Create an Account
username: password:
 
  MemeStreams Logo

Spontaneous Sociability and The Enthymeme

search

Rattle
Picture of Rattle
Rattle's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Rattle's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
  Music
Business
  Tech Industry
  Telecom Industry
Games
Health and Wellness
Holidays
Miscellaneous
  Humor
  MemeStreams
   Using MemeStreams
Current Events
  War on Terrorism
  Elections
Recreation
  Travel
Local Information
  SF Bay Area
   SF Bay Area News
Science
  Biology
  History
  Nano Tech
  Physics
  Space
Society
  Economics
  Futurism
  International Relations
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
  Military
  Security
Sports
Technology
  Biotechnology
  Computers
   (Computer Security)
    Cryptography
   Cyber-Culture
   PC Hardware
   Computer Networking
   Macintosh
   Linux
   Software Development
    Open Source Development
    Perl Programming
    PHP Programming
   Spam
   Web Design
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
Current Topic: Computer Security

Finnish security exec arrested over bank hack | The Register
Topic: Computer Security 8:23 pm EDT, Aug 20, 2005

Investigators told local paper Helsingin Sanomat that the suspects wrongly believed that the use of an insecure wireless network in commission of the crime would mask their tracks. This failed when police identified the MAC address of the machine used to pull off the theft from a router and linked it to a GE Money laptop. Police say that stolen funds have been recovered. Four men have been arrested over the alleged theft with charges expected to follow within the next two months

One of the suspects was their data security chief. Talk about a lack of ethics... Apparently none of these people were particularly good at information security either. They used a GE Money laptop, and neglected to do anything aside from using an open wireless network to mask their source. The authorities were able to identify them based on the MAC address of the laptop. None of them were keen enough to change the address, as Acidus pointed out.

Finnish security exec arrested over bank hack | The Register


Photo: Worm vs. worm | CNET News.com
Topic: Computer Security 7:17 pm EDT, Aug 17, 2005

Zobot and other worms and variants have hit networks since Sunday. A sketch shows which pests try to detect or undo rival pests, according to F-Secure.

"My worm can beat up your worm!"

Photo: Worm vs. worm | CNET News.com


Chinese Cryptologists Get Invitations to a US Conference, but No Visas
Topic: Computer Security 3:20 pm EDT, Aug 17, 2005

Aug. 16 - Last year a Chinese mathematician, Xiaoyun Wang, shook up the insular world of code breakers by exposing a new vulnerability in a crucial American standard for data encryption. On Monday, she was scheduled to explain her discovery in a keynote address to an international group of researchers meeting in California.

But a stand-in had to take her place, because she was not able to enter the country. Indeed, only one of nine Chinese researchers who sought to enter the country for the conference received a visa in time to attend.

"It's not a question of them stealing our jobs," said Stuart Haber, a Hewlett-Packard computer security expert who is program chairman for the meeting, Crypto 2005, being held this week in Santa Barbara. "We need to learn from them, but we are shooting ourselves in the foot."

A policy designed to protect national security by preventing technology transfer from the US to China has actually hurt national security by preventing technology transfer from China to the US. If you know someone at State tell them to read this article. This matter is very serious and they should have made an exception in this case and gotten the visas in time.

Chinese Cryptologists Get Invitations to a US Conference, but No Visas


CNN.com - Somebody set us up the bomb
Topic: Computer Security 3:08 pm EDT, Aug 17, 2005

It was all wormy over at CNN yesterday. Around 1:30pm EST, multiple Internet worms targeting recent vurnerabilities disclosed in Microsoft Operating Systems struck the CNN newsroom.

Wolf Blitzer was not quoted as saying "we get signal", as the remainder of his broadcast became dominated by the worm story. A stream of reports similar to "CNN Atlanta, NYC, and LA report being effected, as do ABC News, the New York Times, and corporations such as Caterpillar" were delivered by Blitzer in Breaking News tone from The Situation Room.

"He didn't look as nervous as that time when Jon Stewart was beating up the Crossfire team in the other studio," a random viewer pointed out, "he was in form."

Lou Dobbs, Arron Brown, and the rest of the CNN Staffers waged through the crisis in order to get important news about the Israeli Gaza pullout and a riot surrounding $50 used Apple laptops through to the people. Fox News appeared to be unaffected.

Shortly after the hand-over to Lou Dobbs, a representative from the DoD made the statement that both the FBI and CERT regarded the current worms as "low impact". Dobbs responded, "It seems high-impact from where I'm sitting."

