Wednesday 29 March 2006

Cat and Mouse


Anonymous (a frequent commenter on my blog) asked a good question regarding my blog post on patching a critical secruity flaw in Microsoft IE. I thought I'd answer it in a new post...

This game of cat and mouse in security can't go on forever. (Or can it?) What do you see as the future of software security? Do you see a point where a single elegant solution will address most, if not all, exploits?

No, the game won't go on forever--at some point the Sun will explode.

To think that the current state of insecurity is anomolous, and that the prior period of relative quiet was more normal, is backward. During the initial 6 years of internet growth the criminals hadn't yet organized, studied, and employed state of the art technology for developing and sharing exploits. That honeymoon is over. Exposure to cyber fraud, looting and mayhem is the normal state of affairs for a world in which the internet plays such a pervasive role.

Things that could could happen before the sun explodes to curb innovative and dangerous computer attacks:

(i) single world government that effectively tracks and prosecutes computer crimes everywhere

(ii) technical stagnation, in which new technologies are NOT regularly deployed

(iii) destruction or obsolescence of the internet.

I'm not holding by breath.

Sure, we will eventually tame any given vector of attack (e.g. email virus, spam, port scan, SQL injection, etc.) at least down to a nuisance level through a combination of technology, legislation/prosecution, profiling (which barely exists today), education and behavioral change.

(For a nice analogy to this phenomenon, read Earth Abides, in which humanity mostly dies off, and the earth offers up a fresh playground in which species compete for dominance. One by one new species explode to the point of over-population, and just as quickly die off in the face of predators and competitors.)

But criminals, embued with human ingenuity, will always plot new vectors, as I demonstrated to my wife here. You can wish it will stop, but you might as well also wish for world peace, an afterlife, or 18 consecutive birdies.


Posted by at No comments:

Tuesday 28 March 2006

Bessemer Startups To The Rescue

Websense has now detected over 200 web sites exploiting the CreateTextRange vulnerability in IE 5.01 and 6.0 in order to deliver payloads of malware to desktops. One of the commonly pushed payloads logs keystrokes, which is the first step to identity theft.

Unfortunately, Microsoft is still weeks away from issuing a patch. According to Security Focus and the Washington Post, two Bessemer companies, eEye and Determina, have issued free software patches to close the vulnerability for IE users.

No worries for me--I use Flock.
Posted by at No comments:

Monday 27 March 2006

Wikia, Jimmy Wales' Startup


We're announcing today Bessemer's investment in Wikia, formerly known as Wikicities. Wikia, started by Wikipedia founder Jimmy Wales and Wikimedia Foundation director Angela Beesley, is an ad-supported, open source platform for community-based wikis, with (freely licensed) content that falls outside the scope of an encyclopedia. With over 1,000 Wikia already created in 35 languages, content and registered user growth are tracking right along the same growth curve as Wikia's cousin Wikipedia. Here is the full story.

In related news, we also led a $15 million investment round in Zopa, a P2P lending site with much better economics than the banks and credit cards for both lenders and borrowers. In just its first year, Zopa has registered 55,000 members in its network.
Posted by at No comments:

Sunday 26 March 2006

Bullshit

A recent profile in Slate on Penn Jilette (of "Penn & Teller") reminded me that I never followed up on the promise in my Vegas post to relay my encounter with the man.


Penn is a novelist, a TV/film/stage performer, and a magician—well, more of an anti-magician. Penn runs with the Bright crowd--Michael Shermer, James Randi, Julia Sweeney, Richard Dawkins, Daniel Dennett, E.O.Wilson, and Lisa Simpson (Homer’s daughter reads Jr. Skeptic).

I met Penn while he awaited his car at the Venetian Hotel. Like a starstruck teenager, my mind turned to mush when I accosted the man. I blathered something to the effect that I admire him greatly. I think I then specifically noted that I drink only tap water, and he smiled knowingly....

Among their many performances, he and Teller produce a series on Showtime titled Bullshit that debunks superstitions of all kinds, exposing how easy it is to scam people. They usually demonstrate their point by pretending to provide some service or therapy, filming the satisfied customers. Episode after episode I would snicker at the ignorant primates who bought, praised and validated reflexology, hypnosis-recovered memories, magnetic therapy, UFO insurance, homeopathy, Feng-Shui, penis enlargement, after-life mediums, and, of course, the Bible.

