adaptive process management (n.) an element of resource and business process management, adaptive search and event processing. Sometimes referred to as “Level 4” event processing or process refinement.

application concept (n.) a definition of a set of properties that represent the data fields of an application entity. An application concept can describe relationships among themselves. For example, an order concept might have a parent/child relationship with an item concept. A department concept might be related to a purchase requisition concept based on the shared property, department_id. Application concepts can include an application state model.

application state modeler (n.) a UML-compliant application that allows you to model the life cycle of a concept instance — that is, for each instance of a given concept, you can define which states it will pass through and how it will transition from state to state. States have entry actions, exit actions, and conditions, providing precision control over the behavior of an event processing agent. Transitions between states also may have rules. Multiple types of states and transitions maximize the versatility and power of the application state modeler.

derived event (n.) an event that is created as a result of processing one or more other events.

complex event (n.) an event that is a situation-entity abstraction of two or more simple, derived or other complex events.

complex event processing (n.) CEP is a technology for extracting information from message-based systems. CEP is primarily an event processing concept that deals with the task of processing multiple events from an event cloud with the goal of identifying the meaningful events within the event cloud. CEP employs techniques such as detection of complex patterns of many events, event correlation and abstraction, event hierarchies, and relationships between events such as causality, membership, and timing, and event-driven processes.

event (n.) a instance of an event definition. It is an immutable object that represents a business activity that happened at a single point in time. Just as one cannot change the fact that a given activity occurred, one cannot change an event — events are immutable.

event aggregation (n.) the aggregation of simple, derived or complex events into higher levels of event abstractions.

event definition (n.) a set of properties related to a given activity that represents an important or interesting change of state in a human, system or computational activity. An event definition includes event properties such as event priority, event time to live (TTL), and a description of the payload, which is comprehensive information related to the activity that occurred. Events expire when the TTL has elapsed, unless the event processing agent has instructions to consume them prior to that time.

event channel (n.) a communications channel in which events are transmitted from event source to event receivers, typically received as electronic messages. Each channel can have multiple destination and. events can be configured to transmit to a default destination. JMS is an example of an event channel.

event cloud (n.) a partially ordered set of events (poset), either bounded or unbounded, where the partial orderings are imposed by the causal, timing and other relationships between the events. Typically an event cloud is created by the events produced by one or more distributed systems. An event cloud may contain many event types, event streams and event channels. The difference between a cloud and a stream is that there is no event relationship that totally orders the events in a cloud.

event-driven (n.) the behavior of a human, system or computational entity whose execution or actuation is in response to events, typically received as electronic messages.

event-driven architecture (n.) an architectural style for distributed computing applications in which some of the components are event-driven and communicate by means of events.

event processing (n.) computing that performs operations on events, including modifying, creating and destroying events.

event-object (n.) an software object that represents an event, generally for the purpose of computer processing, that exhibits both encapsulation, inheritance and polymorphism.

event prediction (n.) computational activity where the impact of events, complex events, and situations caused by events identified, including both opportunity or threat. Sometimes referred to as “Level 2” event processing, impact assessment or predictive analytics.

event pre-processing (n.) computational activity where events are cleansed or normalized to produce semantically understandable data. Sometimes referred to as “Level 0” event processing.

event processing (n.) computational activities on events dealing with the association, correlation, and combination of event data and information from single and multiple event sources to achieve refined identity and situation estimates for observed event objects, and to achieve complete and timely assessments of opportunities, threats, and their significance. Event processing is characterized by continuous refinements of event estimates and assessments and by evaluation of the need for additional sources, or modification of the process itself, to achieve improved results.

event processing agent (n.) an EPA is a computational entity that performs event processing.

event processing network (n.) a set of event processing agents and a set of event channels connecting them.

event properties (n.) data representation of an event, typically by name-value pairs of type string, integer, real, boolean or a complex data type.

event refinement (n.) filter, identify and track events & make initial processing decisions based on association, correlation and state estimation. Sometimes referred to as “Level 1” event, or event-object, track and trace.

event stream (n.) a time-ordered sequence of events. An event stream may be bounded by a certain time interval or other contextual dimension (content, space, source, certainty), or be open ended and unbounded.

event stream processing (n.) a time-ordered sequence of events. An event stream may be bounded by a certain time interval or other contextual dimension (content, space, source, certainty), or be open ended and unbounded.

