Journal: Weaponizing Web 2.0

Commerce, Commercial Intelligence, Law Enforcement
Washington Post Full Story
Washington Post Full Story

By Brian Krebs

July 29, 2009; 3:15 PM ET

The Washington Post

Imagine simply visiting a Web forum and finding that doing so forced your browser to post an embarrassing Twitter message to all of your contacts, or caused you to admit a stranger to your online social network. Now consider the same dynamic being used to move money out of your online auction account or delete the contents of your e-mail inbox.

. . . . . . .

The problem with the token-based security approach, as researchers prior to Hamiel and Moyer have noted, is that it works only if the attacker doesn’t have access to that random string of data as well.

To take the Alice and Bob on the forum example a step further, consider what happens when Alice views a forum posting by Bob that includes a link to an off-site image hosted at a site controlled by Bob. That image, when loaded by Alice’s browser, will automatically send Bob’s site a referrer URL that includes the full token that is unique to Alice’s browser session with that forum. Armed with the referring URL’s token, Bob can then respond to the image request from Alice’s browser with a request to silently take action on that forum in Alice’s name.

. . . . . . .

Moyer said one way to prevent this attack is commonly used on banking Web sites involves what’s known as a nonce, which is essentially a random, one-time-use-only number that is appended to a URL each time a visitor loads a page on that site. He noted that one reason most sites don’t adopt this approach is that it requires far more computational and Web server capacity, which can drive up costs — particularly for high-traffic sites.

DefCon White Paper
DefCon White Paper

+++++++Phi Beta Iota Editorial Comment+++++++

In 1990-1991 Winn Schwartau testified to Congress.  They ignored him the way they ignored Peak Oil testimony in 1974-1975.  In 1995 Robert Steele organized three top experts, Schwartau, Jim A from NSA, and Bill Caelii, and submitted a cross-walk of crystal clear recommendations adding up to $1 billion a year to Marty Harris, responsible for the security of the National Information Infrastructure (NII).  Today the US Government is about to waste $12 billion a year helping NSA further its own agenda while ignoring the root needs of the American people for trusted electromagnetic services.  The federal government is so busy attacking other people it is neglecting the people that created the federal government as a service of common concern.  The gap between those exercising public power and those who elected them and pay them has grown cataclysmic.  Public intelligence in the public interest is one way to help the Republic heal.

Vendor Pitch Archives on Public Intelligence (1992-2006)

Commerce

2006

US

Vendor Fleming Icosystem

2006

US

Vendor Lederman Deep Web Technologies

2006

US

Vendor Proctor IBM’s Text Analytic OS Architecture

2006

US

Vendor Ruh CISCO’s Application Oriented Network

2004

US

Vendor Dietz LEXIS-NEXIS Open Sources on North Korea

2004

US

Vendor Dietz Top Ten Stories on North Korea

2001

US

Vendor NA Bright Planet White Paper on the Deep Web

2001

UK

Vendor Rotheray BBC Views on New Risks of Crisis Seen From Open Sources (Slides)

2001

UK

Vendor Rotheray BBC Views on New Risks of Crisis Seen From Open Sources (Text)

1999

US

Vendor Boyer AUTOMETRIC (Now Boeing): High Resolution Imagery

1999

NL

Vendor DataExpert DateExpert

1999

US

Vendor Powerize Powerize Overview

1998

UK

Vendor Brenton MEMEX Software

1998

UK

Vendor Hunter I2: Creating Intelligence Automatically

1998

US

Vendor Retrieval Tech. Real Time News Meets Knowledge Management

1997

US

Vendor Blejer SRA: Intelligence Information Systems

1997

US

Vendor CORE CORE SW: Business Plan Summary

1997

US

Vendor Jacobs ISOQUEST: Software for Managing Information Overload

1997

US

Vendor Rodriguez DIALOG: Targetted Decisions Support versus Generic Internet

1997

US

Vendor Weigand Forecast International: Reducing Risk Via Practical OSINT (Slides)

1997

US

Vendor Weigand Forecast International: Reducing Risk Via Practical OSINT (Text)

1996

US

Vendor Dixon LEXIS-NEXIS, Online Public Records and Criminal Investigations

1996

UK

Vendor Hutchinson Jane’s: The Role of Sources in Open Intelligence

1996

US

Vendor Krattenmaker LEXIS-NEXIS, LEXMAP Demonstration and Discussion

1996

US

Vendor Nachmanoff Oxford Analytica: Economic Intelligence Services for the Private Sector