But my warm sense of intellectual superiority yielded to naked shame as I saw myself in the victims of the Bottled Water craze. I watched a cast member, posing as a "water steward" in a California restaurant, present the patrons leather-bound menus from which to select waters bottled in Alaska, the Sierras, the Swiss Alps, and Antarctica. As the patrons sampled the various vintages, they readily celebrated the properties of each water--the crisp Alaskan glacier, the sweet taste of France, and the smooth Sierra rainfall. The camera then filmed the kitchen, where the steward filled all the glasses from a garden hose.

I learned that bottled water is a good idea when travelling overseas, but it's a $22 billion scam in the US. It costs anywhere from 1,000 to 10,000 times the cost of tap water. Unlike tap water, there is virtually no enforcement of health and cleanliness standards, nor is there flouride to prevent tooth decay. The healthiest bottled waters are bottled from tap. And the bottles themsleves pose an environmental disaster. Here's a 30 second clip from the episode for you to consider (click on the Watch Video Preview box).

Anyway, back to Vegas.... If I were thinking straight, I'd have invited Penn to speak at Kepler's. I would have interviewed him for the blog. I would have thanked him for his NPR interview, where he defended atheist ethics with a clarity of thought that I envy. In light of last week's study highlighting Atheists as the most hated minority in America (here's a disgusting example), I implore anyone suspicious of my motives to read this brief excerpt from the transcript of that interview.

But instead I just watched him drive off, wondering if the same license plate is available in California. (It isn't.)

.




Posted by at No comments:

Thursday 23 March 2006

Sabbatical

I really didn’t expect anyone to notice my hiatus from the blogosphere (VCs' vacations generally do go un-noticed). But inquisitive emails trickled in, accelerating in frequency to a daily occurence over the past two weeks. Having dropped by the Dow Jones investor conference for an hour this afternoon, no fewer than 8 people asked me what the hell is up with my blog.

To those who inquired I’m happy to assure that all is well--Life, as always, has been glorious. I’d simply decided that after 6 months of regular blogging, I needed a month sabbatical. (Who Has Time For This?) Distracted by several new consumer investments to be announced in coming weeks, the month stretched into two. (Truthfully, I was also distracted by 43 games of Yahoo Chess. Here's a tip: a pretty female avatar is the fastest way to attract players to your table.)

It was actually hard not to blog. So many events in the past two months have cried out for superficial and self-righteous commentary…. the RSA trade show, the Mohammed Cartoons, the whiny AOL Email Backlash, bank-robbing internet worms, the terribly disappointing resignation of Harvard President Larry Summers, and various fun things I did (dining with Jimbo and Reid, skiiing in Utah, penning cows, crashing the TechCrunch BBQ). I just have to chime in…

Readers of this blog no doubt recall my critique of Time Magazine for pandering to Christianity at the expense of journalistic integrity, which began “For those of you who think we have a free press…” Well now Islamic forces pollute our news sources as well—not with economic threats to their levels of readership but with physical threats to editors who publish cartoons. I shivered reading the preacher quoted in the NY Times warning “We will not accept less than severing the heads of those responsible.”

Fortunate to be on Sabbatical, my principles didn’t compel me to publish images on my blog that might provoke physical retaliation (I hate violence—especially the kind directed at me). I am simply not as brave as the heroic, outspoken Arab-American psychologist from L.A. interviewed on Al Jazeera.

Not that I could have easily published the images. Anonymously but still seriously threatened with harm, the entrepreneurs behind image hosting providers have decided that the cartoons now violate their Content Moderation policies. At least we can all rationalize our cowardice with Phil Kennicott’s observation in the Washington Post that the cartoons weren’t particularly good.

A similarly disappointing defeat of intellectual courage was Larry Summers’ resignation in the face of faculty resistance to change. To appreciate Harvard University President Summers’ contribution to higher education, read this Harvard Crimson editorial written by my college roommate David Laibson (whose groundbreaking work on behavioral economics I profiled here).

Whew. It's nice to get things off my chest again.
Posted by at No comments:
Subscribe to: Posts (Atom)