Subscribe: Al Macintyre: Security
http://radio.weblogs.com/0107846/categories/security/rss.xml
Added By: Feedage Forager Feedage Grade C rated
Language: English
Tags:
computer security  computer  good  mail  microsoft  new  news  people  security  software  someone  system  time  unquote  word 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Al Macintyre: Security

Al Macintyre: Security



Computer Security, Homeland Security, other kinds of Security that Al Macintyre has opinions on.



Last Build Date: Sun, 22 Dec 2002 08:21:38 GMT

Copyright: Copyright 2002 Al Macintyre
 




Sun, 22 Dec 2002 08:21:38 GMT

From [Boing Boing Blog]

Copy of report referred to in NYT story re: Total Internet Monitoring plan. (image) This link to a September, 2002 draft of "The National Strategy to Secure Cyberspace" appears to be an earlier copy of the report mentioned in today's NYT story about Bush administration plans for centralized monitoring of the Internet.

Link Discuss (Thanks, Tom!)
From [Boing Boing Blog]





Mon, 16 Dec 2002 08:09:43 GMT

I started post here today with my idea for e Bounty Hunting of spammers, virus creators, and other e-unwanteds.




Sat, 07 Dec 2002 19:05:51 GMT

Court to rule on software that copies 'protected' DVDs. New Scientist Dec 7 2002 7:05AM ET [Moreover - Science news]

Interesting case here

  • The really interesting arguement here is that the copy protection scheme has a humogous loophole or design flaw ... the backups of movies are made at a point in the process when the copy protection scheme is non-functional, so nothing in fact is being spoofed.  The courts will have to rule on whether or not it is legal to exploit the stupidity of your adversaries.
  • I thought copyright law made it legal for us to backup software, but did not make it a right, so that software companies were free to offer stuff that is impossible to backup.
  • I thought copyright law with respect to software backups allowed multiple backups, but basically ruled that only one copy could actually be running ON THE COMPUTER with ONLY ONE USER per software license.
  • This article implies that I thought wrong about that, and that we are back to the interpretation that loading software from CD Rom or diskette or Internet download is a violation of copyright law because we are COPYING it from the purchase media into our computer.
  • I thought copyright law was a bit different for different kinds of media ... software, printed literature, music




Sun, 24 Nov 2002 08:35:24 GMT

[David Fletcher's Government and Technology] has many links of Security Interest: QUOTE





Fri, 22 Nov 2002 04:53:51 GMT

[Ernie the Attorney] QUOTE - I was at Ochsner hospital today (my teenage daughter was having a benign tumor removed, and everything turned out okay).  When she was in the pre-op area I noticed the laptop in the room that was on a rolling cart.  It was a Dell laptop with a Wi-Fi antenna and, though the power socket was plugged in, the cart was designed to move around from place to place (obviously after unplugging the power cord).

I asked one of the nurses about the wireless system.  She told me that the mobile laptops have been used in the surgery area for about two years, and were now being used throughout the hospital.  The wireless laptop has access to the Internet, but the laptop is configured with special software that the hospital uses (and other hospitals use as well) for immediate entry of patient information directly into a central database.  This allows the hospital to have the patient's information updated on the computer system in real time.

I asked her what she thought about the system.  She said that it had taken her awhile to get used to it.  The hospital apparently only sent about four "power users" to be trained and then they trained everyone else. But now that the system was running she said it was very good and only had a few problems.  She agreed that it was overall a good thing and would lead to better information about patients and less reliance on paper.  But she complained that she still had paper forms to fill out and, in fact, had even more paper forms to fill out because of the new system.  She said it this was bourne out of an obsession for "backup."  I don't think she really knows what the real reason is, but I wouldn't be surprised if she was right.  Hospital administrators live in dread fear of mishandling patient records, or at least of being accused of doing so. 

But I digress from the more important point: wireless in hospitals.

I knew that Oschner had started to implement a wireless network because one of our firm's outside computer consultants used to work there and had told me about their initiative. I understand that it is a difficult proposition for a hospital to try something like this, and I'm glad to see that Ochsner is giving it a try.  I don't know how they've got their system set up, but I will say this: I booted up my laptop in the patient waiting area (which is admitedly far away from the surgery area, i.e. +500 feet) and didn't pick up any signal.  Obviously, in terms of network security, that's a good thing.

UNQUOTE [Ernie the Attorney]




Tue, 19 Nov 2002 20:08:39 GMT

I started a story on Identity Protection, which collects various ideas on what to do to minimize our risk of someone stealing our credit, and what should be done after an incident, beyond the standard advice.




Mon, 18 Nov 2002 08:19:18 GMT

www.netcrimes.net and Misdemeanors is the latest book I have taken a look at.  It is written great!  Each chapter is a mixture of stories of real problems for real people, showing us what it is to be a victim of out-of-control: cyber-stalking (get help via www.haltabuse.org if you a victim of this); identity-theft (more kinds than I knew about, which means I need to say more in Identity Protection than what was implied by Stop Identity Theft because my Banking Stories may have distorted my vision as to where the greatest threats come from, www.cybersnitch.net has advice how not to become the next such statistic); hostile people out there posting stuff that pretends to be from you; spam; hoaxes; all sorts of frauds; what you ought to do about it, with tons of useful links.  Some of these connections will be making their way onto my web site in future postings.  Some have already come here, although with a somewhat different spin than that of www.jahitchcock.com J. A. Hitchcock.  Here are some wonderful starting points.

  • www.trf.k12.mn.us/lhs/shutthedoor.html = safety brochure to help schools and law enforcement understand about anonymous e-harrassment and what can be done about it
  • If you want spam or want more than you already getting, then sign up at www.iwantspam.com
  • If you sent $ in the mail to some place to buy something that was communicated to you via the Internet, and you now think you have been cheated, prompt contact with postal inspectors can put a scammer in the slammer www.usps.gov/websites/depart/inspect
  • Got questions about computers and the Internet? Check out http://whatis.techtarget.com and www.askanexpert.com
  • Do you suspect that there are programs hiding on your computer that should not be there?  I not talking viruses & trojans but spyware.  Check out www.cexx.org/problem.htm and www.lavasoftusa.com
  • Let's suppose someone might be impersonating you and behaving in a disreputable manner, you can keep track of yourself online by submitting your first & last name, or your e-mail address to www.tracerlock.com and they will e-mail you when it finds a match (I know I am in a LOT of places legitimately)




Fri, 15 Nov 2002 21:10:08 GMT

[Ernie the Attorney QUOTE Oops!  Honey, I forgot to redact the document! - giving your opponent a document with sensitive information exposed is not a good idea.  That's why people use black markers.  But what about electronic documents?  Anyone ever hear of "meta-data"?  Please, people.  Let's be careful out there.  If you are an attorney and don't know what I'm talking about (especially if you use Microsoft Word) read this. UNQUOTE [Ernie the Attorney]

In earlier posts I have shared how Word documents can contain all sorts of stuff you not want to share, and how unscrupulous people can send you what seems like an innocent document, but it really contains software that acts like a virus to do Industrial Espionage.  That is a great link by Ernie to an article on www.law.com about electronic documents in general.  It is not just Microsoft stuff you have to manage.





