SECURITY
IN A DISASTER
Command and Control Communications always breaks down;
"Hello? Hello, Dimitri? Listen, I can't hear too well, do you suppose you could turn the music down just a little? Oh, that's much better. Yes. Fine, I can hear you now, Dimitri. Clear and plain and coming through fine. I'm coming through fine too, eh? Good, then. Well then as you say we're both coming through fine."
" There are no secrets in the world. The only hard part is finding the right person to ask," "If you have a phone, you can find out anything you want in under 60 minutes. With the Internet, it's even faster."
ARE YOU CRANKY? ARE YOU SKANKY AND INFECTED?? SPYWARE REMOVAL DIRECTIONS |
7/1/05 There is a 50 % chance your unprotected Windows PC will be compromised within 12 minutes of going online. |
||
| ARTICLES COOKIES - FILTERING - SCHOOLS - NEWS - PLAGIARISM - The First WORM | |||
COPYRIGHT / COPYLEFT | CHILDREN'S PRIVACY RIGHTS TOOLS | TECH TRENDS | PATENTS |
|||
September 11th World Trade Center |
|||
| CENSORSHIP <> HISTORY <> BOOKS | |||
| SECURITY PEOPLE <> SECURITY COMPANIES | |||
| LISTS, RESOURCES, ROBOTS, TROUBLE FINDERS | |||
| ABOUT THAT WORD "TRUSTED" CREDIT CARD FRAUD | |||
| Learn about "URIICA" Union for Representative International Internet Cooperation and Analysis |
|||
"Whenever you have a secret, you have a vulnerability."
-- Whitfield Diffie
Dr. Strangelove Video Clips
Turgidson: Ahh, am I to understand the Russian Ambassador is to be admitted entrance to the War Room?
Muffley: That is correct. He is here on my orders.
Turgidson: I... I don't know exactly how to put this, sir, but are you aware of what a serious breach of security that would be? I mean... [begins closing his notebooks] he'll see everything. He'll See The Big Board!
Muffley: That is precisely the idea, General.
Stains, get Premier Kissov on the Hotline.
"We'd like to know a little bit about you for our files, we'd like to help you learn to help yourself "
... Paul Simon 1968 Listen to "Mrs. Robinson"
"Why do hackers use social engineering? It's easier than exploiting a technology vulnerability. You can't go and download a Windows update for stupidity... or gullibility."
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor saftey."
Q. How many security engineers would it take to design a system for ATM security today?
A. I don't think it could be done. We would be debating biometric-enabled smartcards, assurance, protection profiles, denial of service, non-repudiation, viruses and buffer-overflow attacks till we were blue in the face. There is no way that such a system with "good enough" security could be designed and built today on the basis of conventional security wisdom. ~
In 1985, the federal government published the first set of computer security criteria that computer professionals could understand and integrate into systems.
"A trusted computer system must provide authorized personnel with the ability to audit any action that can potentially cause access to, generation of, or effect the release of classified or sensitive information. The audit data will be selectively acquired based on the auditing needs of a particular installation and/or application. However, there must be sufficient granularity in the audit data to support tracing the auditable events to a specific individual (or process) who has taken the actions or on whose behalf the actions were taken."
WAIT! I thought YOU were in charge of security!!!
The General Services Administration is the federal agency responsible for procuring equipment and services, including computer security technology, making the lapse all the more striking.
The General Services Administration has shut a Web site for government contractors after a computer industry consultant reported that he was able to view and modify corporate and financial information submitted by vendors.
OK GO "The system relies, rather stupidly, on making it difficult to get in in the first place, by forcing you to get a client certificate for your browser," a mechanism for establishing the user's identity, said Mark Seiden, a security consultant who perform tests for corporations....
In filing an electronic application to become a government contractor, Mr. Greenspan was forced to repeat the process several times. After doing so, he noticed that the file's identifying number had been
changed to a number one digit higher. 1/2006 QUOTE
" Security is mostly a superstition. It does not exist in nature."
~ Helen Keller
"Good-Enough Security: Toward a Pragmatic Business-Driven Discipline", Ravi Sandhu,IEEE Internet Computing, Vol.5, No.3 (January/February 2003), p.66 The author offers three design principles for good-enough security:
1. Good enough is good enough.
2. Good enough always beats perfect.
3. The really hard part is determining what is good enough.
SECURING THE INTERNET
"A lot of the security stuff is designed by crypto geeks [and] because of a lack of usability, people can't apply them correctly," Peter Gutmann said, adding usability is just as important as "having a bunch of crypto and let people figure it out from there". Gutmann said "the protocols were designed without usability and even if a
user-friendly GUI could be put over it, it is unlikely the original developers would accept it. They would rather have 100 percent perfect software that's unusable
than 99 percent perfect software that is usable. It will take 20 to 30 years to educate people about computer security, you wouldn't give your house key to someone, so why do the same with your password." [1]
A fragment from the archives, to remind us of how much we owe to people like Mina Rees, who stood up for Science in times when Security was being misused...
