The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.05 - September/October (2011 vol.9)
pp: 9-12
Published by the IEEE Computer Society
Gary McGraw , Cigital
ABSTRACT
Gary McGraw talks with Elinor Mills, a senior writer at CNET (www.news.com), where she covers Internet technology and security. She has written about technology for several outlets over the past 20 years, including Reuters, the Associated Press, the Industry Standard, and IDG. The 2010 Apollo Research Security Survey placed Mills at the top of its list of journalists who reach the largest audience when writing about security. Hear the full podcast at www.computer.org/silverbullet or www.cigital.com/silverbullet.
Elinor Mills is a senior writer at CNET ( www.news.com), where she covers Internet technology and security. She has written about technology for several outlets over the past 20 years, including Reuters, the Associated Press, the Industry Standard, and IDG. The 2010 Apollo Research Security Survey placed Mills at the top of its list of journalists who reach the largest audience when writing about security. Hear the full podcast at www.computer.org/silverbullet or www.cigital.com/silverbullet.

Gary McGraw: You have written about technology during a very interesting time for lots of news organizations. How do the organizations that you've worked for over the years differ from one another?
Elinor Mills: In the early '90s, the Internet wasn't mainstream—email wasn't mainstream. We'd actually have to call sources to get information and go to libraries to fact check.
McGraw: There was no Google.
Mills: Exactly, there was no Google, just the local library. IDG News Service, a wire service for all IDG trade publications, is where I first dove into technology reporting and got on email, dipping my toes in the Internet and the Web. In about four years, it became a tool I couldn't live without.
McGraw: How did it change the culture of the newsroom and interactions with editors?
Mills: One of my editors was initially a bit leery about trusting the Web, because in the early days, it really was the Wild West, and anyone could put up a webpage if they knew some HTML, you know, slap something up and call it The New York Times or IBM and put out false information. So it was a blend of old-school journalism: reporting, calling people, double-checking everything, and then also using the Internet. Now, we've come full circle to the point where too many journalists rely solely on what they see on the Internet without confirming anything directly.
McGraw: Do you find yourself more isolated these days—[reporting] used to be a team effort but now it's more of an individual one?
Mills: A lot of newspapers and news outlets are gone, and the jobs are scarcer, so more people are competing for them. The blog format has taken over, which means fewer long-form features, big investigative stories, and reports. [Reporting has] moved toward short, punchy, fun, humorous posts with photos.
McGraw: My 16-year-old loves Gizmodo. Is that reporting?
Mills: It is, definitely. It gets tips and follows up on stuff; it covers breaking news. It gets information out and at an incredibly fast pace. There's this pressure to be first, to break stories, and a lot of times there isn't a lot of second- or third-day analysis that might be needed to really give context and the full story. A lot of blog sites don't call both sides for comment, and a lot of blog posts—I'm not singling anyone out—just reiterate what everyone else has covered. I'm not saying [more serious news outlets] don't do some of that; everyone has to do it. But there are certain things you just want to have for the record or that you want to verify. If you don't get something up immediately, or you get it up and it's not right, then you're wrong. But, then again, everyone's wrong on occasion.
McGraw: With the advent of Facebook, LinkedIn, Twitter, and so on, we've seen the rise of what we call the lifestyle hacker—20-somethings versus the establishment [see "Lifestyle Hackers," CSO Online, 2 Nov. 2009; www.csoonline.com/article/506309/lifestyle-hackers]. You've covered security issues around these technologies, so what's your opinion about security and privacy and all of the social media pervading the planet?
Mills: Well, everyone's using Facebook and many, many people use Twitter. The lines between work and personal lives are blurred, so there are even more avenues that people inside of corporations and organizations can use to leak information or to open doorways for viruses or other types of targeted attacks. It's a changed world because of this. You also have people posting so much information about themselves on these sites, and, of course, it comes back to bite them. I think we're going to see more efforts designed to educate people about how much of their digital persona is public and help them clean it up.
McGraw: I think it should go even further than that. You should be able to just apply for any sort of background you want and have some company just make it up and cross-post it as it's been out there for 10 years.
Mills: Or create a bunch of Elinor Millses in different cities and occupations to confuse people.
McGraw: You were a foreign correspondent for Reuters and lived in Portugal. How does technology and its adoption differ in that culture from the US?
Mills: They are heavy, heavy phone users and all over text messaging. When I left the States in early 2004, it didn't seem like there was a lot of text messaging going on. I didn't know anyone who was doing it. But it seems to have replaced email in this country. Next, it'll be some Twitter or Facebook communication or who knows what.
McGraw: There are all sorts of amazing mashups for the iPad now, but even fewer editors involved.
Mills: I lament the demise of the editor and the second read before copy goes out to the public. But there's no time. You've got to get it out now.
McGraw: WikiLeaks was all over the news earlier this year, and I'm sure you were covering it in your own writing [ http://news.cnet.com/8301-27080_3-20012253-245.html]. Some people believe that Assange was unfairly targeted and that freedom of the press is on the wane in America. Do you think WikiLeaks is a media outlet as defined in legal terms? Ultimately, we have freedom of the press, but is WikiLeaks part of the press?
Mills: It's a good question. The press in the US is the Fourth Estate, holding the other players accountable, providing information, and informing the public so that we all know what our leaders are doing. In that sense, yes, it is.
McGraw: But would a court of law define WikiLeaks as a media outlet? I think the whole question of what our stance should be about this story hinges on this important question, and nobody's talking about it.
Mills: Well, especially since so many new, mixed op-ed opinion websites are blogs. Keith Olbermann got suspended for donating money to the Democrats, and he's considered a journalist, so did he cross a line? He's more of a presenter, not so much covering the news. The lines are so blurred, and it's kind of up for anyone's interpretation. As far as WikiLeaks, it would be interesting to see what the courts would say. I'm inclined to say that with the conservatism of a lot of our courts, most would probably side with the government.
McGraw: That's interesting because it means as the mass media as we used to know it in the '70s and '80s morphs into whatever it's become and is still becoming, freedom of the press will erode necessarily, so the definition's important, I think.
Mills: It is, and can the definition be changed? How malleable is it?
McGraw: Well, the law is very malleable, so the definition can be changed with legal precedence.

