Security Blog |
5.31.2002
Memories It's how I got started, fell right into that strange world - it was great. My friends and I remember - WWIV, 2400bps, Poolside BBS. The good old days. Back in the day, I found a place where what you thought, and what you wrote, was what mattered. Where a teenage loser could lose himself, and in doing so, end up figuring out he was worth finding. The weirdest thing about that place, though? There were other people there. And they wanted to talk. A lot. About everything, and nothing. Because there, they could, and maybe everywhere else, they couldn't.
Couple from the backlog Security Focus has two solid articles up which I just finished reading. The first is a unique piece on the motives of virus writers. Definitely an interesting read. The other is a continuation of the cool No Stone Unturned series - a fictional, but educational, account of a computer security incident.
More privacy My friend Scott Granneman has the last piece of his 4 part privacy series up at Security Focus. Great tips for browser security. This is the fourth and final installment in a series devoted to protecting users' privacy on the Internet. So far in this series, we've examined privacy issues concerning hardware, software, and e-mail. In this article, we will look more generally at our usage of the Internet. The Internet offers all of us unparalleled access to information, but it also brings with it unique threats to our privacy. This article will examine some of the ways you can protect yourself.
Privacy - Going, Going, Gone... Even in this day and age, massive databases of personal information are not a good idea. The theory sounds good - a repository of suspected criminals for banks and such to use as a screening tool. But how long before this things ends up corrupted or abused? Leading financial services firms here have formed a private database company that will compile information about criminals, terrorists and other suspicious people, for use in screening new customers and weeding out those who may pose a risk. 5.30.2002
Comforting FBI director Robert Mueller on Wednesday described an organization that is "years behind where it should be in terms of having the technological infrastructure."
Rant I'm posting this piece on electronic checks because it's a pet peeve of mine. It turns out that the process is still pretty antiquated, and a bit of a sham. The processing takes place manually, requires several days to clear and carries a service fee! Look at movie theaters. I can go online, charge my tickets and avoid dealing with any of their people - yet they charge ME a service fee. Corporate thinking has got to change. Technology makes things easier for us and them. It's not an excuse to raise prices, executives need to realize this.
CHO Here's an interesting position - Chief Hacking Officer. How does a CHO relate to a CSO? Actually, I think this is just the media rambling. CHO is just the start-up, cool Internet company version of CSO. In the end, they're all the same. 5.29.2002
It's piling up I have several stories, a few of them quite long, on my "to read" list. It's just been so busy the past couple of days, I haven't had a chance to get through them yet. Certainly a few of them will be posted here, so any day now there will be a flurry of activity. Trying to catch up.
Crack my back My brother Adam just had an article published on his favorite subject - chiropractic. Check it out, the stuff works. Education is an amazing gift. As Chiropractors, it is our duty to educate. We must go out and help flip the switch for those individuals who are still in the dark. If the link doesn't take you there directly, the piece is called Our Duty To Educate.
Project m-o-o-t This piece from the Register describe an interesting crypto project in the works. Sounds like vaporware at this point, but it's definitely something which could be done. It will definitely spark debate, considering the current crypto climate. M-o-o-t seeks to defeat forthcoming RIP Act powers by storing encryption keys and data overseas, outside government jurisdiction and protected by steganographic techniques.
7 deadly sins of WiFi O'reilly has a good outline of wireless security problems. We're all going to use it eventually - either at home or the office. So read it now for a primer on what you need to address when the time comes. Network architects are now faced with the challenge of designing secure networks in light of the known problems. This article will discuss seven of the most pressing wireless LAN security problems and potential designs that can mitigate the risk associated with each of them. 5.28.2002
Carnivore screw-up Slashdot has posted several security stories lately, before everyone else. This story details a botched Carnivore incident. The FBI software not only picked up the e-mails of its target "but also picked up e-mails on non-covered targets," said a March 2000 memo to agency headquarters in Washington.
Busy day Sorry for the lack of posts, haven't been able to read much. Hopefully I'll get some updates later tonight. Some of the stuff from this weekend is very good, make sure you hit those.
Kim Schmitz gets lucky How he got a suspended sentence I'll never know. German glam-hax0r Kim Schmitz (aka Kimble) has received a 20 month suspended sentence from a Munich court after being convicted of stock price manipulation designed to net him €1.2m (£750,000).
The CSO NYTimes weighs in again with another good article. In this piece, they discuss the new position of Chief Security Officer. Definitely something larger corporations need to address. The security field's leading professional organization is drawing up a 5.27.2002
Mafiaboy An exhaustive story outlining the Mafiaboy DoS attacks from a few years ago. As the technology bubble neared its bursting point in 2000, a 14-year-old Montrealer calling himself Mafiaboy disabled much of the Internet economy, alarming the White House and the financial markets. He is a leading character in The Hacker Diaries, a book by Dan Verton, an investigative reporter with Computerworld in Washington. Was Mafiaboy a genius? Was he normal? And why that name? No he wasn't a genius. Just an average kid, from a strange family who had no idea what kind of trouble he was getting himself into.
Trust technology NYTimes Op-Ed: "We have engineered large parts of our system on an assumption of trust that may no longer be accurate," said a Stanford law professor, Joseph A. Grundfest. "Trust is hard-wired into everything from computers to the Internet to building codes. What kind of building codes you need depends on what kind of risks you thought were out there. The odds of someone flying a passenger jet into a tall building were zero before. They're not anymore. The whole objective of the terrorists is to reduce our trust in all the normal instruments and technologies we use in daily life. You wake up in the morning and trust that you can get to work across the Brooklyn Bridge — don't. This is particularly dangerous because societies which have a low degree of trust are backward societies."
Security Engineering It requires a new mindset. It's now a mandatory facet of the design and testing process. Until businesses understand that, we'll see stories like jello beating biometrics and markers skirting copy protection. "Designers of security systems never think, `Let's take a Magic Marker to the edges,' " Mr. Schneier said. "Systems designed by individuals, or even small groups, fail when sent out into the big bad world." 5.26.2002
Security in an insecure world A nice commentary on preventative security. The preventive security techniques discussed in this paper flow from the following axiom: If you can't or don't control a system, you cannot secure it. Put simply, security comes from control. Therefore, preventive security requires giving administrators real control over computer systems. If the administrator cannot prevent people from running malicious code or tampering with data, their systems will not be secure. |
