This Arsticle goes through the details. Which I don’t understand. And that makes me all the more certain that Al Qaeda will get their hands on dark-energy observation tools and use them to establish a Muslim caliphate!
Things that Go ‘Bump’ in the ‘Net 
And it works well!
Amazon.com sent me an email yesterday morning recommending that I buy my own book.
Oh man, the picture at right is brilliant.
That’s part of an excellent post on Wired‘s Threat Level blog, pointing out how silly the notion of “cyberwar” is:
In truth, U.S. network operators already deal with DDoS attacks of a similar, or greater, magnitude than the ones that hit Estonia. Peters argues that critical U.S. military networks and weapons systems could fall. Malware is getting pretty sophisticated, I’ll admit, but I’ve yet to see a bot that can send packets from the public internet to a classified, air gapped Air Force network. If it exists, it can also do your laundry and walk your dog.
Peters even cracks open the old chestnut about American facing an electronic “Pearl Harbor.” Cue Ricky Martin on your Rio and it could be 1999 all over again.
Commentary on recent real estate woes in Second Life. I’ve been thinking of opening an office there. Sort of a retreat. An asylum, as it were.
Ars has a report on a new study showing that college students are shockingly prone to phishing if the email they receive appears to come from an acquaintance:
To generate a database of relationships, the authors used a publicly-available Perl module to crawl social networking sites, including Friendster, MySpace, Facebook, Orkut, and LinkedIn. They selected Indiana students from this database and picked a target population based on the quality of the personal information that was obtained.
Test subjects received an e-mail with headers spoofed so that it appeared to originate from a member of the subject’s social network. The message body was comprised of the phrase “hey, check this out!” along with a link to a site ostensibly at Indiana University. The link, however, would direct browsers to www.whuffo.com, where they were asked to enter their Indiana username and password. Control subjects were sent the same message originating from a fictitious individual at the university.
The results were striking: apparently, if the friends of a typical college student are jumping off a cliff, the student would too. Even though the spoofed link directed browsers to an unfamiliar .com address, having it sent by a familiar name sent the success rate up from 16 percent in controls to over 70 percent in the experimental group.
Of course, men were far more likely to respond to emails from women than from other men.
There’s a commendable piece called “Strictly Confidential” (summarized; full article behind paywall) by Jacob Shapiro in the current issue of Foreign Policy.
Shapiro makes an intelligent case that opening government improves security. “When government officials curb access to information,” he writes, “they cut themselves off from the brain power and analytical skills of a huge community of scientists, engineers, and security experts who are often far better at identifying threats, weaknesses, and solutions than any government agency.” Shapiro provides a couple of examples where openness has improved security systems.
“Putting information behind lock and key does not make targets safe from attack. It leaves security analysts unable to find solutions to other weaknesses in the future. It also leaves government and industry less motivated to find safeguards of their own.”
Good stuff.
This site tracks the value of some “black market” goods from pirated movies to body parts and human trafficking. Missing: Murder for Hire, though Kidnapping is represented.
One ought to distinguish at least two types of markets represented here; a) those in which the goods being sold do indeed “belong” to the seller who wishes them to “belong” to the buyer. Markets for illegal drugs for example. “Belong” is in quotes because from a legal standpoint there are no “property rights,” rather, the rights are those that would exist at law just as with any other planted produce or chemical stew if it were not for regulatory bans. Then there is b) the rights in question have been wrested away unlawfully from a third person and appropriated by the seller, who then transfers them to the buyer. Human trafficking, for example, and piracy.
Leave it to the blogosphere (in the person of one David McElroy) to instantaneously debunk my ham-handed April Fool’s Day post claiming a security breach in the the NAPHSIS EVVE system. Congratulations, David. (Who says it’s such a good thing to have smart readers?!)
The National Association for Public Health Statistics and Information Systems has developed and implemented the Electronic Verification of Vital Events system to allow immediate confirmation of the information on a birth certificate presented by an applicant to a government office anywhere in the nation irrespective of the place or date of issuance.
That sounds neat, but it is being incorporated into the REAL ID national ID system apparently without regard to the security issues involved. If we are going to use driver’s licenses for security purposes, each link in the chain of issuance is then a potential vulnerability.
What if the NAPHSIS EVVE system and others like it were comprimised and made to confirm the issuance of birth certificates that didn’t actually exist? We could have untold numbers of licenses issued based on fraud. The system we have now, which provides a modicum of security, could collapse as fraudulently acquired driver’s licenses proliferate.
Two weeks ago, at the meeting of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee, I asked Stewart Baker, Assistant Secretary for Policy at DHS, what counter-measures might be employed by attackers on the REAL ID national ID system. He said, “We have done some thinking about that . . .” I’m not sure our confidence should be inspired by that.
Every weakness in the system should be explored carefully. I summarized some of them in Appendix A of my testimony at the Homeland Security and Governmental Affairs Committee last week.
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.