Very neat news from Sun Microsystems:

Sun Microsystems has donated new cryptography technology to an open-source project at the heart of many secure transactions on the Internet.

Way to go Sun. Great to see the community benefit, especially in light of the recent patent nonsense.

posted by mt at 10:50

It continues to be the hot topic. Richard Forno expresses his opinions:

Today's release of the National Strategy To Secure Cyberspace is yet another Oval Office attempt to gain consensus in dealing with the many problems associated with effective information security in the United States. Unfortunately, in the areas most responsible for the dismal current state of information security, the Strategy fails to recognize and deal with them at all.

If the administration spent one-tenth the time or money on actual security implementation and education (thus leading to long-term solutions) that it does on convening boards of advisors, councils, town hall meetings, and issuing vaguely-worded, broadly-encompassed, slickly-packaged "feel good" reports like this one, there wouldn't be such a large computer security problem needing to be remedied in the first place.

Ouch! That's politics and management for you - lots of meetings, little action. Everyone is complaining, but did they really expect more?
posted by mt at 09:15

The word makes me cringe, but I felt the need to pass this piece from the Village Voice along. It's nice to see such an article in a smaller paper - the quality bests that of some much larger competitors. Definitely some gloom and doom, but a lot of truth as well. Take a look - weed through the FUD and pull out several important points.

In the end, the Department of Homeland Security may fail in its mission because it is reactive rather than proactive, seeking to influence events from on high rather than from the ground level, where effective control can determine the outcome of cyber-conflict. Left unprepared, New York—and the country—could find itself the victim not simply of a cyberattack, but of an utter failure of governing elites to see the writing on the wall.

posted by mt at 14:46

Slashdot notes that one year ago today, Nimda hit the scene. Boy I remember that day - it was fun.
posted by mt at 11:00

Yeah, right. It might be intended for business now, but how long until its used to track people? MS demonstrates tracking technology via cell phones.

Microsoft and AT&T Wireless on Wednesday will show off a new service that will let businesses use cell phones to track the location of workers on the road, such as taxi drivers or express couriers, and more efficiently route them to customers.

posted by mt at 10:11

Here and here are some updates discussing the plan - which evidently will not be finalized today, just another draft.

Industry officials who have seen drafts of the plan and White House briefing documents describe a strategy that will rely heavily on voluntary efforts of home computer users and employers and sets new security standards for government agencies, which have been roundly criticized for ignoring computer security.

posted by mt at 10:08

Early reviews of the Whitehouse's new cybersecurity plan seem to show a glaring omission - MS is left alone. Odd, since they are responsible for so many security holes. The article speculates on why that might be the case.

One explanation for the draft report's marked silence is that there is an unusually close relationship between Microsoft and the White House. Howard Schmidt, vice chairman of the White House's National Critical Infrastructure Protection Board, once worked at the Air Force and then became Microsoft's chief security officer. Schmidt's group, headed by "cybersecurity czar" Richard Clarke, is responsible for preparing this week's report. Scott Charney, Microsoft's current security officer, is another former federal official.

Ahhh, politics.

posted by mt at 10:05

Sorry for the lack of posts today - it was crazy. Definitely a backlog of items for me to review, so check back for updates tomorrow.
posted by mt at 22:11

Heads up - there's a Linux worm making the rounds. Infects vulnerable Apache servers. Sounds interesting because it uses P2P tech to communicate, similar to a distributed denial of service, but more sophisticated.
posted by mt at 08:45

Wired is running a story on some unique video hacks. Pay attention to stories like this - they're out of the normal scope, but will become increasingly popular in time. We're seeing a shift - no longer do we worry JUST about the security of our actual computers, instead we have dozens of little devices popping up which demand our attention.

Even a relatively unskilled attacker can transform some video-conferencing systems into video-surveillance units, using the devices to snoop, record or publicly broadcast presumably private video conferences.

A half-dozen exploits have recently been discovered in the operating system of Polycom's popular ViewStation device.

posted by mt at 08:43

ABCNews has an interesting account of a simulated attack against a police department.

To get an idea of what terrorists could do to hamper an emergency response, ABCNEWS asked Innerwall, a Colorado Springs-based computer security consulting firm, to hack into a police department in a different state and see how much disruption it could cause.

If you read further, you'll see they got pretty far. There's some hype, but the article does a good job of showing just how easy it can be to slip past most security.
posted by mt at 14:11