A pact between the U.S. government and the electronic privacy company Anonymizer, Inc. is making the Internet a safer place for controversial websites and subversive opinions -- if you're Iranian.

This is old news, but I wasn't aware. Apparently the U.S. sponsers anonymizing web services. Thats neat. If they are really concerned about China they ought to do more of this.

US sponsors Anonymiser – if you live in Iran | The Register

Higgins breaks up a person's identity into pieces -- or "services" -- and lets computer users dictate who can access what parts of their identity information, within applicable privacy guidelines and laws. Organizations using "smart” applications, built with Higgins open source tools, can share specific identity information, such as their telephone number or buying preferences, according to rules set by the individual, or by an authorized third-party service provider acting on their behalf. Like Web services, companies will be able to build support for Higgins into their applications, websites and services, and its open approach will support any technology platform and identity management system.

I've wanted to see something like this for quite some time, and this is probably the right way to do it. Lets hope they don't over engineer the crap out of it. The project is in its early stages.

CRM Today: Open Source Initiative to Give People More Control Over Their Personal Online Information

The new spoofer can handle multiple modulation schemes; which means it is capable of copying almost any 125kHz or 13.56GHz ID-only card.

All your RFID are belong to us!

Proximity card spoofer: proxmarkii - hack a day - www.hackaday.com _

Hackers are hijacking thousands of PCs to spy on users, shake down online businesses, steal identities and send millions of pieces of spam. If you think your computer is safe, think again.

This is a really good article on the botnet/spyware industry. Interestingly enough the botnet operator who agreed to be interviewed for this article did so on the condition of anonymity. According to Slashdot the Washington Post published his hometown as the "location" caption for an odd image in the article. He lives in a very small town. Chances are he is going to prison.

Invasion of the Computer Snatchers

If we want to keep email as open as it used to be, we have to be very inclusive. This is where reputation systems come in: just as credit bureaus tell financial institutions if someone is likely not to pay their bills, reputation systems tell mail receivers if someone is likely to be a spammer. Reputation systems are essential to solving the first- contact problem, but that is a topic for a different article.

This is notable, but its more a manifesto then an idea.

Internet Governance: An Antispam Perspective

The latest (February 6) issue of Newsweek has a picture on page 39 of
George Bush visiting the NSA headquarters in Fort Meade. A wall-sized
screen in the background displays the latest versions of our favorite
open source security tools, including Nmap, Metasploit, Snort
Ethereal, Cain & Abel, and Kismet. Nifty.

You can use the same display at home!

Nmap Development: NSA tracking open source security tools

Credit and bank card numbers of as many as 240,000 subscribers of The Boston Globe and Worcester Telegram & Gazette were inadvertently distributed with bundles of T&G newspapers on Sunday, officials of the newspapers said yesterday.

HAHAHAHA

Subscriber credit data distributed by mistake - The Boston Globe

Tor allows clients and servers to offer hidden services. That is, you can offer a web server, SSH server, etc., without revealing your IP to its users. In fact, because you don't use any public address, you can run a hidden service from behind your firewall.

Neat! The Tor people have implemented an eternity service, and there is a Wiki in it with a site directory! I finally have a reason to bother with Tor, if for no other reason then to have a look at this anonymous community.

Tor Hidden Service Configuration Instructions

Here is a spoofed email that appears to come from you and is digitally signed. Note that I signed up using another person's email address, another person's SSN, another person's phone number, chose your name as the password for the key, etc.

Both MS and Apple need a beating with a clue stick.

U:Apparently they got it... MS at least fixed this.

Jon Udell: How to forge an S/MIME signature

Here's where the reality meter goes into overdrive. VeriSign is also the company that sells about half of the net's SSL certificates for "secure ecommerce [4]." These SSL certificates are what presumptively protect connections between consumers and merchants. It is claimed that a certificate that is signed by a certificate authority (CA) can protect against the man-in-the-middle (MITM) attack and also domain name spoofing.

A further irony is that VeriSign also runs the domain name system for the .com and the .net domains. So, indeed, they do have a hand in the business of domain name spoofing;

The point here is that, on the one hand, VeriSign is offering protection from snooping, and on the other hand, is offering to facilitate the process of snooping.

Financial Cryptography: VeriSign's conflict of interest creates new threat