noteworthy wrote:
DNI certainly intends to include the greater Internet. They seem willing to start off with the government systems. But McConnell also said that "95% of the problem lies with the private sector." The implication with this entire initiative is that the private sector isn't competent to handle this on its own, but the government is.

Its really hard to square that perspective with Republican rhetoric about how the Government isn't competent to do anything. I'm being a bit histrionic, but clearly, "socialized" managed security services will seriously diminish or eliminate the existing competitive market for these services. If its not OK for healthcare how could it be a good idea for firewalls? The Internet doesn't even kill people!

Furthermore, if we have to have the discussion, there are obviously serious civil liberties concerns with having the federal government impose a monitoring system on all private networks that examines domestic traffic without a warrant. Clearly these people believe that the word "reasonable" in the 4th amendment means anything that they want it to mean, and while there is a perscription for what is required to obtain a warrant, warrants themselves need never actually be required. This view is extremely radical and is unlikely to withstand judicial review. You won't even be able to appoint conservative lawyers who will accept it.

Both of these problems are elminiated by simply making this a private sector endevour motivated with the right economic incentives.

federally operated, highly centralized operation was not scalable

I don't agree with this. There are a number of companies who provide managed security services for thousands of customers from centralized NOCS, customers who include Fortune 500 companies who have extremely complicated infrastructures. I think its practical, particularly if you have billions at your disposal.

and in any case would be duplicated by the customers who take their industrial security seriously.

Unless they feel like the government is doing an adequate job cleaning their pipes. If the state posted armed guards in front of your Bank would you hire your own guards too on the presumption that the ones the state hired are incompetant? I think its unlikely that their level of incompetance would allow enough fraud to justify hiring private equivelents.

Nevertheless (at risk of being considered provocative) I can see why a vendor would salivate at the prospect of such a windfall, especially if, as a market leader, they would expect to win the competition for such services. How much better to sell 30B in systems and services at one fell swoop, instead of going about all onesy-twosy for years on end!

And what of the vendors who loose? Is this to be a one size fits all solution, wherein the government selects a single... [ Read More (0.2k in body) ]

RE: WSJ | Bush Looks to Beef Up Protection Against Cyberattacks

This paper by Bellovin, Blaze, Diffie, Landau, Neumann, and Rexford will appear in a forthcoming issue of IEEE Security and Privacy.

A new US law allows warrantless wiretapping whenever one end of the communication is believed to be outside national borders. This creates serious security risks: danger of exploitation of the system by unauthorized users, danger of criminal misuse by trusted insiders, and danger of misuse by government agents.

Noteworthy first told you about this paper in October, when he recommended an early draft. It is a follow-up on Landau's op-ed in August of last year.

Risking Communications Security: Potential Hazards of the Protect America Act

In the years since it opened in 1993, KGB has become something of a New York literary institution. Writers hooked up in the publishing world read here with pleasure and without pay to an adoring public over drinks almost every Sunday evening (fiction), Monday evening (poetry), and most Tuesdays, Wednesdays and Thursdays. The crowd loves it. Admission is free, drinks are cheap and strong, and the level of excellence is such that KGB has been named best literary venue in New York City by New York Magazine, the Village Voice, and everyone else who bestows these awards of recognition.

I do, in fact, like the place. Its one of the few bars on that side of town that serves alcohol but is quiet enough to actually have a conversation. It sucks if you can't find a place to sit though.

KGB Bar

President Bush signed a directive this month that expands the intelligence community's role in monitoring Internet traffic to protect against a rising number of attacks on federal agencies' computer systems.

Bush Order Expands Network Monitoring - washingtonpost.com

Rattle wrote:

President Bush has promised a frugal budget proposal next month, but one big-ticket item is stirring controversy: an estimated $6 billion to build a secretive system protecting U.S. communication networks from attacks by terrorists, spies and hackers.

Could it be related to this?

RE: WSJ | Bush Looks to Beef Up Protection Against Cyberattacks

Behind the recent bad news lurks a much deeper concern: The world economy is now being driven by a vast, secretive web of investments that might be out of anyone's control.

The black box economy - The Boston Globe

Nose, face, spite.

Changes reportedly made last night in the stimulus package would reduce its effectiveness as stimulus. Although the package includes a reasonably designed tax rebate, the two most targeted and economically effective measures under consideration — a temporary extension of unemployment benefits and a temporary boost in food stamp benefits — were zeroed out, apparently at the insistence of House Republican leaders.

