ups seem to have come from an innocent website.

That could happen to anyone.

Rob’s recently listened-to songs:

I’m a news junkie, always have been. During the height of the Russia/Chechnya conflict I did a search and typed in just that, “Russia-Chechnya. What I got was a pop-up for Russian porn. I clicked on it to turn it off, Another popped up. I clicked “off” on that one, then another came, Then another, and they got progressively worse in content.

Literally dozens or scores of those pop-ups appeared faster than I can relay it. I COULD NOT get them to stop. I had to turn off my computer in mid-stream.

It’s called being mouse trapped. I can see how that could happen. That being said, I don’t know why she didn’t do what I did and just shut it off. Panic, maybe? You’d have to be pretty stupid to pull up porn in a classroom.

One more thing.....she faces 40 years. So, if she had actually molested one of the children would she have gotten house arest? Something stinks here.

Election ‘08 - We Are So Screwed

I cannot beleive this woman was convicted. 

She was not the only person that had access to the computer.

The school admits to not paying their bill for filtering software.  The school admits their software was out of date and did not have the capability to block pop up ads.

Everyone knows that pop-up ads can infect any computer, esp. one that has no filtering software because someone did not pay the bill…

What she is guilty of is a lack of common sense - does that mean we throw her in jail?  If so, I guess we better be building A LOT more prisons because I can think of about 20 people I know with less than their fair share of common sense. 
You don’t have to turn off a computer to turn off the monitor.  But then some people, even teachers (subsitute teachers) are not computer literate.  It used to be (not sure if its still true) that to turn off your Mac and its monitor you pressed one button.  Perhaps this woman thought if she turned off the monitor she was shutting down the PC?  Who knows. 

However, I think we can all agree that she was stupid about not controlling the view to the pop ups once they appeared, but does that mean we must throw this person in jail with the REAL criminals?  I say no.  I just cannot believe that our legal system has become so useless that it cannot distinguish the truly guilty.

Give this woman some training with computers, don’t throw her in jail!  Do any of you honestly think this woman is a threat to society because she doesn’t A) have much common sense and B) because she can’t operate computer hardware and software?

Ugh!

This conviction clearly shows that legal system is not up to date on technology, better yet, knows ZERO about it. I have been working in IT for the past 15 years, and for the past 4 years most of the problems I have been called on to resolve are spyware related. I can’t believe they actually got a conviction. I can’t think of any It person in the USA with any level of IT experience that would not believe her story. For the love the Pete, ask Bill Gates, he should be the one that gets convicted for selling a product that exposes people to this kind of vulnerability. Pornografic spyware is here, has been here, and as long as Microsoft is allowed to sell Windows, will be here. People, you don’t have to visit porn sites to get porn spyware. Viit any site that has had their page hijacked to deliver malicious code that exploits one of a gazillion vulnerabilities that exist on any Windows computer. The defense should have just done a simple google search in the court room and shwn the jury just how easy it is to get “owned”. My prayer goes out to this poor teacher, my GOD open their eyes.
jc

For the love the Pete, ask Bill Gates, he should be the one that gets convicted for selling a product that exposes people to this kind of vulnerability. Pornografic spyware is here, has been here, and as long as Microsoft is allowed to sell Windows, will be here.

Blaming Microsoft for the actions of porn spammers is a copout and is blaming the victim. The reality is that Windows has millions of lines of code. It is coded by people who are prone to error. Windows hooks up to the Internet, which architecturally is system based on trust, not the reality of today’s wild west.

We’re going to have spyware and malware forever. You’ll never get rid of it. The early days of functioning artificial intelligence (right around the corner) will clean up the human-made error prone code. If we’re lucky, we’ll have a few years of relatively exploit free code before the AI is commandeered by those with less than honorable intentions. After that, we’ll have functioning AI controlled by bad men battling with other AI controlled by good men.

It’s a classic battle of good versus evil and it won’t stop as long as humans are somewhere in the equation.

Now you can trot out the argument that Windows is less secure than open source Linux. I wouldn’t argue against that premise. But please, with all due respect, stop short of blaming Microsoft, Bill Gates, or the programmers of Windows for the actions of other people. Passing the buck gets us nowhere.

