| |
| Current Topic: Computer Security |
|
VeriSign's conflict of interest creates new threat |
|
|
|---|
| Topic: Computer Security |
7:15 am EST, Jan 25, 2006 |
There's a big debate going on the US and Canada about who is going to pay for Internet wiretapping.
It won't be long now until the telcos start trying to pass on the cost of wiretapping to the major content providers. It'll be likened to existing security-related overhead expenses, like "loss prevention" at retail outlets. If Barnes and Noble has to pay for private security guards, why shouldn't Amazon have to do the same? VeriSign's conflict of interest creates new threat |
|
VeriSign NetDiscovery [Lawful] Intercept Service |
|
|
|---|
| Topic: Computer Security |
7:02 am EST, Jan 25, 2006 |
"We have the ability to access virtually any packet data network and by using mediation equipment deployed in our network, VeriSign can provide a secure, reliable, cost-efficient solution that enables carriers with GPRS or CDMA 1x technologies to comply with all lawful intercept requirements without impacting network performance."
When I see VeriSign talk about "lawful" intercept, for some reason I am reminded of a particular scene from The Simpsons episode BABF12, "Pygmoelian": The Simpsons arrive at the Duff Days site. Homer switches off the beer music, to the kids' relief. As soon as they step out of the car, though, a live band plays exactly the same tune. Near the entrance, a man is dressed as Surly, one of the Seven Duffs.
[loudly] Drink Duff! [under breath] Responsibly.
[loudly] Drink Duff! [under breath] Responsibly. VeriSign NetDiscovery [Lawful] Intercept Service |
|
Redacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word to PDF |
|
|
|---|
| Topic: Computer Security |
7:12 pm EST, Jan 24, 2006 |
There are a number of pitfalls for the person attempting to sanitize a Word document for release. This paper describes the issue, and gives a step-by-step description of how to do it with confidence that inappropriate material will not be released.
Redacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word to PDF |
|
Signaling Vulnerabilities in Wiretapping Systems |
|
|
|---|
| Topic: Computer Security |
9:55 am EST, Nov 30, 2005 |
In a research paper appearing in the November/December 2005 issue of IEEE Security and Privacy, we analyzed publicly available information and materials to evaluate the reliability of the telephone wiretapping technologies used by US law enforcement agencies. The analysis found vulnerabilities in widely fielded interception technologies that are used for both "pen register" and "full audio" (Title III / FISA) taps. The vulnerabilities allow a party to a wiretapped call to disable content recording and call monitoring and to manipulate the logs of dialed digits and call activity. In the most serious countermeasures we discovered, a wiretap subject superimposes a continuous low-amplitude "C-tone" audio signal over normal call audio on the monitored line. The tone is misinterpreted by the wiretap system as an "on-hook" signal, which mutes monitored call audio and suspends audio recording. Most loop extender systems, as well as at least some CALEA systems, appear to be vulnerable to this countermeasure.
John Markoff has a story on this today. Signaling Vulnerabilities in Wiretapping Systems |
|
Sony to Suspend Making Antipiracy CDs |
|
|
|---|
| Topic: Computer Security |
1:33 pm EST, Nov 12, 2005 |
Stewart Baker, assistant secretary for policy at DHS, described industry efforts to install hidden files on consumers' computers. "It's very important to remember that it's your intellectual property, it's not your computer," Baker said at a trade conference on piracy. "And in the pursuit of protection of intellectual property, it's important not to defeat or undermine the security measures that people need to adopt in these days."
Sony to Suspend Making Antipiracy CDs |
|
Optical and Digital Techniques for Information Security |
|
|
|---|
| Topic: Computer Security |
8:46 am EDT, Aug 8, 2005 |
This book comprehensively surveys the results of research investigation and technologies used to secure, verify, recognize, track, and authenticate objects and information from theft, counterfeiting, and manipulation by unauthorized persons and agencies. This book will draw on the diverse expertise in optical sciences and engineering, digital image processing, imaging systems, information processing, computer based information systems, sensors, detectors, and biometrics to report innovative technologies applied to information security issues. Optical and Digital Techniques for Information Security is the first book in a series focusing on Advanced Sciences and Technologies for Security Applications. The Advanced Sciences and Technologies for Security Applications series focuses on research monographs in the areas of: -Recognition and identification (including optical imaging, biometrics, authentication, verification, and smart surveillance systems) -Biological and chemical threat detection (including biosensors, aerosols, materials detection and forensics) -Secure information systems (including encryption, and optical and photonic systems).
