Citations from the TN in-basket on the hyperconnected experiment called South Korea.
From the O'Reilly Radar we have "Why the Future is South Korea" (June 2006) - where S. Korea is identified as "the world's best laboratory for broadband services." Beyond the usual positives, hints of the cost of being so out in front is given by John Levine who wrote:
South Korea has made itself into a thoroughly unpleasant net neighbor. When they wired up the country, they gave no apparent thought to security. You could tell each time a new school came online because it had a server with the same unpatched version of Windows which was taken over by worms in about 15 minutes and started spewing spam and worse.
Also, "The Future is SouthKorea" (CNNMoney.com, Business 2.0, June 14, 2006).
What's your intention of this post? Are you sure on the credibility of your citation?
As a Korean, I could say that situation in your citation was fairly past thing. A few waves of Internet disorder has made Korean people be alert on the daily security issues. Problems make people smarter. Isn't it? It's a way of living on earth.
Posted by: Huhh, Jun Sok | Jun 18, 2006 at 08:15
The O'Reilly article does also offer the contrary note:
(On a contrary note, though, Slashdot just pointed to a Register article noting that 64% of spam comes from Taiwan. The US is #2 with 24%, and China is #3 with 3%. Korea wasn't even on the list. So this looks like a good time to remember the biblical admonition against looking for the mote in your neighbor's eye....)
Posted by: nate combs | Jun 18, 2006 at 09:48
one thing that is funny about South Korea's web services is that the country does require you to use a national idea number to post to blogs and web forms. It's a security measure they put in after the dog-shit girl fiasco if I remember correctly. While well intentioned (and has probably massively reduced their spam some blogs in japan for instance ban english language comments and trackbacks to cut down on spam) it has made it harder to comment on posts. In order to get an ID to post on a Korean site you have to e-mail the web administrator and request one. This can be problematic, awhile back a friend of mine found a women in Korea was translating her blog posts into Korean, she just wanted a trackback, but we weren't able to post to her blog, e-mail her, etc. with out a number.
-
A
Posted by: andrew jones | Jun 18, 2006 at 09:56
Prodded by this, I scanned of a handful of spam research reports. Below. My suspicion is that think these numbers need to be taken with lots of salt (given questions about definitions/methodology and variability in outcomes), but I think they give some idea what is going on. If there are any experts out there who can clarify the situation, love to hear from you (either publically on the board, or drop me a line). Format (date of report, research source, findings, publication source), from most recent to least:
June 2006; CipherTrust; Taiwan 64%, US 23%, China 3%; ZDNet
April 2006; Sophos; US 23%, China 22%, S. Korea 10%, France 4%...; TheRegister
November 2005; Sophos; US 26%, S. Korea 20%, China 16%; CSoonLine
Feb 2004; Sophos; US 57%, Canada 7%, China 6%, S. Korea 6%; InformationWeek
Posted by: nate combs | Jun 18, 2006 at 14:52
The U.S. has hardly been a shining model of security conciousness. Not to mention that if they have did have more security issues initally they have probably developed a much wider base of experienced security professionals at this point.
From what I've heard the national id requirement has had some serious negative impact when it comes to identity theft.
It is also a huge frustration for some Korean born American's (like my wife) who speak and read primarily Korean, and find it difficult to gain access to Korean sites..
Posted by: Thabor | Jun 20, 2006 at 10:09
The U.S. has hardly been a shining model of security conciousness. Not to mention that if they have did have more security issues initally they have probably developed a much wider base of experienced security professionals at this point.
I don't see the point of this thread as to whether S. Korea (US or whoever) is culpable in worldwide spam. I do think it speaks volumes of how a modern and by all other measures, a well thought out system design can underestimate the option of building in security from the 'git go'. Everyone has missed this boat, but isn't that the point?
Everyone thinks of the MMORPG they would like to play, but fewer anticipate how it will be broken.
Posted by: nate combs | Jun 20, 2006 at 20:13
"I do think it speaks volumes of how a modern and by all other measures, a well thought out system design can underestimate the option of building in security from the 'git go'."
This and the original comment about security make zero sense to me. How is it the responsibility of the companies wiring the country for broadband to also administer the computers of individual users? If I want to set up a Linux server in the US no ISP is even going to know that I'm doing it until my system is compromised and starts spewing out spam and DOS attacks. And the guys who are planning out the details of a country's network infrastructure are many, many levels above an ISP.
Posted by: lewy | Jun 21, 2006 at 07:55
How is it the responsibility of the companies wiring the country for broadband to also administer the computers of individual users?
The Internet Is Broken
the Internet has no inherent security architecture
http://www.technologyreview.com/read_article.aspx?ch=infotech&sc=&id=16051&pg=2
The Internet Is Broken -- Part 2
We can't keep patching the Internet’s security holes. Now computer scientists are proposing an entirely new architecture.
http://www.technologyreview.com/read_article.aspx?ch=infotech&sc=&id=16055&pg=1
Posted by: nn | Jun 21, 2006 at 09:50
Security is a big problem on the internet. That said, it's not reasonable to expect that the guys who wired S. Korea for broadband would also rearchitect said internet, or even implement new architectures and protocols locally. I feel pretty comfortable stating that that would have made an already gigantic task simply impossible.
The issue with S. Korean computers being compromised isn't the nature of their network--it's simply that pc's which are connected to the net 24/7 via a broadband connection are much more vulnerable to attack than computers which connect via dial-up and there are many more broadband connections in S. Korea. What's more the most vulnerable machines are typically not owned by institutions, who often employ a professional to run their hosts, but instead belong to individuals who are connecting from home and who may not be tech savvy. I've never had to deal with a S. Korean ISP but I can tell you that there are millions of compromised personal computers in this country and that most ISP's, especially the larger ones, simply ignore compromised machines on their network because the problem is so massive.
Posted by: lewy | Jun 22, 2006 at 01:21
Internet security is fairly strict at our office in Seoul. Our IT dept sends out corporate wide emails on the day critical updates are released for any Windows systems. Our corporate firewall blocks most ports, but at the same time they allow access to the "Starcraft" port 6112, and even allow us to send attachments through MSN messenger. Relative to U.S. game companies I've worked with, the level of internet security is not at parity.
One problem however is that a majority of websites in Korea require activescript. I have to leave a shortcut to IE whenever I want to start up our game or access any other Korean Online games. This is true even for financial sites such as online banking and online trading. One thing to note is that online banking in Korea seems much safer than online banking in the US due to the excessive amount of different passcodes and security features you have to go through just to check your balance.
As for having to change your email address every 6 months, I've been here for 7 months and have received less than 10 pieces of spam mail.
Posted by: Terence Park | Jun 22, 2006 at 06:30