The early days of functioning artificial intelligence (right around the corner) will clean up the human-made error prone code.--Likwidshoe

Not exactly right around the corner. In the Physics department where I got my degree, there were two doctorates awarded for research into recognizing `whistlers’. And then there is speech recognition. And then computer vision is far more difficult again. Basically, we are know where near an `AI’ that can do more than an average person, except in a few non-AI tasks, like numerical computation.

“All the war-propaganda, all the screaming and lies and hatred, comes invariably from people who are not fighting.”
“Every war when it comes, or before it comes, is represented not as a war but as an act of self-defense against a homicidal maniac.” —George Orwell

Not exactly right around the corner.

In my view, “right around the corner” for artificial intelligence that will be able to clean up computer code is another decade.

I think 2017 is a safe bet. If I was a betting man, I would go as low as 2014.

"Blaming Microsoft for the actions of porn spammers is a copout and is blaming the victim”

Did I miss something? I thought the victim was the poor teacher who was convicted because the operating system on a computer she was asked to use was exploited because of its bad code.

“The early days of functioning artificial intelligence (right around the corner) will clean up the human-made error prone code.”

Maybe then this can inject into the legal system some intelligence to make common sense judgements, or call on someone that might know more than it about the Microsoft products that are sold with a host of bugs. Maybe then poor unsuspecting users won’t be thrown in jail or have their reputations trashed. To dream of a better tomorrow. To dream of a time when the law will say to Bill Gates, you will be fined for selling a product that fails to provide the security you claim it does.

“Now you can trot out the argument that Windows is less secure than open source Linux. I wouldn’t argue against that premise”

I am not going to promote one product over another, but I do think that if your product is known or proven to have vulnerabilities that caused someone else harm, you should be held liable. Bill Gates at a minimum, should testify on behalf of the defense.

jc

http://csrc.nist.gov/publications/nistpubs/800-83/SP800-83.pdf

Guide to Malware Incident Prevention
NIST Special Publication 800-83
and Handling

Computer Security Division
Information Technology Laboratory
National Institute of Standards and Technology
Gaithersburg, MD 20899-8930

Executive Summary
Malware, also known as malicious code and malicious software, refers to a program that is inserted into a
system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of
the victimÌs data, applications, or operating system or otherwise annoying or disrupting the victim. 
Malware has become the most significant external threat to most systems, causing widespread damage
and disruption, and necessitating extensive recovery efforts within most organizations.  SpywareÛ
malware intended to violate a userÌs privacyÛhas also become a major concern to organizations. 
Although privacy-violating malware has been in use for many years, it has become much more
widespread recently, with spyware invading many systems to monitor personal activities and conduct
financial fraud.  Organizations also face similar threats from a few forms of non-malware threats that are
often associated with malware.  One of these forms that has become commonplace is phishing, which is
using deceptive computer-based means to trick individuals into disclosing sensitive information.  Another
common form is virus hoaxes, which are false warnings of new malware threats.
This publication provides recommendations for improving an organizationÌs malware incident prevention
measures.  It also gives extensive recommendations for enhancing an organizationÌs existing incident
response capability so that it is better prepared to handle malware incidents, particularly widespread ones. 
The recommendations address several major forms of malware, including viruses, worms, Trojan horses,
malicious mobile code, blended attacks, spyware tracking cookies, and attacker tools such as backdoors
and rootkits.  The recommendations encompass various transmission mechanisms, including network
services (e.g., e-mail, Web browsing, file sharing) and removable media.
Implementing the following recommendations should facilitate more efficient and effective malware
incident response activities for Federal departments and agencies.
Organizations should develop and implement an approach to malware incident prevention.
Organizations should plan and implement an approach to malware incident prevention based on the attack
vectors that are most likely to be used, both currently and in the near future.  Because the effectiveness of
prevention techniques may vary depending on the environment (i.e., a technique that works well in a
managed environment might be ineffective in a non-managed environment), organizations should choose
preventive methods that are well-suited to their environment and systems.  An organizationÌs approach to
malware incident prevention should incorporate policy considerations, awareness programs for users and
information technology (IT) staff, and vulnerability and threat mitigation efforts.
Organizations should ensure that their policies support the prevention of malware incidents.
An organizationÌs policy statements should be used as the basis for additional malware prevention efforts,
such as user and IT staff awareness, vulnerability mitigation, and security tool deployment and
configuration.  If an organization does not state malware prevention considerations clearly in its policy, it
is unlikely to perform malware prevention activities consistently and effectively.  Malware preventionÒ
related policy should be as general as possible to allow flexibility in policy implementation and to reduce
the need for frequent policy updates, but should also be specific enough to make the intent and scope of
the policy clear.  Malware preventionÒrelated policy should include provisions related to remote
workersÛboth those using systems controlled by the organization and those using systems outside of the
organizationÌs control (e.g., contractor computers, employeesÌ home computers, business partnersÌ
computers, mobile devices).
ES-1

