SECURITY
We always use Strong VPN It's the only way to feel like you are protecting yourself to connect to the Internet so that we can avoid all censorship by any country and keep our surfing, and email private. You should do this too.
 |
IN A DISASTER "Whenever you have a secret, you have a vulnerability." ~Whitfield Diffie |
"There are no secrets in the world. The only hard part is finding the right person to ask," "If you have a phone, you can find out anything you want in under 60 minutes. With the Internet, it's even faster."
US hypocrisy in China cyberwar says Mr Ranum, chief security officer of Tenable Network Security expert http://ow.ly/1N6Q5
Defcon's Jeff Moss on cybersecurity, government's role by Elinor Mills
As a hacker and organizer of Defcon, at event at which computer security vulnerabilities and exploits are routinely unveiled, Jeff Moss seemed an unusual choice when he was named to the Homeland Security Advisory Council in June. But his background and lack of government experience brings a fresh, outsider's perspective to a public sector plagued by a fast-changing threat landscape, perpetual turf wars, and bureaucratic inertia.
Secure Computers Are Not Secure. The time it takes to store data in memory, fluctuations in power consumption, even the sounds your computer makes can betray its secrets. MIT researchers centered at the Computer Science and Artificial Intelligence Lab’s Cryptography and Information Security Group (CIS) study such subtle security holes and how to close them. Complete extraction of the private key, Tromer says, “takes merely seconds, and the measurements that are needed, of the actual cryptographic process being attacked, can be carried out in milliseconds.” Clouds - By spying on the caches of the servers hosting their software, they could determine which were also trying to keep pace with their fake traffic spikes. Once they’d identified the target site’s servers, they could use cache monitoring to try to steal secrets. Any information at all about a computer’s internal workings “is actually fairly damaging,” Rohatgi says. “In some sense, some of these cryptographic algorithms are fairly brittle, and with a little extra information, you can break them.”
P2P networks has become a "substantial issue for government [agencies] and for banks and for large corporate enterprises.Millions of documents, both governmental and private, containing sensitive and sometimes classified information, are floating about freely on file-sharing networks after being inadvertently exposed by individuals downloading peer-to-peer (P2P) software on systems that held the data. Also found the board minutes of one of the world's largest financial services organizations, the entire foreign exchange trading backbone of a financial company and a comprehensive launch plan -- complete with growth targets -- of yet another financial company that was diversifying into a new region.
Privacy of Consumer Information and Devices in the Electric Power Industry Executive Overview PDF October 2009
The Energy Independence and Security Act of 2007 mandated that NIST report to Congress on cyber security for the electricity grid. NIST established a Smart Grid Cyber Security Coordination Task Group and is issuing position papers. Privacy is an important adjunct to security and uses some of the same data tools. However, privacy goes beyond data tools and confidentiality. How personal information is collected, used, shared, stored, retained, and disposed of all impact privacy. Stringent and effective security can be in place and still result in egregious privacy breaches that fall outside of security controls. The Smart Grid Cyber Security Coordination Task Group sought input about home-to-grid issues from Home-to-Grid Domain Expert Working Group members and was consulted in the development of this paper on privacy.
Trusting cell phones to work in many emergency situations can be dangerous or fatal.
ARE YOU CRANKY? |
7/1/05 There is a 50 % chance your unprotected Windows PC will be compromised within 12 minutes of going online. |
||
| ARTICLES How to Find your COOKIES - FILTERING - SCHOOLS - NEWS - PLAGIARISM - The First WORM |
|||
COPYRIGHT / COPYLEFT | CHILDREN'S PRIVACY RIGHTS TOOLS | TECH TRENDS | PATENTS |
September 11th World Trade Center SECURITY CRISIS CURRICULUM RESOURCES |
||
| LISTS, RESOURCES, ROBOTS, TROUBLE FINDERS | |||
| ABOUT THAT WORD "TRUSTED" CREDIT CARD FRAUD | |||
| Learn about "URIICA" Union for Representative International Internet Cooperation and Analysis |
|||
Dr. Strangelove Video Clips
Turgidson: Ahh, am I to understand the Russian Ambassador is to be admitted entrance to the War Room?
