still no good.

With a hand-held scanner, researchers were able to pick up information from company wireless networks by simply driving around the streets of London. The research identified that 63 per cent of the networks surveyed were left on default configuration, which clearly identifying the company owning the data and where it was coming from.

The overall security picture has barely changed from last year when, using the same methodology, researchers found 67 percent of London companies surveyed left their wireless networks poorly secured against potential attack.

posted by js at 18:55

New M$ security initiative for the non-expert, covered by The Register:

...this week it offered a small concession - an email newsletter intended to cover the same territory as the TechNet security notification service, but in less technical language.

posted by js at 08:40

Make way for new technology story linked from SNP:

“What we're saying here is that [the] original notion of IDS has just fallen over at this point” The problem is that an IDS that flags anything possibly malicious simply produces too many alerts, says the analyst. “If you're dealing with more alerts than you can interpret, it doesn't do you any good.”

posted by js at 14:04

TIA update in NYC courtesy cryptome:

In another diminution of citizens' rights since the Sept. 11 attacks, a federal judge has eliminated virtually all the restrictions of the Police Department's Handschu commission, a body that limited the department in conducting investigations into lawful political activity.

posted by js at 12:04

Link:

The boy told reading teacher Susan Seal he left his lunch in her room, according to a sheriff's report. Instead of retrieving his meal, he sat down at her computer, changed the grades of five reading assignments and saved the changes. Math teacher Tanya Schmidt saw the boy at the computer and asked what he was doing.

posted by mt at 08:54

Jericho's take on Richard Clarke's departure. He's not sad to see him go.

The role of Cyber Security Czar is simple but important. Make informed decisions and recommendations so that the presidential administration can act responsibly in shaping legislation and standards that will affect the Internet. If such a czar is not making informed recommendations or finds himself using fear, uncertainty, and doubt as a tool to further his soon-to-be private sector life, then he isn't fit to hold the position. Grossly misstating facts to undermine the security and confidence of the Internet you are tasked to protect before entering the private sector that profits heavily off those insecurities is tantamount to fraud.

posted by mt at 12:40

The Domestic Security Enhancement Act. Be afraid.

"I think the Department of Justice has concluded that it wants the ability to use these techniques in virtually every situation," says Marc Rotenberg, director of the Electronic Privacy Information Center. "This is breathtakingly bad. Apart from the dramatic expansion of government surveillance authority and government secrecy, (the DSEA) transfers enormous power from the Congress and the judiciary to the executive branch and gives the attorney general absolutely unprecedented authority. This is more than an assault on constitutional liberty--it is an attack on the constitutional system of checks and balances."

posted by mt at 08:52