In the latest Cryptogram newsletter,
security expert Bruce Schneier makes some interesting points about voting, voting machines and computers. The web version of this article won't be up for a few weeks so I have reproduced it here. Read more...
posted by lagado
on Dec 16, 2000 -
Judiciary Seeks Public Comment on Internet Access to Court Documents
"As federal courts make the transition from paper to electronic case files, the Judicial Conference of the United States is studying the privacy and security implications of vastly wider public access to court documents via the Internet. Public comment is sought."
Further down they tell you that it'll cost 7 cents a page, even online. From the same folks who waited years to put up Supreme Court dockets and opinions on the official site.
posted by thescoop
on Nov 15, 2000 -
AIPAC Hacked, Credit Card numbers exposed.
This morning the Web site of the American Israel Public Affairs Committee was defaced by Doctor Nuker of the Pakistan Hackerz Club
. I didn't think anything of it which was why I missed getting the mirror the first time around.
Apparently this is a pretty large organization according to my co-worker, a former Washingtonite. It's the biggest American Jewish lobbying organization in the US from what I hear... which is going to piss people off when they realize their credit card information was leaked in the defacement.
posted by bkdelong
on Nov 2, 2000 -
The OPE Campus Security Statistics Website
allows you to research criminal offenses that were reported at over 6000 colleges nation wide, (United States). University participation is compulsory.
Of course, what they don't mention is lots of schools, including my alma mater
, refer certain complaints (commonly those dealing with sexual assault) directly to local law enforcement, and keep no official record of the incident with the school itself. I was semi-involved with my school's Women's Resource Center in '98, and I can tell you there were a lot more incidents of sexual assault than listed
on the OPE site.
posted by alan
on Oct 24, 2000 -
NYTimes.com has low security
Even me, the casual passerby, could access secret documents about the mysterious "partners," while trying to avoid downloading a cookie. Heh, "channel", "partners", the number 10. They're all related somehow?
PS: "channel.nytimes.com" doesn't give access to pages without logging in. Any ideas?
posted by rschram
on Oct 13, 2000 -
Another innovation from Digital Convergence:
In addition to having a pretty much useless product, CueCat's product-release-to-privacy-violation rate is spectacular! To quote their email:
Dear :CueCat member,
We've been alerted to a security breach in our system that may have exposed certain members' names and email addresses
. As one of the members who may be susceptible, we want to explain to you how you may be affected and what we are doing to rectify the situation.
posted by anildash
on Sep 17, 2000 -
Western Union's site
is down, as hackers have accessed their "secure" database
. Western Union's only suggestion so far is to tell all customers to cancel their credit card accounts. Is anything really
secure on the internet? Do you trust amazon to hold your credit card numbers, Wells Fargo to keep your checking account private, and Kozmo employees not to pilfer your credit card numbers for fun?
posted by mathowie
on Sep 10, 2000 -
Does Amazon deserve my statistics?
I knew this
was coming but I was hoping that it would all turn out for the better and Amazon would come to their senses. So the question is, are Wish Lists
worth my data? Will ownership of my spending habits, phone number, address, credit card, browsing habits, and email address become the new price for using the Internet as a consumer?
posted by Brilliantcrank
on Sep 5, 2000 -
MSNBC's Robert Wright seemes confused
in this story about the Global Positioning System. He misinforms the reader about how terrorists can now use the military's encrypted GPS signals for more accurate positioning. (FYI: you are still unable to use the military's encrypted GPS signals, contrary to what Wright claims.) more inside>>
posted by darainwa
on Jun 28, 2000 -
Does it bug anyone else
that if you have a MetaFilter account with cookies enabled, it automatically enters your password (which can be read in view source)???
Personally I think this is a very bad thing, as I've visited metafilter at the library a few times..
posted by Bane
on Jun 28, 2000 -
The overthrow of Premier Mossadeq
Last week the NYT posted PDF files of a CIA report detailing the overthrow of Premier Mossadeq of Iran in 1953. Names of Iranian participants who assisted in the operation were digitally "removed" because of fears that there families would face retribution when their status as foreign agents was revealed. John Young of cryptome
discovered that the redacted text was not really gone -- by cancelling the PDF rendering at a certain point, the hidden names were revealed. He contacted the NYT and after some discussion told them he would not post the full files; the Times removed their copies of the files until they could edit out the names more securely. Young has since heard that other people also noticed the flawed redaction and has concluded that the information is therefore public. He is now posting the full text of the files (first installment
up now) with the names restored. Is Young playing fast and loose with people's lives? Or does belief in a free press obligate this sort of thing?
posted by tingley
on Jun 22, 2000 -
Identity swapping makes life relative
Do any of you do the Safeway Card Shuffle? I think I probably would, but then again the level of tracking where I live is currently negligible, so it isn't yet an issue. How about where you live?
