Security Blog |
6.8.2002
Great start I'm reading True Names by Vernor Vinge. The heart of the book is a novella of the same title, which I haven't even read yet. The rest of the book consists of several articles discussing technology in general. Supposedly they stem from some of the ideas in the short story. What prompted me to post tonight was a fantastic essay by Timothy May of Cypherpunk fame. His contribution, True Nyms and Crypto Anarchy, was fantastic. He does an outstanding job of outlining and explaining many important issues. It's definitely something I'll be reading again. I couldn't find it on the net, but found what appears to be a condensed version discussing similar issues here. However, I recommend buying the book, it's worth it already and I'm only a hundred pages into it. 6.7.2002
United Linux & Security Jon Lasser of Security Focus has some thoughts on United Linux. He feels it could mirror the security problems which have plagued Windows. I see his point, but don't think that will be the case. 6.6.2002
Get ready I've got several privacy articles queued up. Just finished reading this one. It's a good overview of why you need to be worried - now. On May 29, the FBI took another leap, unilaterally reinstating sweeping surveillance powers that were suspended in the 1960s after the original G-man, J. Edgar Hoover, abused them to spy on civil rights leaders and protestors against the Vietnam War. The FBI got these abilities back despite mounting evidence that it and other U.S. agencies failed to thwart last fall's attacks not for lack of intelligence but because they didn't adequately analyze and act on the information they had. Screw up, it seems, and you get more power.
Never works Rob from Slashdot has an editorial at Newsforge on security through obscurity - or an old OS. While what he says is true, he overlooks something. New OS's incorporate more features and compatability than older versions. You can't run a 6-year old version of Solaris on a modern day server. It just won't work. Stick to the basics, use common sense and keep up to date - you'll be OK 99.99% of the time. Here's an interesting way to secure an Internet-connected computer against intruders: Make sure the operating system and software it runs are so old that current hacking tools won't work on it. This was suggested by Brian Aker, one of the programmers who works on Linux.com, NewsForge, Slashdot, and other OSDN sites; he runs several servers of his own that host a number of small non-profit sites in the Seattle area. "I have one box still running a version of Solaris that's so old none of the script kiddies can figure it out," Brian says. "They tend to focus on the latest and greatest, and don't have the slightest idea how to handle my old Sun box."
CNN now During lunch, I got the chance to watch CNN's coverage of the congressional FBI hearings. Very interesting stuff. If you get the chance, it's on right now. They're discussing several relevant topics.
Good link from Slashdot Caught this story today on Slashot. It's an excellent description of the author's experience with credit card fraud and its ramifications. Worth your time. All I wanted was a warm, crispy waffle. But I ended up sending a night-vision rifle scope to some unidentified criminal in Saudi Arabia.
Hit by a bus scenario Don't let this happen to your company. Plan for this type of situation, you never want to appeal to the cracker community for help. The man in charge of archiving and maintaining electronic copies of Norway's most important historical documents is dead and so is access 6.5.2002
Delayed posts Not sure why, but FTP was causing problems all day. I posted multiple times, but everything was updated just recently.
Review Andrew Leonard of Salon reviews the new book Confessions of a Teenage Hacker. Flipped through this book Monday at the bookstore.
Scary When I started skimming over this piece on employee sabotage, I thought it would be pretty standard. However, the second half of the article lists several recent, and scary, incidents. Worth a quick look. A Forbes computer technician deliberately caused five of the publisher's eight network servers to crash as retribution for his termination from a temporary position.
Just say no comment This is why criminals shouldn't talk to reporters. Ego. It can get you into so much trouble. WASHINGTON (AP) Without required approval, U.S. prosecutors sent a subpoena to MSNBC demanding a reporter's notes, e-mails and other information as part of an investigation into a nomadic young hacker who acknowledged breaking into computers at The New York Times earlier this year. 6.4.2002
Security tool compromised Security Focus reports that the popular security tools from monkey.org were compromised with a backdoor program last month.
Security spending remains low The Boston Globe has a good article on security spending, or the lack there of. They point out that while all sign point toward a booming industry, losses have been the norm. ''Everybody wants better security, but they're realizing they can't 6.3.2002
What are they listening to? Security Focus columnist David Banisar discusses the recently released wiretap statistics. He asks several good questions. It is interesting that even after September 11 the war on drugs still appears to be the priority of many of the prosecutors, while the demands for new surveillance powers were all couched in terms of saving us from terrorists. Some day we may find out what they have been doing with these powers. But don't count on it being from the FCC, or the courts. 6.2.2002
Always a scam Note: Hacking contests are ALWAYS bogus. Has there been one in the last few years that was really legit? I don't think so. |