Thu, 14 Nov 2002 18:45:57 GMT

I have added Stop Identity Theft which has my proposed solution to a problem that causes grief to far too many people today.




Thu, 14 Nov 2002 04:33:05 GMT

e Week has a big story on where the jobs are in the USA for computer people.

There are a lot of us who are somewhat depressed about the economy, large layoffs all over the place, dot com melt down etc.  We can forget that while the economy may be bad overall, there are always places with growth and stability.  They move around the country as geography and technology evolves.  Some industries have not suffered in the current economy, such as biotechnology, health care, defense spending, which has led to growth in computer jobs some places.  e-Week analysed data from the federal Bureau of Labor Statistics and other sources, and concluded that the best areas of the country to relocate to, if you want to be where the computer jobs are:

  • New York's Capital Region
    • Thanks to IBM, Eastman Kodak, Bausch & Lomb, Corning, and other companies, this area was a tech center long before the dot com boom.  In 1999, NY ranked 4th in the nation for attracting venture capital, and 3rd for R&D spending.  This seven county region, consisting of Albany, Troy and other cities, continues to have a strong economy for growth in computer jobs.  One of the newest companies here is looking for experts in bioinformatics, such as analysis of DNA sequences for nanotechnology.  Check out www.hightechNY.com for current job openings.
  • Northern Virginia Beltway
    • Defense Contractors are booming with approx 5,000 IT jobs going unfilled.  Background checks for a good security clearance can take 18 months.  Biomedical also has great prospects.
  • Southern California's Inland Empire
    • East of Los Angeles created 29,700 new IT jobs in July and 26,000 in August, the highest rate in the nation, because it has become a major center for distribution, thanks to inexpensive land, a diverse industrial base, including industries that are today's drivers of tomorrow's economic growth.

There's an article of tips for relocating, and one on the methodology they used to determine the three top areas.





Mon, 11 Nov 2002 18:00:46 GMT

[Boing Boing Blog] QUOTE

Open spectrum explained for the laity. Seattle Times has run a great story on the group of "lawyers, engineers and telecommunications analysts" who are lobbying the FCC for cognitive radio and open spectrum.

In an ideal world, the FCC would treat the airwaves like a highway system nobody owns and enforce rules governing how people use its lanes without crashing into each other, the group says. And in cases where this isn't possible, the FCC would allow people to drive across other people's "property" as long as they keep a low profile and don't do any damage.

Given this freedom, inventors and entrepreneurs would invent new vehicles and new ways of using the highway, the thinking goes. Consumers would finance the development of the airwaves by buying the devices that suit them best and abiding by the rules of the road that prevent nasty accidents.

But to make this vision a reality, the devices need a slice of the spectrum that would form a virtual park or an airwaves commons where equipment makers and others could experiment. In addition, common protocols — industry standards that allow devices to understand each others' communications — and rules are needed to prevent accidents and to make sure everyone gets a fair shake.

Link Discuss (Thanks, Howard!) [Boing Boing Blog]

Let's hope the FBI crew that's checking up on War Chalkers, also reads this perspective.  I also think there may need to be some standards to avoid electronic smog, where equipment is controlled by signals delivered by wireless, but the wireless can also pick up signals from unrelated activity that is sharing the same spectrum.  If the controller cannot tell the difference between the authorzed control signals and the unrelated traffic, then something can crash, which can be very dangerous if that something is robotoic, transportation, medical, public services, etc.





Fri, 01 Nov 2002 17:19:12 GMT

Risk Management tips in Oct 2002 Praxis includes ways to hide your e-mail address from spammers, yet still make the obvious to real people (see in my Search Engine Tips the many ways to get at people's e-identity), also what viruses trojans worms etc. threats and Microsoft Vulnerabilities are going around and what you can do to protect yourself.




Tue, 29 Oct 2002 18:50:12 GMT

The Economist: The weakest link. Human failings, in other words, can undermine even the cleverest security measures. In one survey, carried out by PentaSafe Security, two-thirds of commuters at London's Victoria Station were happy to reveal their computer password in return for a ballpoint pen. [Tomalak's Realm]




Sat, 26 Oct 2002 18:04:52 GMT

What I personally fear the most about embedded chips is that If having this chip makes it easier to find someone who has been kidnapped, then at the same time, having this chip makes it easy for would-be kidnappers to find their victims, chop out the chip from the body, and leave it with a ransom note, so that when the rescuers zoom in on the chip, they find what the kidnappers want them to find.  Also kidnappers can browse info about people in a crowd, to match up someone easy to seize with someone who is worth seizing, on the basis of what the embedded chip tells them, when they look up the code number. Some institutions will begin to require that their employees or customers have this embedded chip as part of their security system. Potential crooks will think the embedded chip is the only thing they need for access to the facility. Humans will be assaulted for the purpose of chopping off whatever part of their anatomy is thought to contain the chip, so that the crook can then use a human arm with an embedded chip as the key to try to unlock access to whatever facility they want to break into. At one college, it is your thumb that the thieves will want to chop off.  http://www.wired.com/news/privacy/0,1848,53912,00.html http://www.vortex.com/privacy.html It is bad enough now that crooks want to steal my wallet, or break into my home and steal property from me, or steal my identity, but with this technology, future crooks will want to chop off part of my body. Wired Articles on Privacy: http://www.wired.com/news/privacy http://www.wired.com/news/privacy/0,1848,55999,00.html The initial version of the VeriChipID is the size of a grain of rice.  http://www.adsx.com/prodservpart/verichip.html It needs to be activated by a scanner.  It gives a code number, that when looked up in a data base, gives whatever info the wearer has decided will be in that data base.  However, much more advanced versions are in the pipeline, such as Digital Angel, which combines Global Positioning (GPS) system and monitoring service, to help keep track of people with certain medical conditions, school children, where the legal system needs to keep track of them, and potential kidnap victims.  Sex Offenders are branded for life in some states, but not yet with this chip.  Perhaps some Catholic Priests need to have the Mark of the Beast added to their anatomy, so parents can scan child care providers before entrusting their children to their care. http://www.wired.com/news/business/0,1367,50004,00.html http://www.wired.com/news/privacy/0,1848,55740,00.html http://www.wired.com/news/school/0,1383,54604,00.html http://www.wired.com/news/business/0,1367,53075,00.html   Remember Lojack?  http://www.lojack.com/ This is a system used to help the police locate stolen vehicles, that have had Lojack installed in advance.  Depending on how large Lojack is, and how obvious it is to thieves who might want to remove it during the theft, before the theft is discovered, some people might want this installed on other products of value ... would it interfere with the operation of a computer for example?   Well what we are talking about here is a similar concept embedded in human bodies.   A similar chip has been embedded into pets so animal shelters can identify the owners.  Three different companies market these devices.  There is some controversy over whether the technology works as advertised. http://www.gcn.com/archives/sl/1997/November/desk.htm   Several versions of this product, from several companies, are being marketed in Latin America with an GPS that keeps track of where the person is, who has the c[...]




