| |
| "I don't think the report is true, but these crises work for those who want to make fights between people." Kulam Dastagir, 28, a bird seller in Afghanistan
|
|
How To Save The Internet - SECURITY - CIO Magazine Mar 15, 2005 |
|
|
|---|
| Topic: Computer Security |
11:02 am EST, Mar 17, 2005 |
] "Let's make all end user devices nonprogrammable," he
] says. "No one can connect to the Internet on a machine
] that creates code. If you want a computer to do
] programming, you would have to be licensed. We could
] license software companies to purchase programmable
] machines, which would be completely traceable along with
] the code created on them."
]
] That would blunt the information security
] problems - suddenly all that intelligence at the edge
] of the network that Amoroso wants to pull back in isn't
] just gone; it's physically stripped. On the other side,
] new levels of accountability and liability are created
] through licensing developers and eliminating anonymity
] from coding. A collection of ideas for working on the computer security problem. Some are good, some are naive, some are absolutely orwellian, none of them are new. The fact that they are being considered at this level is worth noting. Its all about power. The way the Internet works today, with the end user controllable devices, and the security problems, is the result of a power stuggle with the phone company about who gets to control innovation. Most of the solutions proposed here involve changing that balance of power. In favor of whom, is the question. All of these things will involve a fight. Some you'll want to fight for, others you'll need to fight against. The reason DHS can't keep anyone in the computer security czar job for very long is that the people who want that job beleive it should be a peer of the surgeon general and the administration doesn't feel that its THAT important. Its all about power. There are a lot of people in this industry who see so red over a few spams that they are ready to lock everyone in a cell. These people need to be checked. My fear is that this list is like Patriot Act ][. A collection of poorly considered authoritarian ideas that is kept close by. Break glass in event of major catastrophy. Then let them all spill out with little or no critical consideration and never get rid of them later. How To Save The Internet - SECURITY - CIO Magazine Mar 15, 2005 |
|
FCC's New Standards-Bearer |
|
|
|---|
| Topic: Politics and Law |
10:32 am EST, Mar 17, 2005 |
President Bush has chosen Kevin J. Martin, one of the Federal Communication Commission's leaders in the crackdown on indecency, to succeed the agency's outgoing chairman, Michael K. Powell. The FCC under Martin is likely to be more active on indecency than under Powell. It was inevitable that the matter would wind up in court. FCC's New Standards-Bearer |
|
eBay item - Electric Shock Cattle Prod NORESERVE!!! L@@K! |
|
|
|---|
| Topic: Humor |
9:20 pm EST, Mar 16, 2005 |
] Due to the fact that Jonnyx has been unresponsive to
] email and voicemail for over 48 hours we are proud to be
] able to make this once in a lifetime offer directly to
] YOU! Item is a slightly used Electric Cattle Prod that
] has been blessed by the Reverend Pope Jonny Anonymous
] himself!!! Item delivers high voltage shocks upon
] application! eBay item - Electric Shock Cattle Prod NORESERVE!!! L@@K! |
|
Schneier on Security: The Failure of Two-Factor Authentication |
|
|
|---|
| Topic: Computer Security |
5:35 pm EST, Mar 16, 2005 |
] Two-factor authentication isn't our savior. It won't
] defend against phishing. It's not going to prevent
] identity theft. It's not going to secure online accounts
] from fraudulent transactions. It solves the security
] problems we had ten years ago, not the security problems
] we have today. Schneier has been getting a lot of attention out of this short essay. I don't agree with him. While I seriously doubt Microsoft is really "dropping passwords" from Longhorn, you are going to see two factor authentication systems, likely involving cellphones, get deployed for certain kinds of internet based financial transactions. Its being playtested in Europe instead of here, because they have better cellphone penetration, but its coming. Schneier is right when he points out that two-factor auth doesn't solve the problem with MiTM. I'd also point out that pencils do not enable space travel. That doesn't make them useless. Two factor auth solves the problem of offline credential stealing (in theory). Offline credential stealing is a real problem, and the only way to solve it is with two factor auth. Even if you solve the MiTM problem, you still need to solve the offline credential stealing problem, and you are going to solve that problem with two factor auth. You'll eventually need to get two factor auth, one way or the other. I hope its not a biometric, because biometrics are crap for totally unrelated