Journal: Weaponizing Web 2.0

Commerce, Commercial Intelligence, Law Enforcement
Washington Post Full Story
Washington Post Full Story

By Brian Krebs

July 29, 2009; 3:15 PM ET

The Washington Post

Imagine simply visiting a Web forum and finding that doing so forced your browser to post an embarrassing Twitter message to all of your contacts, or caused you to admit a stranger to your online social network. Now consider the same dynamic being used to move money out of your online auction account or delete the contents of your e-mail inbox.

. . . . . . .

The problem with the token-based security approach, as researchers prior to Hamiel and Moyer have noted, is that it works only if the attacker doesn't have access to that random string of data as well.

To take the Alice and Bob on the forum example a step further, consider what happens when Alice views a forum posting by Bob that includes a link to an off-site image hosted at a site controlled by Bob. That image, when loaded by Alice's browser, will automatically send Bob's site a referrer URL that includes the full token that is unique to Alice's browser session with that forum. Armed with the referring URL's token, Bob can then respond to the image request from Alice's browser with a request to silently take action on that forum in Alice's name.

. . . . . . .

Moyer said one way to prevent this attack is commonly used on banking Web sites involves what's known as a nonce, which is essentially a random, one-time-use-only number that is appended to a URL each time a visitor loads a page on that site. He noted that one reason most sites don't adopt this approach is that it requires far more computational and Web server capacity, which can drive up costs — particularly for high-traffic sites.

DefCon White Paper
DefCon White Paper

+++++++Phi Beta Iota Editorial Comment+++++++

In 1990-1991 Winn Schwartau testified to Congress.  They ignored him the way they ignored Peak Oil testimony in 1974-1975.  In 1995 Robert Steele organized three top experts, Schwartau, Jim A from NSA, and Bill Caelii, and submitted a cross-walk of crystal clear recommendations adding up to $1 billion a year to Marty Harris, responsible for the security of the National Information Infrastructure (NII).  Today the US Government is about to waste $12 billion a year helping NSA further its own agenda while ignoring the root needs of the American people for trusted electromagnetic services.  The federal government is so busy attacking other people it is neglecting the people that created the federal government as a service of common concern.  The gap between those exercising public power and those who elected them and pay them has grown cataclysmic.  Public intelligence in the public interest is one way to help the Republic heal.

Review: Doing Democracy

5 Star, Democracy

Amazon Page
Amazon Page

5.0 out of 5 stars Extraordinary Strategic/Tactical Guide for People Power,

January 20, 2004
Bill Moyer
This book is both a strategic orientation to, and a tactical primer on, how to develop and manage non-violent social movements at the grassroots or “people power” level.The reason this book is important is because it solves the most important problem or gap facing all social movements: the lack of strategic models and methods that help activists understand, plan, conduct, and evaluate their social movements. I have read this book from cover to cover and it fulfills the objective. Had Howard Dean and Joe Trippi read this book six months ago, they would not have blown the lead and come in a sorry fourth (less than half of what Kerry had, less than a quarter Kerry and Edwards combined), to guys that did *not* figure out and the Internet as a collective consciousness tool.

This is among the most heavily marked up books I have read in the past four years, and instead of summarizing it in detail, which may cause some of you to avoid buying it, I will simply endorse the primary author's view that social movements are needed now more than ever, for the simple reason that the powerholders are making life on the planet unsustainable–everything they do (think Dick Cheney here) to increase profits, control, and power, is also “increasing unemployment, the gap between rich and poor, violence, ecological collapse, and unsustainability”.

There are four aspects of the book that are especially valuable as we all find ourselves in a “world war” between fundamentalist groups (both Islamic and extremist Americans of the religious right falling prey to neo-conservative doctrine) and progressive individuals seeking the common good:

1) the author's focus on sub-movements, on creating a strategic campaign that specifically embraces each sub-movement as a distinct but coordinated element, is the “aha” factor in leaping forward.

2) the author's specific discussion of negative rebels and how much harm they can do to the larger movement is compelling, to the point of actually suggesting that we need to create a counterintelligence service within social movements to address this. The few violent protesters in Seattle got all the media coverage, and the non-violent mass lost a great deal of credit.

3) the eight-stages of social movements are extremely detailed and the case studies help to explain why the “slump” must be overcome in the fifth stage, when success has been achieved but there is a perception of failure.

4) the importance of having an economic strategy for where the social movement's vision needs to go, is not understood by most presidential candidates. This book is valuable to anyone who would be president, or senator, for it explains not only how to organize and lead a social movement, but how to govern resources to its desired ends after the fact of victory. Real world budgeting is a neglected aspect of leadership during the electoral process.

I would say that this book (together with Tom Atlee's “The Tao of Democracy: Using CO-INTELLIGENCE to create a world that works for all”), is core reading for anyone interested in saving his or her neighborhood, his or her country, or the world at large. The primary and secondary authors are also to be commended for making the point that it is possible to be effective *regardless of who is President or what party is in charge in the capitol*–they emphasize local grass-roots effectiveness that is non-partisan.

Juliette Beck and Nancy Gregory make contributions that should have been acknowledged on the cover. Juliette Beck especially, with her focus on globalization and the sub-movements and stages of the aggregate movement, provides a most satisfactory case study that concludes the book.

Vote on Review
Vote on Review