Fri, 25 Oct 2002 07:56:30 GMT

Anyone stop to consider this guy might be a cop? [Adam Curry: Adam Curry's Weblog]

Well now that he has been arrested we know he really is ex-military, All American deadbeat family abuser.  I thought he might be media.  The trick was not in getting to the attack site, but in being non-suspicious after an attack.  What profession can legitimately be in any community at any time, without anyone questioning them?  A news media person.

Stick around, wait for the police to descend on the scene.  Show up and try to interview them.

But now we know the sniper team was driving around in a personal attack vehicle disguised as an ordinary auto, so when stopped at a road block, the weapon hidden below the trap door.





Tue, 15 Oct 2002 09:37:48 GMT

I have worked with various different kinds of computer security over the years, but I am no expert at it.

Al Rule # 1 = You cannot padlock a tent or house of cards.  Security needs to be built into the foundation of the computer system, preferably via a rock solid operating system.

Al Rule # 2 = Computer data can be accessed by a variety of tools, software hardware and tapping into the flow of data.  Just because the software you using cannot see the passwords or unencrypt the data flow does not mean that some other person software cannot do so.

Al Rule # 3 = It is not unusual for purchased computer systems and software to come with back doors left there by developers.  You have to do business with reputable firms that do not condone such behavior.

[BlogFish] found insight in [Jon's Radio]

Use Private Keys, no - Use Public Keys, no - ....

Jon Udell is opening a can of worms, I must not look...

I always knew there were ways to encrypt information and I accepted that. Then I was assigned the task of revamping our software licensing process. This required me to choose an encryption method. Choosing an encryption method required me to justify my selection against its alternatives. Justifying my selection required me to understand both my selection and the alternatives that I did not choose.

So I did some reading, and once I understood the difference between Private Key Encryption and Public Key Encryption, I changed my mind. Public Key Encryption surely seemed like the better choice.

If some rogue ex-employee were to take the private key and issue passwords for a discounted price, we could throw out the old key pair and replace it with two new keys. Because one of the keys of the pair is public, we could simply distribute it along with the encrypted information. No need to hard-code the private key in the software, right? No need to require customers to reinstall existing software, right? No need to maintain legacy password generation programs, right? (Anyone who has done this before, please comment...please throw me a clue...)

Yes, I thought I finally had gotten it. Public Key Encryption provides more convenience, more security, more robustness than Private Key Encryption.

I am trying to resist looking at Jon Udell's post. He is questioning his long-held assumption that Public Keys were the way to go.

Remind me why I need a public key. Dick Hardt, founder and now CTO of ActiveState, was prowling around the digital ID conference asking a deceptively simple question: "Why do I need a key pair?" ...
[Jon's Radio]
[BlogFish]




Mon, 14 Oct 2002 08:50:57 GMT

Avoiding the Sniper Dog News lives in the target zone so I been sending her various thoughts.  Here below are some of what I think were my brighter ideas.  Some of my ideas may be a bit dumb, but I hope on balance I have shared ideas that Y"all will find worthwhile thinking about.  I have updated this mini-essay several times, most recently  mid-day Thursday Oct 17.  If you want to print it out, figure 5 pages. She told me about a friend seeing a vehicle that looked exactly what the police were watching the public to be on the look out for, but all the police phone lines were busy, so I suggested calling that into the news media.  Have them tail the suspect vehicles until the police clear them.  The friend was not able to leave her job, at the time of the witnessing.  Another thought is to have standard forms, downloadable from police web site, for witnesses to fill out when something fresh in their mind but access to the police not practical.  At the time of the anthrax scare, and at times of bomb threats, we have had similar forms from the police that spell out what should be done when an incident occurs. Put in perspective that while the sniper has killed 11 people in 11 days, in the same time period there have been 14 unrelated homicides in 5 of the 6 communities where the sniper has been active, while even more people die in traffic accidents (68 a year in DC, 660 in Maryland, 935 in Virginia).  This is not really as bad as people in other countries have to put up with all the time.  Get a pen pal in another country to understand what it is like for them and see that we might be over-reacting to this latest crime spree. Is this a good time of year to visit Disneyland?  Get away from the daily worries and have a good time somewhere else?  Your auto club can probably print out maps of driving routes that take you to interesting places that are not on the sniper past visitations or even close. If you want to get away for a while, consider that while you have a good job, there are hundreds of thousands of people around the country who are out of work.  Perhaps you can organize a trade.  You get away and live in someone else community for a while, and someone else take over your job and income until you ready to come home.  In academia this is called taking a sabattical.  Some Professor and family trade homes and jobs with some other Professor and family in some other city.  The University has teacher all the time.  Professor and family have nice place to live.  Basically they trust each other, something like exchange students. Say, how about exchange students your kids go live in some other city until DC is safer place again?  Travel broadens the mind, so it is educational also. The sniper is not neccessarily someone with police or military training, because so far all the victims have been people who were easy targets for someone who is a good shot, and desires to continue killing random victims.  Ask someone who does have relevant training to suggest to you how to avoid being an easy target.  I think that right now, many people in the communities, that the sniper is preying on, could use a police briefing, not on the kind of stuff that the media is demanding, regarding progress or lack of progress finding this serial killer, because past criminals of this nature have gone on killing sprees that have lasted months or years before they got caught.  Rather, what I think the people need is community policing meetings briefing the people on how to minimize risk of b[...]




Sun, 13 Oct 2002 21:07:23 GMT

What we have here are some links inspired by me visiting places that are visited by people who also visit my site, showing some interests that we have in common.

  • Christian stories that never happened.
    • I'd like to see something similar on other Religions, because those of us who are not believers can sometimes have a hard time distinguishing truth vs. distortion.
  • Computer Virus Myths - how to spot them.
    • Warning - that site disables the back button.
  • Darwin Awards for people who have found incredible ways to remove themselves from the gene pool.  These are true stories, that someone could easily think were made up.
  • Discuss Urban Legends.
  • Electronic tour of artistic renditions of Urban Legends.
    • I was not impressed with what I sampled, but different strokes for different folks.
  • Hoax Identification Education
  • Hoax Kill Service
    • Once you find out if a message is a hoax you can send it to a designated email address and their software will then extract the addresses of all previous recipients from the message and inform them all that the message is a hoax.
  • Humor about Hoaxes.
  • Latest Urban Legends.
  • Net Lore and Urban Legends.
  • Norton Symantec Security Response Directory of e-mail Hoaxes.
  • Researching Urban Legends
    • This might be where my sister got the idea that the volume of visitors to a website, translated into extra charges for bandwidth.  Oh! that Is a true story for this site.
  • Scam Busters list e-mail chain nonsense and other scams, tips on fighting spam, lots of good links, also including links to info on real computer viruses.
  • Scope of Urban Legends.
  • Many people think something is a hoax when it is not. See my  Sep 20 post about the plight of a Nigerian woman, sentenced to be stoned to death for the crime of being jilted by the husband of her child, in which I got a flood of referers due to people searching Gooble and other engines for information on the hoax details on this story, so their only hits were on sites that both talked about this real life situation, and some unrelated hoaxes.




