| |
| Current Topic: Computer Security |
|
RE: Metered Pay-as-you-go Computing Experience USPTO 0080319910 |
|
|
|---|
| Topic: Computer Security |
6:55 pm EST, Dec 29, 2008 |
From the abstract of a recent Microsoft patent application: A computer with scalable performance level components and selectable software and service options has a user interface that allows individual performance levels to be selected ... To support a pay-per-use business model, each selectable item may have a cost associated with it, allowing a user to pay for the services actually selected and that presumably correspond to the task or tasks being performed. An administrator may use a similar user interface to set performance levels for each computer in a network, allowing performance and cost to be set according to a user's requirements.
Acidus wrote: ... uhhhhh time sharing as prior art?
Oh, but you are neglecting this part: All this is possible because the metering agents and specific elements of the security module 202 allow an underwriter in the supply chain to confidently supply a computer at little or no upfront cost to a user or business, aware that their investment is protected and that the scalable performance capabilities generate revenue commensurate with actual performance level settings and usage.
And, as Bill Joy recently explained to Malcolm Gladwell about his experiences on the time sharing system at the University of Michigan: "The challenge was that they gave all the students an account with a fixed amount of money, so your time would run out. When you signed on, you would put in how long you wanted to spend on the computer. They gave you, like, an hour of time. That's all you'd get. But someone figured out that if you put in 'time equals' and then a letter, like t equals k, they wouldn't charge you," he said, laughing at the memory. "It was a bug in the software. You could put in t equals k and sit there forever."
RE: Metered Pay-as-you-go Computing Experience USPTO 0080319910 |
|
Microsoft Security Bulletin Advance Notification for October 2008 |
|
|
|---|
| Topic: Computer Security |
1:04 pm EDT, Oct 23, 2008 |
Things that make you go "hmmm..." This is an advance notification of an out-of-band security bulletin that Microsoft is intending to release on October 23, 2008. This bulletin advance notification will be replaced with the revised October bulletin summary on October 23, 2008. The revised bulletin summary will include the out-of-band security bulletin as well as the security bulletins already released on October 14, 2008. Microsoft is hosting a webcast to address customer questions on this out-of-band security bulletin on October 23, 2008, at 1:00 PM Pacific Time (US & Canada). Register now for the Out-of-Band Security Bulletin Webcast. After this date, this webcast is available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts.
See here for more details: This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter. This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and rated Important for all supported editions of Windows Vista and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section. The security update addresses the vulnerability by correcting the way that the Server service handles RPC requests. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information. Recommendation. Microsoft recommends that customers apply the update immediately.
Microsoft Security Bulletin Advance Notification for October 2008 |
|
T hacking exposes a deeper clash |
|
|
|---|
| Topic: Computer Security |
1:18 pm EDT, Aug 18, 2008 |
Front page, above-the-fold, of today's Boston Globe: Where agency sees attack, MIT students talk of constructive exploration
This article doesn't really break any news, particularly for those who were at DEFCON or who followed the recent threads. But they did make room for this explanation: "I've always been interested in electronics," said Anderson, who grew up scouring alleyways for discarded machines. "Ever since I was a little kid, I would take things apart to see how they work." These days, he proudly calls himself a hacker. "If a lot of people think hacker, they think of someone who illegally breaks into systems," he said. "I don't at all think that's what hacker means. I think hacking is a culture of curiosity and exploration and learning and building and creating new things."
From the archive: The Craftsman continues an argument begun in the 19th century, when writers such as John Ruskin and William Morris extolled the crafts remembered in our surnames (Smith, Cartwright, Thatcher, Mason, Fletcher) while lamenting the mind-numbing and soul-destroying labour of the industrial process which was replacing them. A long line of thinkers, from Hegel and Marx to Sennett’s teacher Hannah Arendt, have sympathised with the argument. But Sennett does not think that craftsmanship has vanished from our world. On the contrary: it has merely migrated to other regions of human enterprise, so that the delicate form of skilled cooperation that once produced a cathedral now produces the Linux software system. Linux, for Sennett, is the work of a community of craftsmen “who embody some of the elements first celebrated in the (Homeric) Hymn to Hephaestus”.
The spread of Enterprise Systems has resulted in a declining emphasis on creativity and ingenuity of workers, and the destruction of a sense of community in the workplace by the ceaseless reengineering of the way businesses operate. The concept of a career has become increasingly meaningless in a setting in which employees have neither skills of which they might be proud nor an audience of independently minded fellow workers that might recognize their value. The evidence suggests that from an executive perspective, the most desirable employees may no longer necessarily be those with proven ability and judgment, but those who can be counted on to follow orders and be good "team players."
T hacking exposes a deeper clash |
|
Georgian president's Web site moves to Atlanta |
|
|
|---|
| Topic: Computer Security |
9:12 am EDT, Aug 12, 2008 |
Atlanta is just as hosed as Georgia. The Web site of the president of Georgia, the small nation that is battling Russian forces over a breakaway enclave, was moved to a US hosting facility this weekend after allegedly being attacked by Russian hackers.
