Drudge has posted a snippet of Dick Armey's farewell speech. Some very grave warnings.

"And so the courage of America is being called upon more than at any time in my lifetime. And what I fear I hear is an echo chamber of voices in America that are saying, ``Give us greater dominion over your personal liberties and we will make you secure.''

"Now, I can tell you, ladies and gentlemen, we'll be safe if we have a cop on every corner. We will be safe if we have a spy camera in every hall. We'll at least be safer. We will be safer if we have an elaborate system by which we, in the ordinary business of life, spy on one another and report it to the proper authorities. We will probably be safer if we have a national identification card. We may be safer, in fact, if we could snoop on the Internet and read everybody's e-mail.

"There are many authorities that we can extend to the government of this country that'll make us safer. But will we be free?

posted by mt at 22:25

Scary if the accusations prove true.

Federal agents have raided a Boston-area computer software firm looking for evidence that the company, which does business with key government agencies including the FBI, might have links to Osama bin Laden's terror network.

posted by mt at 14:45

Not much out there. This is a little old, but SecurityFocus has some Comdex notes online - a nice summary of the security related vendors.

Comdex Fall 2002 was far from previous year's heights, but still continues to function as a smorgasbord for the information technology world. No surprise, then, that some security companies were there serving up products.

At the same time, Comdex failed to draw many of the major security vendors. While the pickings were slim, some of them might prove interesting.

posted by mt at 21:17

It's changing the way things are done. Even bad things. From Drudge:

26 students cheat on exam using Internet-capable cell phones
12/04/2002

Tokyo (dpa) - Twenty-six students at Japan's prestigious Hitotsubashi University cheated in an exam by sharing answers through Internet-capable cell phones, a university spokesman said on Wednesday.

A professor teaching an Introduction of E-commerce class, became suspicious after many students had exactly same answers in the exam, the university's vice president, Takehiko Sugiyama, said.

Upon questioning, the students admitted that they sent each other e-mails through their cell phones during the exam. The 26 students did not get credits for the class.

posted by mt at 14:57

I hope this makes Scott happy. The post times below each message are now permalinked to the archives - enjoy.
posted by mt at 18:18

This is how encryption software should be released.

PGP 8.0 SOURCE CODE DETAILS

We are making the full source code to PGP 8.0 available for peer review. After reading and agreeing to the license agreement, you may download the source code.

Permissible Use

Our intent with this release is to allow interested individuals to review the source code for correctness and to verify that our compiled binary software produces the same ciphertext as the software compiled from source code does.

Our intent with this release is not to make the source code available to others for reuse or to provide information about implementation details so that it may be reproduced in other software.

posted by mt at 17:43

I have a new article up at Security Focus - a DDoS primer. A more in depth version should follow this piece up in the coming weeks.

DDoS attacks first made headlines in February 2000. Now, almost three years later, can it be that we're still vulnerable? Unfortunately the answer is yes. This article will explain the concept of DDoS attacks, how they work, how to react if you become a target, and how the security community can work together to prevent them.

posted by mt at 16:12

Running right now at Wired. TIA, homeland security and ID theft - check them out.
posted by mt at 20:51

I'm posting a short piece from the NYTimes below. Couldn't have said it better myself.

The Insecurity of Computer Security
By JOHN SCHWARTZ


The thieves who stole the credit histories of more than 30,000 people, law enforcement officials said last week, succeeded because Philip Cummings, a low-level employee of Teledata Communications Inc., had easy access to the material and was willing to steal it. Mr. Cummings, one of three people under arrest for what officials describe as the largest known case of identity fraud, was paid as much as $60 per person for credit histories.

Just weeks prior to those arrests, three former fraternity brothers were arrested on charges of trying to rig the computerized betting system in the Breeders' Cup horse race, hoping to win nearly $3 million. Again, an insider, Chris Harn, allegedly used his position as a programmer at Autotote, a racing service company, to cheat the system.

Not long ago, society feared the anarchic compulsion of hackers to penetrate any system designed to keep them out. But the greater threat to an increasingly computerized world, security experts said, comes less from high-tech bandits than from trusted insiders and the trust with which computer systems are generally regarded by society.

The truth is, any system can be hacked, and it is always easier to do from inside. Moreover, the greater the payoff, the more likely a hack.

This should give everyone pause, as government and industry look to ever- larger databases and networks. The newly revealed "Total Information Awareness" program, for example, will amass a huge database of financial, medical and personal information — a treasure house for data miners to abuse.

Systems like these, whatever their intent, will inevitably create "a greater risk to identity theft," said Ari Schwartz of the Center for Democracy and Technology, a Washington policy group.

Risk experts feel even greater qualms about another system now moving toward the virtual realm: elections. This, democracy's biggest prize, will inevitably become a target for interested insiders as votes change from verifiable paper and mechanical ballots to bits, said Peter G. Neumann, a principal scientist at the computer science lab of SRI International, a research institution.

"It's clear that humans aren't infallible," he said. "It's clear that machines aren't infallible either — no matter how carefully they're designed."

posted by mt at 20:45

Thanksgiving is over - hope everyone had a good weekend. Back to work.
posted by mt at 20:36