• XML/RSS Feed

  Big fat juicy icon

• Recent Posts

  • iPhone Tech Talk - Los Angeles
  • Lying is ok. Guy says so. I guess. That’s all I need to know.
  • Two types of pain. Pick one.
  • I’m proud to be a geek
  • The market needs a self-correcting mechanism
  • Economic doom and gloom - but the greatest will arise from these ashes
  • Reading Cisco manuals leads to luck
  • Hello World Cocoa Touch, and …
  • ToorCon 2008
  • Sprinkling some Web 2.0 pixie dust on boring stuff

• Tags

  amazon attention economy bill gates bop cipher cloud computing code endowment effect for-profit google app engine ice hockey information economics iphone javascript jeff bezos malcode mashup max levchin memory microsoft non-profit obfuscation paas paolo coelho paulo coelho peter drucker pricing psychology python saas san diego SDSIC security silicon valley slide stanford startup school strategy sus trends warrior of the light web 2.0 y combinator

• Recent Comments

  • cabin ma on I’m proud to be a geek
  • cabin ma on Two types of pain. Pick one.
  • ferio on Vint Cerf + Architect of the Matrix: Separated at birth?
  • Steve Ballmer on Vint Cerf + Architect of the Matrix: Separated at birth?
  • janediva on Web 2.0 weekend roundup: Mashup (projected) money, Slide, plus mobile
• Don't feel bad! Victims from all over the world have been conned into visiting this blog:
  
  
  Got a microphone? Leave me a message
  
  
  
  And here's some obligatory Google Ads (nevermind the fact that I have yet to receive a single penny)
  
  

• Blogs

  • All About Product Management
  • Ask A Good Product Manager
  • Career Intensity
  • Founders At Work
  • Hacker News (Y Combinator)
  • I Will Teach You To Be Rich
  • Nesheim Online
  • Passion, People and Principles
  • Paul Graham
  • Paulo Coelho
  • The Global Perspective
  • The Long Tailpipe
  • Tim Trueman

This is a cross-post from my company’s blog that I posted today.

The injection of malicious <script src="malicious.js”> JavaScript tags on a massive scale into everyday popular and reputable Web sites, commonly visited by the casual surfer at home (and at work), has been the trend. Today, as my team and I here at Security Labs made our routine rounds around the block to spy on what the bad guys are up to next, we discovered a somewhat weak but interesting piece of malicious code, whose techniques date back to the early days of encryption - the substitution cipher.

Wikipedia has a good introduction on this topic:

In cryptography, a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the “units” may be single letters (the most common), pairs of letters, triplets of letters, mixtures of the above, and so forth. The receiver deciphers the text by performing an inverse substitution.

Doing a character for character substitution, using a keyword of “MALCODE“, we get:

Plaintext:  ABCDEFGHIJKLMNOPQRSTUVWXYZ
Ciphertext: MALCODEHIJKFBNGPQRSTUVWXYZ

Using that mapping, we can encrypt a message from a hypothetical botnet master to his/her herd of bots from this:

LAUNCH THE DDOS ATTACK NOW

to this:

FMUNLH THO CCGS MTTMLK NGW

It’s a very trivial algorithm, and extremely weak in terms of the protection it provides (by today’s standards), but it is definitely good enough to conceal the true message from casual prying eyes. This was certainly as good as bulletproof during the days of Julius Caesar (wow, we’ve come a long way!).
Read more

• Change The World Or Die Trying

  Time is the essence of life. It is something we all share. Each of us has a limited amount. How we use our time is the guiding force of our lives. How we spend our time tells other people who we are. We define ourselves by our use of time. We are what we do!

• Quote Of The Moment

  You can give up, sure, but the truth is that when you give up, you have to live with that fact for the rest of your life. For me, living with having given up in tough times is a much worse fate than certain failure. If you fail, then by definition you have tried. But if you give up, you didn't.
  — Jason Calacanis (article from Silicon Alley Insider)
  
  

  Twitter Updates

• Stuff I have been reading

  • iPhone 2.2 firmware update available now, Google Street View and plenty more - Engadget
  • Mossberg Says Innovation is the Key to Success During the Econaclypse - ReadWriteWeb
  • Small Businesses Plan to Use Flexible Working to Combat Economic Slowdown
  • Developer strikes it rich with iPhone game - CNN.com
  • Ocarina Surges To Top Paid iPhone App Position
  • Funding software from add-on services | Software as Services | ZDNet.com
  • Why Amazon's CDN Offering Is No Threat To Akamai, Limelight or CDN Pricing | The Business Of Online Video
  • Safe from the Losing Fight » How to Price Your iPhone App out of Existence
  • Ideas and Trends - How Industries Survive Change. If They Do. - NYTimes.com
  • A design and usability blog: Signal vs. Noise (by 37signals)

• Wokai: Non-profit China Microfinance

  • Stories from Inner Mongolia: An introduction to rural life
  • Every day is an adventure at Wokai's office in Beijing...
  • Stories from Inner Mongolia: Ba Lin Stones, exactly what are our borrowers investing in?
  • Stories from Inner Mongolia: Meet the Loan Officers
  • Stories from Inner Mongolia: My first Urben centre meeting
  • Stories from Inner Mongolia: Where exactly am I?
  • First Wokai Fellow: George's First Day in Chifeng
  • Leslie Visits New York Chapter and DonorsChoose.org
  • Courtney talks entrepreneurship at Stanford
  • Courtney visits Seattle Chapter

•  

  November 2008

  S	M	T	W	T	F	S
  « Oct
  						1
  2	3	4	5	6	7	8
  9	10	11	12	13	14	15
  16	17	18	19	20	21	22
  23	24	25	26	27	28	29
  30

• 
  

• Archives

  • November 2008 (1)
  • October 2008 (8)
  • September 2008 (6)
  • August 2008 (7)
  • July 2008 (6)
  • June 2008 (9)
  • May 2008 (7)
  • April 2008 (4)
  • March 2008 (8)
  • February 2008 (21)
  • January 2008 (11)
  • December 2007 (15)
  • November 2007 (13)
  • October 2007 (2)
  • September 2007 (13)
  • August 2007 (17)
  • July 2007 (14)
  • June 2007 (17)
  • May 2007 (10)
  • April 2007 (6)
  • March 2007 (5)
  • February 2007 (5)
  • January 2007 (1)
  • December 2006 (6)
  • November 2006 (7)
  • October 2006 (9)
  • September 2006 (7)
  • August 2006 (9)
  • July 2006 (9)
  • June 2006 (9)
  • May 2006 (12)
  • April 2006 (4)
  • March 2006 (2)