Revenge of the Clipper Chip?
Updated: 2010-09-29 15:06:11
US Government Proposes to put back door in encrypted communications. Disastrous idea.
Microsoft Security Essentials Now Free For Businesses (kind of)
Updated: 2010-09-23 22:07:53Source In early October, Microsoft will be making the Microsoft Security Essentials suite free for small businesses (i.e., fewer than 10 computers) in addition to home users. This is a good thing – MSSE is a good suite of security tools, and the price tag is just right for individual and small business users. However, [...]Jillian C. York » Haystack and Media Irresponsibility
Updated: 2010-09-22 01:42:04Despite media hype, Haystack anti-censorship tool appears to be broken.More security aquisitions
Updated: 2010-09-13 15:23:10HP announced this morning that it would buy ArcSight. This follows Intel’s acquisition of McAfee last month. This isn’t the first time a large computer maker/systems offering has purchased a security company, but what does it mean for our industry? Will it mean that McAfee will only run on Intel computers (not that there are [...]An Introduction to OAuth 2.0
Updated: 2010-09-07 22:29:29OAuth is a protocol that lets applications request data or privileges you have on a remote service without you having to provide your credentials for that service. A classic use case for this “valet key” system is contact import – you can let a site load your address book from Gmail without giving that site [...]Fresh technology. Fresh attacks.
Updated: 2010-09-03 04:55:13Teensy is an interesting device. Not much larger than a quarter, the technology behind it is comprised of a micro controller and other associated electronics (memory, I/O, etc). The result is a very functional, yet flexible, USB thingamabob that can let people program their own logic to run their own routines, commands, and instructions. Teensy [...]India continues move towards surveillance state
Updated: 2010-09-03 00:01:50India to Monitor Google and Skype – WSJ.com. As an extension of their policy of pushing for access to encrypted communications on RIM BlackBerry devices, they are now demanding access to data from both Google and Skype. India is demanding that Skype and Google install servers within India so the government can access the information [...]More evidence that RIM can let governments monitor BlackBerrys
Updated: 2010-08-30 19:03:30India reviewing plan to enable BlackBerry Monitoring.The Fear Tax
Updated: 2010-08-20 22:30:56An essay on the cost of ineffective overreaction to threats.Facebook Introduces “Places” location services
Updated: 2010-08-20 17:11:26There has been a lot of excitement in the privacy community around the introduction of a social location service by Facebook. Having blown the dust off my test account, I don’t really understand all the fuss. It appears that this capability only applies to mobile devices right now (although I have blogged in the past [...]Breach in the trust of the global public key infrastructure
Updated: 2010-08-16 21:38:21In a recent post on Privacy Digest, and an article in the NYTimes, there is a discussion of some major and well known vulnerabilities in the global public key infrastructure (PKI) and some examples of exploitations of that vulnerability. The issue is with the proliferation of certificate authorities on the Internet, and the low level [...]Hack Exploits Google Street View to Find Victims – The New New Internet
Updated: 2010-08-12 22:00:43Hack Exploits Google Street View to Find Victims – The New New Internet This very short article describes a really simple attack that enables someone to discover your physical location with a very high degree of reliability and accuracy. It involves using JavaScript to access the MAC address of your WiFi wireless access point (base [...]Eric Schmidt against Anonymity
Updated: 2010-08-11 19:21:48In this interview with Eric Schmidt, CEO of Google, comes out very strongly against anonymity starting at about 5:10 in the video. His argument is that: "If you are trying to commit a terrible evil crime it is not obvious that you should be able to do so with complete anonymity." The problem is that absolute [...]Bare Metal Versus Hosted Hypervisor Security
Updated: 2010-08-10 01:22:41by George Wilson, IBM Linux Technology Center I was recently reading through the NIST “Draft Guide to Security for Full Virtualization Technologies” (SP 800-125 draft) [http://csrc.nist.gov/publications/drafts/800-125/Draft-SP800-125.pdf]. It discusses various considerations relating to hypervisor security. One section that particularly struck me was the comparison of bare metal vs hosted hypervisors. These are also known as Type [...]