Security People: Dave Farber, Risks Forum, John Gilmore, Peter Neumann, Whitfield Diffie, EFF

SECURITY

 

WHITE HAT / BLACK HAT HACKERS + ETHICS

 

History of Computers: cryptology - CIPHER MACHINES
Tom Watson, chairman of IBM, said in 1943  "I think there is a world market for maybe five computers."

Richard F. Forno, Principal Consultant
Richard Forno is an internationally-recognized security professional whose career in information assurance centers around security program development and management, incident response operations, security awareness, and emerging trends analysis. follow

Professor David Farber

• DAVE FARBER THE TEACHER
  Video of Visionary beginning with the NIH Demo and then Dave's talk.
• Dave's Interesting-People list and Archive
• Dave's Website
• Dave Farber's review of "Code : and other laws of cyberspace law

LEARN ABOUT MORE INTERNET PIONEERS

• Creator Bjarne Stroustrup Inventor of C++ Language - How and why it is the way it is.
  "I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone"Bjarne's site
• Ian Clarke - Freenet

SECURITY PEOPLE

• We can force you to decrypt your laptop
  http://news.cnet.com/8301-31921_3-20078312-281/doj-we-can-force-you-to-decrypt-that-laptop/
  Colorado Springs Defense Lawyer Phil Dubois, once represented PGP creator Phil Zimmermann "I hope to get a stay of execution of this order so we can file an appeal to the 10th Circuit Court of Appeals,"(interview with Dubois)
  http://news.cnet.com/8301-31921_3-57364330-281/judge-americans-can-be-forced-to-decrypt-their-laptops/
• CRYPTO - Whitfield Diffie - Cryptology Expert, Privacy Expert
  Nov 1994 Prophet of Privacy Whitfield Diffie took cryptography out of the hands of the spooks and made privacy possible in the digital age - by inventing the most revolutionary concept in encryption since the Renaissance. Feb 1993 Crypto Rebels
• Jim Christy dod cyber crime response team.
• Dr. James Joshi Security Assured Information Systems (SAIS) curriculum at SIS met CNSS National Standard(s) 4011 and 4013.Pitt has been designated a National Center of Academic Excellence in Information Assurance Education by the National Security Agency and the Department of Homeland Security.
• PETER NEUMANN - RISKS FORUM
• PETER GUTMANN - Dept. of Computer Science
• About Greg Rose
• Bruce Schneier
• Matt Blaze
• Robert Alberti, CISSP, ISSMP (612) 961-0507 cell
  President, Sanction, Inc. (612) 486-5000 x211
  http://sanction.net (612) 486-5000 fax
  "Security solutions are cultural solutions facilitated by technology."
  
• Code Talkers
  World War II, Navajos - among the original Americans - spoke over the radio in their native tongue. In World War I, eight Choctaws manned trench telephones for the Army's 36th Division. According to Cryptologia by Stephen Huffman, trials were made during World War II with Comanches, Ojibwas, Oneidas, Sac-Foxes and Muskogees.
• CRISIS EXPERTS AND RESOURCES
• Robert Raisch -Architect / Developer, Online Technology Evangelist, & Internet Hired Gun
• The Shmoo Group is a non-profit think-tank comprised of security professionals from around the world who donate their free time and energy to information security research and development. Founder Bruce Potter runs DC Chapter of SecurityGeeks and bluesniff
• Graduate Schools in Cryptography
• http://www.w00w00.org/ w00w00, with 30+ active participants, is currently the largest non-profit security team in the world (there are no "members"). w00w00 was created in 1998. We have had participants in 5 continents, and 12 countries (Australia, Argentina, Canada, Japan, France, Russia, England, Spain, Sweden, Germany, Portugal, USA), and several U.S. states.

