January 2008
Industry experts question $6 billion Bush... →
Holy War! Researchers say EEs have a 'terrorist... →
DOD considers prohibiting personal use of networks →
This is an important first step, and way overdue. I hope they do it!
Sensitive info lives on in old computers →
U.S. Air Force AIM Points: Cyber warfare is a real... →
Techdirt: Smartphones Patented... Just About... →
The East Berlin Tunnel: Whose Ruse? →
Employee's silent rampage wipes out $2.5m worth of... →
'Money Mules' Help Haul Cyber Criminals' Loot -... →
Video - Breaking News Videos from CNN.com →
Fraud Costs Bank $7.1 Billion - New York Times →
Iraq: The War Card
- The Center for... →
Pre-emptive nuclear strike a key option, Nato told... →
Corrupt US Customs agent sentenced for data deals →
And DHS claims that the databases required to implement REAL-ID will only be accessed by authorized personnel so we don’t need to worry…. yeah, right.
The Last Empire: China's Pollution Problem Goes... →
Long but worth reading
Manufacturing a GW education - News →
Opinion: At the airport, an ID theft takes flight →
Repress U →
New $2B Dutch Transport Card is Insecure →
Flagging economy needs science investments →
Hackers Have Attacked Foreign Utilities, CIA... →
Baseline's Greatest Hacker Movies of All Time →
Baseline Security - - "Untraceable" Movie's... →
Global Advances Challenge U.S. Dominance in... →
Security breakdown | Technology | The Guardian →
Firefox’s Super Cookies →
Given all the noise that was made about cookies and programs that look for “spy cookies”, the silence about DOM storage is a little surprising. DOM storage allows web sites to store all kinds of information in a persistent manner on your computer, much like cookies but with a greater capacity and efficiency. Another way that web sites store information about you is Adobe’s Flash local storage;...
Speculations on Teaching Secure Programming →
I have taught secure programming for several years, and along the way I developed a world view of how teaching it is different from teaching other subject matters. Some of the following are inferences from uncontrolled observations, others are simply opinions or mere speculation. I expose this world view here, hoping that it will generate some discussions and that flaws in it will be corrected.
...
Confusion of Separation of Privilege and Least... →
Least privilege is the idea of giving a subject or process only the privileges it needs to complete a task. Compartmentalization is a technique to separate code into parts on which least privilege can be applied, so that if one part is compromised, the attacker does not gain full access. Why does this get confused all the time with separation of privilege? Separation of privilege is breaking up a...
ReAssure Version 1.01 Released →
As the saying goes, version 1.0 always has bugs, and ReAssure was no exception. Version 1.01 is a bug-fix release for broken links and the like; there were no security issues. Download the source code in Ruby here (no, it doesn’t use Rails, but has a more adaptable framework that could probably be reused), or try it there. ReAssure is the virtualization (VMware and UML) experimental testbed built...
Identity Theft Gets Personal - washingtonpost.com →
Armored Car Guard Impostor Robs Bank →
Alarms and vaults don’t work when the people involved don’t pay attention.
Another untimely passing →
I learned this week that the information security world lost another of our lights in 2007: Bob Baldwin. This may have been more generally known, but a few people I contacted were also surprised and saddened by the news.
His contributions to the field were wide-ranging. In addition to his published research results he also built tools that a generation of students and researchers found to be of...
Rational Survivability: How To Say "Whoops! We... →
See if you can find the security lesson in this →
How China Loses the Coming Space War →
Intelligence: Foreign Spies Go Local →
Phone companies cut FBI wiretaps due to unpaid... →
The things we view as risks may not be what we... →
Martin in the City: Finding a way around exams. →
STSC CrossTalk - Computer Science Education: Where... →
Amen
Data center robbery leads to new thinking on... →
This shouldn’t be “new” thinking — it is security 101!!
Voting Machines - Elections - Ballots - Politics -... →
FAA: Boeing's New 787 May Be Vulnerable to Hacker... →
Dumb, dumb, dumb. Did I perhaps mention that this is a really dumb design idea?
Teaching Science Instead of Myth →
Video of Sleeping Guards Shakes Nuclear Industry →
Another sterling example of where security is impacted by issues outside of technology and training.
Passing of a Pioneer →
On November 18, 2007, noted computer pioneer James P. Anderson, Jr., died at his home in Pennsylvania. Jim, 77, had finally retired in August.
Jim, born in Easton, Pennsylvania, graduated from Penn State with a degree in Meteorology. From 1953 to 1956 he served in the U.S. Navy as a Gunnery Officer and later as a Radio Officer. This later service sparked his initial interest in cryptography and...
'Ransomware' extorts payment with phone call →
HeraldNet: Man blames car wreck on prehistoric... →
Online Records May Aid ID Theft -... →