1996

US

Vendor Nanz SPOT Image: Remarks on Commercial Imagery

1995

US

Vendor McLagan NewsEdge, Tailored News Alerts for a Competitive Edge

1995

US

Vendor Nanz Commercial Imagery and National Defense (Slides)

1995

US

Vendor Nanz Commercial Imagery and National Defense (Text)

1995

UK

Vendor Rolington Jane’s: A Theory of Open Source Information

1994

US`

Vendor Vajta-Williams Space Imaging, Commercial Imagery, and You

1993

UK

Vendor Hall Jane’s Approach to the New Threat Environment

1992

US

Vendor Driver N-STAR: An Automated Analyst Tool for Open Source Data

1992

US

Vendor Hutchinson Jane’s RUMOR OF WAR: An Information Vendor’s View

1992

US

Vendor Kovaly Unique Wire Service Provides Early Intelligence

1992

US

Vendor Pincus METAMORPH: Theoretical Background and Operational Functionality

1992

US

Vendor Vendor PERISCOPE, Commercial Open Source

Commerce Archive on Public Intelligence (1992-2006)

Commerce
Archive 1992-2006
Archive 1992-2006

2004

SE

Commerce Bjore Commercial Intelligence

2003

SE

Commerce Bjore Reinventing Commercial Intelligence

2002

US

Commerce Klavans Identifying Commercial Opportunities from Emerging Science

2000

US

Commerce Technology Intelligence from Patents

2000

US

Commerce Sullivan Business Perspective on Essential Overseas Information

1999

FR

Commerce Baumlin Espionage or Business Intelligence: Nuances of Gray

1999

UK

Commerce Collier Overview of New Horizons in OSINT Sources, Softwares, Services

1999

US

Commerce Miller The Year the Information Industry Hit Bottom

1999

US

Commerce Robinson How Mobil Uses Open Sources & Services

1998

FR

Commerce Baumlin Black, White, Gray, Realities of the Investigative Marketplace

1998

US

Commerce Boyer Assessing US and Other Space Imaging Options for European Needs

1998

GE

Commerce Bruckner Information and Knowledge Management in Intelligence Situations

1998

US

Commerce Burwell Commercial Online Source Validation Methods

1998

UK

Commerce Collier The Pricing of Electronic Information

1998

US

Commerce Dunn Confronting the Future of the Information Industry

1998

Israel

Commerce Feiler Open and Personal: Economic Intelligence in the Middle East

1998

US

Commerce Horowitz Economic Espionage and OSINT: Legal and Security Implications

1998

US

Commerce Stara Valuing Competitive Intelligence

1998

US

Commerce Yankeelov Pushing the Assets of Time and Knowledge

1997

BE

Commerce Borry & Sohl Electronic Sources & Methods: A Belgian Business Perspective

1997

US

Commerce Suggs International Trade & Commerce Intelligence Search Strategies (Slides)

1997

US

Commerce Suggs International Trade & Commerce Intelligence Search Strategies (Text)

1996

US

Commerce Bates Recent and Emerging Trends in Information Brokering

1996

US

Commerce Call Realities & Myths Regarding Financial Research Using Open Sources

1996

US

Commerce Kolb (SCIP) Sales Pitch for the Society of Competitive Intelligence Professionals

1996

US

Commerce Sibbit Emerging Business Models for Commercial Remote Sensing

1996

US

Commerce Steele Concise Directory of Selected International Open Sources & Services

1996

US

Commerce Steele Open Source Intelligence Handbook, Chapter 1, Overview

1995

US

Commerce Herring Business Intelligence in Japan and Sweden: Lessons for the US

1995

US

Commerce Herring Intelligence to Enhance American Companies’ Competitiveness

1995

US

Commerce Herring Using the Intelligence Process to Create Competitive Global Advantage

1995

US

Commerce Simon & Blixt Emerging Issues in Competitive Intelligence

1994

US

Commerce Basch Secrets of the Super-Searchers: A Personal and Practical Perspective