Thu, 10 Oct 2002 20:20:23 GMT

[Chicago Sun Times] reports insider identity theft of 5,000 employees of the state of Illinois in which crooks in Indiana, and other states, opened credit card accounts in the names of the victims, then stuck them with the bills for what was purchased on those accounts. 




Wed, 09 Oct 2002 22:13:49 GMT

W-O-O-D-Y-S--O-F-F-I-C-E--W-A-T-C-H Volume 7 Issue 47 is really annoyed with Microsoft.  W-O-O-D-Y-S--O-F-F-I-C-E--W-A-T-C-H describes QUOTE security holes in Word so big they defy description. UNQUOTE Subscribe to W-O-O-D-Y-S--O-F-F-I-C-E--W-A-T-C-H for the low down on understanding that Microsoft Security is an Oxymoron.  There is a wealth of information in this regular e-newsletter. Scenario: Bob has access to a file. Alice wants it. Alice sends Bob a document, innocently asking Bob to edit it and return it to her. When it comes back, it contains the file that Alice wanted, and Bob is none the wiser.  Bob cannot block this with anti-virus or any of the usual PC security because this is the way Microsoft Word is supposed to work. or, Word can "phone home" to Alice web site, delivering what she wants.  Bob does not need to send the document back to Alice and she can still get copy of the file she wants.  Woody showed Microsoft step by step exactly how that could be done, Sep 17, and the latest Microsoft press release is still pretending that this capability is not in their software. Oct 5 Woody sent Microsoft a demonstration Word document that when opened, sends Woody the first 230 characters of any file on your PC that he cares to name, to anywhere he cares to send it. Contrary to Microsoft public statement, Alice does not need to know the absolute path to Bob's file.  The person doing the pilfering can use just the name of the file without knowing what directory it is in. You can go after just about any file, such as the passwords file, so long as you know how Windows organizes these things. The ability to do this stuff is what Microsoft calls a feature, so obviously, to Microsoft, this is not something they have any commitment to fixing. W-O-O-D-Y-S--O-F-F-I-C-E--W-A-T-C-H QUOTE LIES, DAMN LIES, AND MICROSOFT   Man, am I ticked off.   On October 8 - yesterday - I received a copy of Microsoft's   Inside Office Newsletter. Under the headline "Answers to   Concerns About Security in Word" there's a link to   http://www.microsoft.com/technet/security/topics/secword.asp   , where you'll find the same press release Microsoft posted   a month ago about the "confusion and speculation"   surrounding the huge security holes in all versions of   Word. This is the first time Microsoft has notified its   customers about Alex's Document Collaboration Spy problem,   as far as I can tell, and instead of telling something   resembling the truth, all we get is more obfuscation.   Recycled obfuscation at that.     Only Microsoft would have the unmitigated gall to lie so   blatantly, at this late date, and expect their customers to   swallow it.  I use the term lie quite deliberately,   Microsoft is still making statements that it knew then and   knows now are totally false.     YODA tore the press release apart in Woody's Windows Watch   a couple of weeks ago  ().    But YODA only knew part of the story: he didn't know   about the security holes I've been feeding to Microsoft,   and he hasn't seen the gaping exposures other folks have   encountered. The truth is far more devastating than   anything YODA could imagine.     In this issue of Woody's Office Watch, I'm going to show   you specifically how Microsoft is lying to you.[...]




Wed, 09 Oct 2002 06:15:09 GMT

[Eclecticity: Dan Shafer's Web Log] QUOTE

The Problems With Word on OS X Are Worse Than I Imagined

Word has become, for me at least, almost unusable since my upgrade to Jaguar. Here's what Microsoft's MVP support team has to say on the subject:
Unfortunately, Word is not going to work properly under Jaguar unless Microsoft releases a patch for Microsoft Office. The problems have now been analyzed, and the experts have found that Word v.X is not fully compatible with Jaguar, and there is nothing you can do to make it so.

What incredible garbage. Now what am I supposed to do? I have a publisher waiting for a book. They use Word. Their feedback to me is in Word comments, which are frigging broken in Word on Jaguar. Arrogance screws the little guy once again.

UNQUOTE [Eclecticity: Dan Shafer's Web Log]

Well here is a candidate for a souped up Lindows, since Word works on that Linux package.  Do your word processing on Star Office for Linux and output the document as RTF standard which Word will accept.  Just use Lindows to make the file acceptable to your publishers, and to get at their comments, while you do your real work on the computer of your choice.





Thu, 26 Sep 2002 21:45:52 GMT

[Chicago Sun Times] shares a couple stories about Zero Tolerance of Modern School Administrators:

  • A Nebraska 7th grader found some marijuana in his classroom and turned it into to the office.  He was suspended because, the act of picking it up and carrying it to the authorities constituted possession of marijuana.
  • A Florida sophomore honor student saw a bag of pills on school grounds and did not follow the example of the Nebraska student because she was afraid of getting in trouble for possession of the contraband in the short distance of carrying it to the authorities.  She has been told she will be expelled for failure to do so.

This reminds me of in Illinois where youngsters are encouraged to clean up the environment, but it is illegal for them to remove beer cans and alcohol bottles from the road side, because that means that those empty containers inside their garbage bags constitutes possession of those containers by a minor.

The lesson for these kids is to

  • Do not touch the illegal substance - drugs, guns, whatever.
  • Carefully write up a statement of where you saw this illegal substance, in a report to the authorities.
  • Make sure your report is addressed to the authorities before you leave the scene, so that if an undercover officer sees you seeing the illegal whatever and not picking it up, your statement is part of your defense.
  • Make a copy of your statement before you turn it in, so that if you later get hassled, you can take your statement to a lawyer, the news media, or where ever your parents think will most embarrass the school authorities into backing down.




Thu, 26 Sep 2002 06:49:28 GMT

Safety of Nuclear Power Plants Again Questioned. VOA Sep 24 2002 9:33PM ET [Moreover - Science news]  We are living in a different world today.  In recent years it made sense to Build a nuclear power plant right next to a major city, because nothing serious likely to go wrong, but now power plants are potential terrorist targets, so we do not want them right next to major cities. Build an airport in the middle of a major interstate interchange so easy to bring passengers real close to check in counters, but now a truck bomb can take out an airport, so we need a different kind of transportation infrastructure to unload the passengers from ground transport further away from the air tranport, and run everyone through screening suitably distant from buildings that might be major targets of terrorists. VOA = Voice of America ... there's links here to what headlines VOA is sharing in various places in the world ... an interesting site worth revisiting occasionally. Africa Amnesty International protests torture of child prisoners in Burundi Intervention in Ivory Coast Uranium Security in Africa - is that an Oxymoron? Asia - Pacific China ultimatim to Iraq North Korea gets special envoy from Pres Bush a lot of stories I had not seen on local national news Asia - South and Central US Troops in Afghanistan discover another chilling al Quaida site. Dutch and Germans to take over NATO command in Afghanistan when Turkey time runs out. Iran nervous about US troops near their border with Afghanistan Suicide terrorists seized an Indian temple, leading to another gunfight. Terrorists attack a Christian Charity. Americas Argentina and Brazil economies still in bad shape Chilean Appeals court throws out 7 cases against Pinochet Colombian President visits USA President Mexican Banker gets record bail That storm in the Carribean Middle East Britain and Iraq China and Iraq Kuwait hosts USA military exercises Lebanon scandal with Israel Palestinians USA politics and Iraq USA and Pakistan cooperation USA Brushfire in Western USA Iraq and Partisan Politics Various legislation[...]




