Create an Account
username: password:
 
  MemeStreams Logo

It's always easy to manipulate people's feelings. - Laura Bush

search

Decius
Picture of Decius
Decius's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Decius's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
   Sci-Fi/Fantasy Films
  Music
   Electronic Music
Business
  Finance & Accounting
  Tech Industry
  Telecom Industry
  Management
  Markets & Investing
Games
Health and Wellness
Home and Garden
  Parenting
Miscellaneous
  Humor
  MemeStreams
Current Events
  War on Terrorism
Recreation
  Cars and Trucks
  Travel
Local Information
  United States
   SF Bay Area
    SF Bay Area News
Science
  Biology
  History
  Math
  Nano Tech
  Physics
Society
  Economics
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
Sports
Technology
  (Computer Security)
  Macintosh
  Spam
  High Tech Developments

support us

Get MemeStreams Stuff!


 
Current Topic: Computer Security

The Chronicle: 1/19/2007: Georgia's Unusual 'Electoral College'
Topic: Computer Security 11:17 am EST, Jan 23, 2007

Mr. King, of Kennesaw State, scoffs at his colleagues' warnings about the insecurity of Diebold machines and their calls for a paper record. "We've held 3,000 elections on this equipment," he says. "We can't hack it, and I have the source code. We can't break the system."

Holding his face in his hands to express his frustration, he says Mr. Felten's illicit actions in the video could not happen in Georgia, with its multiple layers of security.

One of Mr. King's protégés, Chris Ambrose, a Kennesaw State junior majoring in information systems, who works at the center, is harsher in his assessment of Mr. Felten's video.

"This guy's an idiot," says Mr. Ambrose. He struggles to lift one of the heavy voting machines and turn it over to demonstrate what, he says, would be required to infect the machine with a virus. On the video, he says, Mr. Felten makes the process look effortless.

I think I've gone on record before saying that the computer security research community and the elections people are talking past eachother. Computer security people see all of the ways they can manipulate a machine, and pine for the days of gyms filled with old ladies counting little peices of paper. Elections officials have experience with the logistical nightmare that is, and think the theoretical problems with computers are less real. In the middle is this mythology that we've ever held a completely accurate election, which I don't really beleive after looking at this for the past few years. I don't think its possible and shudder to think how bad things might have been in the 1800s. We need new approaches.

There is, however, lots of blame to go around about the standoff, and this picture of an IS undergrad calling Ed Felton an idiot sums it up nicely. Everyone needs to open their minds.

The Chronicle: 1/19/2007: Georgia's Unusual 'Electoral College'


Levy Interviews Steve Jobs About iPhone - Newsweek
Topic: Computer Security 2:59 pm EST, Jan 12, 2007

“You don’t want your phone to be an open platform,” meaning that anyone can write applications for it and potentially gum up the provider's network, says Jobs. “You need it to work when you need it to work. Cingular doesn’t want to see their West Coast network go down because some application messed up.”

The iphone suddenly doesn't sound half as cool as people have been saying. Furthermore, if Cingular is relying on Apple's application protection to keep their West Coast network from going down they can kiss it goodbye. Computers do things they aren't supposed to. Often by accident. Sometimes on purpose. If your infrastructure can't handle that, it won't work.

Levy Interviews Steve Jobs About iPhone - Newsweek


Attack of the Zombie Computers Is a Growing Threat, Experts Say - New York Times
Topic: Computer Security 6:22 pm EST, Jan  6, 2007

Rick Wesson, left, is chief executive of the data-gathering company Support Intelligence; Adam Waters is chief operating officer. “We are losing this war badly,” Mr. Wesson said of the growing threat from botnets.

Wow, two good friends of mine made NYT! Congrats guys.

Attack of the Zombie Computers Is a Growing Threat, Experts Say - New York Times


PKC anniversary event provided insights into the past, present, and future of cryptography
Topic: Computer Security 11:19 am EST, Jan  5, 2007

One audience member asked, "Is there a clear distinction in cryptography where national security ends and commercial applications begin?" He basically wanted to know the difference between commercial and government class cryptography. Diffie responded that there has been a recognition that "the strength of cryptography is not the place to separate the two." He said that the most important development of the last several years has been the adoption by NSA of Suite B, which is a public set of standard cryptographic algorithms that are approved for unclassified and classified government data.

If you follow cryptography most of the contents of this article may be old hat, but there are a few minor data points that I found interesting, such as this one, and the NSA's perspective on the resilience of AES to quantum computer based cryptanalysis.

PKC anniversary event provided insights into the past, present, and future of cryptography


the Month of Apple Bugs
Topic: Computer Security 1:19 pm EST, Jan  2, 2007

This time there will be working exploits for mostly every critical advisory released, thus there will be less room for drama.