rule (n.) defines what triggers unusual, suspicious, problematic, or advantageous activity within an event processing agent and what the EPA does when it discovers these types of activities. Rules execute actions based on certain conditions on events, instances, or a combination of both. A rule includes a group of condition-rule statements and action-rule statements. The condition statements instruct the EPA what to look for in events, and action statements instruct the EPA how to respond when conditions are met. If all the conditions in a rule are satisfied by events or instances or both, the EPA fires the actions. The action might be to execute tasks, create an event instance, modify property values in an event instance, create and send an event, or something else.

rules engine (n.) a type of event processing agent that uses a declarative programming model to process events. Formally described as “an abstract structure that describes a formal language precisely, i.e., a set of rules that mathematically delineates a (usually infinite) set of finite-length strings over a (usually finite) alphabet“. Informally, it can be any system that uses rules, in any form, that can be applied to data to produce outcomes.

rule language (n.) is an artificial language that is used to control the behavior of an event processing agent. Rules languages, like human languages, have syntactic and semantic rules to define meaning.

situation refinement (n.) identify situations, or complex events, based on event clustering, event-event relationships and relationship analysis and context. Sometimes referred to as “Level 2” event processing.

simple event (n.) an event that is not an abstraction or composition of other events.

virtual event (n.) an event that is imagined, modeled or simulated.

The report says:

July 2008 saw the emergence of rehab spam. Subject lines have included

- Get help today with Drug Rehab Info
- Overcome Alcoholism today
Spammers are constantly trying new tactics to try and coerce recipients into opening a
spam message so that they can obtain personal information from end users. In this particu-
lar example, they are trying to target individuals who are not in good health, in the hopes
that they will act on this spam message and give away their personal details.

Read the full August State of Spam report here.

In addition to the above services, KBank offers a service that permits users to receive an SMS message that details any change in account balance and/or point-of-sale (POS) transaction with your debit card.   I really like this service and the feeling of security knowing when, where and by how much my balance changes or my debit card is used in a transaction.    The KBank POS SMS notification is so fast that when I present my card to a merchant I normally receive an SMS message detailing the transaction before the merchant returns for my signature.  (There is an unfortunate lag in the balance change notification that can run minutes to hours behind real-time, but the POS VISA debit card notification is real-time).

As the story goes,  I should have been using my KBank card and account a few weeks ago and not my US-based VISA debit dard.  Why?

My US-based VISA debit card was cloned sometime on or before August 8th.   I am really careful with this card, so I was surprised the magnetic strip was cloned at a POS merchant.   The fraudster made 7 fraudulent transactions beginning on August 8th for a total of around $2500 USD, mostly on August 11th, before I discovered the fraudulent transactions viewing my account on-line.

This would not have happened with KBank SMS-based transaction notification services.

The first transaction with my cloned VISA debit card was less than $50 USD (I assume the fraudster was “testing the water”).   If I was using my KBank card, I would have received an immediate SMS message detailing a POS transaction in Bangkok when I was physically far away from Bangkok in Chiang Mai.   I could have immediately called the bank (or logged in) and blocked the debit card, limiting potential losses to the bank or the merchant to one fraudulent transaction, not seven.

In addition, KBank offers what they call a Web-Shopping VISA card, where you can go into your on-line account (verified by SMS OTP as mentioned) and request a VISA debit card number (with expiration date, CCV etc).   You set the limit from 0 to 500,000 THB (Thai Baht) per day; and you can login to your account and change this anytime (authenticating your transaction with another SMS-based OTP). You can also block or cancel this number anytime and apply for another one.

I am amazed that in Thailand I receive much better anti-fraud prevention and detection services than with banks in the US.   I know of no bank or brokerage in the US that offers the same quality of service and security as KBank in Thailand.  

Exactly who was behind the cyberattack is not known. The Georgian government blamed Russia for the attacks, but the Russian government said it was not involved. In the end, Georgia, with a population of just 4.6 million and a relative latecomer to the Internet, saw little effect beyond inaccessibility to many of its government Web sites, which limited the government's ability to spread its message online and to connect with sympathizers around the world during the fighting with Russia.

[...]