GUIDE TO MALWARE INCIDENT PREVENTION AND HANDLING
Organizations should incorporate malware incident prevention and handling into their awareness
programs.
Organizations should implement awareness programs that include guidance to users on malware incident
prevention.  All users should be made aware of the ways that malware spreads, the risks that malware
poses, the inability of technical controls to prevent all incidents, and the importance of users in preventing
incidents.  Awareness programs should also make users aware of the policy and procedures that apply to
malware incident handling, such as how to detect malware on a computer, how to report suspected
infections, and what users might need to do to assist incident handlers.  In addition, the organization
should conduct awareness activities for IT staff involved in malware incident prevention and provide
training on specific tasks.
Organizations should have vulnerability mitigation capabilities to help prevent malware incidents.
Organizations should have documented policy, processes, and procedures to mitigate operating system
and application vulnerabilities that malware might exploit.  Because a vulnerability usually can be
mitigated through one or more methods, organizations should use an appropriate combination of
techniques, including patch management, application of security configuration guides and checklists, and
additional host hardening measures so that effective techniques are readily available for various types of
vulnerabilities.
Organizations should have threat mitigation capabilities to assist in containing malware incidents.
Organizations should perform threat mitigation efforts to detect and stop malware before it can affect its
targets.  The most commonly used threat mitigation technical control is antivirus software; NIST strongly
recommends that organizations deploy antivirus software on all systems for which satisfactory antivirus
software is available.  To mitigate spyware threats, either antivirus software with the ability to recognize
spyware threats or specialized spyware detection and removal utilities should be used on all systems for
which satisfactory software is available.  Additional technical controls that are helpful for malware threat
mitigation include intrusion prevention systems, firewalls, routers, and certain application configuration
settings.  The System and Information Integrity family of security controls in NIST Special Publication
800-53, Recommended Security Controls for Federal Information Systems, recommends having malware
and spyware protection mechanisms on various types of hosts, including workstations, servers, mobile
computing devices, firewalls, e-mail servers, and remote access servers.
Organizations should have a robust incident response process capability that addresses malware
incident handling.
As defined in NIST Special Publication 800-61, Computer Security Incident Handling Guide, the incident
response process has four main phases:  preparation, detection and analysis,
containment/?eradication/?recovery, and post-incident activity.  Some major recommendations for malware
incident handling, by phase or subphase, are as follows:
??Preparation.  Organizations should perform preparatory measures to ensure that they can
respond effectively to malware incidents.  Recommended actions includeÛ
Ò Developing malware-specific incident handling policies and procedures
Ò Regularly conducting malware-oriented training and exercises
Ò Designating a few individuals or a small team, in advance, to be responsible for coordinating
the organizationÌs responses to malware incidents
ES-2