Muffley: That is correct. He is here on my orders.
Turgidson: I... I don't know exactly how to put this, sir, but are you aware of what a serious breach of security that would be? I mean... [begins closing his notebooks] he'll see everything. He'll See The Big Board!
Muffley: That is precisely the idea, General.
Stains, get Premier Kissov on the Hotline.
"We'd like to know a little bit about you for our files, we'd like to help you learn to help yourself "
... Paul Simon 1968 Listen to "Mrs. Robinson"
"Why do hackers use social engineering? It's easier than exploiting a technology vulnerability. You can't go and download a Windows update for stupidity... or gullibility."
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor saftey."
Q. How many security engineers would it take to design a system for ATM security today?
A. I don't think it could be done. We would be debating biometric-enabled smartcards, assurance, protection profiles, denial of service, non-repudiation, viruses and buffer-overflow attacks till we were blue in the face. There is no way that such a system with "good enough" security could be designed and built today on the basis of conventional security wisdom. ~
In 1985, the federal government published the first set of computer security criteria that computer professionals could understand and integrate into systems.
"A trusted computer system must provide authorized personnel with the ability to audit any action that can potentially cause access to, generation of, or effect the release of classified or sensitive information. The audit data will be selectively acquired based on the auditing needs of a particular installation and/or application. However, there must be sufficient granularity in the audit data to support tracing the auditable events to a specific individual (or process) who has taken the actions or on whose behalf the actions were taken."
WAIT! I thought YOU were in charge of security!!!
The General Services Administration is the federal agency responsible for procuring equipment and services, including computer security technology, making the lapse all the more striking.
The General Services Administration has shut a Web site for government contractors after a computer industry consultant reported that he was able to view and modify corporate and financial information submitted by vendors.
OK GO "The system relies, rather stupidly, on making it difficult to get in in the first place, by forcing you to get a client certificate for your browser," a mechanism for establishing the user's identity, said Mark Seiden, a security consultant who perform tests for corporations....
In filing an electronic application to become a government contractor, Mr. Greenspan was forced to repeat the process several times. After doing so, he noticed that the file's identifying number had been
changed to a number one digit higher. 1/2006 QUOTE
" Security is mostly a superstition. It does not exist in nature."
~ Helen Keller
"Good-Enough Security: Toward a Pragmatic Business-Driven Discipline", Ravi Sandhu,IEEE Internet Computing, Vol.5, No.3 (January/February 2003), p.66 The author offers three design principles for good-enough security:
1. Good enough is good enough.
2. Good enough always beats perfect.
3. The really hard part is determining what is good enough.
This page contains a Flash video. To view it requires that the Flash plugin is installed and Javascript enabled.
SECURING THE INTERNET
"A lot of the security stuff is designed by crypto geeks [and] because of a lack of usability, people can't apply them correctly," Peter Gutmann said, adding usability is just as important as "having a bunch of crypto and let people figure it out from there". Gutmann said "the protocols were designed without usability and even if a
user-friendly GUI could be put over it, it is unlikely the original developers would accept it. They would rather have 100 percent perfect software that's unusable
than 99 percent perfect software that is usable. It will take 20 to 30 years to educate people about computer security, you wouldn't give your house key to someone, so why do the same with your password." [1]
A fragment from the archives, to remind us of how much we owe to people like Mina Rees, who stood up for Science in times when Security was being misused...
John von Neumann to J. Robert Oppenheimer, June 15, 1950:
I had a telephone call from Dr. Mina Rees, Chief of the Mathematical Sciences Section of ONR. She informed me of the following facts:
Dick Feynman and the mathematician, J. McShane, had been invited by the Institute for Numerical Analysis, which is a joint enterprise of the Bureau of Standards and the University of California at Los Angeles, to spend the summer months there, that is, at UCLA. The
Department of Commerce, which apparently exercises a direct supervision over the Bureau of Standards' activities in such matters, did not approve of these appointments for security or loyalty reasons (I understand, however, that the appointments are purely scientific and do not involve classified matters).