Georgian president's Web site moves to Atlanta |
|
Black Hat Talk on Apple Encryption Flaw Pulled |
|
|
|---|
| Topic: Computer Security |
7:30 am EDT, Aug 6, 2008 |
A security researcher who was set to speak at Black Hat next week on a previously undiscovered flaw in FileVault has canceled his talk, citing confidentiality agreements. Charles Edge had been slated to discuss his research on a weakness that could be used to defeat FileVault. But sometime last week, Black Hat organizers pulled his name and presentation listing from its schedule of talks. ... Update: Looks like yet another talk about Apple security will be canceled at Black Hat this year. Apple has pulled its security engineering team out of a planned public discussion on the company's security practices.
See also: Leave Steve Jobs Alone!!! (pnsfw audio) From the archive: Border searches of laptops; seizure Unlocking FileVault Laptop border searches OK'd Faster PwninG Assured: Cracking Crypto with FPGAs
Circumventing Automated JavaScript Analysis Tools DOMinatrix - The JavaScript SQL Injector Richard Clarke leveled the harshest language on the Bush administration. "The Bush administration has systematically reduced the work to secure cyberspace." Hacker Pranks at Defcon and Black Hat in Las Vegas Emphasize Computer Security, Abaddon causing a ruckus at Black Hat, and Mike Lynn's Glorious Escapades HID Global statement on IOActive withdrawing their Black Hat presentation
Crime is sport in the US. All the way back to the black hat wearing cowboy to OJ and Scott Peterson, we have a love affair with criminals, and are addicted to punishment. It makes us feel tough and reinforces other false ideals in our culture (morality, justice for all, bravery, etc.).
Black Hat Talk on Apple Encryption Flaw Pulled |
|
How Crypto Won the DVD War | Threat Level from Wired.com |
|
|
|---|
| Topic: Computer Security |
6:23 am EST, Feb 27, 2008 |
Support from studios has been widely cited as the reason for Blu-ray's victory, but few consumers know that the studios were likely won over by the presence of a digital lock on movies called BD+, a far more sophisticated and resilient digital rights management, or DRM, system than that offered by HD DVD.
This is very interesting. How Crypto Won the DVD War | Threat Level from Wired.com |
|
Security Data Visualization: Graphical Techniques for Network Analysis |
|
|
|---|
| Topic: Computer Security |
3:35 pm EST, Jan 25, 2008 |
Greg Conti published a book last October!Information overload. If you're responsible for maintaining your network's security, you're living with it every day. Logs, alerts, packet captures, and even binary files take time and effort to analyze using text-based tools - and once your analysis is complete, the picture isn't always clear, or timely. And time is of the essence. Information visualization is a branch of computer science concerned with modeling complex data using interactive images. When applied to network data, these interactive graphics allow administrators to quickly analyze, understand, and respond to emerging threats and vulnerabilities. Security Data Visualization is a well-researched and richly illustrated introduction to the field. Greg Conti, creator of the network and security visualization tool RUMINT, shows you how to graph and display network data using a variety of tools so that you can understand complex datasets at a glance. And once you've seen what a network attack looks like, you'll have a better understanding of its low-level behavior - like how vulnerabilities are exploited and how worms and viruses propagate. You'll learn how to use visualization techniques to: # Audit your network for vulnerabilities using free visualization tools, such as AfterGlow and RUMINT
# See the underlying structure of a text file and explore the faulty security behavior of a Microsoft Word document
# Gain insight into large amounts of low-level packet data
# Identify and dissect port scans, Nessus vulnerability assessments, and Metasploit attacks
# View the global spread of the Sony rootkit, analyze antivirus effectiveness, and monitor widespread network attacks
# View and analyze firewall and intrusion detection system (IDS) logs Security visualization systems display data in ways that are illuminating to both professionals and amateurs. Once you've finished reading this book, you'll understand how visualization can make your response to security threats faster and more effective
You can download Chapter 5, "One Night on my ISP", from the publisher. Security Data Visualization: Graphical Techniques for Network Analysis |
|
An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants |
|
|
|---|
| Topic: Computer Security |
6:42 am EST, Dec 6, 2007 |
This paper studies an active underground economy which specializes in the commoditization of activities such as credit card fraud, identity theft, spamming, phishing, online credential theft, and the sale of compromised hosts. Using a seven month trace of logs collected from an active underground market operating on public Internet chat networks, we measure how the shift from “hacking for fun” to “hacking for profit” has given birth to a societal substrate mature enough to steal wealth into the millions of dollars in less than one year.
An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants |
|
WEIS 2008 - The Seventh Workshop on the Economics of Information Security |
|
|
|---|
| Topic: Computer Security |
6:49 am EDT, Nov 2, 2007 |
Information security requires not only technology, but a clear understanding of risks, decision-making behaviors and metrics for evaluating business and policy options. How much should we spend on security? What incentives really drive privacy decisions? What are the trade-offs that individuals, firms, and governments face when allocating resources to protect data assets? Are there good ways to distribute risks and align goals when securing information systems? While organizations and individuals face new and evolving technical challenges, we know that security and privacy threats rarely have purely technical causes. Economic, behavioral, and legal factors often contribute as much as technology to the dependability of information and information systems. The application of economic analysis to these problems has proven to be an exciting and fruitful area of research.
WEIS 2008 - The Seventh Workshop on the Economics of Information Security |
|
