Shostack + Friends Blog Archive

 
 

Sony, Respecting Their Customer

Over at Sysinternals, Mark posts “Sony, Rootkits and Digital Rights Management Gone Too Far.” [Update: If that doesn’t work, try Sysinternals Blog; when I checked, it was the first post.] If you’re at all technical, read it closely. If you’re not, you should at least skim it. The story is that Mark (who knows more […]

 

American Express and Privacy

There’s a fascinating story at imedia connection, “Why Consumers Trust American Express:” How has American Express retained its position? Kimberly Forde, an American Express spokesperson, told me that “American Express is very pleased to be recognized by consumers for its ongoing and strong commitment to privacy.” Moreover, she felt that American Express had done a […]

 

Imperial Ambition, Poor Execution

In “The endgame on Iraq began a long time ago,” Thomas Barnett writes some shocking things: This is Musab al-Zarqawi’s worst nightmare: the Americans safe behind their compound walls and everyday he’s doing battle against Iraqis, or-more to the point-against Shiites increasingly backed by Iran, no friend to the global Salafi jihadist movement, being as […]

 

First Hand Report about New TSA Indignities

In “GE Puffer Stinks of Dr. Strangelove,” Kim Cameron writes about his experiences with the new explosive detection machines: People, I really hated the GE product. It is tiny, and closes around you. I felt seriously claustrophobic. Then it shot bursts of air at me so hard it actually hurt. I had been told there […]

 

Fall Back

Its that time of year again, when Congress decrees that you shift your clock back an hour to save miniscule amounts of energy. The fine folks of Arizona and Indiana have noticed that Congress doesn’t really have the power to regulate time, and don’t like playing along. But if you think about it, time is […]

 
 

Porsches make you healthy

Well, I don’t know that for sure. But I am pretty sure that Porsche owners overall are healthier than those who don’t own Porsches. Maybe you have to control for age. Similarly, it seems that being a customer of certain companies apparently somehow causes less nastiness to befall ones computing infrastructure. Jaquith handily, yet unwittingly, […]

 

Quick pointer to virtual worminess

If Nick Weaver and Jose Nazario are writing about it, it’s probably way over my head, or interesting, or both. I am happy to say this is in the second category.

 

Ahmadinejad and Wiping Israel Off The Map

Posted by Adam It seems that most everything that one could say about the President of Iran calling for Israel to be wiped off the map has been said. Good articles include Daniel Drezner’s “How crazy is Mahmoud Ahmadi-Nejad?” (about the strategy behind the statement), Hossein (Hoder) Derakhshan’s “The fundamentalist minority” (about how Iranians feel […]

 

The Importance of Attitude

Tom Peters has a blog, and in “The Days of Our Lives,” writes about the importance of being present for your customers, not for yourself. I really like his blog. It has a good mix of hubris and humility: This may be day 45 and mile 76,000 for me, but for the Client it is […]

 

Star Wars: Economy Of Mechanism

Before I start on the Star Wars part of today’s Friday Star Wars Security blogging, I need to explain who Saltzer and Schroeder are, and why I keep referring to them. Back when I was a baby in diapers, Jerome Saltzer and Michael Schoeder wrote a paper “The Protection of Information in Computer Systems.” That […]

 

Check images increase forgery and ID theft risks?

The October 26 on-line edition of American Banker (gotta pay to see it, so no link from me) discusses new technologies as possible enablers of check forging, in an article by Daniel Wolfe, “The Tech Scene: Check Images A New Frontier For Forgery?” The overall point is that since banks store check images and provide […]

 

White Sox futures market

For the last couple of weeks, peddlers have set up shop just outside Chicago’s Union Station to sell White Sox paraphernalia. Once the Sox were in the Series, I noticed an interesting phenomenon. Hats were selling for $10.00 after game two of the series. After game three, they were down to $5.00. After game 4 […]

 

Dog bites man really is boring

Red Herring reports on a claim by Cybertrust that recovering from Zotob cost the average infected company $97,000. Sounds moderately interesting, until you learn that the industry hardest hit, healthcare, had 74% of its respondents totally unaffected. For financial firms, 93% were totally unaffected. Overall, nearly 90% of firms had no impact. Nada. Alternative headlines […]

 

