Security Focus has a new columnist - my friend Scott Granneman. Check out his first piece on Al-Jazeera, the First Amendment and Security Professionals.

As security professionals, our duty is to uphold data integrity and availability, and to make sure that systems can be accessed. If you're American, the principles of the First Amendment need to come into play as well. You might not agree with everything Al-Jazeera publishes, but their right to publish should not be endangered by electronic vigilantes. After all, you would ask the same protection for your company's Web site regardless of what your competitors may wish.

posted by mt at 10:27

The WSJ has a piece on credit card companies using profiling and pattern matching techniques to catch fraud. The downside is what's referred to as the "personal insult" factor, or legitimate purchases being denied. Very interesting read if you get the chance. The article discusses several of the techniques in use.

The card companies raise the red fraud flag for any one of dozens of reasons. They're constantly looking for spending that doesn't fit normal cardholder patterns, or those of the retailers where people might be shopping. Most Americans don't buy computers in Paris, for instance, but a thief who stole their card might. Card companies are skeptical of purchases in foreign lands with high rates of fraud, including Russia, most of Eastern Europe and South Africa.

posted by mt at 08:59

Slate has an interesting blurb on social security numbers.

Paranoid anti-government types aren't technically required to have a Social Security number, but life in the U.S. is virtually impossible without one. The IRS requires all employed citizens over 18 to have a number, and a Social Security number is essential to opening up a bank account, paying taxes, and obtaining health insurance. Once you have a number, you can't opt out of the program. On extremely rare occasions you can change your number, but only if you can prove that keeping your current digits is a threat your well-being—say, if you're being pursued by a relentless stalker.

posted by mt at 09:54

First Richard Clarke, now Howard Schmidt. He was only there 3 months! Is the gig that bad? And can the replacement have the proper qualifications. Please.

WASHINGTON (AP) -- White House cybersecurity adviser Howard Schmidt announced his resignation Monday, the second person to leave the post in three months.

Schmidt was the former chief of security at Microsoft Corp. before taking the post in February. He succeeded Richard Clarke, who had spent 11 years in the White House across three administrations, and was the president's counterterror coordinator at the time of the September 11, 2001, attacks.

posted by mt at 09:38

In some aspects, it's already here. But Cisco is going to make it easier to do. News.com investigates.

Cisco Systems has created a more efficient and targeted way for police and intelligence agencies to eavesdrop on people whose Internet service provider uses their company's routers.

The company recently published a proposal that describes how it plans to embed "lawful interception" capability into its products. Among the highlights: Eavesdropping "must be undetectable," and multiple police agencies conducting simultaneous wiretaps must not learn of one another. If an Internet provider uses encryption to preserve its customers' privacy and has access to the encryption keys, it must turn over the intercepted communications to police in a descrambled form.

posted by mt at 12:24

Cracker's respond to Madonna's attack on P2P. I find their answer pretty amusing.

After asking P2P users, "what the f--- do you think you're doing," a few apparently answered her back by hacking her website, and hosting her album. As of now the server is unreachable. You can find a mirror of the defacement here, however.

posted by mt at 09:51

Has it been 10 days? Busy couple of weeks.
posted by mt at 09:49