1994

Switz

Commerce Bernhardt Tailoring Competitive Intelligence to Executive Needs

1994

UK

Commerce Collier Global Information Industry and a New Information Paradigm

1994

US

Commerce Himelfarb Introduction to Competitive and Business Intelligence

1994

US

Commerce Kelly ASIDIC Perspectives & Its Contributions to National Competitiveness (S)

1994

US

Commerce Kelly ASIDIC Perspectives & Its Contributions to National Competitiveness (T)

1994

US

Commerce Marcinko Association of Information and Dissemination Centers, Case Studies

1994

US

Commerce Shaker Beating the Competition: From Boardroom to War Room

1994

US

Commerce Shaker & Rice From War Room to Board Room

1994

US

Commerce Sharp How to Identify Changes that Threaten Your Business Activity, In Advance

1994

US

Commerce Stanat The Power of Global Business Information

1994

US

Commerce Steele Germany: ACCESS:  Theory and Practice of Competitor Intelligence

1994?

US

Commerce Steele ASIDIC: Intelligence Community as a New Market

1993

US

Commerce Caldwell International Investigative Market (Slides)

1993

US

Commerce Caldwell International Investigative Market (Text)

1993

SE

Commerce Dedijer Europe’s To BI or not to BE: Inventory of a New Business Innovation

1993

US

Commerce Elias An Overview of the Information Industry in 1993

1993

AU

Commerce Fraumann Business is War

1993

US

Commerce Herring Business Intelligence: Some Have It, Some Don’t–How They Do It

1993

US

Commerce Himelfarb Intelligence Requirements for Executives

1993

US

Commerce Monaco & Gerliczy Economic Intelligence and Open Source Information

1993

JP

Commerce Shima Overview of Japanese Media and Information Systems

1993

US

Commerce Splitt The U.S. Information Industry: Changing the 21st Century

1993

US

Commerce Steele Corporate Role in National Competitiveness

1993

US

Commerce Steele The Intelligence Community as a New Market

1992

US

Commerce Hlava Information Industry Corporations (Partial Listing)

1992

US

Commerce Hlava Selected Professional and Trade Associations in Information

1992

US

Commerce Hlava The Information Industry: Impact of Globalization

1992

US

Commerce Meyer Business Intelligence at the Cutting Edge

1992

US

Commerce Nobel From A to Z: What We’ve Done with Open Sources

1992

US

Commerce Shaker & Kardulias Intelligence Support to U.S. Business

1992

US

Commerce Williams OSINT to Create Intelligence in a Commercial Environment

2003 Pak (US) & Zdanowicz (US) An Estimate of 2001 Lost U.S. Federal Income Tax Revenues Due to Over-Invoiced Imports and Under-Priced Exports

03 Economy, Analysis, Budgets & Funding, Commerce, Commercial Intelligence, Government, Historic Contributions
Simopn J. Pak
Simopn J. Pak

Academics can be cool and useful.

John Zdanowicz
John Zdanowicz

These two guys are worth over $50billion a year to the Internal Revenue Service (IRS), but the U.S. Government does not seem to care about intelligence-driven revenue-collection.

These guys ROCK and represent all that academics should be in the service of their country and theircommunity.

Dr. Simon J. Pak and Dr. John S. Zdanowicz, Penn State University and Florida International University OSS ’03: For their extraordinary demonstration, with a tangible value to the public of $50 billion a year in tax fraud savings, of new methods of academic investigation into public trade records, and the consequent discovery of specific instances of import-export money laundering and financial fraud, as well as weight variances associated with the smuggling of contraband and the mis-representation of cargo.

Below are their paper and slides as presented at OSS ’03.  These guys should have their own investigative cell fully-funded by the IRS and ultimately in ther service of all governments (a multinational global service).

$50 Billion/Year Lost
$50 Billion/Year Lost
Transfer Pricing Fraud
Transfer Pricing Fraud

2000 Sandman (US) Applied Human Intellect: Interpreting the Data Bits

Commerce, Historic Contributions
Mike Sandman
Mike Sandman

Mike Sandman, along with Jan Herring and Leonard Fuld, is arguably one of America’s top commercial or competitive intelligence providers.  He has in many ways defined the emergent industry, which still lacks sufficient appreciation for many factors including energy and environmental and human.

Click on the logo below to go to the Academy of Competitive Intelligence, which we consider to be the single best offering in English.

"The Gold Standard"
"The Gold Standard"