] The dispute over who controls key portions of the
] Internet's address system erupted into open conflict
] today when VeriSign Inc., the world's largest addressing
] company, sued the Internet's most visible regulatory
] body, charging that it has been unfairly prevented from
] developing new services for Internet users.

VeriSign's power grab attempts continue.

Verisign Sues ICANN to reinstate Sitefinder!

] SHA-1 has been broken. Not a reduced-round version. Not a
] simplified version. The real thing.

All your digital signatures are belong to us.

You have no chance to survive make new keys.

(well, not really new keys, but you get the drift)

Schneier on Security: SHA-1 Broken

There has been an almost unbelievable amount of hubbub lately about the research that Mike Lynn gave a demonstration of at the BlackHat conference last week, and there's been a positively dizzying amount of "spin" applied to the media. Let me say one thing to everyone reading this, right up front. What Lynn uncovered is a serious issue, probably actually more serious than what the media is making it out to be. While coverage on the issue is good (and useful to both "sides") the lack of actual accurate reporting on the issue isn't helpful to anyone.

Part of the problem is that apparently, outside of the list of BlackHat attendees, there's not that many people running around who truly understand what Lynn's research uncovered. Lynn did not reveal an "exploit" in the usual sense. In fact, Lynn of his own volition has been playing his cards fairly close to his chest on this, and omitted most of the technical details of the problem from his presentation in order to assure that no one would be able to easily "follow in his footsteps". Lynn, it can safely be said, was scared by what he discovered--scared enough that he has risked his livelihood not once but twice in order to be sure that should the technical aspects of what he's found not be resolved before someone with less respect for the continuation of the Internet figures it out for themselves, the network and security administrators of the world will have had time to take some steps to reduce the amount of damage done. It can no longer be thought of as a sure thing that just because a particular vulnerability could "break the Internet" that no one's going to try it just to see if it's really true. We have a rather excellent example in recent history that pretty much everyone is aware of by now... the MS Blaster worm which raged around the Internet wreaking rather unprecedented havok. Pretty much everyone on the Internet was either personally affected by this, or knows someone who was. Blaster made use of a vulnerability that had become rather common knowledge by the time it was released, but had already been known to many security professionals for months. The real problem that made things so painful and propagation of Blaster so widespread, was that for those months, Microsoft had been actively denying that there was ever a problem until Blaster forced them to admit it. Had system administrators been made aware of the issue and the meager steps needed to impede the spread of Blaster (which everyone implemented in a white-hot hurry once their networks were figuratively ablaze) the damage could have been much less indeed.

Cisco is not helping the issue, or I should say, Cisco's lawyers are not helping the issue. Cisco makes some really awesome products, and their technical people can't really be faulted for this one technical flaw. The problem is that Cisco's lawyers are convinced that public knowledge of a serious issue ... [ Read More (1.3k in body) ]

Mike Lynn's 'exploit', in plain (non-technical) English

I’d thank you for your offer of employment at Microsoft, except that it indicates that either you or your research team (or both) couldn’t get a clue if it were pounded into you with baseball bats. What were you going to do with the rest of your afternoon, offer jobs to Richard Stallman and Linus Torvalds? Or were you going to stick to something easier, like talking Pope Benedict into presiding at a Satanist orgy?

Apparently Eric S. Raymond got a job solicitation from Microsoft. I think the circumstances are funnier than his reply, but whatever.

Armed and Dangerous » Microsoft tries to recruit me

Few virus writers now want to hit the front pages, said Mr Hypponen, most prefer to have their creations sneak under the radar, rack up a few thousand unwitting victims who are then milked for money or saleable data.

It appears that Mr Essebar was intending to make money several different ways from the people caught out by the Mytob and Zotob viruses he is alleged to have created.

It seems we are entering a new era of organized crime online. Viruses are no longer the product of kiddies trying to prove they are capable of doing damage. Instead viruses have become a tool of spammers and adware installers.

BBC NEWS | Technology | Money motive drove virus suspects

The Readius is the world’s first prototype of a functional electronic-document reader that can unroll its display to a scale larger than the device itself. With four gray levels, the monochrome, 5-inch QVGA (320 pixels x 240 pixels) display provides paper-like viewing comfort with a high contrast ratio for reading-intensive applications, including text, graphics, and electronic maps.

Philips Paper-like Display Earlier Than Expected

So, right wingers have these t-shirts that say "Bush Country 2004 - My America!" which have the county by county electoral results. I want a t-shirt that says "Pop Country 2004 - My America!" that has this on it.

Now I know how to order a Coke in California, ask for a "soda". Really an interesting visualization though.

My America

] While it's important to respect your children's privacy,
] understanding what your teenager's online slang means and
] how to decipher it is important as you help guide their
] online experience. While it has many nicknames,
] information-age slang is commonly referred to as
] leetspeek, or leet for short.

Wow.

Best quote:

] It's important to remember that the leetspeek community
] encourages new forms and awards individual creativity,
] resulting in a dynamic written language that eludes
] conformity or consistency.

Microsoft at their most transparently self serving:

] Their use could be an indicator that your teenager is
] involved in the theft of intellectual property, particularly
] licensed software.

:-o

Microsoft guide to l33t speak.

OK, I usually don't succumb to memeing those silly internet videos that people send around, but this is absolutely hillarious. Self defense courses for women in Tokyo must be hard core.

daynews.ru - Tokyo purse snatcher gets nailed

An exclusive look at how the hackers called TITAN RAIN are stealing U.S. secrets

Titian Rain sounds like the name of an anime series.

This article tells the story of Shawn Carpenter, a computer security specialist at Sandia Labs, and his clandestine efforts to track the Titan Rain hackers. This shows some shortfalls of our strategy when it comes to tracking network based espionage.

TIME.com: The Invasion of the Chinese Cyberspies