Tag: Security

The report of a preliminary investigation into the Senate file pilfering has been released (in two parts) by Senate Sergeant-at-Arms Bill Pickle. The report mostly confirms what was reported previously: many files on the shared server were unprotected, so that anybody who knew how could get them; a clerk working for the Republican staff, under…

There seems to be an active rivalry between the authors of competing computer viruses, with back-and-forth insults included in the textual comments within each virus, according to a Mike Musgrove story in today’s Washington Post. Witty repartee it’s not: “Bagle – you are a looser!!!” But one does worry about what will come next, if…

A reliable source tells me that a headhunter, working for e-voting vendor Diebold, is calling security experts, trying to find somebody to help Diebold improve the security of their systems.

Lately, computer security researchers have been pointing out the risks of software monoculture. The idea is that if everybody uses the same software product, then a single virtual pathogen can wipe out the entire population, like Dutch Elm Disease mowing down a row of identical trees. A more diverse population would better resist infection. While…

Senate staffer Miguel Miranda will resign in the wake of the recent scandal over unauthorized accesses to the opposition’s computer files, according to Alexander Bolton’s story in The Hill. Miranda is the highest-ranking person who has been accused publicly of involvement in the accesses made by Republican staff to the Democrats’ internal strategy memos. His…

William Safire tells an amazing story in his column in today’s New York Times. He says that in the early 1980’s, the U.S. government hid malicious code in oil-pipeline-control software that the Soviet Union then stole and used to control a huge trans-Siberia pipeline. The malicious code manipulated the pipelines valves and other controls in…

Some people have argued that the Senate file pilfering could not have violated the law, because the files were reportedly on a shared network drive that was not password-protected. (See, for instance, Jack Shafer’s Slate article.) Assuming those facts, were the accesses unlawful? Here’s the relevant wording from the Computer Fraud and Abuse Act (18…

Charlie Savage reports in today’s Boston Globe: Republican staff members of the US Senate Judiciary Commitee infiltrated opposition computer files for a year, monitoring secret strategy memos and periodically passing on copies to the media, Senate officials told The Globe. From the spring of 2002 until at least April 2003, members of the GOP committee…

Every so often, somebody gets the idea that computers should detect viruses in the same way that the human immune system detects bio-viruses. Faced with the problem of how to defend against unexpected computer viruses, it seems natural to emulate the body’s defenses against unexpected bio-viruses, by creating a “digital immune system.” It’s an enticing…

An “insecurity feature” is a product feature that looks like it provides security, but really doesn’t. Insecurity features can make you less secure, because they trick you into trusting something of value to a product that can’t properly protect it. A classic example is the “Password to Modify” feature of Microsoft Word, as revealed recently…