Archive

Posts Tagged ‘NoVA-Hackers’

The Truth about Scientific Hooligans

March 13, 2012 Leave a comment

I have spent my life disproving the wild claims made by purveyors of products, services and standards, in an attempt to get to the truth of their claims. As you read the story below and see yourself in the role of Mr. Neville Maskelyne, please feel free to post a one story in the comment section of this blog about your Scientific Hooliganism.

Special thanks to Larry Washburn for posting this on the NoVA-Hackers list.

Joe Klein
Scientific Hooligan (ScHool)

The Story of “SCIENTIFIC HOOLIGANISM” (1)(2)

Professor J. A. Fleming delivered a lecture at the Royal Institution, London, on June 4, 1903 in which wireless telegraphic messages from Mr. Marconi at Poldhu, Cornwall, were received at the lecture table via Chelmsford  together with others from University College. Professor Fleming three weeks later, according to our London correspondent, stated that a deliberate attempt was made by someone outside to wreck the exhibition of this feat.

The demonstrations were arranged with Mr, Marconi’s special co-operation, at some expense to ‘the institution, and at great trouble, to show that Hertzian wave telegraphy on the Marconi system can now be conducted over great distances on land, and can penetrate as well into the heart of a great city. Marconi claims:

(1) That the messages by his system cannot be tapped; and

(2) ‘That working cannot be interfered with.

Certain experts were challenged to interfere with it if they could.

Towards the end of the lecture it was seen that the instruments were being influenced, by some outside agency, and amongst other things recorded on the tape were quotations from Shakespeare, a poem (of doubtful origin), and, finally, that most undignified observation, “‘Rats’.” The irate professor promptly wrote to the papers denouncing the mischief-makers as ”scientific hooligans,” asking the world in general to find out the culprits and let him know and he would well, do something dreadful to them.

After much scientific mud throwing to the papers Mr. Neville Maskelyne, of Egyptian Hall fame, confessed publicly that he and another scientific man were perpetrators of what Professor Fleming called “monkey tricks.” They do not say by what means the interference was accomplished, but apparently it was done by putting very high tension currents into the earth, which showed at once to the alleged ”evil-doers” that had they chosen they could have “wrecked the whole demonstration” given by Professor Fleming, but that was beyond their object.

Mr. Maskelyne contends that what he did was quite “fair play.” He knew there was a challenge issued by Professor Fleming and he simply took it up, and won. “It should be remembered,” says Mr. Maskelyne, “that Professor Fleming is the expert adviser to the Marconi company, and that other systems of wireless telegraphy are being greatly handicapped by what we believe to be the extravagant claims put forward on behalf of the Marconi system. So, after all, the Government authorities may not be such blockheads as the Marconi promoters would have us believe.”

References:

(1) The Advertiser (Adelaide, SA:1889-1931), Wednesday 29 July 1902, http://trove.nla.gov.au/ndp/del/article/4979411

(2) New Scientist, http://www.newscientist.com/article/mg21228440.700-dotdashdiss-the-gentleman

“A century ago, one of the world’s first hackers used Morse code insults to disrupt a public demo of Marconi’s wireless telegraph.”

NOVA-HA | Game Theory Applied to Vulnerability Disclosure

August 11, 2010 Leave a comment

After reading the book “The Predictioneer’s Game : Using the Logic of Brazen Self-Interest to See and Shape the Future” by Bruce Bueno de Mesquita, I began to get interested in game theory. More specifically I wondered if it could be applied an unspoken problem that exists, that is how do we provide more secure systems to end users, while leveraging the creativity of the security researcher community.

So for two months, I read, watched and listened to every thing by Bruce Bueno de Mesquita, along with everything I could find on game theory. I realized as I was approaching the one month mark, that I began seeing everything around me as a game, in which there were winners, losers, detractors and supporters. I reviewed all 31 games I had found which were published, the whole time thinking about my goal.

One of my major problems when starting to model this was the number of players at all levels of the game. I finally settled on 8 major players in the game, each having two or more subgames taking place at any one time. An example of a subgame was a vender who had Internal staff such as Software Developers, PM‘s, Executives, Marketing/Sales, and external interfaces to Lawyers, PR, Board, Stock Holder, and Government. Each subgame had influences, positions they needed to hold, Salience, a measure of flexibility, the ability to veto others in the subgame and fixed positions which they were never going to change.

The results of generating a spreadsheet of interactions, then having access to Bruce Bueno de Mesquita’s online system used to teach students, was that in the current game the vendors, followed closely by the government and law enforcement controlled the majority of the game. End users of computer systems and networks finished last, when modeling the existing system. In short, end users will always be hacked!

While researching this problem, it occurred to me that all of the vendors’ responses to disclosure of vulnerabilities fell into one of 5 categories, each reducing the risk to the vendor, but not improving the position of the computer users.

Added to this, I was thinking about the great talk Matt Blaze and Mouse gave at the Last Hope, where they discussed the changes in physical security, specifically locksmiths as disclosure of methods to pick locks. Thinking about it, I also noticed a pattern about the way businesses responded to this new threat of disclosure on their bottom line. In both the locksmith and the security world, disclosure and experimentation with the technology was considered honorable; but that flipped when the business felt threatened to “Disclosure is not honorable”. In the current vernacular, this method of withholding the disclosure of a vulnerability to the public is called “Responsible Disclosure”. This last position always protects the company while leaving the customer of these products at great risk from criminals.

Anyway, my findings are in slide format, download them and if you have questions contact me.

Interesting note, I think I stunned everyone when for a change I was not speaking on IPv6.