CNN has published two competing commentaries regarding “Net Neutrality”. The first one argues that this debate comes from telecom companies wanting to squeeze companies for more money. The second commentary argues that the Internet is in need of upgrades and that this bill should be footed by the companies that use it. It should be no surprise that I agree with the first commentary. The Internet is a scientific creation. Science is built on fact and not speculation. Here are…
There’s so much huff and puff lately about “government wire-taps”. So many people are freaking out about the erosion of civil liberties or discussing how it’s simply “illegal”. Well the facts remain: Any evidence found in a tapped call where there was no warrant is not admissible as evidence in a court of law. This means if someone does admit to committing a crime, they can’t be charged with that being used as evidence. People are losing their minds worrying…
Recently the CEO of BellSouth made some rather strong comments regarding data flowing over the Internet. To summarize, he said that companies are using their data lines to send people information and they aren’t paying for it. (For more details, look at this article.) I know many people don’t think about the money that funds Internet operations but lets put it together, shall we? 1) The end user (or company) pays an ISP for a data line. You do NOT…
All the rage has lately centered around the recent escalation of a “Denial of Service” Internet Explorer vulnerability that has suddenly without warning become a “remote-code execution” vulnerability. Ok, patch your systems, lock your windows and post a dog at the front door. All that aside, this raises again the issue of software patching response times and best-practice software coding. There are a number of people who are very upset at this, not because it’s yet another browser-directed exploit or…
When a computer is connected to a network to download the latest security patches for the first time, it is truly a sheep among the wolves. Recently I wrote about this and now CERT has taken the time to publish guidelines for new computer owners. After all as they point out, the time for an unprotected computer to be compromised is measured in minutes on many networks. Many probably do not make the correlation between home computers and UCE/SPAM, DDOS…
I’ve finally found a password policy I can live with! Minimum length 8 characters Not in any dictionary. No word or phrase bearing any connection to the holder. Containing no characters in the ASCII character set. No characters typeable on a Sun type 5 keyboard No subset of one character or more must have appeared on Usenet news, /dev/mem, rand(3), or the King James bible (version 0.1alpha) Must be quantum theoretically secure, i.e. must automatically change if observed (to protect…
I recently became aware of a debate of astronomical proportions. In the article “One Find, Two Astronomers”, a US astronomer and a Spanish astronomer are both taking credit for the same find. Now this black hole of strange cosmic stew thickens. Bruce Schneier has just posted that the Spanish astronomer confirmed finding the object as a result of telescope logs he obtained from Google. Interestingly enough this has the debate raging over ethics and the how the wealth of information…
Anyone who regularly reads my writings knows that I’m a strong proponent of Open Source software and the value it holds in the information community. Unfortunately in the interests of marketing, attempts are popping up to try to shake that foundation for Firefox. Basically there have been a couple high-risk vulnerabilities discovered in the code which are receiving dramatic amounts of publicity. This publicity is not actually because vulnerabilities in Firefox are often this serious, but because simple conclusions have…
From a completely random blog involving a new installation of Windows XP: But eventually it all worked. Well, I think it worked. It was too late to actually try anything. Now I need to get it on our network so I can connect to the internet and install all the security updates. This leads me to think how many machines are compromised before well-intended patching takes place. Joe is sitting at his computer at 2:00am after fighting through a new…
As illustrated in Bruce Schneier’s blog, the TSA is reconsidering their stance on security measures they’ve deployed against – what Mr. Schneier terms – “small pointy things”. (Clearly not in reference to some people’s minds.) In no surprising turn, this has a few ‘interested parties’ concerned, but truly that goes without saying and will go without saying more; for now. However in a follow-up comment, he points out how this relates to his concept of “agenda”. Now pardon me if…