John von Neumann to J. Robert Oppenheimer, June 15, 1950:
Dick Feynman and the mathematician, J. McShane, had been invited by the Institute for Numerical Analysis, which is a joint enterprise of the Bureau of Standards and the University of California at Los Angeles, to spend the summer months there, that is, at UCLA. The
Department of Commerce, which apparently exercises a direct supervision over the Bureau of Standards' activities in such matters, did not approve of these appointments for security or loyalty reasons (I understand, however, that the appointments are purely scientific and do not involve classified matters).
After Mina Rees learned this, she caused ONR to inquire from the FBI about the causes for withholding Feynman's and McShane's clearance. The FBI did not make the relevant files available, and Mina Rees thinks that they are still in the hands of the Commerce Department. After this, she turned to Condon, who inquired of Mr. Gladier, Assistant Secretary of Commerce in charge of Administration, who
informed him that the immediately available evidence on McShane and Feynman provided no basis for their clearance, so that a full investigation would have to effected in order to appoint them. I have heard from other sources that a full investigation is undesirable, firstly, because it is very expensive, and secondly, because it may take too much time. In view of all this, Mina Rees suggested that Feynman and McShane be appointed to the ONR mathematical contract at the IAS and sent to UCLA.
CYBERWARFARE
Cyberspace covers almost everything electrical or electromechanical, from the simplest direct-current applications to the slickest, fastest space-age GPS gadgets off to things that haven't been invented. The scale of invention and development over the decades "means the further
... you go on the electromagnetic spectrum ... the energy moves faster and it's greater. ... the higher the scale of effects you can deliver." Lani Kass
The history of modern warfare has been one of adding domains in which people can fight and lose, be the controllers or the controlled, she said. For decades, the traditional domains were land and sea. In the 20th century, air and space were added, along with the recognition that
if you control air and space, you can dictate to a great degree the control of land and sea.
But it has only been in the past few years that cyberspace, the realm that links the four war domains, has been recognized as an area of combat and control in its own right, she said.
"We have been using the electromagnetic spectrum longer than we have been using air and space," she said, noting that the telegraph, one of the most bedrock aspects of cyberspace, was developed around the time of the Civil War.
What makes cyber different from the other realms, she said, is that it doesn't take a lot to fight in it. You don't have to build or buy expensive ships, airplanes, tanks or spacecraft. All you need is a laptop or a link to the Internet. "For the first time, perhaps ever, we are dealing with a domain where the level of investment is disproportionate to the kind of effects you can deliver," she said. [source]
Simulation proves it's possible to eavesdrop on super-secure encrypted messages. A quantum cryptographic network can be simply tweaked to beat their attack. By making the key out of a lot of photons instead of just a few, the sender and receiver could ensure that the eavesdropper never got enough of the key to use it. Still, they say, the work shows that secrets — even quantum ones — are never entirely safe. P3P and Privacy on the Web FAQ applications of the Platform for Privacy Preferences (P3P), and in user interfaces and usability issues related to privacy enhancing software and secure systems
PODCASTING
Journalists vs. Blogger War
Podcast Information and How To AudioBlog by Phone, and RSS Instructions.
The DARPA Information Awareness Office (IAO) will imagine, develop, apply, integrate, demonstrate and transition information technologies, components and prototype, closed-loop, information systems that will counter asymmetric threats by achieving total information awareness useful for preemption; national security warning; and national security decision making.
Electronic Frontier Foundation
EFF is a respected voice for the rights of users of online technologies. We feel that the best way to protect your rights on the Net is to be fully informed and to make your opinions heard. JOHN PERRY BARLOW is cofounder of the Electronic Frontier Foundation, a former lyricist for the Grateful Dead, and a former Wyoming cattle rancher. Read More
FBI - Freedom of Information Act
Blue Ribbon Campaign
The campaign for online freedom of expression
2005
The Department of Homeland Security is monitoring inter- library loans. Agents look for books on a "watch list". President Bush has authorized the National Security Agency to spy on as many as 500 people at any given time since 2002 in this country. The eavesdropping was apparently done without warrants. 1
President Bush acknowledged on Saturday that he had ordered the National Security Agency to conduct an electronic eavesdropping program in the United States without first obtaining warrants, and said he would continue the highly classified program because it was "a vital tool in our war against the terrorists." 2
Students Who Care enables students to report their worries to prevent school violence.
Are you in fear of violence in your school?
Someone being too much of a bully?
Are you aware of threats made against your school?
Use this Reporting System to Keep your school safe!
IT'S SO SECURE I CAN'T LOG IN !