The worm story was still in focus during prime-time as commentators such as Kevin Mitnick offered advice and and insight about computer viruses to the CNN audience, and CNN staffers who were still having problems logging into the TURNER windows domain. Mitnick accurately pointed out that viruses often find their way onto corporate networks not by bypassing firewalls, but by being brought into the protected network environment via laptops infected elsewhere.

"There are several technical approaches that could avoid CNN's current situation," said Industrial Memetics Acting CEO Nick Levay, a widely respected expert on security issues. "A good example would be to require all laptops brought in from the outside world to only use the wireless network, and to treat that has a hostile network." Levay continued, "A quarantine zone of sorts is necessary to determine if machines being brought onto the network are carrying dangerous worms and/or viruses."

Rumors are passing around that the worms had similar effects on Capitol Hill, but Help Desk representatives were unavailable for comment at press time.

Developing...

CNN.com - Somebody set us up the bomb


Redmond, Thanks for Nothing...
Topic: Computer Security 10:18 pm EDT, Aug 11, 2005

These hackers did not have this target before; if Lynn hadn't
presented his findings, many, or most of them would likely not even
know about it. (All indications are that it will be an exceptionally
difficult flaw to exploit, and took Lynn years of research to find. On
the other hand, a large group of hackers working in concert could
substantially reduce that time). But now that Lynn's blown the lid off
of it, every hacker from Boise to Shanghai knows about it. That's
simply not smart.

It does not surprise me that the independent voice of the Microsoft IT community doesn't get the reality of Lynn's disclosure. If the theme of this all is broken security culture, this a yelp from the center of the black hole.

If Mike had discovered a new vulnerability in BIND that Vixie already had a patch out for, no one would be making the arguments this guy is. The whole point is that Mike exposed a type of attack that people had not been considering a present threat. Of course all the hackers are working on it. That's the type of eternal vigilance we practice in our craft. We now see a space in which problems can and will occur, we must know the extent of it, and fully engage the problem. Anything else is the wrong approach.

Redmond, Thanks for Nothing...


Jennifer Granick | The Shout | Reverse Engineering Lawyer Code
Topic: Computer Security 11:32 pm EDT, Aug  5, 2005

The next installment of Jennifer's story about representing Mike is up.

This post has one key piece of information that explains definitively why Jennifer kicks so much ass. She is a Jersey Girl!

I also find it somewhat intriguing that both her cat and dog look very serious.

Update: The last installment is up now as well. Wired has picked up the story from Jennifer's blog and is running it.

Jennifer Granick | The Shout | Reverse Engineering Lawyer Code


So.. Where do we go from here?
Topic: Computer Security 9:14 pm EDT, Aug  4, 2005

I guess that's the big question.

Cisco can best be considered "high risk, high return". Lets hope they adjust their security culture and we see those returns. Even the media following the financial markets has noted Cisco is taking a vacation at Club Microsoft. I don't think anyone even had to connect the dots for them. There have been some changes in Cisco's Chinese management, which I'm sure have nothing to do with this.. No dots here. No sir. Just things that look like nodes, and a general neglect for all things American that are not American Business. At least they are not Enron.

As the days roll on, Mike will not be sitting in the hot-seat any longer. I expect ISS to take his place, and rightfully so, they deserve every black-eye they get. Right now the Cisco legal team is doing the equivalent of a pre-fight pump-up. I'm sure of it.

Ed Felten has a good post over at the Freedom To Tinker blog that goes into a number of the legal issues this presents:

Any discussion of this argument has to start with the obvious: Cisco is claiming that part of its product is a trade secret. The software is key to the product’s function, and Cisco sells the product to essentially anybody who wants it. It’s hard to think of any reasonable sense in which this can be called a secret. (I know that legal definitions of terms like “trade secret” aren’t always intuitive, but still, this seems a bit much.)

Clearly an issue we are concerned with. The most stressful parts of the coming Cisco vs. ISS battle are going to surround this. Many bullets will fly. Some might strike the innocent, but they will fly for awhile and strike them far off in the distant future. We will be listening for the fire and keeping our heads down.

So what about Mike? Ira Winkler at the IT Defense Patrol blog offers this:

Let’s stop chastising Michael Lynn. He may have violated is employee agreement, but that is not really an issue for us. He may have technically violated Cisco licensing, and that is the whole point - any bad guy would probably do the same. However, he did it within a regulated environment, which where it should happen. And where it happens all the time. And the result is often publication of a security alert. Lynn's actions are no different.

