So You Think You Can Dance Theater Tour Rotterdam

Het vierde seizoen van So You Think You Can Dance is kort geleden afgelopen. Gelukkig kunnen we nog nagenieten dankzij de Theater Tour. Ik was er bij op 31 januari in het Nieuwe Luxor Theater in Rotterdam. Dansers Nina, Anna, Meysam, Anthony, Celine, Yuvat, Sedrig, Stephanie, Gianni en Marissa gaven het beste van zichzelf. Het was een spetterend dansspektakel in diverse stijlen van modern, hiphop tot klassiek balet. De akoustiek van de Nieuwe Luxor was trouwens ook super, en bovendien was er ook een formidabele zangeres bij die de show begeleide!

Hier een aantal foto’s

En enkele filmpjes (sorry voor lage kwaliteit)!

Meysam en Anna dansen op Zij Gelooft in Mij van André Hazes:

De SYTYCD dansers geven alles op Birdy’s Skinny Love:

En tenslotte Anna en Meysam nogmaals, dit keer op Lana Del Rey’s video games:

Saint Carr

Yesterday Facebook filed the preliminary prospectus for its long-awaited initial public offering (IPO). The company is seeking to raise a whopping $5 billion. That is pretty massive and one of the greatest IPO filings ever. Facebook is so valuable because it has 850 million active users, of which half returns every day.

As part of this significant event, Mark Zuckerberg came up with an interesting letter to potential shareholders. According to Zuckerberg, Facebook “was built to accomplish a social mission” and said the company was inspired by technologies such as the printing press and television, which “make the world more open and connected”. He also stressed that “we don’t build services to make money; we make money to build better services.”

Mashable says that  “this makes Facebook sound like it’s set out to deliver presents and free education to underprivileged children” and that it “isn’t the whole picture — Facebook brought in $1 billion in profits last year”. Truth be told, there is some hypocrisy there. It’s rightly put into perspective and therefore a very valid critic. Still, it might be reassuring investors to see Facebook is pursuing a mission. How can a company be profitable otherwise?

So Zuckerberg’s letter seems to suggest that Facebook wasn’t originally built to be a company, but to pursue a social mission.

Now the thing is, Nicholas Carr has a post on that letter – I am an avid reader of his blog. I have always looked up to Carr in fact, because he wrote the famous Harvard Business Review article “IT doesn’t matter” in which he states that the strategic importance of information technology in business has diminished and that it has become a commodity. That generated a lot of buzz in the tech world. In later years and more recently, Carr has been a notorious critic of technological utopianism and in particular the populist claims made for online social production.

So I have been following Carr closely as a pundit, but when I read his latest Saint Zuck I was completely stunned. Apparently he was able to get his hands on some IM transcripts in which the 19-year-old Zuckerberg decided to build Facebook. He reveals that Facebook was not Zuckerberg’s main priority at the time: an IM conversation between Mark Zuckerberg and a confidant —about who will foot legal bills in the event that Facebook were ever to be sued – points that out. And from the conversation Zuckerberg had with his high school friend named Adam D’Angelo, he suggests that Zuckerberg is an utter greedy dick: how he naturally obsesses about ways to “fuck over” his competitors, how he fantasizes to pour investors’ money into “advertising and stuff,” and “win.”

Carr just completely discredits Mark Zuckerberg here. I mean seriously, has Zuckerberg done anything evil, gruesome or unethical? Did he harm you, Carr, to actually make a social networking site succeed? It was most likely a team of public relations professionals anyway who wrote the letter. Zuckerberg doesn’t want to pretend that he’s an altruist, for the record. And I really don’t care that these instant messages were preserved because of a lawsuit or two from the Winklevii.

This is just playing dirty, low-sense and scanty BS in my opinion. Who cares really?

I think our old-media-dog just lost some credibility, bashing the person of Mark Zuckerberg like that.

Very exclusive news Carr. You really got your momentum.

The threath of Information Thieves

You know what’s cheap in the 21st century? Compute time. You know what’s expensive? Human judgment. And they’re not interchangeable. Humans are good at understanding things, computers are good at counting things, but humans suck at counting and computers suck at understanding.  – Cory Doctorow, Pester Power

This blog is becoming increasingly an asylum for victims of acts of social engineering. The rant on the Huurwoningen scam has already  over 100 comments and the Facebook trickery post also generates some fair amount of traffic. The thing that bothers me the most, is that in the huurwoningen case, Song Chine and others keeps on doing what they are good at: manipulating and deceiving people in order to scam them. They send the same nice, plausible and “innocent” e-mails to innocent people in an attempt to persuade them to comply with their request. But of course, the statements they make are completely false. And the sad thing is that it seems like there doesn’t seem to be law enforcement on these malevolent acts. There is no evidence that the charlatans are punished and they don’t seem to face the felony charges they deserve. What is also striking me is that there is no online haven or portal where victims can report such incidents of online deception, trickery and bogus calls. Another big issue with the phenomenon of social engineering, is that there is very little known about the exact length and breadth of its problem space. In a world built on digital information and global connectivity, that is dangerous. There’s also no mechanism that triggers the Federal Trade Commission (FTC) to step in. I think there’s still a long way to go. The law is currently not transparent and it is not clear what is covered and what not. Which institution should take ownership of what? The cybercops? Do service providers need to be made accountable for informing the cybercops of social engineering felonies? I don’t have an answer for that matter, but what I do know is that there’s an evolution where social engineering techniques are increasingly being applied for the purpose of unauthorized system access, information gathering and fraud. In the first place, I believe people should be educated about social engineering techniques and its consequences.  So in an effort towards creating more awareness, I am writing this piece.

