Sunday, August 31, 2003

There are now a number of weblogs written by folks that live in Iraq. In line with the last past regarding using news services as a marketing channel, the four weblogs are in stark contrast to the various reports we see coming through places like CNN, Fox "News", and MSNBC.

The newest addition is Bagdad Burning written by a 24 year old women. Her personal accounts of life in Bagdad are frighteningly chilling.

Her posts are also informative and describe quite succinctly how the efforts of rebuilding Iraq are largely being governed by how much revenue it might generate for various non-Iraqi -- mostly American -- companies.

Now, I have no particular problem with the US taking the stance that a part of liberating and rebuilding Iraq should be to figure out how the US can make some money to recoup the costs of this particular military exercise. However, it would seem that the emphasis is on squeezing out every last bit of profit from the country with little consideration as to how the previously very strong engineering and business resources of the country could best be leveraged and, through their usage, return to a self-sustaining, self-governed, way of life.

The Baghdad Bloggers are three weblogs written by Iraqis that have bravely chosen not to remain anonymous.

Dear Raed is probably the best known and contains some excellent commentary and observations from the region. In particular, read through some of the posts about life during the 100 days of the "war" and contrast Raed's observations with the news reports from the same time.

G. in Bagdad is a new weblog. It tends to be fairly informal and includes a number of cynically humorous observations.

The third weblog-- found via the The Baghdad Bloggers link -- doesn't appear to have much in the way of content yet. Update: As Don so succinctly pointed out, I forgot to paste the URL into one of the more useful links in the article...
12:30:31 PM  pontificate    

I have been silent recently. That will change in about 7 days. A lot will change in 7 days.

The SFGate has a very amusing and dead-on correct look at the recent arrest of the guy in Minnesota that effectively advertised that he released (not created, just modified) a new version of the Blaster worm:

The FBI arrested an 18-year-old in Minnesota this week for being a "key player" in the Blaster worm fiasco, which infected more than 500,000 computers this month.

How can the FBI stand there with a straight face and pat itself on the back for busting this loser? In reality, agents caught an extremely uninspired script-kid wannabe who allegedly copied and renamed the original Blaster code. And they did it by acting on a tip that turned the youngster over like a pancake. And it took 'em 10 days to do that!


There's more at the link. I suggest reading it.

The FBI is not the only agency that uses the news channel to claim success where reality indicates something very different is going on. The FBI's arrest of the script kiddie in Minnesota was a success. If they string him up, so much the better. However, claiming that the guy was anything but some dumbass who modified already existing code and then bragged about releasing the worm is dishonest at best.

Of course, given that there is no false claims of success to be made in the world of SoBig.[A-F], there is very little in the news about that particular social disaster. I say social because SoBig doesn't really exploit a specific fault in Windows. It spreads by exploiting a certain void in understanding found between the keyboard and chair.

As a colleague pointed out, each of the SoBig viral releases seems to be a sort of test. Each has an expiration date and each carries a slightly different payload. SoBig.F was particularly interesting in that it had a second phase attack that involved already compromised machines and a secondary payload to be downloaded from said machines.

That attack was thwarted, but the overall behavior of the network security community in doing so appeared to be largely incompetent if the goal was to figure out what the secondary payload was and try and gather evidence under the assumption that SoBig.G will be released shortly after the expiration of SoBig.F (like all previous variants of SoBig).

In any case, I don't think we have seen the last of SoBig.
12:02:30 PM  pontificate