More Los Alamos news:

Another rule, temporarily in effect after the Wen Ho Lee imbroglio, forced scientists to turn off their computers if they left the room. "If I have a run (of a computer code that takes) eight hours, that means I've got to pee in a bottle," Vixie said. While Vixie and others say they can accept some broad safety and security guidelines, they believe they are bright enough to govern their own actions.

posted by js at 13:51

Feds confiscate 'illegal' domain names:

Federal police have adopted a novel crime-fighting tactic: seizing control of domain names for Web sites that allegedly violate the law.

posted by js at 11:36

kuro5hin.org:

New computerized voting machines are quietly being rolled in across the country, promising to put an end to voting irregularities and "dimpled chads" forever. These machines, however, are doing just the opposite -- rarely providing a verifiable paper trail, with all inner workings undisclosed and classified as "trade secrets." Many concerned citizens and notable computer scientists (Leiserson, Rivest, Schneier, for example) are attempting to lead a charge against these new machines, but their voices aren't being heard.

posted by js at 10:34

@stake has announced a new vulnerability in a popular Nokia mobile phone. While underwhelmed with the news, I think this is an important article. More and more of our daily routine depends on what are essentially small computers. Unfortunately, many of the same security concerns are carried over into this world. Where does that leave us? A cell phone vulnerable to a denial of service attack. Strange days ahead.

If an attacker has been successful in crafting the malicious vCard and sending it to the handset, the phone may behave strangely, freeze or stop accepting vCards.

"This is a good example of why all newly introduced product functionality should be reviewed to ensure that no new security vulnerabilities will also be introduced. A cursory source code audit would find an error of this type," the advisory said.

The vulnerability is not serious - affected users can simply "reboot" their phones, but the flaw has sparked renewed interest in the issue of security vulnerabilities in increasingly complicated mobile phones.

posted by mt at 09:13

According to this Wired piece, it's virtually non-existent. That's troubling, considering the fact that it houses most of our nuclear secrets.

Despite the nation's heightened terror alert status, despite looming congressional hearings into the lab's mismanagement and slack-jawed security, an untrained person -- armed with only the vaguest sense of the facility's layout and slowed by a torn Achilles tendon -- was able to repeatedly gain access to the birthplace of the atom bomb.

posted by mt at 09:50

For a containment-based defense for worms:

With CounterMalice, information technology administrators can divide their organization's network into cells and prevent worms from spreading from one cell to the next...

posted by js at 13:20

An excellent piece in the WSJ today describing Slammer and why it was so "successful".

So the person made Slammer just 404 bytes, a fraction of the size of most other viruses. It was so diminutive because it performed just two basic operations. First, it generated a random Internet Protocol number -- there are four billion possible IP numbers, and each computer online has one. Then, it mailed itself to that IP number.

It ran these steps in an endless loop, over and over again. Infected machines would spew out the virus randomly, all over the world, untold thousands of times a second. Each new infection would join this clone army.

Reaching nearly every vulnerable machine on the Net -- an estimated 75,000 out of the millions online -- took just 10 minutes. Previous viruses had taken hours, even days to reach saturation.

posted by mt at 08:22