Lowering Ourselves

It occurs to me that when a senior US governement lawyer says: foreign citizens passing through American airports have almost no rights. At most, Mary Mason told a hearing in Brooklyn, N.Y., passengers would have the right not to be subjected to “gross physical abuse.” that they are in direct contradiction to the US Constitution […]

 

Flogging The Simian Is Back

In “A Life, Observed,” I mentioned that I’d been enjoying “Flogging The Simian,” and that she’d left due to privacy issues. Well, she’s back, and so are her “PDBs,” her summaries of what’s interesting: ‘” read approximately 50 newspapers every morning and report what I find there, with an emphasis on foreign or international events.” […]

 

Trick-Or-Treaters To Be Subject To Random Bag Searches

America’s Finest News source reports, “Trick-Or-Treaters To Be Subject To Random Bag Searches:” “Individuals concealing their identities through clever disguise, and under cover of night, may attempt to use the unspecified threat of ‘tricks’ to extort ‘treats’ from unsuspecting victims,” Chertoff said. “Such scare tactics may have been tolerated in the past, but they will […]

 

Code/Data Separation

As I mentioned in my “Blue Hat Report,” I want to expand on one of my answers I gave to a question there. My answer involved better separation of code and data. I’ve since found, in talking to a variety of folks, that the concept is not so obvious as it seems to me. The […]

 

The President Endorses This Blog

You might have thought that the White House had enough on its plate late last month, what with its search for a new Supreme Court nominee, the continuing war in Iraq and the C.I.A. leak investigation. But it found time to add another item to its agenda – stopping The Onion, the satirical newspaper, from […]

 

Delicious Offload

I’ve set up a Delicious feed for stuff that I want to point to, but don’t have either anything to add, or time to add it. I feel sort of bad doing this; I’d like to discuss John Gilmore on the New York Times, but all I have to say is bravo!

 

Counting In Computer Security

Last week in “Notes from the Security Road,” Mike Nash wrote: My favorite moment on the trip — which actually resulted in my circumnavigating the entire globe in just a week — was when we illustrated the difference in the number of vulnerabilities in Windows Server 2003 compared to its competitive product, Red Hat Enterprise […]

 

Rosa Parks

Rosa Parks passed away this evening. She was 92.

 

Business lobbies engage in rent-seeking. Masses not moved. Film at 11.

Various data protection bills to be consolidated? [P]ressure to act isn’t coming from the public clamoring for protection of their private information, it is coming from the business community that fears 50 different state laws. In many ways this improves the chances for a new federal law, because while the onslaught of data breach stories […]

 

How Not To Train Users

To provide the fastest access to our home page for all of our millions of customers and other visitors, we have made signing in to Online Banking secure without making the entire page secure. Again, please be assured that your ID and passcode are secure and that only Bank of America has access to them. […]

 

Flock's Progress

Posted by Adam Lots and lots of people are commenting on the first public release of flock. After I met Bart Decrem, he was nice enough to let me into the alpha, and so I’d like to offer a slightly different perspective, about what’s changed, and the rate of change. I think that examining what’s […]

 

Sessions Bill/Breach Monday

In ‘honor’ of the Sessions bill (see “The hand is quicker than the eye” and “Adding Silent Insult to Injury (Senator Sessions’ ‘privacy’ act)“), we offer up stories about three breaches. Under Sessions’ bad law, the state of Georgia would not be coming clean with its residents, nor would the California school system. I think […]

 

5.2% of Georgia residents to get Notice of Stolen Personal Data

State officials on Friday began notifying 465,000 Georgians that they might be at risk of identity theft because of a government security breach detected in April. Joyce Goldberg, spokeswoman for the Georgia Technology Authority, emphasized that officials had no evidence that any personal data had been used for fraudulent purposes. But she said officials are […]

 

California Schools, "tens of thousands" of Student Records, Default Passwords

The personal information of tens of thousands of California children — including their names, state achievement test scores, identification numbers and status in gifted or special-needs programs — is open to public view through a security loophole in dozens of school districts statewide that use a popular education software system. … The problem occurs when […]

 

Montclair State University, 9,100 SSNs, Exposed Files

Due to what Montclair State University officials are calling an “inadvertent error,” the social security numbers of 9,100 Montclair State University students were made available online for nearly five months, putting each student at risk for identity theft and credit fraud. Etc, etc, files found by a student ego-surfing on Google. Read “Negligence At MSU […]

 