After Mina Rees learned this, she caused ONR to inquire from the FBI about the causes for withholding Feynman's and McShane's clearance. The FBI did not make the relevant files available, and Mina Rees thinks that they are still in the hands of the Commerce Department. After this, she turned to Condon, who inquired of Mr. Gladier, Assistant Secretary of Commerce in charge of Administration, who
informed him that the immediately available evidence on McShane and Feynman provided no basis for their clearance, so that a full investigation would have to effected in order to appoint them. I have heard from other sources that a full investigation is undesirable, firstly, because it is very expensive, and secondly, because it may take too much time. In view of all this, Mina Rees suggested that Feynman and McShane be appointed to the ONR mathematical contract at the IAS and sent to UCLA.
CYBERWARFARE
Cyberspace covers almost everything electrical or electromechanical, from the simplest direct-current applications to the slickest, fastest space-age GPS gadgets off to things that haven't been invented. The scale of invention and development over the decades "means the further
... you go on the electromagnetic spectrum ... the energy moves faster and it's greater. ... the higher the scale of effects you can deliver." Lani Kass
The history of modern warfare has been one of adding domains in which people can fight and lose, be the controllers or the controlled, she said. For decades, the traditional domains were land and sea. In the 20th century, air and space were added, along with the recognition that
if you control air and space, you can dictate to a great degree the control of land and sea.
But it has only been in the past few years that cyberspace, the realm that links the four war domains, has been recognized as an area of combat and control in its own right, she said.
"We have been using the electromagnetic spectrum longer than we have been using air and space," she said, noting that the telegraph, one of the most bedrock aspects of cyberspace, was developed around the time of the Civil War.
What makes cyber different from the other realms, she said, is that it doesn't take a lot to fight in it. You don't have to build or buy expensive ships, airplanes, tanks or spacecraft. All you need is a laptop or a link to the Internet. "For the first time, perhaps ever, we are dealing with a domain where the level of investment is disproportionate to the kind of effects you can deliver," she said. [source]
Simulation proves it's possible to eavesdrop on super-secure encrypted messages. A quantum cryptographic network can be simply tweaked to beat their attack. By making the key out of a lot of photons instead of just a few, the sender and receiver could ensure that the eavesdropper never got enough of the key to use it. Still, they say, the work shows that secrets — even quantum ones — are never entirely safe. P3P and Privacy on the Web FAQ applications of the Platform for Privacy Preferences (P3P), and in user interfaces and usability issues related to privacy enhancing software and secure systems
PODCASTING
Journalists vs. Blogger War
Podcast Information and How To AudioBlog by Phone, and RSS Instructions.
The DARPA Information Awareness Office (IAO) will imagine, develop, apply, integrate, demonstrate and transition information technologies, components and prototype, closed-loop, information systems that will counter asymmetric threats by achieving total information awareness useful for preemption; national security warning; and national security decision making.
Electronic Frontier Foundation
EFF is a respected voice for the rights of users of online technologies. We feel that the best way to protect your rights on the Net is to be fully informed and to make your opinions heard. JOHN PERRY BARLOW is cofounder of the Electronic Frontier Foundation, a former lyricist for the Grateful Dead, and a former Wyoming cattle rancher. Read More
FBI - Freedom of Information Act
Blue Ribbon Campaign
The campaign for online freedom of expression
2005
The Department of Homeland Security is monitoring inter- library loans. Agents look for books on a "watch list". President Bush has authorized the National Security Agency to spy on as many as 500 people at any given time since 2002 in this country. The eavesdropping was apparently done without warrants. 1
President Bush acknowledged on Saturday that he had ordered the National Security Agency to conduct an electronic eavesdropping program in the United States without first obtaining warrants, and said he would continue the highly classified program because it was "a vital tool in our war against the terrorists." 2
Students Who Care enables students to report their worries to prevent school violence.
Are you in fear of violence in your school?
Someone being too much of a bully?
Are you aware of threats made against your school?
Use this Reporting System to Keep your school safe!
IT'S SO SECURE I CAN'T LOG IN !