"We have the ability to access virtually any packet data network and by using mediation equipment deployed in our network, VeriSign can provide a secure, reliable, cost-efficient solution that enables carriers with GPRS or CDMA 1x technologies to comply with all lawful intercept requirements without impacting network performance."

How would you feel if I told you that Verisign has the capability to listen to all of your telephone calls. How would you feel if I told you their lawyers are the ones who decide whether or not to a law enforcement request is up to snuff?

The Cover Pages: VeriSign NetDiscovery Lawful Intercept Service

While some storage-product companies already support one sort of encryption or another, having standard implementations could make it easier for customers to safeguard data across heterogeneous storage environments, standards supporters say.

The proposed standards define three encryption algorithms and a method of key management designed to ensure the compatibility and interoperability of different storage gear. For encryption on disk, the specification proposes using the new Liskov, Rivest, Wagner-Advanced Encryption Standard (LRW-AES) cryptographic algorithm. For tape encryption, it proposes using the National Institutes of Standards and Technologies' (NIST) AES Galois/Counter Mode (AES-GCM) and AES Counter with CBC-MAC Mode (AES-CCM) standards.

Galois/Counter Mode? BTW this article's comments about CBC are wrong. You cannot do arbirary data mangling in CBC. He is thinking of ECB. The problem with CBC is its slow...

Standards on the way for encrypting data on tape, disk

That's why Clark argues that it's time to rethink the Internet's basic architecture, to potentially start over with a fresh design -- and equally important, with a plausible strategy for proving the design's viability, so that it stands a chance of implementation.

This is an interesting, if odd set of articles. The author argues in favor of IP addresses that don't change when you roam, something that I did a bunch of work on a couple of years ago. That makes sense. What doesn't make sense is how he gets from this to an Internet that doesn't need security patches...

The Impact of Emerging Technologies: The Internet Is Broken

This document serves as a reclassification advisory for the Microsoft Internet Explorer JavaScript Window() DoS vulnerability, originally reported on 31/05/2005.

Contrary to popular beliefs, the aforementioned security issue is susceptible to remote, arbitrary code execution, yielding full system access with the privileges of the underlying user.

I was stumbling around on the web tonight and got hit with a malicious version of this. Fortunately I was running Firefox at the time, where the issue is merely a denial of service (at least as presently understood). Its a remote code execution problem in IE. The perps were trying to shovel adware onto my machine.

Figured I'd mention this here as a public service. People are definately out there exploiting this. Microsoft released patches yesterday. Patch your machine.

If you go to the linked site from a vulnerable host and click on the proof of concept it will launch a copy of calc.exe on your desktop.

I got 0wned... (sort of) - Patch your browser if you haven't.

Looks like a decent blog on Reverse Engineering...

OpenRCE

So you think you're good enough to break the protection?
You want to see how good you are in reversing applications?
And you want to do it the legal way?
Then you're at the right place!

Nice!

crackmes.de: Tools for practicing reverse engineering

In a research paper appearing in the November/December 2005 issue of IEEE Security and Privacy, we analyzed publicly available information and materials to evaluate the reliability of the telephone wiretapping technologies used by US law enforcement agencies. The analysis found vulnerabilities in widely fielded interception technologies that are used for both "pen register" and "full audio" (Title III / FISA) taps. The vulnerabilities allow a party to a wiretapped call to disable content recording and call monitoring and to manipulate the logs of dialed digits and call activity.

In the most serious countermeasures we discovered, a wiretap subject superimposes a continuous low-amplitude "C-tone" audio signal over normal call audio on the monitored line. The tone is misinterpreted by the wiretap system as an "on-hook" signal, which mutes monitored call audio and suspends audio recording. Most loop extender systems, as well as at least some CALEA systems, appear to be vulnerable to this countermeasure.

John Markoff has a story on this today.

Ha... They were using old school dtmf techniques to detect call status! Thats a bizarre approach. You'd think they'd have some device that spoke SS7 and the network would simply send the digital call traffic to them. U: I just read the paper. Apparently there IS no good reason they are using inband signals. Its a good paper. Read it.

Of course, this kind of vulnerability isn't what I'm really interested in with respect to CALEA equipment. The big question is how does Law Enforcement get access to the CALEA system and is the security/authentication of that access method sufficient to prevent other parties from using the system. I've heard unsubstantiated whisperings that it isn't... U: The paper seems to allude to this suspicion as well...

Blue Boxing Wiretapping Systems

He believes scientists searching the heavens for signals from extra-terrestrial civilisations are putting Earth's security at risk, by distributing the jumble of signals they receive to computers all over the world.

Now why didn't I think of that!

Guardian Unlimited Technology | Technology | Scientists, be on guard ... ET might be a malicious hacker

The Electronic Frontier Foundation (EFF), along with two leading national class action law firms, today filed a lawsuit against Sony BMG, demanding that the company repair the damage done by the First4Internet XCP and SunnComm MediaMax software it included on over 24 million music CDs.

EFF sues SONY

Foxtrot on Sony DRM

Welcome to uComics Web Site featuring FoxTrot