Create an Account
username: password:
 
  MemeStreams Logo

What questions are you asking yourself?

search

Jeremy
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Jeremy's topics
Arts
  Literature
   Classical
   Fiction
   Horror
   Non-Fiction
   Sci-Fi/Fantasy Literature
  Movies
   Movie Genres
    Action/Adventure
    Cult Films
    Documentary
    Drama
    Horror
    Independent Films
    Film Noir
    Sci-Fi/Fantasy Films
    War
  Music
   Music Styles
    Classical
    Electronic Music
    Rap & Hip Hop
    IDM
    Jazz
    World Music
  TV
   TV Documentary
   TV Drama
   SciFi TV
Business
  Finance & Accounting
  Industries
   Tech Industry
   Telecom Industry
  Management
  Markets & Investing
Games
  Video Games
   PC Video Games
   Console Video Games
Health and Wellness
  Medicine
Home and Garden
  Cooking
  Entertaining
Miscellaneous
  Humor
  MemeStreams
   Using MemeStreams
Current Events
  War on Terrorism
  Elections
  Israeli/Palestinian
Recreation
  Cars and Trucks
  Travel
Local Information
  United States
   California
    SF Bay Area
   Events in Washington D.C.
   News for Washington D.C.
   Georgia
    Atlanta
     Atlanta Events
Science
  Biology
  History
  Math
  Medicine
  Nano Tech
  Physics
Society
  Economics
  Education
  Futurism
  International Relations
  History
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
  Military
  Philosophy
Technology
  Biotechnology
  Computers
   (Computer Security)
    Cryptography
   PC Hardware
   Human Computer Interaction
   Computer Networking
   Macintosh
   Software Development
    Open Source Development
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
Current Topic: Computer Security

Digital Vandalism Spurs a Call for Oversight
Topic: Computer Security 12:14 pm EDT, Sep  1, 2003

As Internet users brace for the next round of digital vandalism, some experts say that it is time ...

"What we're seeing is that voluntary efforts are insufficient, and the repercussions are vast," says Michael A. Vatis, former director of the National Infrastructure Protection Center at the Federal Bureau of Investigation.

... One proposal would require public companies to disclose potential computer security risks in SEC filings. [ Ha! ]

"There's a reason this kind of thing doesn't happen with automobiles," says Bruce Schneier.

A new California law requires disclosure of computer security breaches if they result in unauthorized access to residents' personal information; customers can sue businesses in violation for civil damages. A new Pew survey said 60 percent favor requiring corporations to disclose vulnerability information.

"I kind of despair of the government doing anything," said Richard A. Clarke.

I can see it now: "This software may contain certain forward-looking statements ... [which] are necessary estimates reflecting the best judgment of jun^h^h^hsenior programmers that rely on a number of assumptions ..."

If you are unable to actually solve your problems, you can at least generate a lot of paperwork to document those failures for posterity.

From the new employee manual: "All source code must be reviewed by legal ... A financial impact statement must be provided for each entry in the programmer-provided risk assessment ..."

Digital Vandalism Spurs a Call for Oversight


MCI Faces Federal Fraud Inquiry on Fees for Long-Distance Calls
Topic: Computer Security 10:33 am EDT, Jul 27, 2003

Justice Department officials have evidence that MCI may, in effect, have "laundered" calls through small telephone companies, and even redirected domestic calls through Canada, to avoid paying access fees or shift them to rival long-distance carriers, according to people involved in the investigation.

The lawyers told the investigators that the tests also showed that the billing codes that are transmitted with telephone calls in data packets had been doctored.

Canada. Where Americans go for cheap prescriptions, cheap phone calls, and more.

MCI Faces Federal Fraud Inquiry on Fees for Long-Distance Calls


Secret Handshakes from Pairing-Based Key Agreements
Topic: Computer Security 10:32 pm EDT, Jun 10, 2003

This scheme allows Alice to ask Bob if Bob is a warez site, but if it turns out that Bob is the RIAA he cannot prove that Alice asked for warez, and if it turns out that Alice is the RIAA she cannot prove that Bob is a warez site.

Secret Handshakes from Pairing-Based Key Agreements


Hacker Gathering Described As Roundup Of Cyberspace Cowboys
Topic: Computer Security 11:20 pm EDT, Jun  9, 2003

Summercon was covered by the AP Wire, and several outlets picked up the story, including CNN, the Globe and Mail, and others.

Unfortunately, the article is nothing more than a rehash of "white hat" and "black hat."