GUIDE TO MALWARE INCIDENT PREVENTION AND HANDLING
Ò Establishing several communication mechanisms so that coordination among incident
handlers, technical staff, management, and users can be sustained during adverse events.
??Detection and Analysis.  Organizations should strive to detect and validate malware incidents
rapidly because infections can spread through an organization within a matter of minutes.  Early
detection can help an organization minimize the number of infected systems, which will lessen
the magnitude of the recovery effort and the amount of damage the organization sustains. 
Recommended actions includeÛ
Ò Monitoring malware advisories and alerts produced by technical controls (e.g., antivirus
software, spyware detection and removal utilities, intrusion detection systems) to identify
likely impending malware incidents.  Such monitoring gives organizations the opportunity to
prevent incidents by altering their security posture.
Ò Reviewing malware incident data from such primary sources as user reports, IT staff reports,
and technical controls to identify malware-related activity.
Ò Constructing trusted toolkits on removable media that contain up-to-date tools for identifying
malware, listing currently running processes, and performing other analysis actions.
Ò Establishing a set of prioritization criteria that identify the appropriate level of response for
various malware-related incidents.
??Containment.  Malware incident containment has two major components: stopping the spread of
malware and preventing further damage to systems.  Nearly every malware incident requires
containment actions.  In addressing an incident, it is important for an organization to decide
which methods of containment to employ early in the response.  Organizations should have
strategies and procedures in place for making containment-related decisions that reflect the level
of risk acceptable to the organization.  Containment strategies should support incident handlers in
selecting the appropriate combination of containment methods for a particular situation. 
Organizational policies should clearly state who has the authority to make major containment
decisions and under what circumstances various actions are appropriate.  Specific containment-
related recommendations include the following:
Ò It can be helpful to provide users with instructions on how to identify infections and what
measures to take if a system is infected; however, organizations should not rely primarily on
users for containing malware incidents.
Ò If malware cannot be identified and contained by updated antivirus software, organizations
should be prepared to use other security tools to contain it.  Organizations should also be
prepared to submit copies of unknown malware to their security software vendors for
analysis, as well as contacting trusted parties such as incident response organizations and
antivirus vendors when guidance is needed on handling new threats.
Ò Organizations should be prepared to shut down or block services such as e-mail used by
malware to contain an incident and should understand the consequences of doing so. 
Organizations should also be prepared to respond to problems caused by other organizations
disabling their own services in response to a malware incident.
Ò Organizations should be prepared to place additional temporary restrictions on network
connectivity to contain a malware incident, such as suspending Internet access or physically
disconnecting systems from networks, recognizing the impact that the restrictions might have
on organizational functions.
ES-3

GUIDE TO MALWARE INCIDENT PREVENTION AND HANDLING
Identifying those hosts infected by malware is another vital step in containing many malware
incidents, particularly widespread ones.  Identifying infected hosts is often complicated by the
dynamic nature of computing (e.g., remote access, mobile users).  Organizations should carefully
consider host identification issues before a large-scale malware incident occurs so that they are
prepared to use multiple strategies for identifying infected hosts as part of their containment
efforts.  Organizations should select a sufficiently broad range of identification approaches and
should develop procedures and technical capabilities to perform each selected approach
effectively when a major malware incident occurs.
??Eradication.  The primary goal of eradication is to remove malware from infected systems. 
Because of the potential need for extensive eradication efforts, organizations should be prepared
to use various combinations of eradication techniques simultaneously for different situations. 
Organizations should also consider performing awareness activities that set expectations for
eradication and recovery efforts; these activities can be helpful in reducing the stress that major
malware incidents can cause.
??Recovery.  The two main aspects of recovery from malware incidents are restoring the
functionality and data of infected systems and lifting temporary containment measures. 
Organizations should carefully consider possible worst-case scenarios and determine how
recovery should be performed, including rebuilding compromised systems from scratch or known
good backups.  Determining when to remove temporary containment measures, such as
suspension of services or connectivity, is often a difficult decision during major malware
incidents.  Incident response teams should strive to keep containment measures in place until the
estimated number of infected systems and systems vulnerable to infection is sufficiently low that
subsequent incidents should be of little consequence.  However, even though the incident
response team should assess the risks of restoring services or connectivity, management
ultimately should be responsible for determining what should be done based on the incident
response teamÌs recommendations and managementÌs understanding of the business impact of
maintaining the containment measures.
??Post-Incident Activity.  Because the handling of malware incidents can be extremely expensive,
it is particularly important for organizations to conduct a robust assessment of lessons learned
after major malware incidents to prevent similar incidents from occurring.  Capturing the lessons
learned from the handling of such incidents should help an organization improve its incident
handling capability and malware defenses, including identifying needed changes to security
policy, software configurations, and malware detection and prevention software deployments.
Organizations should establish malware incident prevention and handling capabilities that address
current and short-term future threats.
Because new malware threats arise constantly, organizations should establish malware incident
prevention and handling capabilities that are robust and flexible enough to address both current and short-
term future threats and that can be modified and built on to address long-term future threats.  Both
malware and the defenses against malware continue to evolve, each in response to improvements in the
other.  For this reason, organizations should stay up-to-date on the latest types of threats and the security
controls available to combat each type.  As a new category of threats becomes more serious, organizations
should plan and implement appropriate controls to mitigate it.  Awareness of new and emerging threats
and protective capabilities should be part of every organizationÌs efforts to prevent malware incidents.