The two respected institutions that have rated stimulus options in recent days — the Congressional Budget Office and Moody’s Economy.com — both give their two highest ratings for effectiveness as stimulus to the two measures that were dropped.

Reported Stimulus Package Would Provide Little Immediate Boost Due to Removal of Most Effective Provisions

Ever read a book (required or otherwise) and upon finishing it thought to yourself, "Wow. That was terrible. I totally feel dumber after reading that."? I know I have. Well, like any good scientist, I decided to see how well my personal experience matches reality. How might one do this?

Well, here's one idea.

1. Get a friend of yours to download, using Facebook, the ten most popular books at every college (manually -- as not to violate Facebook's ToS). These ten books are indicative of the overall intellectual milieu of that college.
2. Download the average SAT/ACT score for students attending every college.
3. Presto! We have a correlation between books and dumbitude (smartitude too)!

Books <=> Colleges <=> Average SAT Scores

4. Plot the average SAT of each book, discarding books with too few samples to have a reliable average.
5. Post the results on your website, pondering what the Internet will think of it.

Yes, I'm aware correlation ≠ causation. The results are awesome regardless of direction of causality.
You can stop sending me email about this distinction. Thanks.

Virgil strikes again!

Booksthatmakeyoudumb

freakn wrote:

Though it is a bill that is presented every other year in the GA congress, the current form of the Sunday alcoholic sales bill is expected to gain the most ground ever, but still fail. This bill, along with some other previous renditions basically allows a county and/or city to let the citizens decide on afternoon Sunday sales with a vote. The most recent action is that the bill got recommitted in to the Senate 2 weeks ago, but this was after almost a full year of nothingness.

There are some big name supporters behind this bill, including a laundry list of senators and reps. Two of the biggest names are Kroger and Publix. All state breweries and wineries support the bill, of course. The convenient store chains support it, though some smaller package stores are iffy about having to produce a Sunday payroll.

There are plenty of groups highly against the freedom to allow citizens to put the issue to a vote. Already infuriated by the law changes in the last few years allowing home delivery and higher alcohol content in fermented beverages, various religious and socially conservative groups are being vocal.

The bill has a chance of reaching the governor's office. But it is expected that the governors morals and values will prevent him from allowing counties and cities to chose for themselves in a democratic fashion. In an election year dominated by national economic, war, and presidential issues, and with local water and housing issues, this bill and it's subsequent repression of democracy will be overlooked.

I don't see why they don't just challenge this law as religious establishment.

Sunday Alcoholic Beverages in Georgia

Greg Conti published a book last October!

Information overload. If you're responsible for maintaining your network's security, you're living with it every day. Logs, alerts, packet captures, and even binary files take time and effort to analyze using text-based tools - and once your analysis is complete, the picture isn't always clear, or timely. And time is of the essence.

Information visualization is a branch of computer science concerned with modeling complex data using interactive images. When applied to network data, these interactive graphics allow administrators to quickly analyze, understand, and respond to emerging threats and vulnerabilities.

Security Data Visualization is a well-researched and richly illustrated introduction to the field. Greg Conti, creator of the network and security visualization tool RUMINT, shows you how to graph and display network data using a variety of tools so that you can understand complex datasets at a glance. And once you've seen what a network attack looks like, you'll have a better understanding of its low-level behavior - like how vulnerabilities are exploited and how worms and viruses propagate.

You'll learn how to use visualization techniques to:

# Audit your network for vulnerabilities using free visualization tools, such as AfterGlow and RUMINT
# See the underlying structure of a text file and explore the faulty security behavior of a Microsoft Word document
# Gain insight into large amounts of low-level packet data
# Identify and dissect port scans, Nessus vulnerability assessments, and Metasploit attacks
# View the global spread of the Sony rootkit, analyze antivirus effectiveness, and monitor widespread network attacks
# View and analyze firewall and intrusion detection system (IDS) logs

Security visualization systems display data in ways that are illuminating to both professionals and amateurs. Once you've finished reading this book, you'll understand how visualization can make your response to security threats faster and more effective

You can download Chapter 5, "One Night on my ISP", from the publisher.

Security Data Visualization: Graphical Techniques for Network Analysis