Tue, 24 Sep 2002 09:10:42 GMT

I added a small reference directory of "e Discussion Groups": e-commerce; computer security; etc.




Tue, 24 Sep 2002 07:20:48 GMT

[Scott Granneman's Security Category] covers topics of e-law; human stupidity; Microsoft gotchas.




Tue, 10 Sep 2002 19:38:32 GMT

FROM [Ray Ozzie's Weblog]

Tyranny, Terror, and Technology.  Some thoughts about the intersection between the challenges confronting business, and those confronting government and society. UNQUOTE Ray Ozzie's Weblog]

This is a dynamite thought provoking essay - I highly recommend it - my words of wisdom pale in comparison.

  • I believe that beaurocracy, and inter-communications within an organization, is like glue.
    • Too much and the enterprise is all gummed up with rules that get in the way of doing the job.
    • Too little and everyone is flying off in different directions, counter productive.
    • The challenge is to get it just right, so that you have an agile team effort.
      • This is further complicated by the organization fluctuating in size, so you need different strategies for different scales of operation.  Also there is a spread of individual skills of participants in the organization, so until you get everyone up to speed on something, there has to be another way of getting the job done.  Any time things are changed, there will be transitional confusion.
  • Organizations can be too large and unwieldy.
    • Remember the book The Mythical Man Month, which I consider to be one of the classics on software engineering?
    • Basically the permutations of all the different people who need to intercommunicate can bog down some things so that nothing can get done.
    • Thus it is essential to organize focus teams and have a hierarchy such that there is no wasted baggage in your structure that gets in the way of a lean and mean team.
  • An excess of organizations focused on different tasks is good in business.
    • Competition leads to better Quality, Features, Economies.
  • An excess of organizations with overlapping responsibilities is bad in government.
    • They can have turf wars that get in the way of them doing what they are supposed to be doing.




Tue, 10 Sep 2002 19:18:17 GMT

FBI warns of potential threats [USA Today : Front Page]

As usual, nothing specific ... if they had something specific they could stop it from happening ... except right before 9/11 both CIA and FBI were independently tailing 2 of the hijackers because of their involvement in a prior terrorist attack on USA and GOV was trying to identify all the conspirators, and what they up to, and build court case, but the 2 hijackers gave their tails the slip and the rest is history.  There is a hard balance there to achieve between ability to get a court conviction, round up evidence what going on, (correlate the masses of clues that they get, many of which might be misleading or erroneous), and actually prevent something bad from happening.

Unconfirmed reports of AlQ targeting oil tankers, add that to laundry list of other things identified in past like nuclear power plants, and shipping containers.

Question detainees - risk they will share every fantasy whacko scheme any alQ group ever dreamed up, but was abandoned as impractical.

I sure hope GOV and MIL doing war game simulations into what might go wrong, and keep secret results until they have plugged holes that the simulations uncover.

Historical patterns logic ...

  • Our enemies hate what West stands for, and international western institutions, so they may target meetings of UN or World Bank.
  • Pearl Harbor was on a Sunday when Amercian Air Defense at Peace and high religious ethic what do on a Sunday.
  • Oklahoma City was on the anniversary of Waco because some whacko with no relationship to Waco wanted to do something on that anniversary date.
  • Well, people who hate us are inspired by bin Laden example, people with no contact with alQ.
    • I sure hope long term Foreign Policy goals can include addressing why these people hate us so much, and do something about turning the tide of recruitments into ranks of our enemies, so that potential enemies do not go down that path.




Mon, 09 Sep 2002 19:15:31 GMT

[Adam Curry: Adam Curry's Weblog] QUOTE

I found out via an email exchange that one of the founders of the [newly relaunched] electronic intifada website is Dutch. Arjan El Fassed also posted several comments to yesterday's posting. Of course there are counter posts now as well that is forming a lively conversation.

My advice to Arjan is to re-re-launch electronicintifada as a weblog. Perhaps a multi-user weblog for multiple authors. Currently the site appears to emulate a BigPub and imho detracts from their mission.

As with all aspects of war, be careful not to become what you are fighting against. UNQUOTE [Adam Curry: Adam Curry's Weblog]

This is also like the appearance of impropriety.  The enemies are not clearly understood by government intelligence, let alone anyone else.  When any group of people discuss something, the odds are that several are police spies, journalists trying to ferret out a story, pure innocents trying to figure out what is going on, and it may be that none of the participants are any of the bad guys, but in a war, the rules of innocent until proven guilty are sometimes altered into round up suspects before someone pulls another 9/11.





Mon, 09 Sep 2002 19:08:41 GMT

[Adam Curry: Adam Curry's Weblog] QUOTE

All dutch helicopter companies, including ours, received a fax from the authorities this morning, warning of 'journalists' that will attempt to proove our natuional security is flawed, by staging an 'air assault' over the country on sept. 11th.

Geez guys, get a life already. I've posted the fax on my dutch weblog.

UNQUOTE [Adam Curry: Adam Curry's Weblog]

I think the threat to National Security is more from Journalists than from Air Companies, from the perspective of doing something stupid. 

Many people, who work in Air Companies learned their trade, as military pilots, or have around them people of that patriotic perspective that can provide a sense of balance.

The risk from Air Companies is that in the management of costs, there will be a trade off that sacrifices safety and security.

It is self evident to anyone, who lives in a democracy, that various national monuments and institutions can be seriously hit by something like the Oklahoma City Bombing, if the perpetrators do not care if they get caught, and the only way to protect ourselves is to become a police state. 

If you doubt this, show me your credentials (such as a policeman badge) that you have need to know my theories on how bad guys could hit the very stuff that is sacred to our democracy, such as various government buildings and important places to the infrastructure of our economy, and I will tell you how, but not via a public forum.

Now some commentators seem to have an attitude that parallels that of Juvenile Computer Crackers ... hey, here is a weakness not properly protected ... broadcasting it daring someone to find a solution, and meanwhile the bad guys have been delivered of an idea that perhaps they might not have dreamed up for a while, so the article has just made the job of Homeland Security that much more difficult to get done.

This is reminiscent of past wars where journalists pretended to be impartial.  Remember Saddam's troops shooting up various air conditioning ducts in downtown Kuwait?  Why did they do that?  Well some refugees crossing the border to freedom were surrounded by journalists to cover their story, and among other things they said they hid in air conditioning ducts of some office buildings.  Saddam's military intelligence was watching Western media and picked up on that information, and other clues about how people were escaping, and some refugees did not make it out safely, thanks to many journalists not understanding that loose lips sink ships.