PEOPLE FOR INTERNET RESPONSIBILITY

• PFIR Statement on Internet Policies, Regulations, and Control
• Seth Finkelstein Consulting Programmer sethf@sethf.com
  Anticensorware Investigations - http://sethf.com/anticensorware/ http://www.eff.org/IP/DMCA/finkelstein_on_dmca.html
  Seth Finkelstein's Infothought blog -
  http://www.nytimes.com/2001/07/19/Technology/circuits/19HACK.html
• Lee Tien tien at eff.org Senior Staff Attorney Electronic Frontier Foundation
  454 Shotwell Street San Francisco, CA 94110
  (415) 436-9333 x 102 (tel) (415) 436-9993 (fax)
• Fred von Lohmann
  Senior Intellectual Property Attorney
  Electronic Frontier Foundation
  fred@eff.org +1 (415) 436-9333 x123

RESOURCES

• Electronic Frontier Foundation
  Lauren Gelman Phone: 202/487-0420
  Director of Public Policy email: gelman@eff.org
• National Telecommunications and Information Administration
• A CHARGE OF INTERNATIONAL ELECTRONIC ESPIONAGE
• INCIDENT RESPONSE
• Howard Rheingold, and Gary Chapman discuss Bill Joy's piece which was published in the April 2000 edition of Wired Magazine, "Why the Future Doesn't Need Us"

It's the FBIs, NSAs (Picture), and Equifaxes of the world versus a swelling movement of Cypherpunks , civil libertarians, and millionaire hackers. At stake: Whether privacy will exist in the 21st century. That ended abruptly in 1975 when a 31-year-old computer wizard named Whitfield Diffie came up with a new system, called "public-key" cryptography, that hit the world of cyphers with the force of an unshielded nuke.
Foreword by WHITFIELD DIFFIE to Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design by the Electronic Frontier Foundation July 1998
4/02 SUN MICROSYSTEMS APPOINTS WORLD-RENOWNED SECURITY EXPERT, WHITFIELD DIFFIE <whitfield.diffie@sun.com>, AS CHIEF SECURITY OFFICER; CREATES GLOBAL SECURITY PROGRAM OFFICE
Sun's Security King Cryptography pioneer Whit Diffie offers illuminating views on his ascension to Sun Microsystems' CSO. http://www.cisomagazine.com/2002/aug/qa.shtml

Bruce Schneier Founder and CTO Counterpane Internet Security, Inc. author of "Secrets and Lies" and "Applied Cryptography," and an inventor of the Blowfish, Twofish, and Yarrow algorithms. He is a member of the Advisory Board of the
Electronic Privacy Information Center (EPIC). He is a frequent writer and lecturer on computer security and cryptography. Publishes CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses, insights, and commentaries on computer security and cryptography. Back issues are available on http://www.counterpane.com/crypto-gram.html

Matt Blaze's cryptography resource on the Web cryptanalysis - security flaws that allow hackers to break into computer networks. "Keep It Simple Stupid" and the "final" version of my paper on cryptology and locks

Charles Miller, Ph.D., principal security analyst with Independant Security Evaluators
810 Wyman Park Dr.
Suite 180A
Baltimore, MD 21211
443-270-2296 (T)
443-378-7128 (F)
Email: contact AT securityevaluators.com

Chris Paget, director of R&D for IOActive, RFID hacking.

Johnny Long

Identity Stronghold, "secure sleeves" help protect security cards from malicious cloning.

Ron Rivest's web page has an excellect collection of cryptography and cryptology research links

Bert-Jaap Koops has done a lot of high quality research into the subject of international cryptography law.

About D.J. Bernstein - Crypto Regulations US Export controls

Interview with Jon Callas - innovator and an acknowledged expert in all major aspects of contemporary business security, including cryptography, operating system security, public key infrastructure, and intellectual property rights.

William Knowles c4i.org

Public Key Cryptography in One Easy Lesson
PGP announced a deal with Sony Computer Entertainment to protect the laptops of 1,100 worldwide employees. That'll be their GTA cheat codes safe, then.
BitLocker has landed Redmond in some hot water over its insistence that there are no back doors for law enforcement. As its encryption code is open source, PGP says it can guarantee no back doors, but that
cyber sleuths can use its master keys if neccessary.
PGP encryption inventor Phil Zimmerman.

Phil Zimmerman Zfone VoIP security software It adds
solid encryption protection to any software-based VoIP security software simply by installing the free software and pointing your VoIP software to a new host port. It doesn't use persistent keys or PKI.