Hacker Gathering Described As Roundup Of Cyberspace Cowboys


Now Open: National Cyber Security Division
Topic: Computer Security 10:26 pm EDT, Jun  9, 2003

Department of Homeland Security (DHS) Secretary Tom Ridge announced Friday the agency has created the National Cyber Security Division (NCSD) to combat Internet-based attacks against government and critical private sector backbone networks.

The new department will be under the DHS' Information Analysis and Infrastructure Protection Directorate (IAIP), which reports directly to Ridge. Robert Liscouski, the Assistant Secretary of Homeland Security for Infrastructure Protection, will oversee NCSD while it seeks a permanent director, who will essentially be the nation's cyber czar.

The new department aims to respond to major incidents, aid in national level recovery efforts, issue alerts and warnings, and conduct ongoing cyberspace analysis.

From a similar Washington Post article: The division will have three sections. One will identify cybersecurity risks to the government, and coordinate with the private sector on how to minimize them. Another will oversee the Cyber Security Tracking, Analysis & Response Center. CSTARC, as the department labeled it, will respond to Internet "events," track vulnerabilities and coordinate with federal, state and local governments, as well as the private sector and international security groups. The third section will create cybersecurity education programs for consumers, businesses, governments, academia and the international community.

We can only hope that the "educational" programs are as much fun as the bio-defense cartoons.

Now Open: National Cyber Security Division


Defending Against an Internet-based Attack on the Physical World [PDF]
Topic: Computer Security 6:39 am EDT, Apr 16, 2003

We discuss the dangers that scalable Internet functionality may present to the real world, focusing on a simple yet impactful attack that we believe may occur quite soon. We offer and critique various solutions to this class of attack and hope to provide a warning to the Internet community of what is currently possible. The attack is, to some degree, a consequence of the availability of private information on the Web, and the increase in the amount of personal information that users must reveal to obtain Web services.

Avi Rubin's latest effort; this paper is profiled in today's NYT.

Defending Against an Internet-based Attack on the Physical World [PDF]


Who Goes There?: Authentication Through the Lens of Privacy
Topic: Computer Security 8:03 pm EDT, Apr  8, 2003

The Computer Science Technology Board of the National Academy of Sciences has released a pre-publication version of their latest report. The report discusses the privacy implications of various proposed and deployed authentication technologies.

Who Goes There?: Authentication Through the Lens of Privacy


On the Economics of Anonymity [PDF]
Topic: Computer Security 12:41 am EST, Apr  3, 2003

Decentralized anonymity infrastructures are still not in wide use today.

While there are technical barriers to a secure robust design, our lack of understanding of the incentives to participate in such systems remains a major roadblock.

Here we present new insights about how to align incentives to create an economically workable system for both users and infrastructure operators.

We explore some reasons why anonymity systems are particularly hard to deploy, enumerate the incentives to participate either as senders or also as nodes, and build a general model to describe the effects of these incentives.

We then describe and justify some simplifying assumptions to make the model manageable, and compare optimal strategies for participants based on a variety of scenarios.

This paper was presented at Financial Cryptography 2003. Authors are from UCB, MIT, and NRL.

On the Economics of Anonymity [PDF]


Who knows the evil that lurks in the buffers of men? The Stack knows!
Topic: Computer Security 10:50 pm EST, Apr  1, 2003

] Firewalls, packet filters, intrusion detection systems,
] and the like often have difficulty distinguishing between
] packets that have malicious intent and those that are
] merely unusual. We define a security flag in the IPv4
] header as a means of distinguishing the two cases.

:)

Who knows the evil that lurks in the buffers of men? The Stack knows!


A Technique for Counting NATted Hosts [PDF]
Topic: Computer Security 12:32 pm EST, Feb  8, 2003

Decius wrote: "Steven Bellovin is at it again."

Abstract: There have been many attempts to measure how many hosts are on the Internet. Many of those endpoints, however, are NAT boxes (Network Address Translators), and actually represent several different computers. We describe a technique for detecting NATs and counting the number of active hosts behind them. The technique is based on the observation that on many operating systems, the IP header’s ID field is a simple counter. By suitable processing of trace data, packets emanating from individual machines can be isolated, and the number of machines determined. Our implementation, tested on aggregated local trace data, demonstrates the feasibility (and limitations) of the scheme.

A Technique for Counting NATted Hosts [PDF]


(Last) Newer << 1 - 2 - 3 - 4 - 5 - 6 - 7 >> Older (First)
 
 
Powered By Industrial Memetics
RSS2.0