What we need are private briefings in executive session to Legislators and Homeland Security agency workers, to make sure that they are aware of things that people in other professions can see.

  • Architectural Design Professionals
  • Computer Professionals
  • Journalism Professionals
  • Public Health Professionals
  • Security Professionals
  • Transportation Professionals




Sun, 08 Sep 2002 20:06:48 GMT

On a thread in the e-com-sec discussion group, I asked what are we supposed to do when we get spam from known criminals such as the Nigerian Scam.  We have a moral obligation to report criminals to the government, but police seem to be ill equipped to deal with individual internet solicitations of criminal activity.  The tip lines are so overwhelmed as it is with more serious issues, that GOV has a serious need for a software magnet to find the key needle clues in their information haystack.

I was basically told that we should treat any spam as spam, forget about trying to deal with criminals the same way as is done in the real world outside of the Internet, and given an interesting link to a back issue of Sysmod's Praxis, which I have previously mentioned on my weblog.  It included the following stimulating topics:

  • Europe's anti-spam legislation.
  • Microsoft IE patch
  • The person in personal decisions about the computer you think you own, and stuff stored on it, is not you but Microsoft.
  • Google Features
  • Cyber Squatting
  • Euro Glitches
  • Euro Zone
  • Nigeria Scam Clones
  • Worst Web site (warning: protect your eyes)
  • Longest domain name




Thu, 05 Sep 2002 21:23:31 GMT

Comment on Al's Radio Doc Sources using Quick Topics.  Eventually, Al wants to look into pros & cons of several different commenting systems for Radio, but we have to start some place.





Mon, 02 Sep 2002 21:54:58 GMT

[Scripting News] QUOTE A mostly user-level discussion on Blogroots about syndication and aggregation. It's good to get grounded with users every once in a while to relearn that what to us seems neat and cool, often trips up people who have expertise in areas other than ours. UNQUOTE [Scripting News] [Ken Dow] also shares links from [Dave Winer's Scripting News] from [Wired] QUOTE "[Verizon] refused to comply with the order, arguing the entertainment industry is presuming the guilt of its users without any due process." UNQUOTE [Scripting News] While reading related stories on [Wired] I came across a law suit against Hollywood by people who want the right to Edit the Movies to remove material that they find to be objectionable.  The suit has been brought by someone who has a patent pending that will help home users, such as parents, to edit what Hollywood delivers to the home, to remove material unsuitable for their children. You have probably heard my opinion on this before.  But I restate it and revise it as reality shifts. Intellectual Property Rights need to be protected, so that there is good incentive for people to improve the quality of what we get, be it literature, music, movies, software. If we accept a society in which anyone can take whatever they want, without proper compensation to the artists and authors, then the market place quality will be driven towards crud. We are in a society in which the mass consumers seek the lowest price and are getting what we are paying for, and the intellectuals are having a hard time getting a decent income. The publishers of the intellectual property are getting the lion's share of the income, and there is rebellion against them by both the consumers, who want freedom to get the stuff at low price, and the artists who think they are not getting fair share of the income. There needs to be ways that we can get the entertainment that we want and pay a fair price for it. My sister composed and performed music which she sent me by e-mail.  Is that kind of artist to audience delivery to now be banned because so many people are abusing the communication links for delivery of entertainment for which the copyright has been violated? I am extremely unhappy about the degree to which advertisements are intruding on the content stream, and law suits by the advertisers to try to block the ability of consumers to switch channels, fast forward, etc. to get around having to view the ads.  The main product should be packaged at a price that we can get it without having any of the advertisements in the first place. Computer usage can get complex.  Business Accounting is complex and difficult to understand.  Some of it is that way deliberately, where special interests lobby Congress to make it complex. Consider our Income Taxes ... how many people figure it out themselves without help from some software or going to a Tax place to figure it for us? Those tax places lobby Congress to keep it so complicated that we have to go to them to figure our taxes. Decisions are made that rule our lives by people who not understand the implications of what they are mucking with. One thing that really ala[...]




Thu, 29 Aug 2002 16:33:08 GMT

[Blogfish] QUOTE Uncover the real WINNT killer. Last Friday I got to work and was greeted by mr. blue screen. After rebooting a couple of times only to see the message "kernelos32.exe is either missing or corrupt" I asked our sysadmin for help. "Your Winnt directory is missing" he told me. What? "It's not there. What were you doing that caused this to happen?" That last inquiry has propelled me into a virus hunt that will uncover the real WINNT killer. Just jotting down one possility I saw on FuzzyBlog: Microsoft said Thursday that "critical" security lapses in its Office software and Internet Explorer Web browser put tens of millions of users at risk of having their files read and altered by online attackers. The world's leading software maker said that an attacker, using e-mail or a Web page, could use Internet related parts of Office to run programs, alter data and wipe out a hard drive, as well as view file and clipboard contents on a user's system. I never thought viruses actually wiped out hard drives. I never even knew someone who knew someone who had an aunt whose entire hard drive was wiped out. Does this really happen? QUOTE [Blogfish] Alison You need to Check the anti-virus hoax pages to find out what your exact situation is.  There are viruses that say you have some problem other than what you really have.  There are virus hoaxes that say there is this file that the anti-viruses can't detect & if you find it on your system you need to delete it, but it is really a file you need to run your system, so you follow the hoax instructions, delete the file, and now your system really is crashed.  Even though you may be too wise to fall for this, some co-worker might not.  Millions of dollars have been ssiphoned from American Businesses because the Nigerian Scam is sent out very much the same way as computer viruses are distributed.  Anyone who can fall for a hoax, can fall for a financial con game.  I have a lot more faith in the anti-hoax anti-virus vendors than I do in the outfits that supply the software, or the people in charge of computer systems in corporate America.  http://www.vmyths.com/ Truth About Computer Virus Myths & Hoaxes Check my guide to the basics of personal computer security posted Aug 15.  I can send you by e-mail attachment the Word document I am referring to.  I just do not want to put into general circulation a working document that has tons of links where I have not asked permission to quote people, and do in fact quote without attribution, because I figured out netiquette after I started on the document.  Ask me to send you my Computer Security Myths document.  I try to avoid sending people as e-mail attachments something I think would be of interest to them, because of the high risk of a virus in any attachment you were not expecting. I have a few other Security documents I can share.  Mac Policy doc is a barely begun outline that spells out the philosophy of what I want to accomplish with my Computer Security Essays.  There are some risks that I must not detail because the cyber terrorists have not yet figured out how to do those t[...]




