Those precious wasted moments…

I sent a package to a friend in the Czech Republic a few weeks back. I sent it to the exact address he supplied and paid for the tracking service so I would know when it arrived. Well, as luck would have it, they couldn’t find the address in Prague, so it bounced and came back. Here’s where it gets interesting.

I never gave them my home address. In fact, I never gave them a sending address. This was not intentional, I just forgot to write it on their form when filling out the stuff for registered postage. So it came back, but they had no idea where to send it. I knew something was wrong, so we called the postal service and they explained that in this situation, they would open the package and try to deduce my identity from the contents. We gave them our home address, but they didn’t seem to care. Our best bet would be to fill in a missing post form and describe the contents. When they matched up the descriptions, we would get it delivered at home.

But then something totally weird happened: the package just showed up the next day… at my office.

I never gave them my office address. I never told them my name. Actually, my wife had filled in the shipping forms, so her name was on the receipt. But they still managed to figure out who I was and where I worked. This is the part I can’t figure out. How did they link my home address (with my wife’s name) to my work address (with my name)? My only guess is that they used our banking information somehow. My wife used my debit card to pay for the shipment, so maybe they could use that information to figure out… somehow… where I worked.

The only explanation is that Big Brother truly is watching. Somewhere, somebody has my profile, which includes my home and work address, my banking information and my wife’s name. So, Big Brother is smart enough to figure out where I work, but not smart enough to find my friend in Prague, huh? I guess even Big Brother can’t read Czech street signs.

For years now, I’ve been wanting a dog. As a child we had many dogs and many happy memories. But the reality is that the dogs of my childhood were actually cared for by my parents. My parents bought the food, cleaned the carpet, picked out a local vet, etc. All I ever had to do was play and cuddle with the furry friend. So each time I brought up the possibility of a dog, my wife would remind me that we don’t have a yard, lots of free time or even a regular schedule. We also travel a lot and have no friends or relatives that live nearby enough to help out. So, we’re just not set up for a dog in our lives.

But my biological clock started ticking and I found myself fawning over dogs I passed on the street and even spending hours online, surfing the local pound, breeders and wikipedia sites. It was still just an idea, nothing concrete, but a little research couldn’t hurt. So I searched and clicked and read, on and on. And the more I searched the more I fell in love with the German Shepherd.

My family had a couple of German Shepherds before: Watson (?) and Pepper. The first one saved my life once and the second one was just an all-round great dog. We also had other dogs, including Golden Retrievers, a Great Pyrenees, a Bull-Mastiff, a brownish-dog, a grey-whitish dog and a mean dog, but the German Shepherd’s combination of high-intelligence, size and strength put it at the top of my list.

Something that shocked me a bit was that there are two ‘styles’ of German Shepherd. One style has a slanted back and is bred for dog-shows. This style is the “purest” and each dog has a family tree and a very long name. The other style has a straight (normal) back and is bred for work. This style is associated more with farms, guards, police, etc. and there are usually no family trees or long names anywhere to be found. There’s plenty of info on these different styles to be found online, including the controversy of health problems associated with the slanted-back style. Anyway, when it comes right down to it, I think the straight-backed style just looks better.

Well, as luck would have it, my surfing led me to a family that had just had a litter two months earlier. There were photos of the parents on the site and both of them had beautiful brown/black coloration and (more importantly) straight backs. I sent the link to my wife, you know, just to let her see. Then, without any pressure from me, she called the owners to see if any puppies were left. This was the first sign, after 10 years of living together, that she was seriously considering having a dog in our family. I remained calm. I figured, the less I said, the less chance she had to reconsider.

Of the original 5 puppies, 2 were left. Two girls. Which is what I wanted. Just one more thing falling into place. We made an appointment for the next day. Again, we were just going to have a look, you know, just a look. No pressure. Nothing serious. Well, neither of us could sleep that night. Thoughts of the practical impactions of what we were beginning: house-training, chewed furniture, doggy daycare, visits to the vet, cleaning up accidents, barking, doggy kennels, advanced planning (e.g. more than one day in advance). And all this… for the next 15 years.

It was a long drive to the farm, so we had even more time to panic. My heart was literally racing and I had to roll down the window a bit. We pulled up into the drive way and were immediately met by two big German Shepherds and a Jack Russel Terrier. The big dogs barked and watched us get out of the car from a safe distance, but the spell broke as soon as the owners waved and called out to us. As soon as they got this signal, the big dogs came in close to nuzzle and be petted.