Depends how you define drama. This ought to be a dramatic month for folks running OSX.

the Month of Apple Bugs


Wired News: Computer Warming a Privacy Risk
Topic: Computer Security 11:44 am EST, Dec 31, 2006

If an attacker wants to learn the IP address of a hidden server on the Tor network, he'll suddenly request something difficult or intensive from that server. The added load will cause it to warm up.

Because temperature affects how fast most electronics operate, warming up the machine causes microscopic changes in clock skew over time. Now the attacker queries computers on the public internet that he suspects of being the Tor server, looking for the shift in skew over the course of hours.

Wired News: Computer Warming a Privacy Risk


Vista flaw exaggerated
Topic: Computer Security 7:34 pm EST, Dec 27, 2006

Sometimes I get the sense that the ledes are already written, just waiting for an excuse to get printed to paper.

If you don't already realize it, the news media is blowing this Vista privledge escallation POC way out of proportion. Its a local escallation issue, not a remote attack, and I haven't looked in detail but I'm not aware that exploitation has actually been demonstrated on Vista. The idea that this would percipitate a "crisis in confidence" in Vista Security is a figment of some editor's imagination.

Vista has exploit protection technology that is currently viewed as pretty tough by computer security researchers. No one is saying its insurmountable, but it definately raises the bar. This news doesn't change a thing in that regard. Wake me up when MetaSploit publishes a working remote module. (That WILL happen eventually, mind you, but I don't currently think that it will be as easy to turn bugs into sploits in this OS as in previous ones, and only time will demonstrate if I'm right.)

Vista flaw exaggerated


Boing Boing: Personal firewall for the RFIDs you carry
Topic: Computer Security 12:24 pm EST, Dec  7, 2006

It proposes a "firewall for RFID tags" -- a device that sits on your person and jams the signals from all your personal wireless tags (transit passes, etc), then selectively impersonates them according to rules you set.

This looks like an excellent paper.

Boing Boing: Personal firewall for the RFIDs you carry


RE: Security Absurdity; The Complete, Unquestionable, And Total Failure of Information Security.
Topic: Computer Security 2:53 pm EST, Nov 30, 2006

noteworthy wrote:

A long-overdue wake up call for the information security community.

This popped up on Slashdot recently. I'm curious to get feedback from the security experts here at Memestreams.

I wrote up a long response to this yesterday and unfortunately I managed to accidentally kill the browser window. Calling the whole industry out on the table is a classic method of self promotion in the security industry. Imagine if I wrote the same article about healthcare.

Clearly, we have failed to solve the problem of disease! Healthcare professionals are responsible! They are complacent and lazy! Look at all the health problems we face! AIDS, Cancer, Heart Disease, Lung Disease, Polio, Black Death, the Flu! Look at all these poor people who have been impacted by these diseases! We're one random mutation away from a flu virus that will wipe out all of humanity! And the CDC has the audacity to not be in a permanent state of emergency! Why? Diseases are out evolving our protections and healthcare is inaccessible!

Would you take this article seriously? Would you agree that the entire healthcare industry is a failure? Would you stop going to the doctor because you figure its a big waste of time? Would you get mad at your doctor for being a complacent member of the healthcare industry?

In fact, there have been significant improvements in the state of the technical situation, due to things like more vulnerability research, automated patching, IPS technology, and exploit protection technologies. A vast number of problems have been solved. DOS attacks are much harder than they used to be. Worms don't propagate as well as they used to. Most modern attacks cannot be targeted. Trying to entice people to click on your evil web page is harder than owning their network directly. The directed attacks we see today are very sophisticated. Compare the complexity of the most recent sendmail bug to bugs in sendmail 10 years ago.

We're not done yet, but its ignorant to argue that nothing substantial has been accomplished.

Attacks are up because there are more financial motivations today then there were 5 years ago despite the fact that its harder to perform attacks than it was 5 years ago. Computer security professionals will never "solve" crime because its not a technical problem and it doesn't have a "solution." With respect to things like phishing attacks and consensually installed spyware, computer security professionals also cannot fix the reality that a fool and his money are easily parted.

Certainly, new thinking is needed and welcomed. There are fresh ideas and strategic changes that will have a huge impact that are still waiting for the right person to find them. But an honest way to pursue that is to talk about the ideas. Calling the whole security industry a failure isn't about new ideas, its not true, and its not useful.

RE: Security Absurdity; The Complete, Unquestionable, And Total Failure of Information Security.


27B Stroke 6 - Its not over for Soghoian.
Topic: Computer Security 11:16 am EST, Nov 30, 2006

Despite news yesterday that the Justice Department has closed its investigation of the graduate student behind the controversial fake boarding pass generator, Christopher Soghoian may not be out of legal jeopardy yet.

27B Stroke 6 - Its not over for Soghoian.


(Last) Newer << 4 - 5 - 6 - 7 - 8 - 9 - 10 - 11 - 12 - 13 ++ 23 >> Older (First)
 
 
Powered By Industrial Memetics
RSS2.0