Thu, 29 Aug 2002 07:55:33 GMT

[Bruce's Computing Category] passes on news of Radio's change to referrer visibility.  QUOTE A tiny change in Radio's aggregator makes referer logs more interesting. Please read this if you provide an RSS source for Radio users, and you watch your referer logs. Updated. [Scripting News] Well I don't watch my referer logs every day, but I do check them from time to time. UNQUOTE [Bruce's Computing Category] [Bruce's Place] shares a story QUOTE Dead Men Tell No PasswordsThe man in charge of some of Norway's most precious electronic documents died without divulging the way to access them. A plea to hackers to help crack the system is out. By Michelle Delio. [Wired News]UNQUOTE [Bruce's Place] If the security works, why break it?  If the documents cannot be accessed, and the only person who knew how to access them died, then it is as if the data was in the man's head and he died.  There is something wrong with this picture.  Where I work, I have some computer security responsibilities, but they are not exclusively in my head.  With each new boss, I ask if I can give a briefing on what kind of computer security we have, and what to do if I get run over by the proverbial union truck.  One of my suggestions is to provide on paper, a list of the most secret passwords to get into such things as computer security itself, then that paper is to go in an envelope in the safe of our corporate lawyer or auditor or some outside firm that we have some confidentiality agreement with, then if anything happens to me or my boss, there is this backup of the most important corporate stuff that is in our brains.  When I change the master security access codes, I tell my boss that I did so, and why I did so. After a new boss has been on board a year or two, I ask if I can give a briefing on the strengths and weaknesses of our computer security.  We do get intruder alerts, and I notify the managers involved.  For example, executives are out to lunch, and some unknown person is in their office trying different password combinations, then the computer security kicks in and pulls the plug on that work station (you only get a certain number tries to forget your password, then computer security makes certain automatic assumptions), then a few minutes later history repeats at the next office down the hall.  Then a few hours later, I am reviewing the system message logs and discover the fact that this was happening.  I have made some changes to the system logging so that we discover this kind of stuff faster.[...]




Thu, 29 Aug 2002 06:44:55 GMT

The Bush administration is calling for a centralized Network Operations Center (NOC) to coordinate cyber-security warnings, says this week's e-week.  Previously Computer Security has been voluntary and optional, but the feds want corporations to disclose what they are doing, if anything, towards that goal.  The feds do not know if there is any such thing as secure wireless technology, and if none, no federal agency is to buy any.  I wonder what the military will do to communicate with planes in the sky and ships at sea, if this ban goes into effect.

Wednesday = no posts except updates to some stories and categories (access my collection via "Radio url number system") because my health was temporarily impaired (I suspect a new food allergy ... as we get older, our body discovers new things to complain about).

Tuesday topics:  Blog Education; Computer Illiteracy; Current Events; Politics; Quality; Tara Sue Grubb vs. Howard Coble;





Fri, 23 Aug 2002 21:12:50 GMT

[Ernie the Attorney] QUOTE Copyright Law - what should it be? I agree with this statement. UNQUOTE [Ernie the Attorney] Here's what I believe / desire. Capitalism belongs to many shareholders: Employees with decent jobs and investments in 401k or other retirement plans; Stockholders; Management Executives; Creditors; Customers who expect Integrity with respect to product service promises, whether they are on the side of the box of purchase, in the documentation, contract, any advertising.  As new rules are imposed, we should have both notification of the rule changes, and able to opt out of whatever arrangement got us there.  If a company not like new SEC rules, they should be allowed to offer their shareholders more than the stock is worth, so they can quit being a public company. Industries should have special protection when they are new, such as Cable TV was protected against Broadcast TV, but this protection should not last forever.  As technology advances, the Horse and Buggy Entertainment Industry does not have a Constitutional right to permanent existance. Contracts need to be in plain English.  Incomprehensible Contracts should be automatically null and void until they get re-written.  People with disabilities ought to have the right to access to contracts and key documents in a form that they can read or hear.  See "Blind of NH" for what reality is instead. Artists and Writers and other creators of Intellectual Property need to get proper compensation for their labors so as to provide incentive to future quality.  Look at it this way, over 300 firemen died in the WTC, but they are not paid enough money to live in NYC without their families having a second job.  The people we value, be they teachers or parents, they need to have honest access to enough money for a quality life. Public Libraries available to everyone regardless of economic status, in which the public can take turns reading what is in the library, and the publishers do get financially compensated because their books are distributed to thousands of libraries all over the planet.  Ditto rent a movie at the video store.  We are not supposed to make our own personal copies of what we borrowed.  We can also have Private Exchanges, whether flea market or auction.  We show up with books videos whatever that we are done with, trade them with other people, go home with new selections. Schools have text books in which they may contract with the publishers for permission to make cheap copies, and pay a royalty for doing so, just like non-profit theatrical performances and churches are allowed to buy one copy of sheet music or a play, make photocopies for all performances, and pay a fee to the publisher based on size of audience and number of performances. Home Computer technology is still in its infancy with great potential.  I say infancy because it is so fragile.  How often do you have to reboot your Operating System?  When something goes wrong, how fast do you find out what it is and get it fixed with assurance that nothing else will go wron[...]




Mon, 19 Aug 2002 23:16:21 GMT

The Greenpeace Blog has lots of interesting stuff, and also a few design bugs.  I did a post to their comments area, and it still says zero comments.  Gilla asks for people to e-mail suggestions to her (him?) but where the e-mail link invokes my old AOL archives (I am now using Eudora for my e-mail).

I can't figure out how to Radio subscribe to [http://weblog.greenpeace.org/ powered by Moveable Type] QUOTE

a comprehensive list of safer ways to avoid invasions of indoor pests.

"Spiders:
Under ideal conditions, do not kill spiders because they help to control pests."

Every web developer should read this book, since more and more people with disabilites access websites and they simply cannot be left out.

also check out their zip code nuclear reactor finder

UNQUOTE [http://weblog.greenpeace.org/]

Lots more good stuff in their archives.

I saw on C-Span not so long ago that

  • 100% of the US nuclear power plants were tested for terrorist threats.
  • 50% of them failed the test for NORMAL terrorist attacks.
  • NONE of them passed any test for protection against cyber attacks.
  • The problem is that control systems, like Air Traffic Control, Water Treatment, etc. were built as stand alone units, with zero consideration for any security other than physical security.  Now corporate and government managers are linking those instruments to their computer networks because they want to know what's going on, but many networks are brain brain dead on security, because after all, the information in the networks are not that important to protect, but that is not the case for some of these control systems.
  • This management philosophy gave us the Challenger disaster.
  • I fear we are overdue for another disaster.

