Re: Hackers in the crosshairs (Aug. 1)
I think Richard Clarke was being extremely polite in positioning hackers as researchers given that they were his audience. It seems crystal
clear that posting vulnerabilities in any public forum is wrong.
Consider the following ethical multiple choice quiz. Your neighbour has left for vacation. You generally keep an eye on each other’s properties, so you wander over and notice that they have left their backdoor unlocked. Not open, but just not locked. What is the ethical thing to do:
- a) Do nothing – not your problem
b) Wait until they get back to let them know about their careless mistake
c) Place a large illuminated sign on their front lawn to advise them and others that “”BACK DOOR UNLOCKED””
d) Wander about their house to poke around, see if there are any goodies in the fridge, check out their underwear drawer
e) Lock the door and pull it shut – let them know when they get back how you helped out
Personally, I would be delighted if “”researchers”” would let the software developers know quietly if they stumble across a security problem. Frankly, as a small organization trying to provide some basic computing services to our employees, the cost and complexity of security precautions, firewalls, VPN, anti-virus, etc. is becoming overwhelming, not to mention the continuing avalanche of unwanted, useless and often disgusting spam which a lot of this hacking enables.
Let’s not kid ourselves – any propagation of vulnerabilities is designed to make trouble for big companies like HP and Microsoft and only hurts innocent bystanders like us.
Larry Gemmel
Senior Director, Collaborative Projects
United Way of Canada – Centraide Canada
Re: Next generation CLECs focus on rural advantage (July 30)
Interesting article on emerging clec market. Our perspective is that the other companies (C-1, Norigen, etc.) failed primarily due to the fact that yes, they did finance their businesses too highly, but more importantly, they were building them to sell to someone else, not to run long-term. They did not put the sales, marketing and operations processes, procedures, tools or the people in place to run them profitably over the long term.
Roberta J. Fox
President & Senior Partner
Fox Group Consulting
Re: MPs fail to connect with constituents online (July 29)
My experience last July illustrates some of the results when MPs enter the Web world.
I encountered problems with the Ontario Ministry of Transport’s Web site and driver examination booking process. The site invited me to send the Minister my comments. When I did this by completing the form presented on the Web site, I received a canned reply stating that “”for security reasons the Minister does not respond directly to e-mail.””
Cathy Robinson
Re: MPs fail to connect with constituents online (July 29)
What Jack Layton fails to mention is that it’s one thing to be accessible via e-mail/Web and it’s another thing to use these tools effectively. I sent two e-mails to his attention regarding a local issue with no response.
Maybe he will do better as the (potential) new NDP leader?
Kris Tobias
Re: Casting call for hackers (July 26)
As you say, the government types have to give their heads a shake on this one.
Aside from the somewhat dubious “”losses”” that are being suffered are the issues of personal privacy. If I set up a peer-to-peer network for my own reasons it will be a secure connection and the data transmission will be encrypted. If a media company wants to try and crack the encryption go ahead, but after the admission on 60 Minutes by the NSA that they have fallen behind on this issue, the media companies would have to apply significant assets, far more than the putative value of the data.
If, as you suggest, the action would be to release a virus or to use a distributed denial of service attack, do they not realize that all out war would erupt? People who have knowledge of sophisticated exploits and have collected malicious code over the years to aid in the protection of networks would feel justified in turning this against the media companies. For example, if it became known that Klez32 was released by AOL-Time/Warner I would expect that AOL would be off-line within hours.
Another issue is the reaction of the citizens to their own government. Post 9/11 the government needs the citizens on their side, not off on the sidelines saying we cannot trust you and that law enforcement is being handed over to the aggrieved parties. In the 1800s that was called a lynch mob.
Overall, it seems there has to be a change in the paradigm. I am not sure what the answer would be however giving enforcement abilities to big media companies is not the answer. Nor is the abrogation of the citizens’ rights to fair usage.
Mark Bernier
Re: It’s a small show after all (July 11)
I agree with your column that this year’s show was smaller than others, but there is usually something there if you mine for it.
I usually make a point of attending if only to find out if there is a new trend or something that piques my interest. Invariably I find something. Sometimes there is only one thing that makes the trip worthwhile, but that is all I need.
This year I took my 20-year-old son who was a reluctant visitor, but humoured his dear father by joining him on the trek. As an artist, gamer and computer buff he was transfixed by the booth that was demonstrating animation software.
Not only is that a subject that interests me, but was of particular interest to him and his younger brother who also draws a lot.
Since our return, and my generosity in letting them play with the software before I could get my hands on it, I have been sent various samples of work they have done using the programme. It wasn’t cheap software, but to my mind a good investment as they are doing something creative and imaginative at a price their father could just afford.
Using just that and the fun they are having as my measuring stick, I would say that this year’s Comdex was an overwhelming success.
John Henley
Vice chair
Actra Apprentice Caucus
Re: CAAST calls for review of piracy penalties (June 10)
I do not know how CAAST arrives at its numbers. If I’m to believe my personal experience on both sides of the border, I must strongly suspect that their methodology is wrong, even if my experience has no scientific basis.
Also, does the amount of the fine stop someone from pirating? I do not believe so. The degree of risk in getting nabbed is a greater deterrent, especially if the attending publicity follows.
In my personal opinion, with the stick used (fine, jail and lost of reputation), what is needed is a program of education. Where it is explained to the consumers the consequences of piracy on the vendors and their employees, etc.
Richard Carriere
Letters to the editor must include the writer’s name and company name along with an e-mail address or other contact information. All letters become the property of ITBusiness.ca. Editors reserve the right to edit submissions for length and content.