In Georgia, media, communications and transportation companies were also attacked, according to security researchers. Shadowserver saw the attack against Georgia spread to computers throughout the government after Russian troops entered the Georgian province of South Ossetia. The National Bank of Georgia's Web site was defaced at one point. Images of 20th-century dictators as well as an image of Georgia's president, Mr. Saakashvili, were placed on the site. "Could this somehow be indirect Russian action? Yes, but considering Russia is past playing nice and uses real bombs, they could have attacked more strategic targets or eliminated the infrastructure kinetically," said Gadi Evron, an Israeli network security expert. "The nature of what's going on isn't clear," he said.

[...]

In addition to D.D.O.S. attacks that crippled Georgia's limited Internet infrastructure, researchers said there was evidence of redirection of Internet traffic through Russian telecommunications firms beginning last weekend. The attacks continued on Tuesday, controlled by software programs that were located in hosting centers controlled by a Russian telecommunications firms. A Russian-language Web site, stopgeorgia.ru, also continued to operate and offer software for download used for D.D.O.S. attacks.

Welcome to 21st century warfare.

"It costs about 4 cents per machine," Mr. Woodcock said. "You could fund an entire cyberwarfare campaign for the cost of replacing a tank tread, so you would be foolish not to."

Today I challenge our CEP/ESP/EP vendors (or SIs) to create the following solution to detect and block rogue bots on Apache web sites.   I will install and test each submitted solution on The UNIX Forums and post the results here.

Here are some basic requirements:

1. Your solution must run on Linux and be installable and configurable remotely with SSH or HTTP.  There will be no physical access to the server. No exceptions.
2. Preferrably, the configuration can be done with a Web-Based Interface (WBI) - a browser.
3. Your solution will listen to continuous updates to the Apache2 access log, exact location configurable in your solution, and identify robots ( bots), also known as spiders, from the log.
4. Your solution will provide a confidence metric, key indicator (KI), for each bot detected, from 0 to 10, where 10 indicates “absolutely a bot,” 0 is “absolutely not a bot.”
5. Your solution will update the IP address of each bot and KI you identify in a file/table called, for example, ./bot_scorecard.txt where each line is an IP address of a bot, followed by a semicolon (or other delimiter of your choice) and the confidence factor, for example,  10.0.0.1;10 means that 10.0.0.1 is a bot, 100% sure.
6. Your solution must compare bots detected to a file/table called, for example, ./bots_allowed.txt and ./bots_denied.txt that are in the format IP address/mask, for example 10.0.0.1/24, or 10.0.0.1/32.
7. If the KI “confidence factor” of the IP address of your detected bot is higher than the tunable “is a bot” KI, then your solution should update the tables/files and then call iptables and block the bot.
8. It should send an email to one or more email addresses with a message, for example:  “New Bot Detected - Confidence 8″ with IP address, etc. in the message.  Another example would be an email, “Bot Blocked” - with details, etc.
9. You cannot automatically block any traffic that is not a bot.  Blocking one “non-bot” results in failure, no exceptions.
10. The Prize:  The winner will get their logo (w/link) on this site in a block called “Bot Hunter Winner” (or something like that.)

These are some basic requirements; I don’t want to restrict your thinking or solution, so be creative!  Feel free to ask any questions in the comment section of this thread.

Remember, sometimes you may have to manage the state of IP addresses for days, or hours, before you can accurately deterimine if it is a bot based on behavior alone.   So, you will need to work with both long and short time windows.  Latency is not important. Detection accurate is importance.

Anyone care to submit a solution for testing?

Since the 1999 Columbine High School shootings and the 9/11 terrorist attacks, many parents feel better having a way to contact their children. But hundreds of students on cell phones during an emergency can cause problems for responders.

"There's a huge difference between feeling safer and being safer," says Kenneth Trump, president of National School Safety and Security Services.

According to Trump, students' cell phone use during emergencies can do three things: increase the spread of rumors about the situation, expedite parental traffic at a scene that needs to be controlled and accelerate the overload of cell-phone systems in the area.

Tom Hautton, an attorney for the National School Board Association, said that cell phones in schools also can lead to classroom distractions, text-message cheating and inappropriate photographs and videos being spread around campus.

We are just naturally inclined to make irrational security decisions when it comes to our children.

C:\temp\Err>err 0x80070003 # for hex 0x80070003 / decimal -2147024893 : COR_E_DIRECTORYNOTFOUND corerror.h # MessageText: # The specified path couldn't be found. # 1 matches found for "0x80070003"