Archimedes' Death Ray, Take 2

Earlier this month, I posted “Archimedes’ Death Ray,” about the MIT team trying to replicate Archimedes’ legendary defense of Syracuse, setting fire to ships with polished mirrors. Now Mythbusters has brought MIT Professor David Wallace to San Francisco to: …attempt to set fire to an 80-year-old fishing boat with a contraption made of 300 square […]

 

People Hate Being Laughed At

Omid Sheikhan has been sentenced by the Iranian court to one year in prison and 124 lashes. Omid was first arrested last year, confined for two months, including one in solitary confinement, and tortured, due to his blog which featured satire on the Iranian situation. When he was brought to court on October 8 he […]

 

Adding Silent Insult to Injury (Senator Sessions' "privacy" act)

I just skimmed the Sessions’ bill which Chris linked to. It has a great provision for allowing the fox to not only guard the henhouse, but also to control the alarm system: 3(b)(1)(A) IN GENERAL- If an agency or person that owns or licenses computerized data containing sensitive personal information, determines, after discovery and a […]

 

The hand is quicker than the eye

Arlen Specter and Pat Leahy have proposed the “Personal Data Privacy and Security Act of 2005“. This is a comprehensive proposal, and is opposed big-time by various industry lobbies. As reported in the October 21, 2005 American Banker, this bill has hit a snag, and is languishing in Committee. Meanwhile, another bill, courtesy of Jeff […]

 

Critical Map of Alaska Disappears

‘There is a Party slogan dealing with the control of the past,’ [O’Brien] said. ‘Repeat it, if you please.’ ‘”Who controls the past controls the future: who controls the present controls the past,”‘ repeated Winston obediently. ‘”Who controls the present controls the past,”‘ said O’Brien, nodding his head with slow approval. ‘Is it your opinion, […]

 

Snotty Worm Coming?

Posted by Adam Richard Bejtlich predicts that the Snort network monitoring tool will be hit with a worm shortly in “The Coming Snort Worm.” He has some good qualitative analysis, and Tom Ptacek disagrees with him in “Opposition Research.” I find it fascinating that we know so little that two smart guys like Tom and […]

 

Don't Have a Cow!

Or, perhaps, in this instance, having a cow would be a perfectly fine response, as it is revealed that the average European cow gets a subsidy of $2.62 a day. About 3,000,000,000 people live on less than that. Doubtless, if cows could call their representatives and vote, the subsidy would be higher. (Research by Oxfam, […]

 

Horton Hears a Heart

Brilliant retelling of the Tell-tale Heart, by Poe, in the style of Dr. Suess. True, I’ve been shaken – and true, I’ve been bad. But how can you say that this elephant’s mad? This Loopidy sickness has sharpened my brain! My ears are quite large, and I hear things quite plain. So before you pass […]

 

Bubblicious

As we now know courtesy of the Philippines’ National Capital Regional Police Office, a typical terrorist is “a man aged 17 to 35, wearing a ball cap, carrying a backpack, clutching a cellular phone and acting uneasily” [manilatimes.net]. This critical piece of intelligence, I am sorry to report, seems to have taken a step closer […]

 

Map of London

OpenStreetMap is a project aimed squarely at providing free geographic data such as street maps to anyone who wants them. This is because most maps you might think of as free actually have legal or technical restrictions on their use, holding back people from all walks of life who would like to use a map […]

 

Pop!Tech ('Pointer' post by Adam)

I don’t know how Ethan Zuckerman is finding time to enjoy the conference, but his series of posts from Pop!Tech make me jealous that I’m missing it.

 

"The Force Is Strong In My Family"

In Friday Star Wars Security blogging, I was planning to start on Saltzer and Schroeder this week. But I’m going to detour a bit into genetic privacy (and Star Wars, of course). I’m inspired in part by an interview over at GeneForum with bioethicist Insoo Hyun. Hyun is studying cloning with the South Korean team […]

 

Following up "Liability for Bugs"

Chris just wrote a long article on “Liability for bugs is part of the solution.” It starts “Recently, Howard Schmidt suggested that coders be held personally liable for damage caused by bugs in code they write.” Chris talks about market failures, but I’d like to take a different direction and talk about organizational failures. Security […]

 

Liability for bugs is part of the solution

Recently, Howard Schmidt suggested that coders be held personally liable for damage caused by bugs in code they write. The boldness of this suggestion is exceeded only by its foolhardiness, but its motivation touches an important truth — alot of code stinks, and people are damaged by it. The reason good programs (which means those […]

 

The prescience of the Beeb

Via Alec Muffett’s dropsafe, I learned of a British SF television program which eerily predicted a future Britain in which a sinister governmental department that has abolished individual rights and introduced ID cards for all citizens, rationing and sophisticated electronic surveillance I would have preferred to have gotten a transdimensional police box.

