We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
An MP who volunteered to take part in the UK ID card trials says the iris scanner used is uncomfortable and made his eyes water. Poor chap, you're probably thinking, but not exactly a tragedy. However, this isn't just a whinge. The water in his eyes actually stopped the scanner from working, and it seems long eyelashes and hard contact lenses could fox it too. . . .
The virtual postmarks "are intended to occupy obsolete fields in the IP packet headers and are formed from the 32-bit IP addresses of the border router," Hale explained. For IP headers less than 32 bits long, the Penn State researchers propose segmenting the border router's IP address into several overlapping fragments. . . .
Another helpful security tip from Carnegie Mellon (via CERT): know when to use BCC when sending mail. Some of you might know some users who would benefit from this idea, and it certainly would go a long way towards making foward-chains less useful to spammers. . . .
More than 50 percent of e-mail is spam. Billions of spam attacks are launched each month. Spam costs U.S. companies at least $1 billion per year in security and human resources expenditures, as well as lost productivity. Increasingly, virus-infected machines are used to distribute spam and perpetuate additional fraud, such as phishing. Is combating spam a losing battle? We explore the potential technology solutions in our Spam Report Card 2004 videocast. . . .
Prediction: MSN and Hotmail will lose ground to Yahoo, AOL, and possibly even Juno. This will occur if any sizable number of businesses take Microsoft up on this idea. The open question is: when will legislators and certain technology providers realize that required 'opt-in' is the only way to even hope to reduce the level of unsolicited email? Why must 'legitamite' marketers to whom we have never expressed an interest in relationship get even one free crack at our inboxes? . . .
Forty per cent of silicon.com readers are vehemently opposed to the introduction of compulsory ID cards - yet the majority are in favour, as long as they help crack down on benefit fraud, illegal immigration and other crime. . . .
This is a short but pithy CERT Security Tip, which you may want to consider forwarding to your end-users, or friends and relatives to complain that they don't know what to do about their spam problem. It is a collection of common-sense best practices for reducing the volume of spam clogging up your computers and network, from a user standpoint. . . .
It's time for us to accept that we live in an environment with a great many dangers lurking in it, dangers that we can lessen as long as we create a policy that everyone in our organization can understand and actually use, as long as we discipline ourselves to delete the stuff we just don't need, and as long as we remember to look both ways before crossing the railroad tracks - or the lawyers. . . .
Previously-owned hard disks are a prime source of patient records and other supposedly private information that falls under regulatory protection, according to a study commissioned by O&O Software. . . .
Another obstacle to Google's ascendancy is the company's own privacy and usage policies: "All this assumes that people will trust Google with their data, of course. That's yet to be proven," Sullivan said. Even though the Gmail is not yet available, "consumer watchdogs are attacking it as a creepy invasion of privacy that threatens to set a troubling precedent," the AP wrote. Critics are pressuring Google to "drop its plans to electronically scan e-mail content so it can distribute relevant ads alongside incoming messages." Another policy being criticized permits Google to retain copies of people's e-mails even after the users' close their accounts. . . .
You may have been suspecting that your email is being monitored. Now we have proof that it is. It is possible that, as this becomes more widely known, there will be an increased inpetus for everyone to encrypt their email and/or VoIP communications. . . .
The European Parliament has voted to stop the United States from collecting passenger data on EU citizens. The US Department of Homeland Security had sought access to the flight data, based on PNR (Passenger Name Records) but also including the passenger's email address, and a compromise was reached in January, although details only leaked out earlier this year. Under the 1995 Privacy Directive, the Commission is required to "assess the level of data protection afforded by a third country in the light of all the circumstances surrounding a data transfer operation or set of data transfer operations". The MEPs resolution adopted by Parliament in a 229-202 vote, MEPs judged the level of data protection to be "inadequate". . . .
Cross-border sharing of biometric data could infringe human rights, warns an international coalition of civil liberties groups. . . .
Just a cute story for those who hate spam. . . .
To many of us, P2P has become a tremendous can of worms. On one hand, there is the whole issue of intellectual property and copyright law. On the other hand, the tactics employed by groups like the RCAA and the MPAA bring up serious privacy concerns. Finally, from a security standpoint, P2P networks have become a major vector of virii and trojans, as well as a (semi-controllable) bandwidth issue. Indeed, some trojans are used by the RCAA/MPAA and their sympathisers to find and prosecute downloaders -- and their legal teams are dangerous to ISPs and large network administrators. This new research, however, puts the issue into a new context, and if its implications are understood, will change the terms of the debate. What if, after all the money and litigation spent and all the badwill generated, it turns out that filesharing is not causing a decline in CD sales, after all? . . .
Our Federal Government at work!The U.S. Interior Department was back online Thursday after an appeals court said it could connect to the Internet while the court considers whether payments owed to American Indians are vulnerable to hackers. Interior Department employees had been unable to use e-mail, and most of the department's Web sites had been offline after a federal judge concluded on March 15 that the agency had not fixed security holes that threaten Indian trust-fund payments. . . .
LS Commentary: It looks like Larry Ropp really was trying to put an end to a very noxious, illegal practice on the part of his employer, an auto insurance company. Certainly, it would appear that his intentions were good, and people may wonder why he's indicted for it. But the FBI could put a keyboard logger on you only under very defined circumstances, and a warrant is almost always required. These rules are in place to protect all of us; we simply cannot do normal business without the expectation of a degree of default privacy. To allow individuals to violate the privacy of others, even for causes they consider just, would make a mockery of the protections provided by law. There was nothing about this case that prevented the employer from taking this matter to the authorities and allowing them to obtain a warrant. They still might have used his services to plant the logger, but then, at least, it would have been sanctioned by law. . . .
As a computer security expert, you are hired by an offshore casino in the Cayman Islands to develop a security and authentication technology. Your client is a licensed Cayman casino that has been operating for over 30 years, and wants to make a foray into online gaming. You perform a standard penetration test, a security assessment, an architecture and code review, help establish the SSL and authentication protocols, and help with firewall implementation and monitoring -- you know: the full suite of security services. You test the beta site and its configuration, and give your stamp of approval. With check in hand, you return to America and days, weeks or months later, the site goes active. A few weeks after that, you are visited by an FBI agent with a federal grand jury subpoena seeking records relating to your security work. Weeks after that, a knock on the door announces the arrival of deputy U.S. Marshals with a warrant for your arrest for violation of 18 U.S.C. 1084 and 18 U.S.C. 2. . . .
Despite a handful of successful criminal prosecutions and an increase in public awareness, February saw a marked increase in the number of new variations of the spam-borne swindle called "phishing," according to a report from an industry group released Friday. The Anti-Phishing Working Group charted 282 unique attacks last month, a 60 percent increase above the 176 attacks spotting in January, the group says. "The number of attacks is growing, and the rate of increase is growing," says Dan Maier, director of marketing for the group. . . .
Two cutting-edge computer projects designed to preserve the privacy of Americans were quietly killed while Congress was restricting Pentagon data-gathering research in a widely publicized effort to protect innocent citizens from futuristic anti-terrorism tools. As a result, the government is quietly pressing ahead with research into high-powered computer data-mining technology without the two most advanced privacy protections developed to police those terror-fighting tools. . . .
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