Let me just step back, and start with the security of Information Systems. My alma mater colleague Peter De Bruyn wrote an excellent article on Social Engineering in Informatie and to a certain extent I will base myself upon his writings. He says that when we talk about the security of Informations Systems, usually only the technical side is looked at. Firewalls, encryption and RAID are good examples of that. However, these techniques are not always effective to protect Information Systems under all circumstances. There are also human-related risks to Information Systems. That’s where social engineering comes in. Indeed, attacks that exploit a person’s gullibility can also create a tremendous amount of damage. And such social engineering attacks are very hard to detect. Because things aren’t always what they seem. A social engineer will aim to catch us unaware. He will leverage his psychological power to move the victim into an unauthorized act.

It turns out there’s not a single and unanimous definition of Social engineering. The Wikipedia definition seems to be a good one though. It says that Social Engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information. The thing is that almost everyone is vulnerable to Social Engineering attacks and maybe might even commit such acts. I am going to make a bold statement here: humans are  stupid. Social Engineers abuse the very fundamental human psychological properties and their decision making attributes (cognitive biases): their willingness to help others, their greed, their naivety, their willingness to perform, their fears,  their usage of  “mental shortcuts” and their initial goodwill and trustworthiness towards others.  Secondly, people might commit such crimes because humans lie to each other. Under certain circumstances, people might do anything (e.g., cyber-stalking, intimidate others) to obtain certain information that is important to them. On a side-note, I remember a mathematics teacher in high school once told me that any human being is capable of killing someone – just think of what happened during the Holocaust.  There’s a vast number of social engineering methods, and for your information, these are the most popular ones: pretexting, diversion theft, phishing, tailgating, baiting and quid pro quo. It’s not my intention to explain them in detail here though.

So how does a typical social engineering attack looks like? Traditional computer attacks focus on the technical weaknesses in hardware and software.  Social Engineering attacks however focus on human weaknesses. Some attacks though can have a mixed character and will be used to exploit technical weaknesses, as Peter points out. Good examples are trojan horses and (spear) phishing will offer you a “useful” application or all kinds of “vital” information is requested to better “protect” a target.  Ultrasurf is for instance used to circumvent Internet censorship, but it’s still a black box. You cannot know what the code does, unless you reverse engineer it. Luckily,  antivirus programs report it contains spyware and several trojan horses (which may actually enable government surveillance). Peter identifies four typical phases in a social engineering attack. It is a reoccurring pattern. In the first phase, the social engineer will try to collect personal information about the victim. Like names, e-mail addresses, telephone numbers and so on. Subsequently, the social engineer will try to build a trust relationship with the victim. He will use the information he gathered earlier on to take away any suspicion by indicating his familiarity (e.g., name-drop) to the potential victim’s environment.  The third face consists of gathering more specific information, like IT infrastructure and architectures, server and application names, usernames and passwords. In order to get this detailed valuable information,  psychological and emotional pressure means will be used. And finally, the attacker will exploit this information to get unauthorized access to the systems as to change, delete or copy data and basically use it to his/her own benefit.

The question that then arises is how can we combat the social engineering phenomenon? First and foremost, there will always be a risk of a successful attack based on social engineering. Humans expose inherent weaknesses. Computers do too, because they cannot interpret data carefully enough (but that’s another interesting and philosophical discussion). I think that recognizing the above described pattern could provide the impetus to protect oneself to the attacks, however, organizations and the public services should also take measures to combat this evilness.  Peter distinguishes three types of measures that can be taken. The first measure is to formulate clear and concrete policies about physical access to systems and list the type of activities and actions that employees are (dis) allowed to do when providing certain information. One can classify this information by separating sensitive information, private information, internal information and public information. Every policy should also contain clear instructions about identity verification (e.g., how to make correctly use of passwords). It is also imperative that personnel is encouraged to report suspicious acts to a central repository so that it can be centrally monitored. This will help security officers to step in and arrange for a forensic examination. A second measure is raising the security awareness by training and education. In our jobs, people need to be aware in their day-to-day work about what to do to assure the security of the information they handle. Employees should know why they need to respect the policies and what happens if they don’t. In corporate speak: policies should be executed like if they were a basic hygiene factor. Social engineering penetration tests can also contribute to raise security awareness by showing the vulnerabilities in the policies. Finally, some authors suggest taking technical measures too, to protect oneself from social engineering attacks. Think changing passwords frequently, strong authentication, time-based tokens or biometric identity checks.  By the way, a big research topic nowadays deals with how to model and analyze the socio-technical aspects of modern security systems and on how to protect such systems from socio-technical threats and attacks. This requires different communities of researchers (experts in computer security and in cognitive, social, and behavioral sciences) to sit together, in order to identify weaknesses potentially emerging from poor usability designs and policies, from social engineering, and from deficiencies hidden in flawed interfaces and implementations.