Optical and Digital Techniques for Information Security |
|
RE: Wired News: Cisco Security Hole a Whopper |
|
|
|---|
| Topic: Computer Security |
7:56 am EDT, Jul 28, 2005 |
Rattle wrote:
Wired just posted the best article so far.. Here are some of the highlights:
The Wired News article seems hastily reported and not fact-checked. Zetter refers to "Internet Security Solutions". A single visit to www.iss.net would have indicated otherwise. This is basic. Zetter also refers to IOS as "infrastructure operating system". A visit to cisco.com would show that IOS actually stands for Internetworking Operating System. The "subtle" attacks postulated in the article, such as "reading email" on a router, would dramatically reduce the forwarding capacity of the router. Besides, a router is not responsible for end-to-end data integrity and confidentiality. If your email traffic is properly protected by an application-layer or network-layer tunnel, none of these "subtle" attacks are applicable. Of course, the present fact of the matter is that a lot of Internet email passes through the core in the clear. But this situation is not Cisco's fault, and their direct responsibility for an implementation flaw in IOS is distorted when it is conflated with the collective inaction of the majority who neglect to implement end-to-end security for mission critical applications. The SecurityFocus article has less of this hype, but the editor still missed an error at the end of the article, where "Rather then" should be "Rather than". The SearchSecurity article makes the same error. It must be contagious. I don't know where ComputerWire got the idea that IOS is "supposedly unhackable." Several of their quotes are missing words. (The CRN article is more specific; it reports that IOS was "perceived as impervious to remote execution of arbitrary code from stack and heap overflows." The ComputerWire editors must have decided that description was too complicated for their readers.) There are also discrepancies in the reporting regarding the size of the presentation. One report calls it a 10-page presentation while another says it was 30 pages long. Perhaps it was 30 slides, printed in 3-up handout mode with room for notes? RE: Wired News: Cisco Security Hole a Whopper |
|
|
|---|
| Topic: Computer Security |
6:54 am EDT, Jun 5, 2005 |
"The wave of the future is getting inside these groups, developing intelligence, and taking them down." Today's cybercrooks are becoming ever more tightly organized. Like the Mafia, hacker groups have virtual godfathers to map strategy, capos to issue orders, and soldiers to do the dirty work. Their omertà , or vow of silence, is made easier by the anonymity of the Web. And like legit businesses, they're going global. The ShadowCrew allegedly had 4,000 members operating worldwide -- including Americans, Brazilians, Britons, Russians, and Spaniards. "Organized crime has realized what it can do on the street, it can do in cyberspace," says Peter G. Allor, a former Green Beret who heads the intelligence team at Internet Security Systems Inc. in Atlanta. The bust yielded of ShadowCrew a treasure trove of evidence. "We will be arresting people for months and months and months," says the Secret Service. Hacker Hunters |
|
IEEE Transactions on Information Forensics and Security |
|
|
|---|
| Topic: Computer Security |
8:25 pm EDT, Jun 1, 2005 |
This is a call for papers to be published in a new IEEE Transactions series. I think there are at least a few MemeStreams regulars who could get published here ... The aim of the IEEE Transactions on Information Forensics and Security is to provide a unified locus for archival research on the fundamental contributions and the mathematics behind information forensics, information security, surveillance, and systems applications that incorporate these features. Technical topics within the scope include:
Digital rights management technology, including watermarking and
fingerprinting of images, video, and audio;
Steganography and steganalysis;
Tampering, modification of, and attacks on, original information;
Signal processing for biometrics;
Signal processing for forensic analysis;
Signal modeling and channel modeling for secure content delivery;
Quality metrics and benchmarking;
Technical analysis of system vulnerabilities;
Content identification and secure content delivery;
Information embedding and media annotation;
The interplay of technology with legal and ethical issues. IEEE Transactions on Information Forensics and Security |
|