 

Your Printer, Tool of the Man

The EFF has done some great work on how high resolution color printers are embedding tracers in every document they print. It’s at “DocuColor Tracking Dot Decoding Guide.” I’d call them high quality printers, but how could I? They intentionally distort every document they print on the off-chance it contains evidence of thoughtcrime. The work […]

 

How To Notify Customers After a Breach

I referenced Larry Ponemon’s “After a privacy breach, how should you break the news?” months ago. Now there’s more data, in a survey sponsored by the law firm of White and Case. They have a press release, and you can download the full survey. As Chris pointed out, knowledge is good. According to the survey, […]

 

Interesting Tidbits (Adam)

John Gruber has an interesting article on the economics of being a one-man software shop, “The Life.” He uses the case of Brent Simmons and NetNewsWire to shed light on why the life of a small software development shop is so hard. Jeff Veen of Adaptive Path has announced “MeasureMap,” a new blog-focused log analysis […]

 

Here's to you, New York…

From New York’s Information Security Breach and Notification Act: 7. (A) IN THE EVENT THAT ANY NEW YORK RESIDENTS ARE TO BE NOTIFIED AT ONE TIME, THE PERSON OR BUSINESS SHALL NOTIFY THE STATE ATTORNEY GENER- AL, THE CONSUMER PROTECTION BOARD, AND THE STATE OFFICE OF CYBER SECURI- TY AND CRITICAL INFRASTRUCTURE COORDINATION AS TO […]

 

MS Security 360 Webcast archive

The roundtable I did as part of the Security 360 (with Amy Roberts, Peter Cullen, and Gerry Gebel) is now archived at “Microsoft Executive Circle Webcast: Security360 with Mike Nash: Managing Privacy in Your Organization.” Since I’ve been posting a lot recently, I’ll repeat: after filming I participated in Microsoft’s Blue Hat, you can read […]

 

UK ID Cards a Doubly Bad Idea

Microsoft UK National Technology Officer Jerry Fishenden warns that the push for a national ID card in Great Britain could lead to identity fraud on a gigantic scale unlike anything that has been seen before. The Register reports… and Charles Clarke confirms that ID cards will be a massive waste of both time and money […]

 

Security Costs of Logging

In “Online Dirty Tricks at American Airlines ” Gary Leff reports: The Wikipedia entry on the Wright Amendment (the law which restricts destinations of flights taking off from Dallas’ Love Field, which serves — and was intended — to protect American Airlines from Southwest) was edited by someone using an American Airlines domain. Someone using […]

 

Thanks, Adam

I’ll confess to some stage fright, since this blog’s readership is probably two or three orders of magnitude larger than what my fortnightly rants over at my place probably garner. Anyway, I hope to have posts forthcoming about a few things, among them CVSS, and research into estimating the impact of security events (variously defined) […]

 

Introducing Chris Walsh

One of the things that happens as a blog takes on a personality is that readers start to send you links to things that are “more your blog than theirs.” Over the last few months, Chris has fed me something between a third and a half of the breaches listed in my breaches archive. At […]

 

Now Headlining: The Emergent Chaos Jazz Combo

As I experiment with bringing in guest bloggers, the old subtitle of the blog, ‘Musings from Adam Shostack on security, privacy, and economics’ is now inaccurate. Now I could simply declare this “Adam Shostack and friends,” but that is both boring and, with no offense to my invitees, inaccurate. (I’ve never met the fellow who […]

 

Watch our webcast!

Last week, I was in Redmond for a few days, filming a roundtable discussion with Amy Roberts of Microsoft, Gerry Gebel of the Burton Group and Peter Cullen, Microsoft’s Chief Privacy Strategist. I think we had a great discussion, the time went by really quickly. I hope that the good energy we had in the […]

 

First Shmoocon Speaker List

Shmoocon was a great get-together last year, and I look forward to being there this year, especially now that they’ve announced a first batch of speakers. Via the Shmoocon RSS feed. No, just kidding, they don’t have an RSS feed.

