The new spoofer can handle multiple modulation schemes; which means it is capable of copying almost any 125kHz or 13.56GHz ID-only card.

All your RFID are belong to us!

Proximity card spoofer: proxmarkii - hack a day - www.hackaday.com _

Hackers are hijacking thousands of PCs to spy on users, shake down online businesses, steal identities and send millions of pieces of spam. If you think your computer is safe, think again.

This is a really good article on the botnet/spyware industry. Interestingly enough the botnet operator who agreed to be interviewed for this article did so on the condition of anonymity. According to Slashdot the Washington Post published his hometown as the "location" caption for an odd image in the article. He lives in a very small town. Chances are he is going to prison.

Invasion of the Computer Snatchers

If we want to keep email as open as it used to be, we have to be very inclusive. This is where reputation systems come in: just as credit bureaus tell financial institutions if someone is likely not to pay their bills, reputation systems tell mail receivers if someone is likely to be a spammer. Reputation systems are essential to solving the first- contact problem, but that is a topic for a different article.

This is notable, but its more a manifesto then an idea.

Internet Governance: An Antispam Perspective

The latest (February 6) issue of Newsweek has a picture on page 39 of
George Bush visiting the NSA headquarters in Fort Meade. A wall-sized
screen in the background displays the latest versions of our favorite
open source security tools, including Nmap, Metasploit, Snort
Ethereal, Cain & Abel, and Kismet. Nifty.

You can use the same display at home!

Nmap Development: NSA tracking open source security tools

Credit and bank card numbers of as many as 240,000 subscribers of The Boston Globe and Worcester Telegram & Gazette were inadvertently distributed with bundles of T&G newspapers on Sunday, officials of the newspapers said yesterday.

HAHAHAHA

Subscriber credit data distributed by mistake - The Boston Globe

Tor allows clients and servers to offer hidden services. That is, you can offer a web server, SSH server, etc., without revealing your IP to its users. In fact, because you don't use any public address, you can run a hidden service from behind your firewall.

Neat! The Tor people have implemented an eternity service, and there is a Wiki in it with a site directory! I finally have a reason to bother with Tor, if for no other reason then to have a look at this anonymous community.

Tor Hidden Service Configuration Instructions

Here is a spoofed email that appears to come from you and is digitally signed. Note that I signed up using another person's email address, another person's SSN, another person's phone number, chose your name as the password for the key, etc.

Both MS and Apple need a beating with a clue stick.

U:Apparently they got it... MS at least fixed this.

Jon Udell: How to forge an S/MIME signature

Here's where the reality meter goes into overdrive. VeriSign is also the company that sells about half of the net's SSL certificates for "secure ecommerce [4]." These SSL certificates are what presumptively protect connections between consumers and merchants. It is claimed that a certificate that is signed by a certificate authority (CA) can protect against the man-in-the-middle (MITM) attack and also domain name spoofing.

A further irony is that VeriSign also runs the domain name system for the .com and the .net domains. So, indeed, they do have a hand in the business of domain name spoofing;

The point here is that, on the one hand, VeriSign is offering protection from snooping, and on the other hand, is offering to facilitate the process of snooping.

Financial Cryptography: VeriSign's conflict of interest creates new threat

"We have the ability to access virtually any packet data network and by using mediation equipment deployed in our network, VeriSign can provide a secure, reliable, cost-efficient solution that enables carriers with GPRS or CDMA 1x technologies to comply with all lawful intercept requirements without impacting network performance."

How would you feel if I told you that Verisign has the capability to listen to all of your telephone calls. How would you feel if I told you their lawyers are the ones who decide whether or not to a law enforcement request is up to snuff?

The Cover Pages: VeriSign NetDiscovery Lawful Intercept Service

While some storage-product companies already support one sort of encryption or another, having standard implementations could make it easier for customers to safeguard data across heterogeneous storage environments, standards supporters say.

The proposed standards define three encryption algorithms and a method of key management designed to ensure the compatibility and interoperability of different storage gear. For encryption on disk, the specification proposes using the new Liskov, Rivest, Wagner-Advanced Encryption Standard (LRW-AES) cryptographic algorithm. For tape encryption, it proposes using the National Institutes of Standards and Technologies' (NIST) AES Galois/Counter Mode (AES-GCM) and AES Counter with CBC-MAC Mode (AES-CCM) standards.

Galois/Counter Mode? BTW this article's comments about CBC are wrong. You cannot do arbirary data mangling in CBC. He is thinking of ECB. The problem with CBC is its slow...

Standards on the way for encrypting data on tape, disk