Sure. Too bad it wasn't a well regulated environment, although its not like we have a goo... [ Read More (0.4k in body) ]


Jennifer Granick | The Shout | Luckily, there were bagels.
Topic: Computer Security 10:42 pm EDT, Aug  3, 2005

Jennifer Granick has posted the latest installment of her story about defending Mike. I blogged the previous installment yesterday. Again, its a really rare and great thing to hear the story told from the perspective of one of the lawyers fighting the battle. And to continue repeating myself, Jennifer has been doing an excellent job, continue to shower this woman with complements.

There are numerous sections of her post worth of quoting. Just go and read the entire thing. It contains some of the best legal blow-by-blog (sticking with that typo) we are going to get..

After you are done, reflect on how when it rains, it pours and check out this post on TaoSecurity.

Jennifer Granick | The Shout | Luckily, there were bagels.


Peices of the Serpant's Broken Tooth (Continuation)
Topic: Computer Security 9:38 pm EDT, Aug  3, 2005

The discussion I've been having over at the Cargo Cult is ongoing. Head over there to pick up the full context..

Here is my latest response:

All your points on Intellectual Property are valid. Hence, I opted not to attack your argument from that perspective. I am also not in the anit-IP crowd. I think to get the carrier firmly up, we need to establish more facts. It appears that incorrect assumptions lie at the heart of the differences in our views.

Mike never had the IOS source code. Cisco never gave it to him; he was not under NDA to have it. He did not violate any of their rights to protect their source code. Mike did his research by disassembling the publicly available IOS images. This was a case of reverse engineering. If anything, Mike's legal liability lied in exposing trade secrets, but not due to any access to (Cisco) proprietary information. Both you and I could easily have access in a "virgin" manor to what Mike based his research on. I assume that both Cisco and ISS (and their respective legal teams) did not feel they were standing on firm enough ground to go after Mike based on this tactic. The dogs smelled blood and were barking, but they were kept on the leash. The reason certainly wasn't a feeling of mercy on the part of Cisco.

Once we get here, we come full circle again. And its a big circle. The ends meet at places like the old DeCSS situation. If you own the chattel (odd context to use that term, I know), do you have the right to take it apart and figure out how it works? Can you share that information? If the law is vague, where do ethics supplement the pre-legal argument? If this situation winds up being framed in that light, its the DMCA we have to look to. If you want a laugh, think about if coming up with an exploit qualifies as "necessary to achieve interoperability of an independently created computer program."

I also do firmly believe that Mike's statements are grounded in fact when it comes to matters like "China has this." The big picture could best be described as "huge" if you acknowledge that. Thinking about the problem honestly feels like wargaming to me.

The general option of the hacker (read: security, not criminal) community is that Cisco has a broken security culture. They need a wake-up call like this to bring positive change to it. I think they will be successful with it in the long term too. I'm also not a member of the "all corps are dumb" crowd. At worst, I prefer to think of them (us?) as "slow". ISS on the other hand, I don't have such kind words for. Please take a look at this post on my blog which contains a link to and some excerpts from Mike's interview with Wired.

That made me outright angry. It also raised some serious questions, which I am not going to put forth in a public forum. Bonus points if you can figure them out...


The Shout | Jennifer Granick | ISS and Cisco v. Granick’s Gambling Plans
Topic: Computer Security 9:12 pm EDT, Aug  2, 2005

What follows is my take on “Ciscogate”, the uproar over researcher Michael Lynn’s presentation at this year’s Black Hat conference, in which he revealed that he was able to remotely execute code on Cisco routers. I have been representing Mike during this crisis, so I’m clearly partisan, and what I can say is limited by attorney-client responsibilities. But while many people are speculating about the facts, there hasn’t been much on the law, which turns out to be really interesting.

Jennifer Granick has posted the first installment of the story about her representing Mike. Its very rare you get to hear the take of a case like this directly from the lawyers involved, so this is a treat.

Earlier I suggested that everyone leave a comment on Jennifer's blog thanking her for representing Mike. I'd like to renew that suggestion. Thanks Jennifer!

After reading this, you might want to check out this collection of comments on Cryptome about the situation. It includes links to pictures of the presentation Mike actually gave, as opposed to the one that is floating around.

And seriously don't miss the truly excellent video floating around of the Cisco temp-workers slicing the materials out of the conference booklets. You can get it here or here.

The Shout | Jennifer Granick | ISS and Cisco v. Granick’s Gambling Plans


(Last) Newer << 2 ++ 12 - 13 - 14 - 15 - 16 - 17 - 18 - 19 - 20 ++ 30 >> Older (First)
 
 
Powered By Industrial Memetics
RSS2.0