The President's Message

November 2010

Rick Curry

Happy Halloween! Thanks to all of you who braved the weather to make the October meeting. The next two months our meetings are on the third Saturdays due to the holidays.

This month we got yet another trick (they certainly have not been treats) courtesy of Adobe Flash and Adobe PDF Reader programs. While the vulnerability exists in Windows, Linux, and Macintosh versions of the Adobe products, there are currently reported exploits only for Windows machines. As of Oct. 28, the known exploits attempt to install a virus named "Wisp" if you open the wrong PDF file.

The trick to avoiding problems is to make sure you know who you are getting PDF files from for the time being. There is a convoluted mechanism to temporarily disable this particular exploit (search for "Adobe" and "APSA10-05"), but being careful about where you get PDF files is the best defense for the foreseeable future.

Get PDFs directly from a reliable company -- typically a manufacturer describing its products. Be wary of websites that want you to sign up with its services to access a library of PDFs. Anyone trying to get you to install a "downloader" or some other piece of software should be setting off the warning klaxons for you. And yes, Adobe does attempt to get you to install a software downloader (maybe they are trying to tell us something?) As Toby has mentioned, Adobe does not seem at all disposed to stop installing these "extensions" (a less kind person might call them "backdoors") into the Adobe software, so don’t be surprised to find that bad things are attempting to climb into the castle through the Adobe plumbing in the coming weeks and months.

I found out about this at The Register: http://www.theregister.co.uk/2010/10/28/adobe_reader_critical_vuln/ Destroying privacy as a business model You can easily argue that if a business is in the business of supplying personal information, processes that eliminate privacy work to the advantage of the business. Not all business owners would be comfortable with working toward this end, but corporations, by law, must keep the profits of the corporation foremost in their consideration. So you are not going to find Facebook or Google campaigning for tighter security to prevent accidental leaking of personal information if it would increase their costs or diminish the appeal of their products.

This is argued by John Leyden in his article "Facebook is ‘killing privacy for commercial gain’ " (also from The Reg). But the theory that information brokers are not intensely motivated to keep their promises about maintaining our privacy sounds a lot more passive than the recent remarks by Google’s CEO Eric Schmidt: Regarding the fleet of vehicles (some under robotic control as part of a quiet experiment it turns out) that Google has combing neighborhoods and taking pictures of people’s homes to be used in the Street View feature: "Street View, we drive exactly once" [ed. And if you are concerned about the image] "so you can just move, right?" (Remarks in a broadcast first aired at cnn.com on 10/22).

Earlier in October, he claimed Google's policy is "to get right up to the creepy line and not cross it". Oct 1 at the Washington Ideas Forum: "We know where you are. We know where you’ve been. We can more or less know what you’re thinking about." In a Wall Street interview published Aug. 14, he said he expected that in the near future young people would receive an official change of identity (something like the federal witness protection program) upon becoming adults so that they may escape the indestructible proof that they were once callow.

Last December, the remark of the day was "If you have something that you don't want anyone to know, maybe you shouldn’t be doing it in the first place." Now in being fair to the record of Mr. Schmidt going to Washington, he is not rubbing his hands together or stroking a white Persian cat as he says these things. In some instances, he has been talking about the reality of rules that he argues are put in place by lobbyists in the beltway (retaining records that various national security agencies can demand at any time, for example). In other cases he has been pointing out just how long the cat has been out of the bag with regard to privacy.

But is this what it has come to? Has the information superhighway become the railroad of our time and acquired a rightof-way that demands we yield or suffer all liability if we get ourselves run over by it? << BOOH! >

My guess is that personal information on the Internet will acquire the fantasy reputation that some "grocery store" magazines have (the ones that advertise UFO babies and Elvis sightings). As accusations and denials are passed back and forth, most of what is only available as a typed message relating an incident has to be seen as rumor. Pictures can be harder to dispute, but altering photographs has become an art known as "Photoshopping." It takes more skill and better computers to alter video, but that can be done as well.

The permanent nature of a practical joke made on the Internet would be enough motivation for some to make mischief, and there are a lot of personal and monetary motivations that almost guarantee fictitious incidents get created and posted on YouTube. So I think that the reputation of the personal information on the Internet will become no better than that of "chain letters." The monster devours itself.

Happy computing!