] North Korea is training around 100 computer hackers each
] year to boost its cyber-warfare capabilities, pushing the
] South to fortify its own computer security, a South
] Korean military official said on Friday.

hrm...

CNN.com - N. Korean training hackers, Seoul says - May. 16, 2003

] Last August, Microsoft signed a consent decree promising
] the Federal Trade Commission that it would not make false
] statements about the security and privacy protections in
] its Passport service and that it would improve those
] protections.

Microsoft could face fines!

Passport problems could cost Microsoft | CNET News.com

] Key members of an al Qaeda cell in Italy passed each
] other coded messages buried in Internet pornographic
] images and photographs of the World Trade Center just
] days before the 9/11 atrocities, it was revealed
] yesterday.

Of course, this IS the NY Post...

NYPOST.COM World News: 9/11 PLOT HIDDEN IN E-PORN By NILES LATHEM

] Steven Aftergood, a senior intelligence technology
] researcher at the Federation of American Scientists,
] said: "If it was really a 20-year-old system, then one
] has to assume that the encryption is obsolete, that it
] has been penetrated." Other military analysts said it was
] just as likely that the British government would only
] have granted Racal export licences for the radios if it
] had already been satisfied it could break the encryption.

More on Saddam's Crypto Systems. Interestingly enough, this could be a case where crypto export regulations actually worked.

politechbot.com: Should Saddam have been using PGP? Iraqi crypto broken...

] Firewalls, packet filters, intrusion detection systems,
] and the like often have difficulty distinguishing between
] packets that have malicious intent and those that are
] merely unusual. We define a security flag in the IPv4
] header as a means of distinguishing the two cases.

:)

Who knows the evil that lurks in the buffers of men? The Stack knows!

] The High Court in London has imposed an injunction on
] Cambridge University security experts who claim to have
] uncovered serious failings in the system banks use to
] secure ATM PIN codes.

Right or wrong, Bill Joy is here.

Citibank obtains an injunction against distribution of research paper!

Jeremy wrote:
] At this late date, an attempt to "suppress" the paper seems
] pointless.
]
] Have you read the paper?

I scanned it. I saw your post, which is why I forwarded this here. Felton's point about court cases is interesting, if a little "black helicopterish." (U: Felton was right! This IS in fact directly related to the court cases. Anderson's team was actually hired by a plaintif who claims his money was stolen!) If the document was surpressed then it couldn't be raised in a court even if it was relevent. I think a more likely explanation, however, is that from Citibank's perspective, why NOT try to supress it. Whats the worst thing that could happen? They can't keep it out of everyone's hands, but they can make it hard to get access to. However, I don't think, in the US, that they have a case with this, and therefore I don't think it will get them anywhere.

Echos of Bill Joy... I can't post DeCSS on my website. The DMCA won't help with this, but it does set a precident that Congress could go back around and ban the distribution of things like this as well.

A little off topic, but I was responding to a post from Elonka about the requirements on ISPs for dealing with Law Enforcement information requests, and it struck me that the disclosure requirements are much more, well open, for intellectual property crimes then for, say, rape, murder, etc... If I think that you're pirating my works, I can contact your ISP and they have to tell me who you are. If I think that you murdered my cousin, the ISP can't say a damn thing unless I get a court involved.

IMHO, courts exist to validate the legitimacy of these kinds of requests, and the DMCA is in error. I just thought the state of things was a little ironic. You can see how this will be flipped on its head. People will be pissed off because they get ISPs to disclose all the time on DMCA notices but they can't get disclosure on a murder case. Down the slippery slope we go! Wheeeee....

RE: Banks try to supress recent ATM vulnerability paper.

] Researchers at Cambridge University published information
] on a flaw in banks' procedures that rogue bank employees
] may have been using to learn the PINs from many
] customers' ATM cards. Now some banks are apparently
] trying to suppress the research.

This is a blog thread. Ed Felton linking K5 linking some documents posted by Ross Anderson.

Banks try to supress recent ATM vulnerability paper.

] The Bush administration signed off Friday on the final
] version of the United States' strategy for protecting the
] Internet and securing information systems.

Well, actually, he signed off on it a couple weeks ago, but he released it today. I haven't read it yet. Apparently all the crazy surveillance stuff that people were going nutzo about last year has been removed. However, this is supposedly a very different document from the September version in other ways. I'll try to find time to take a look at it soon.

News: Bush unveils final cybersecurity plan

] Mitnick said Monday that the hackers apparently exploited
] separate flaws in Internet server software from
] Microsoft. The person responsible for the company's
] website failed to apply the repairing patches available
] from Microsoft, Mitnick said.

Mitnick's site is on a shared hosting provider who runs IIS. Where has this guy been?! Oh... Yeah... Nevermind...

Wired News: Mitnick Amused By Website Hacks