 

Blue Hat Report

The other thing I did at Microsoft last week was I participated in Blue Hat. Microsoft invites a selection of interesting researchers to come to Redmond and present a talk to a variety of people within the company. Blue Hat is organized by Kymberlee Price, who works with Andrew Cushman, and they did a great […]

 

Security 360 With Mike Nash (and Adam)

Last week, I was in Redmond for a few days, filming a roundtable discussion with Amy Roberts of Microsoft, Gerry Gebel of the Burton Group and Peter Cullen, Microsoft’s Chief Privacy Strategist. I think we had a great discussion, the time went by really quickly. I hope that the good energy we had in the […]

 

AOL and DHS: Where's the Proof?

Several folks have sent me a link to a Free Market News article “HOMELAND SEC. SURVEIL ALL AOL FILES,” with a suggestion I link to it. I thought it was squirrelly, but when the normally quality Chief Security Officer Magazine picks it up, I felt a need to respond. And frankly, I call bull. by […]

 

Small Travel Annoyances

I’ve slept in three different hotels in the last ten days or so, and noticed a number of things that (seemingly) could be done a lot better. The first is voice mail spam. I get no warm fuzzy from picking up a pre-recorded voice mail welcoming me to the hotel. But I do get to […]

 

Dangerous Meme

If you have to educate people to not use the tools you have given them in a certain way to remain secure you have failed. Relying on security awareness training is an admission of failure. This meme must be eradicated from the gene pool. So writes Rich Stiennon in “Dangerous meme.” He’s absolutely right. Training […]

 

Who's On Drugs?

Over at the History News Network, Keith Halderman reports on medical marijuana. It seems that the cool kids don’t want to be taking any drug that old geezers use: “Nine years after the passage of the nation’s first state medical marijuana law, California’s Prop. 215, a considerable body of data shows that no state with […]

 

Daniel Cuthbert's Chewbacca Defense

We take a break from our regularly scheduled, deeply-movie-focused, Friday Star Wars security blogging to mention the Chewbacca defense, and its interplay with a story that’s floating around. First, if you’re not familiar with it, “The ‘Chewbacca Defense‘ is a satirical term for any legal strategy that seeks to overwhelm its audience with nonsensical arguments […]

 

Blue Hat

I’m at Microsoft’s ‘Blue Hat’ event, and it’s been fascinating. Very senior folks got briefed today while I sat in the back of the room and (mostly) listened. I’ll blog some thoughts shortly, but I expect to continue to be mostly unresponsive through Sunday.

 

Codecon 2006 Call For Papers

February 10-12, 2006 San Francisco CA, USA codecon is the premier showcase of cutting edge software development. It is an excellent opportunity for programmers to demonstrate their work and keep abreast of what’s going on in their community. All presentations must include working demonstrations, ideally accompanied by source code. Presentations must be done by one […]

 

A Profusion of Taxonomies

In “In the Classification Kingdom, Only the Fittest Survive,” Carol Kaesuk Yoon writes about the profusion of naming schemes for animals: Then there’s uBio, which has sidestepped the question of codes and regulations altogether and instead aims to record every single name ever used for any organism, scientific or common, correct or incorrect, down to […]

 

Editorial Parameters?

One of the things that I’ve meant to do here is have a little chaos now and then, and see what emerges. One type of chaos that I’ve been aiming for is carefully selected guest bloggers. In talking to someone about that, he asked: What are the editorial parameters? Looking to avoid a possible “I […]

 

Businesses For Privacy

Some prominent business organizations are complaining to Congress that the Patriot Act makes it too easy for the government to get confidential business records. These groups endorsed proposed amendments that would require investigators to say how the information they seek is linked to individual suspected terrorists or spies. The changes also would allow businesses to […]

 

Airport Screening Is Not A Game?

A few weeks ago, I reported on PlayMobil’s airport screening playset in “From The Mouths of Toymakers.” Dan Solove shows his true commitment by buying one, and documenting his hours of fun in “The Airline Screening Playset: Hours of Fun!” Read it.

 

The Future of Government: Exclusive and Effective?