Steve Bellovin writes:
It's a truism in the crypto business that the old telegraph codes were for economy, with confidentiality against casual readers a noted and desirable goal. But I've recently acquired two old codebooks that have stronger ambitions.
The more interesting one is Slater's Telegraph Code, since confidentiality is its only goal. I have the 9th Edition, from 1938, but it appears to be originally from the late 1860's. It encodes 25,000 words, including "a" and "the". There are no sentences, phrases, etc. Users are told to convert the plaintext word to a number, transform the number, and convert back to a new word for transmission. Suggested transformations include adding or subtracting a shared secret constant, permuting some of the digits of the code number, and/or regrouping the digits of a string of code numbers. Clearly not military-grade security, even for the time, I'd guess; in addition to the rather simple transforms, it's a one-part code.
Equally interesting is the threat model. I quote from the introduction:
On the 1st February, 1870, the telegraph system throughout the United Kingdom passes into the hands of the Government, who will work the lines by Post Office officials. In other words, those who have hitherto so judiciously and satisfactorily managed the delivery of our sealed letters will in future be entrusted also
with the transmission and delivery of our open letters in the shape of telegraphic communications, which will thus be exposed not only to the gaze of public officials, but from the necessity of the case must be read by them. Now in large or small communities (particularly perhaps in the latter) there are alwys to be found prying spirits, curious as to the affairs of their neighbours, which they think they can manage so much better than the parties chiefly interested, and proverbially inclined to gossip.
It goes on to warn of the need for confidentiality in business communications, especially when undersea telegraph lines are used.
Equally interesting is the fact that despite the common wisdom that says that secrecy products didn't sell well, this book survived for about 70 years -- with my edition being printed on the eve of war.
The other confidentiality code I have is "Sheahan's Telegraphic Cipher Code", from 1892. It was intended for use by railway labor organizers, to keep management from knowing what they were up to. It has about 7000 code words.
It's a more conventional telegraph code, in that it includes some phrases. The general confidentiality scheme is similar to Slater's,though the only suggested transformation is adding or subtracting a constant to the code number. Because the plaintext is phrases, rather than just words, there are separate code words along with the code numbers; these words are sent, rather than the numeric values.
From a cryptographic perspective, the most interesting item is that times, days, and numbers do not have code numbers -- the instructions say to send just the code words. The compiler was worried about a known or probable plaintext attack on the offset value used for superencipherment. There is also a warning against mixing plaintext with ciphertext, "excepting the name of a person or the name of a town".
There is a cipher alphabet for spelling out words, but it, too, is not superenciphered.
Some of my other, larger code books could have been used in a similar fashion, but there's no hint of that in the instructions.

The Museum Security Network has been on-line since December 1996. It was founded by Ton Cremers, former head of security at Amsterdam's Rijksmuseum, recipient of the 2001 Robert B. Burke Award for excellence in cultural property protection at Smithsonian National Conference, and currently independent museum, library, and archive security consultant. Its original aim was to be a source of information for cultural property protection professionals. Gradually, the Museum Security Network mailing list has become the main channel for the distribution of news and information pertaining to cultural property protection, preservation, conservation, and security. On a daily basis, information is posted on www.museum-security.org as well as on the MSN Google Group (Google group is moderated by Mark Durney mark @ artcrime.info). Subscribers include museum professionals, law enforcement officers, lawyers, academics, insurance underwriters, journalists, auction houses, among many others.

FEDERATION OF AMERICAN SCIENTISTS
You don't have to be a rocket scientist to support our work on global security! (FAS) is working on issues of global security, the environment, democratic governance and human rights. From our early days, 50 years ago as the action arm of the original atomic scientists, to our present work on arms control, environmental protection, and government secrecy reform, FAS continues a commitment to informing the public debate on complex scientific and technical questions.

CIA - can't secure their network

FreeS/WAN project is to secure Internet traffic against wiretapping.

Pixel Plasticity
In the fraction of a second between video frames, any person or object moving in the foreground can be edited out, and objects that aren't there can be edited in and made to look real. Pictures from orbit may not necessarily be what the satellite's electronic camera actually recorded.

The Council for Responsible Genetics
The public must have access to clear and understandable information on technological innovations. The public must be able to participate in public and private decision-making concerning technological developments and their implementation. New technologies must meet social needs. Problems rooted in poverty, racism and other forms of inequality cannot be remedied by technology alone.