| |
| Current Topic: Computer Security |
|
How Crypto Won the DVD War | Threat Level from Wired.com |
|
|
|---|
| Topic: Computer Security |
6:23 am EST, Feb 27, 2008 |
Support from studios has been widely cited as the reason for Blu-ray's victory, but few consumers know that the studios were likely won over by the presence of a digital lock on movies called BD+, a far more sophisticated and resilient digital rights management, or DRM, system than that offered by HD DVD.
This is very interesting. How Crypto Won the DVD War | Threat Level from Wired.com |
|
The Eavesdropper's Dilemma - Matt Blaze et al... [PDF] |
|
|
|---|
| Topic: Computer Security |
8:01 pm EDT, Oct 26, 2006 |
This work was previously reported on Memestreams back in November 2005, when Markoff wrote about in NYT. There must be some reason why it is being revisited now, but it may not be publicly obvious. One presumes that it came up during the Here's Looking at You... session at Phreaknic. (Is there a slide presentation for that?) This paper examines the problem of surreptitious Internet interception from the eavesdropper’s point of view. We introduce the notion of ‘fidelity” in digital eavesdropping. In particular, we formalize several kinds of “network noise” that might degrade fidelity, most notably “confusion,” and show that reliable network interception may not be as simple as previously thought or even always possible. Finally, we suggest requirements for “high fidelity” network interception, and show how systems that do not meet these requirements can be vulnerable to countermeasures, which in some cases can be performed entirely by a third party without the cooperation or even knowledge of the communicating parties.
For practical results in real-world systems, see the authors' IEEE article, Signaling Vulnerabilities in Wiretapping Systems, in which this paper is reference #11. In a separate work [11], we formalized the concepts of evasion and confusion as eavesdropping countermeasures and identified the “eavesdropper’s dilemma” as a fundamental trade-off in certain interception architectures.
The Eavesdropper's Dilemma - Matt Blaze et al... [PDF] |
|
Computer System Under Attack |
|
|
|---|
| Topic: Computer Security |
9:54 am EDT, Oct 7, 2006 |
"It has become clear that Internet access in itself is a vulnerability that we cannot mitigate. We have tried incremental steps and they have proven insufficient."
-- Undersecretary of Commerce Mark Foulon
Computer System Under Attack |
|
|
|---|
| Topic: Computer Security |
11:23 pm EDT, Aug 13, 2006 |
"I met my wife on your captcha!!!" -- Steve, from New York
OK, this is funny... Hotornot captcha. Captcha Mashup |
|
Academic freedom and the hacker ethic |
|
|
|---|
| Topic: Computer Security |
12:23 pm EDT, May 27, 2006 |
Hackers advocate the free pursuit and sharing of knowledge without restriction, even as they acknowledge that applying it is something else.
Tom has been published in the current issue of CACM. His article is currently number one of only 7 references to Francis Fukuyama in the ACM Digital Library. There is a report about Internet voting, two about trust in electronic commerce, an excerpt from The Social Life of Information, and an article by Grady Booch where the title is a take-off on Fukuyama's classic, The End of History. Tom's article is the only one to reference Fukuyama in the context of science/technology policy and academic freedom. In crafting policy, is it useful to distinguish between basic knowledge and specific vulnerabilities in a finished product? Tom's opening line refers to "the free pursuit of knowledge." The implication in Joy's argument, and in Tom's response to it, suggests that it is possible, through policy, to wall off certain areas of knowledge in a selective manner, based on some balanced assessment of risk and reward. Set aside the wisdom of the policy issue; it's not clear to me this is even possible. So much of what turns out to be disruptive knowledge arrives unexpectedly. This much should be obvious by definition. Yet frequently it seems to be brushed aside. Joy focuses on big, deliberate endeavors; he refers to "efforts" like the Manhattan Project. Although the history of the Internet is deeply intertwined with defense, it is worth noting that the World Wide Web was not the product of a grand-vision project. Well, actually, it was, but that big project was about physics, not information management. The Web arose from an off-the-books "effort" to organize some documentation. Recall the recent Freeman Dyson articles that I recommended. The next supervirus is as likely to arrive courtesy of a five year old, playing in the backyard, as from a diabolical terrorist with genocidal tendencies. Inherent in Tom's premise is the idea that one has the ability to distinguish between knowing and doing. At the bleeding edge, on zero budget, with only the vaguest ideas of the applications or impact of what you're exploring, this may not be a reasonable assumption. There is a subtlety between "doing" and "applying"; you might "do" in the lab but "apply" in the wild. But as Tom asks, what if you have no lab? When the wild is your lab, either for lack of resources, or because the wild is your object of study, "doing" and "applying" are often one in the same. Update: Greg Conti has made the CACM issue available as a ZIP archive. Academic freedom and the hacker ethic |
|
VeriSign's conflict of interest creates new threat |
|
|
|---|
| Topic: Computer Security |
7:15 am EST, Jan 25, 2006 |
There's a big debate going on the US and Canada about who is going to pay for Internet wiretapping.
It won't be long now until the telcos start trying to pass on the cost of wiretapping to the major content providers. It'll be likened to existing security-related overhead expenses, like "loss prevention" at retail outlets. If Barnes and Noble has to pay for private security guards, why shouldn't Amazon have to do the same? VeriSign's conflict of interest creates new threat |
|
VeriSign NetDiscovery [Lawful] Intercept Service |
|
|
|---|
| Topic: Computer Security |
7:02 am EST, Jan 25, 2006 |
"We have the ability to access virtually any packet data network and by using mediation equipment deployed in our network, VeriSign can provide a secure, reliable, cost-efficient solution that enables carriers with GPRS or CDMA 1x technologies to comply with all lawful intercept requirements without impacting network performance."
When I see VeriSign talk about "lawful" intercept, for some reason I am reminded of a particular scene from The Simpsons episode BABF12, "Pygmoelian": The Simpsons arrive at the Duff Days site. Homer switches off the beer music, to the kids' relief. As soon as they step out of the car, though, a live band plays exactly the same tune. Near the entrance, a man is dressed as Surly, one of the Seven Duffs.
[loudly] Drink Duff! [under breath] Responsibly.
[loudly] Drink Duff! [under breath] Responsibly. VeriSign NetDiscovery [Lawful] Intercept Service |
|
Sony to Suspend Making Antipiracy CDs |
|
|
|---|
| Topic: Computer Security |
1:33 pm EST, Nov 12, 2005 |
Stewart Baker, assistant secretary for policy at DHS, described industry efforts to install hidden files on consumers' computers. "It's very important to remember that it's your intellectual property, it's not your computer," Baker said at a trade conference on piracy. "And in the pursuit of protection of intellectual property, it's important not to defeat or undermine the security measures that people need to adopt in these days."
Sony to Suspend Making Antipiracy CDs |
|