In Balkinization, Stephen Griffin writes about the efforts to get government and society functional again in New Orleans in “The Katrina Experiment.” In a pair of posts that are, to me, closely related, Michael Froomkin writes about “My notes from the ‘The Great Debate’ at State of Play III” and “Summing Up ‘The Great Debate’ […]

 

The Nation-State: Violent and Exclusive

I usually call my collections of links ‘small bits,’ rather than roundups, because I make no effort to round up all of what’s interesting about a subject. But today’s subject, especially the first items, I can not call small. I start with the most horrific, Rebecca MacKinnon’s “Chinese activist bludgoned to death in front of […]

 

Bank of America, some credit card numbers, laptop

In a letters sent to Buxx [prepaid debit cards] users and dated Sept. 23, [Bank of America] warned that customers may have had their bank account numbers, routing transit numbers, names and credit card numbers compromised by the theft. Visa Buxx is a prepaid credit card for teenagers that the Bank of America (BofA) stopped […]

 

Mount Sinai Hospital, 10,000 Ground Zero worker SSNs, Disgruntled Ex-Employee

Letters have gone out to about 10,000 Ground Zero rescue and cleanup workers, notifying them that a computer containing Social Security numbers and health records was stolen, leaving them vulnerable to identity theft. The letters were sent by the World Trade Center Medical Monitoring Program, which is providing free health-care services to the workers. Workers […]

 

Thomas Schelling, Nobel Laureate

Congratulations to Thomas Schelling, who was awarded the Nobel Prize in economics (with Robert Aumann). Schelling, amongst many accomplishments which Tyler Cowan discusses here, put forth the notion that there are questions with answers which are correct because those are the answers everyone would choose. (The canonical example is where do you meet in New […]

 

Security Roundup: Build Security In Edition

David Litchfield lets rip at Oracle in “Complete failure of Oracle security response.” Such questions need to be directed to more vendors than just Oracle. Andrew Jaquith writes about “Hamster Wheels of Pain” in security company presentations. The Seattle Times has an article on those new fancy, radio controlled cockpit doors, “Glitch forces fix to […]

 

FedEx and Resiliency

There’s some fascinating tidbits about how Federal Express plans for the unforseen in a New York Times story, “Have Recessions Absolutely, Positively Become Less Painful?” I wonder what (if anything) information security could take away from this sort of approach? It had been a busy day for Georgia businesses, and FedEx’s regular nightly flights from […]

 

Kill The Smurfs

The people of Belgium have been left reeling by the first adult-only episode of the Smurfs, in which the blue-skinned cartoon characters’ village is annihilated by warplanes. The short but chilling film is the work of Unicef, the United Nations Children’s Fund, and is to be broadcast on national television next week as a campaign […]

 

"A Reader Writes…"

Rob Sama IM’d me a link to some Mac launch rumors at “http://www.macpro.se/?p=3014.” He then commented: Rob: I was the one who pointed that out to Cringley, and Calzone had pointed it out to me Adam: and you got no cred? Rob: I guess. I mean, columnists like that often say “a reader told me…” […]

 

Archimedes' Death Ray?

Boingboing directs us to “Archimedes Death Ray: Idea Feasibility Testing,” in which an MIT class decides to test Archimedes’ ray: The use of mirrors to set warships on fire. Mythbusters claimed it was a myth, that the idea couldn’t be made to work. Well, the MIT class gave it a shot, and it turns out […]

 

"Where is that Shuttle Going?"

VADER: Where is that shuttle going? PIETT (into comlink): Shuttle Tydirium, what is your cargo and destination? PILOT VOICE (HAN)(filtered): Parts and technical crew for the forest moon. VADER: Do they have a code clearance? PIETT: It’s an older code, sir, but it checks out. I was about to clear them. In modern cryptography, a […]

 

The Memory Hole

As an aside in a longer article, Dan Markel writes: As a matter of blogging ethics, I think the way to handle it is to post an apology and clarification and to remove the inaccurate material, with a followup email that clarified the situation. This is dangerously wrong. The inaccurate material needs to stay, because […]

 

Concurring Opinions Has a Privacy Policy

Daniel Solove and company have launched a new blog, “Concurring Opinions.” Today, they posted their privacy policy. I think they’ll be sued shortly by Experian, for copyright infringement.

 

IT Harvest IT Security Summit

I should also mention that I had a good time at the Detroit IT Security Summit. I thought there was an interesting and broad selection of panelists, including some technical people and some senior managers. I didn’t get to talk to as many folks as I might have liked, but that’s always the case.

 

Today, I Publicly Praised Microsoft

On the “Meet the Bloggers” panel at the Detroit IT Security Summit, I publicly heaped praise on Microsoft for their investment in security, the results of which include some really cool tools in Visual Studio 2005. Also on the panel, Ed Vielmetti brought up a really good point that I hadn’t heard recently, that of […]

 

Bankers 1, Privacy 0

A federal judge on Tuesday struck down a California law that restricts banks from selling consumers’ private information to their affiliates, ruling that the state law is pre-empted by federal rules. The American Bankers Association, the Financial Services Roundtable and Consumer Bankers Association had sued California Attorney General Bill Lockyer, arguing that the federal Fair […]

 

The Big Privacy Picture

“Smart Borders: A wholesale information sharing and surveillance regime” is Krista Boa’s overview of the amorphous and opaque ‘Smart Border’ program: Smart Borders encompasses a range of individual and cooperative initiatives, including US-VISIT, biometric passports in both nations, automated passenger risk assessment, and no fly lists among many others, all of which put privacy rights […]

 

Thoughts on RSS Feeds

I spent a lot of energy to make Emergent Chaos look nice. And how do you all repay me? You read the RSS feeds. Most of my readership (85% or so) are reading via RSS. Which is nice. It says that there’s a core of folks who are interested in what I have to say, […]

 

Who Has Fingers That Short?

PaybyTouch has arrived, and that finger in their logo looks awfully short to me. Maybe subconsciously, they know the truth? See my “Fingerprint Privacy” or “A Picture is Worth A Thousand Words” for some actual analysis, rather than silly sniping. (via Silicon Beat, who has notes on their unusual financing techniques.)

 

Congrats to Brent Simmons

NewsGator Technologies has acquired NetNewsWire, along with Ranchero Software founder Brent Simmons. Simmons joins NewsGator as product architect. I discovered this via Brent’s NetNewsWire, and am blogging it with his MarsEdit. See the interview with Brent and Greg Reinacker. For consistency’s sake, I ought to be confusing Newsgator with someone else.

 

Who Obeys the Laws of War?

There’s a fascinating article on Dozame.org, a Kurdish site: “Emergence of a better Kurdish 4GW frightens Turkey:” An interesting observation is that HPG is now playing by all the rules set up by international conventions, treaties and war-laws [Jus in Bello] (which ARGK unfortunately occasionally broke). People in the military or with a military background […]

 

Privacy Enhancing Technologies Workshop call for papers

6th Workshop on Privacy Enhancing Technologies will be held at Robinson College, Cambridge, United Kingdom, June 28 – June 30, 2006. Paper submissions are due March 3, 2006. See http://petworkshop.org/2006/ for more details. [Also note that this will be colocated with the workshop on economics and information security. Thanks to Allan Friedman for reminding me.]

 

Web 2.0: What Will Emerge From Chaos?

Over at Infectious Greed, Paul Kedrosky responds to a reader about the “Web 2.0” meme: As much as I love trying the new technology and services, very little has changed in how I use the web. Only RSS aggregation has truly offered me value. Everything else I enjoy trying out and then utterly forget it […]

 

Disaster Planning

Since Katrina, I’ve been trying to spend about $25 a week on disaster preparedness. Fortunately, I already own some basic camping gear, so I’m starting out by storing more food and water. My pantry tends to be thin on food that can be eaten without preparations. I have powerbars and snack bars so I’ve been […]

 

CounterTerrorism and Bureaucracy

In “Bureaucracy Kills,” Daveed Gartenstein-Ross writes (quoting CNN): FEMA halted tractor trailers hauling water to a supply staging area in Alexandria, Louisiana[.] The New York Times quoted William Vines, former mayor of Fort Smith, Arkansas, as saying, “FEMA would not let the trucks unload. . . . The drivers were stuck for several days on […]

 

Shmoocon 2006

Today is the last day to get the stunningly low $75 rate for Shmoocon in Washington DC Jan 13-15, 2006. Remember to bow to Bruce’s firewall (largish video download). I understand this years con will culminate in a deathmatch between a new, armed Shmoo robot and the speaker who gets the worst ratings. The speaker […]

 

National Poison A Database Day?

The fine folks at BugMeNot (free registration required) are sponsoring “Internet Advertiser Wakeup Day.” I think it’s a cool, but flawed, idea. If you believe that paying for service is better than kneeling before the advertisers and giving up your privacy, then poisoning the databases is good. However, to be effective, the poisoning needs to […]