 





Fri, 16 Aug 2002 02:27:53 GMT

Computer Security need not be Rocket Science.  I have a bunch of links, some of which I have not recently visited, so some might be broken.  All of this stuff is excerpted from Al Mac's Computer Security Myths project, not yet ready for prime time sharing.  But I thought I would mention a few things in the wake of some contrary views recently published by other voices. Send an e-mail with any subject heading to mailto:subscribe@talkbiz.com  Within a few minutes you will get back a long e-mail article Data Security 101 For Small Businesses From Paul Myers When we install software on our PCs, sometimes the software vendor thinks they know more about us about what is best for us, so it pays occasionally to do a personal computer security audit.  You don't need to be an expert to do this.  Just visit http://grc.com/default.htm Shields Up then Test - do both tests, then check FAQ on site.  There are many other web sites with similar services. This story in the Boston Globe examines the reasons why today’s teachers are using computers & the Internet quite heavily everywhere except in the classrooms for their students.  http://www.boston.com/dailyglobe2/329/focus/System_crash+.shtml  Some software vendors sell security software they do not use themselves http://securityportal.com/closet/closet20000705.html A business enterprise can organize an audit of all computers on their network using products from companies like  http://www.pentasafe.com and in fact ordinary auditors who know nothing about computers can include security in a standard audit.  Basically they install software from pentasafe on the client's computer system, it runs a bunch of tests, and generates a report, on such things as passwords too easily guessable, passwords not changed in eons, and other topics that are related to the particular operating system used ... most Microsoft, IBM, and others such as UNIX are supported.  The reports do not identify the actual passwords that are not secure, just report card on the degree to which the system is not very secure. From time to time the government gets interested in computer security and tries to figure out standards that are going to work.  In a previous iteration than what is going on right now, the standards were also tested to make sure the security ideas really worked.  This led to a system of measuring which computer systems measured up to the security standards.  Take a look at  http://www.radium.ncsc.mil/tpep/epl/epl-by-vendor.html and see which computer systems are conspicuous by their absense. The FBI has published a list of the most common computer security errors that everyone, all businesses, tend to repeat.  http://www.sans.org/top20.htm There is also a searchable index of known computer security risks at http://cve.mitre.org/cve/  Here's a collection of Security Recommendation Guides from the National Security Agency of the US Government http://nsa1.www.conxion.com/ One of the IBM platforms [...]




Wed, 14 Aug 2002 02:00:52 GMT

e-Privacy assurances in our climate of anti-terrorism legislation is the topic of this e-week column by John Taschek.  Ernie the Attorney offers this link to Charles C. Mann Atlantic Homeland Insecurity article on security systemic problems in general, and here is Ernie's earlier post on Security in general.  Here are some examples of our general state of Insecurity thinking. The US government has several networks never connected to the Internet, accessible only withing physically secure buildings.  But they've been infected by computer viruses because humans with lap tops connect to both the Internet and the secure networks, and bypass the security.  The weakest link are the government users. Kerkhoff's Principle:  A good crypto system QUOTE should be able to fall into the enemy's hands without disadvantage.  UNQUOTE Encrypting Internet transactions, says Purdue computer scientist Eugene Spafford, QUOTE is the equivalent of arranging an armored car to deliver credit-card info from someone living in a cardboard box to someone living on a park bench.  UNQUOTE Airport Security thinks that protection against car bombings is practical by having cars park 300 feet away from the terminal, but at the same time passengers can be dropped off right in front of the terminal.  That does not compute. Airports have to be evacuated all the time because of security breaches.  There is no way to shut down just the portion of the people movement where the problem occurred. Carjacking is on the rise partly because Automobile Manufacturers have made it more difficult to hot wire an unattended vehicle. QUOTE Bank Vaults are secure because to break in takes real skill. Computers are not, because to break in takes practically no skill. Millions of credit card numbers have been stolen from computer networks.  UNQUOTE German reporters tested a face recognition system, and iris scanner, and nine fingerprint readers.  All of them could be spoofed using output from a lap top screen.  They photographed an authorized user, blew up the face, cut out the pupils, help the image before their faces like a mask, and the iris scanner was spoofed. An authorized user's fingerprints were lifted from a drinking glass, on a tape pressed against the fingerprint reader, which accepted the data as valid. A corporation replaced paper ballots with electronic shareholder voting, which was hacked into.  Now they cannot reconstruct original votes. Since 9/11, at least 40 government networks have been cracked by vandals. People have trouble with passwords so an easy way to do industrial espionage is to offer pornographic web sites to business people in which they need a password.  Odds are they would use the same password there as for everywhere else.[...]




Mon, 12 Aug 2002 19:03:49 GMT

I have recently rediscovered some stuff we can do with Radio News Aggregation (subscribing to other web sites whose traffic particularly interests us).  Oh yes, I had read the documentation and struggled to understand what it all means.  But sometimes the DOING is educational. Thanks to Dave Winer [Scripting News] link to Ray Ozzie on why weblogs are good for discourse. Yes. Flames don't attract. New ideas do. Weblogs can have a high signal-to-noise ratio. Powerful statements are possible in this medium, where powerlessness rules in discussion fora. In this medium everyone can have the last word.  UNQUOTE [Scripting News] I agree with Ray that architecture can be critical.  We see in the Computer Security debate that people are trying the impossible.  We have software out there that did not have security considered in the original design, so it is like putting a padlock on a tent, or a house of cards, to make the results secure after the fact, when it is discovered that security should have been there all along. The power of a network are the number of people connected to it.  The value of a fax machine is the fact that millions of other businesses are networked to that technology.  With many architectures we have unwanted participants: flames; spam; intruders; other dysfunctional human behavior, that we label as noise getting in the way of useful signal content.  Ray is absolutely correct that the signal to noise ratio is extremely high with Blogging.  Plus, he does a great job of explaining how the architecture of Blogging makes that a reality. One downside of this is the risk that Blogging will eat excessive amounts of our time that could be more constructively expended.  Just as earlier generations of technological enthusiasts became TV couch potatoes, or in my case I used to spend hours every day dealing with e-mail, because there were hundreds of interesting posts I wanted to read, but I had to wade through a high ratio of spam and virus forwardings to get at the good stuff. By moving from AOL to Eudora, my e-mail is automatically categorized into that which I can look at any old time, and the more urgent categories.  I can always go to the directory of mailboxes and highlighted are which boxes contain e-mail not yet opened. News Aggregation of Web Site subscriptions has something similar.  It comes in, but I do not need to look at it right away, and even if archives from weeks ago get lost, there is a continual stream of new fascinating material for my perusal. Personal 2 do list ... the last time I backed up my Radio was beginning of July, and since then I have increased my Web Subscriptions to 15, and made some alterations to my Template, let alone the posts here.  My desk top dynamics also have changed.  My Screen Saver's unused CPU seconds are now working on finding a cure for cancer http://members.ud.com/about/[...]




Mon, 12 Aug 2002 08:32:48 GMT

Security News Blog = another interesting site.




Mon, 12 Aug 2002 04:52:28 GMT

Guide to Real World (as opposed to Internet Virtual Reality) Legal Topics.

We got these Terrorists in custody and we want to throw away the key, but how do the precedents compare to 50 years ago when America feared Loyal Japanese Citizens and wanted them locked up and throw away the key?  We think we are justified in locking up Terrorists without any trial, or access to a lawyer, or protections of the Geneva Convention on prisoners of war, and that the people 50 years ago were just racists.

Domestic Issues (Husband Wife as opposed to Homeland Security).

What should we do about these people who kidnap and abuse small children?

Catholic Priests scandal.

Computer Criminals.

Various controversial law suits.

These are hot topics, that Law Scope helps put in perspective for us.

I hate it when a site disables the back button.  I want an icon that warns of that also.

 





Mon, 12 Aug 2002 04:43:27 GMT

CDT's Guide to On Line Privacy.