And how does this tie in to online privacy, like advertising cookies and programs like RealPlayer and GoZilla that track and report where you've been and what you've been doing?
posted by lia
on Jun 8, 2000 -
Microsoft's latest security loophole
involves the much-hated animated paperclip "Office Assistant". Despite its ability to create or delete
files, someone chose to mark it as "safe for scripting", allowing it to be controlled by script on a web page.
posted by harmful
on May 17, 2000 -
RedHat Linux security problem uncovered.
Today, apparently it was discovered that if you install the Piranha package with RedHat 6.2 (ostensibly part of the default installation, but there's controversy over this), a default password is installed that would give anyone access to the Piranha configuration package; from there, it is apparently trivial to execute any command on the box that you want.
I find it very interesting that the fact that Microsoft had a "backdoor password" in a DLL made huge
news (and it turned out to be patently false), yet this has gotten almost no
press. I'd like to think otherwise, but I know it's because people hate Microsoft, and thus are eager to deride it... and yet here's proof that even the mighty Linux is susceptible to the same exact problems.
Next time you reach for the keyboard to cry out "nyah nyah!" at the discovery of some problem with Windows, remember this...
posted by delfuego
on Apr 24, 2000 -
Do security apps like this one
actually work? Anyone here with a DSL or ISDN, or other "always on" connections, have any tips on security at home?
posted by milhous
on Apr 19, 2000 -
They bagged the kid who was responsible
for all those Denial-of-Service attacks a couple of months ago. He's Canadian.
Here's an interesting legal question: could the US extradite him? The crimes were committed in the US, but he was in Canada at the time he did it, since he worked through the Internet. Whose laws apply?
(By the way, I've seen no indication that the US is considering extradition; I was just curious whether they could
posted by Steven Den Beste
on Apr 19, 2000 -
More news on the IIS exploit
After acknowledging the problem last week, Micro$oft is now saying that the backdoor in IIS... is a flaw. M$ Technet seems to have a fix
for this problem, delete the offending file! So, if systems are your bag, my advice is to start researching security
if you are running M$ internet server products (SQL 7, Exchange, IIS, Index Server, etc.).
posted by Dean_Paxton
on Apr 17, 2000 -
jon kats on "geek profiling":
"W.A.V.E joins new sofware "security" programs ... being tested in public schools in America to compile and computerize information on students believed to be dangerous or potentially violent. This new rat-on-kids industry is an offshoot of the Geek Profiling anti-Net hysteria that broke out all across the United States after the Columbine High School killings, whose first anniversary is fast approaching. Despite the fact that horrific incidents like Columbine are extremely rare, and that the FBI and Justice Department have both reported that youth violence has dropped to its lowest levels in more than half a century, the belief persists in much of America that technologies like the Internet (and activities like computer gaming) are turning otherwise healthy school children into mass murderers."
posted by palegirl
on Mar 29, 2000 -
Worth has a great story
on how easy it would be for Goto.com to exploit its paying customers. (There may be some registration issues with this link; if it fails, go to the Worth home page
and click on "The Easy Way to Get Rich Click.")
posted by luke
on Mar 14, 2000 -
Uncle Sam wants YOU
to solve the internet's problems. President Clinton announced yesterday that, due to a complete lack of knowledge about the internet, it will cost $2 billion in 2001 to develop anti-hacker secuity. Plus they intend on subsidizing college costs for computer science majors that agree to work for the government. Hey if he'd give me just one million dollars, I'd be able to pay off my school costs and hunt down hackers personally, like Boba Fett
posted by Awol
on Feb 11, 2000 -
Last night Kevin Mitnick
was on 60 minutes (the gist of the interview is quoted here
), and I have to say he came off as an utterly harmless geek. He was an information junkie that enjoyed the challenge of cracking firewalls. He never profited from his activities and the affected companies made up their monetary losses. It's a shame he was forced to waste away in prison instead of offer his security expertise to the affected companies.
posted by mathowie
on Jan 24, 2000 -
seems to be over a year old, but it's news to me. Did you know that cookies set on international domains (those ending in generic things like co.uk or co.nz) can be read by other servers
within those top level country domains? Scary stuff if you're using even the latest versions of Netscape on international sites.
posted by mathowie
on Jan 17, 2000 -
Got a windows box? Think your machine is secure? You're probably not
. This is a nice free port scanner utility for wintel boxes, give it a test and make sure you don't have any weird services running.
posted by mathowie
on Dec 7, 1999 -
Oh god. Banning backpacks
won't solve anything. The school is sending the message that they assume the worst of their students. Next thing they will outlaw will be clothes because weapons can be hidden in them, then a daily body cavitiy search before class, just as a precaution.
posted by mathowie
on Aug 12, 1999 -