The parents were both very relaxed. The father was a tall, lean dog who preferred to sit back and take a nap while we played with the puppies. The mother laid off to the side, but her eyes and ears never left the frolicking pups. The mother tolerated getting petted as long as we didn’t obstruct her view of her kids. The puppies didn’t mind us, but also weren’t very interested in us. They sniffed us a bit and then went back to chasing each other across the yard. This gave us the perfect opportunity to watch from afar and get a feeling for their character and energy-level. Yes, we’ve been watching and reading Cesar Millan (aka. the Dog Whisperer) and we know what to look for… we think.

Puppy One came out first, running and running without a care in the world. Puppy Two held back and sniffed the air before following her sister into the yard. As they fought, Puppy One dominated Puppy Two time and time again, before dashing off on another sprint across the yard. Puppy Two explored, then followed at a trot, then meandered off to visit Mommy. But then Puppy One would shoot back out of the yard and tackle her sister, just before Mommy stepped in and pinned each one to the ground with a firm mouth around their scruff. From this first bit, Puppy One seemed to be dominating and hyper. In contrast, Puppy Two was more relaxed and a bit more submissive.

The next test was picking up the puppies and holding them. Again, Puppy One had too much energy. She struggled, whined and pushed with her back feet until we set her back down. Puppy Two whined a bit, then relaxed, licked my wife’s chin and nuzzled into her shoulder. Again, Puppy Two demonstrated that she was a bit more relaxed and submissive. But also not too scared or timid.

Seeing the two of them together, I could see that my wife’s biological clock was ringing out loud. Always afraid of forcing her, I had let her lead the way with this puppy quest. She called, she arranged it all and now I stood back and let her make the choice. “I want this one,” she said setting Puppy Two back on the ground (where she was promptly attacked by her hyper sister). Done and done. I signed the papers, paid a deposit, agreed to pick up the doggie in one week and that was it. We rode away with our hearts pounding and our minds full of all the things we had to do to get ready for our first pet, our first family member: Leica.

The Cloud stands to help criminals in the same way it helps legitimate users. The Cloud is a powerful tool that offers a reliable, scalable and powerful computing platform. Unfortunately, this tool is available to anyone with a Credit Card, regardless of his or her intentions. We’ve seen a steady stream of news articles about misuse of the Cloud to send spam or launch cyber attacks. This includes the recent attack on the PlayStation Network (PSN), which was the second-biggest theft of personal information ever. Unless Cloud Service Providers, such as Amazon, take action, we will see many more of these attacks.

Recent years have seen a growing migration to the Cloud. More and more companies are choosing to outsource their ICT infrastructure to Cloud Service Providers, such as Amazon, Google and Microsoft. As Cloud adoption increases, so do security concerns. The main concern users have is the security of the data they store on the Cloud. Many questions arise when entrusting this (sensitive) data to a third party. Is it safe against theft? Is it safe against loss? Is it safe against corruption? In response, Cloud Service Providers and the Cloud research community have focused their attention and invested significant resources in protecting the data stored in the Cloud.

This data-centric security model aims to protect data stored on the Cloud from external threats. However, this model does nothing to protect external targets from a threat originating from within the Cloud. In order to launch an attack from within the Cloud, a malicious user need only enter a Credit Card number, as would any other ordinary user. There is no hacking involved. There is no security mechanism that must be thwarted. Identity theft is common and the malicious user may use a stolen Credit Card to purchase Cloud services. It would appear that the Cloud Service Providers have no incentive to deter these users, as long as they get paid.

There is a growing list of Cloud-based attacks. This includes sending spam and launching Distributed Denial of Service (DDoS) attacks. Additional attacks include hosting botnets, including the Zeus and Coreflood command and control servers. Furthermore, the Cloud also hosts legitimate services such as WPA Cracker or Performance Xpert. The WPA Cracker allows a user to hack into encrypted wireless networks. Performance Xpert allows a user to launch a DDoS attack against an arbitrary network. These tools are not intended to be a threat, if used by legitimate users to test the strength of their own network security. However, as with the Cloud itself, these tools can just as easily be rented by a malicious user to launch an attack.

If an attack were a clear violation of the terms of service, the Cloud provider can terminate the account. However, in most cases this decision was only reached after the Cloud provider was notified either by the victim of the attack or by other customers. For instance, in the case of sending spam from the Cloud, Amazon’s entire IP address range was blacklisted and thus even legitimate users could no longer send e-mail. Rather than reacting after the fact, Cloud Service Providers need mechanisms in place, both technical and organizational, to proactively detect and terminate malicious use of their Cloud. The technical difficulty of this challenge can be overcome. A more difficult problem is the one of incentives. In the current situation, there are no clear incentives for Cloud Service Providers to invest additional resources to actively prevent use of the Cloud as an attack platform. As long as this remains the case, such attacks will continue to occur and their frequency will likely increase.

Article in the New Scientist.