reasons. The way you address the MiTM problem is with better UI design. The banks and other groups who have an interest in computer security need to pay to get people on the Firefox team to really explore stronger methods of indicating certificate status to end users. The way we do this is really bad. Hell, Safari doesn't even let you pull up certificate details!!! Developers seem to make these security messages either annoying or invisible. It is possible to make them attention grabbing and informative while also not requiring user interaction. Its just a matter of getting it done. As for Schneier's trojan idea, it sounds neat in theory but in practice I don't think its ever been done. There are lots of ways to make it hard. A way to tell browsers never to write a particular cookie to disk is a good start. Another is to log the user out upon cookie replay. Another thing I'd like to see is a standard for HTTP transactions that supports authentication but not encryption. The reason is that encryption is too expensive for many websites to scale. Auth only could happen more cheaply, and that might spur more people to use it and become familiar with it. Authentication is more important then encryption for most threat models in modern networks. We're not worried about the FBI stealing your credit card number. Schneier on Security: The Failure of Two-Factor Authentication |
|
Spirit Gets A Dust Devil Once-Over |
|
|
|---|
| Topic: Science |
5:49 pm EST, Mar 15, 2005 |
"Mars scientists and engineers are elated about a dust-busting blast that has struck the Spirit rover at its Gusev crater exploration site. Turns out that a martian whirlwind dubbed a dust devil likely zoomed over the robot high up in the Columbia Hills. That fleeting flyby effectively cleaned Spirits solar arrays, giving the robot a new lease on life. Engineers report that the rovers power reading quickly shot up to almost as high as when the rover landed on Mars over a year ago." LB Spirit Gets A Dust Devil Once-Over |
|
Welcome to Goombah - Music Discovery |
|
|
|---|
| Topic: Technology |
1:09 pm EST, Mar 15, 2005 |
] Goombah browses your iTunes collection and theirs to
] compare what you like and make recommendations. If you
] and your peers share a love for one song, chances are
] you%u2019ll appreciate others your Goombah Neighbors
] listen to -- that%u2019s the general idea. Welcome to Goombah - Music Discovery |
|
MD5 collision method published |
|
|
|---|
| Topic: Computer Security |
11:05 pm EST, Mar 14, 2005 |
] At last, the secret of how to make MD5 collisions is out! MD5 collision method published |
|
The State | 03/09/2005 | Bankruptcy bill another blow to safety net |
|
|
|---|
| Topic: Politics and Law |
1:37 pm EST, Mar 14, 2005 |
] The bill would make it much harder for families in
] distress to write off their debts and make a fresh start.
] Instead, many debtors would find themselves on an endless
] treadmill of payments.
]
] The credit card companies say this is needed because
] people have been abusing the bankruptcy law, borrowing
] irresponsibly and walking away from debts. The facts say
] otherwise.
]
] A vast majority of personal bankruptcies in the United
] States are the result of severe misfortune. One recent
] study found that more than half of bankruptcies are the
] result of medical emergencies. The rest are
] overwhelmingly the result either of job loss or of
] divorce. Paul Krugman was on the daily show railing about this bankruptcy bill, which we feels has not received adequate press coverage. The State | 03/09/2005 | Bankruptcy bill another blow to safety net |
|
Meme Maps for 'Jeremy', 'Decius', and 'Rattle', September 2001 - March 2005 |
|
|
|---|
| Topic: MemeStreams |
12:59 am EST, Mar 14, 2005 |
These are histograms of the timestamps for all entries posted to three MemeStreams: Jeremy, from the first post on October 8, 2001 through the post previous to this one on March 12, 2005; Decius, from the first post on September 5, 2001 through the latest post on March 11, 2005; and Rattle, from the first post on September 8, 2001 through the latest post on March 8, 2005. You'll notice significant differences among the three graphs. The X axis shows time of day (in Pacific time). Each day of the week is shown in a different row and color along the Y axis. The height of each bar in the Z axis represents the cumulative number of posts bearing a timestamp of the corresponding day and time. Meme Maps for 'Jeremy', 'Decius', and 'Rattle', September 2001 - March 2005 |
|
Checklists / Implementation Guides |
|
|
|---|
| Topic: Computer Security |
12:41 am EST, Mar 14, 2005 |
3rd interesting thing learned at Interz0ne. This is a nice collection of federal security hardenning checklists for various commercial systems, including Cisco & Juniper routers, UNIX, and windows varients. The Rainbow series is also linked from this site. Checklists / Implementation Guides |
|