You cover the "security problem of the day" beat, which gets a bit relentless, I'm sure. Has it changed your own Internet behavior in any way or do you just sort of compartmentalize?


Mills: I try and keep my personal paranoia to a minimum, but when I hear about a good tool, such as the Firefox NoScript plug-in, I put it on my Windows machine at work. I have a Mac at home, and I have antivirus protection on it, so I try and use as much protection as I can. I don't let it keep me up, but a lot of these things aren't [intuitive]; I mean, I spend a lot more time deciding and clicking on whether to allow this page or certain items on it to load. Some of the stuff I use is not for the regular user. I wouldn't tell my mother or neighbor to use these tools necessarily.
McGraw: Well, when you turn NoScript on, a lot of stuff breaks. Try using the Safari browser on the iPad—it doesn't support Adobe, so half the stuff on the Internet just doesn't work. We do a lot of cursing of Steve Jobs around our kitchen table these days because of that.

You're among the very few reporters who covered Stuxnet properly [ http://news.cnet.com/8301-27080_3-20018530-245.html], in my view, focusing on payload versus delivery, for example. How do you avoid the fog, and the spinmeisters, when a major story like Stuxnet is breaking?


Mills: It's hard, because sometimes there isn't enough information initially to know how serious something is. With Stuxnet, it revealed itself to be pretty serious shortly after it first came out, and the Windows thing was sort of a distraction that you had to put to the side and just mention because that's the way it spread, but that's really not what's important. The minute we learned that Stuxnet was the first [worm] to target industrial control systems, boom, that right there is huge. It was an important story and will continue to be, especially given the fact that there could be the capability for copycats to target other plants and other types of operations.
McGraw: You'd already done an interview with Joe Weiss [ http://news.cnet.com/8301-27080_3-20004505-245.html], who many people thought was a little off his rocker, but it turns out he was just plain right and a little ahead of his time.
Mills: I wanted to use the word "Cassandra" for him.
McGraw: But unfortunately, nobody remembers that Cassandra turned out to be right.

So, the genie is out of the bottle for control systems, but you already knew that it was possible to get out of that bottle, and many people who think about security all day knew it, too. I guess it's just the wider realization that it's real that makes it so interesting?


Mills: A lot of stuff is happening that we don't know about. It's just not reported—it isn't public. When [the Stuxnet story] is the first that's publicly reported, that's the red flag right there, and it proved what Joe was saying. It's no longer a possibility, it's reality, and that's scary. The concerns we have in the IT world on the desktop and in servers now [seem trivial]; we're talking life and death here—we're not just talking about stealing credit card numbers and corporate espionage.
McGraw: It makes the guys with the tinfoil hats seem a little bit less crazy, even though tinfoil isn't going to do them any good.

On the lighter side, after a decade of Burning Man events, what is it about this annual but somehow ephemeral gathering that's so attractive to techies and artists and the digerati?


Mills: It's a blank slate; you're creating a city or your part of a city, whether it's an art car or a performance or some kind of crazy kinetic digital sculpture out there in a desert, off the grid. I think that techies are really attracted to the challenge of that and to the distorting of reality. You think you're just going to go desert camping, and you get out there, and it's amazing. It's a mini metropolis with a lot of bright lights at night and very complex structures and things that make you cold when it's hot outside or just entertain and delight you. I mean, it's the biggest art gallery in the world.
McGraw: Do you think there's a relationship between, say, cyberspace and avatars and creating your own reality in that way—that this is a physical-world analog of that?
Mills: Absolutely, plus it's an extension of San Francisco, too. It's very San Francisco—that sense of creating an alter ego. A lot of people just assume new names. They become a new persona on the playa, which is what we call the desert out there, and create their own reality. It's conceptual. What can you do to really shake things up?
McGraw: I've always wanted to go, but it's just so far away from us East Coast people. We're so staid over here.
Mills: Well, it's worth checking out. Maybe you can combine it with some security event.
McGraw: Seems unlikely, but let's get to a bigger question. Namely, what's your favorite novel of last year?
Mills: Eating Animals. Jonathan Safran Foer is by far my favorite writer right now. Everything Is Illuminated was his first novel, and Extremely Loud and Incredibly Close the second one. This new one is totally different. It's nonfiction. It's about our whole experience of eating animals, whether we should or the ethics around that and alternatives. It's amazing.
McGraw: You cheated a little, because I said favorite novel, and that's nonfiction. So you get a whole other answer, if you want.
Mills: I really love Jonathan Franzen's The Corrections, which a good friend loaned to me recently, and it was fantastic. I really got engrossed with that. I can't say that it was my favorite of the year, but it's high up there.
Show links, notes, and an online discussion can be found on the Silver Bullet webpage at www.computer.org/silverbullet or www.cigital.com/silverbullet.
Selected CS articles and columns are also available for free at http://ComputingNow.computer.org.
Gary McGraw is Cigital's chief technology officer. He's the author of Exploiting Online Games (Addison-Wesley, 2007), Software Security: Building Security In (Addison-Wesley, 2006), and seven other books. McGraw has a BA in philosophy from the University of Virginia and a dual PhD in computer science and cognitive science from Indiana University. Contact him at gem@cigital.com.
35 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool