Uncategorized

Alec Muffet comments on sysadmin resistance to applying patches. As Steve Beattie and a bunch of others of us wrote about the issue is that there’s a tradeoff to be made to find the optimal uptime for a system. Its a tradeoff between a security risk and an operational risk. Organizationally, different teams are often…

Read More Patch Management

“The Central Intelligence Agency is committed to protecting your privacy and will collect no personal information about you unless you choose to provide that information to us.” Of course, this just goes to show that “We’re committed to protecting your privacy” has finally made it to the exalted and hard-to-reach level of “Of course I’ll…

Read More That exalted state

So it seems that two members of Congress have now been added to “watch lists.” “[Representative John] Lewis contacted the Department of Transportation, the Department of Homeland Security and executives at various airlines in a so-far fruitless effort to get his name off the list, said spokeswoman Brenda Jones.” It seems that this sort of…

Read More Secret Laws Work So Well

In 1977, the government certified the Data Encryption Standard (DES), with a planned lifetime of 15 years. It has now been in use for nearly 30, and no longer offers even decent security. Over 6 years ago, the EFF built Deep Crack a supercomputer for breaking DES, which cracked keys in under a day. NIST…

Read More Time for DES to go?

So Google popped 18% today. That shouldn’t have happened. The goal of their much-discussed auction was to ensure that they made money. The typical bubble IPO involved a “pop” of as much as 100-300% on opening day. This put huge sums in the hands of bankers and the bankers friends, sometimes illegally. Ideally, Google’s trading…

Read More Why did Google pop?