When the exact size of the social engineering problem is unknown, it is also hard to mine the phenomenon. So I am eagerly awaiting  an online mass initiative to sprout, which will allow us to combat this never-ending conflict. There’s definitely room for improvement in the collaboration between citizen and government, employee and organization and the enforcement of law and order.  What we do know is that everyone can become a victim of social engineering, and that such techniques are being applied by both in- and outsiders. And I am going to end again with a bold and sardonic statement: no matter how much we care, no matter how well aware we are: we will not and cannot desist and cease social engineering crimes. Social engineers are shrewd, and maybe sometimes we can outsmart them. But that’s also where it ends. Securing ourselves against such attacks is a very complex and never ending process.

Update 1: Here some pointers. In Belgium, users can report Internet crimes on eCops.be. You needn’t worry about who is qualified for what, eCops makes sure that your report is being investigated by the appropriate service. In The Netherlands, recently the NCSC started operating. NCSC cooperates in enhancing the defensibility of the Dutch society in the digital domain. Their goal is to realize a safe, open and stable information society by sharing knowledge, offering insight and also offering a proper action perspective.

The movies of 2011

I have watched many movies in 2011. But because I have such a bad memory, I decided to keep track of them – it should be fairly complete. Some I saw in the theater, some at home. Here an overview and some words on each of them.

  1. The American. With George Clooney: thoughtful story, but little plot. Loved the cinematography. You immediately get thrown into the story (an assassination). No bullshit. We no speak Americano.
  2. Dear John – from the director of  The Notebook. Special forces soldier falls in love with a beautiful young lady, but decides to go on a military mission. A year later, the sickness of his father forces him to come back home. Kind of liked the drama twist. Made my girlfriend’s face ugly 🙂
  3. The Sorcerer’s Apprentice – exaggerated. Disney production. Predictable.
  4. The Freebie – one long dreaded dialogue. Loved the concept, but couldn’t hold the attention for longer than 30 minutes.
  5. Pineapple Express – Poor stoner footage.
  6. The Hours – drama, lovely music and Julianne Moore!
  7. A Single Man – crazy mad gay professor and Julianne Moore.
  8. From Paris with loveJohn Travolta.
  9. Percy Jackson & the Olympians The Lightning Thief – Humor. “Uglyano”. Greek Gods. Surrealistic potterian-like movie.
  10. Up – Fantastic. Adventure. Imagination. Kind of movie that could make a kid cry.
  11. How to train your dragon
  12. Kind of a funny story
  13. The Hurt Locker – won an oscar!
  14. Date Night – a bit absurd, but with Mila Kunis!
  15. Alvin and the chipmunks – Justin Long‘s voice is Alvin
  16. Black Swan – One of the best movies of the year. Nathalie Portman does some excellent acting! And Mila Kunis of course too.
  17. The Day the earth stood still – Plainly boring.
  18. He’s just not that into you – amazing cast: Justin Long, Drew Barry Moore, Ben Afleck, Scarlett Johansson.
  19. The King’s Speech – Same guy from A Single Man (Colin Firth), but he stammers now.
  20. Precious – scrupulously cruel
  21. The Kids are all right
  22. Norwegian Wood – Alternative, rather obsurce flick, directed by a Vietnamese. Highly recommended.
  23. Magnolia – That movie with Tom Cruise where out of the blue frogs fall from the sky.
  24. Surrogates – Sci-Fi with Bruces Willis.
  25. Nowhere boy – documentary about John Lennon‘s life.
  26. Love Actually
  27. Valentine’s Day
  28. The Mechanic – Action. Hit man.
  29. TRON – Legacy: very disappointing. I was kind of sleepy while watching. Could have been called “revolutionary” in the 80s though.
  30. Castle in the sky – Anime. Crazy air pirates!
  31. I am number four – Absurd. Aliens and beaches?
  32. Quills – Marquis De Sade! Great.
  33. Season of the Witch – Nicolas Cage again. Guy wants to cash. Cheap.
  34. Just Go With It
  35. Unknown
  36. Inside Job – Recommended documentary about the economic meltdown. Strauss Khan is featured in this movie, before the incident.
  37. Love and other Drugs – Anna Hathaway!
  38. The Adjustment Bureau – Based on a Philip K. Dick. book.  Not too bad.  A bit silly.
  39. Friends with Benefits – Milan Kunis is featured here too. She looks so innocent and this movie really shows that she is an insanely good actress. Justin Timberlake as good as ever.
  40. Keith – Great acting. Unusual and special movie. A bit depressing about a kid who is about to die. Very emotional picture. Great story line.
  41. The Debt – Thriller. Mossad Soldiers. Great storyline. Unpredictable. Vogel. Nazis. Revolves around the idea of living with a lie for 30 years and justice.

So which movies did you see?