Tag: Security
-
Important New Internet Standard
Internet security guru Steve Bellovin proposed today an important new Internet standard, RFC 3514, which creates a new “evil bit” in Internet Protocol packet headers. The evil bit is required to be set in all malicious packets. RFC 3514 fully examines the ramifications of this innovative proposal, including a discussion of what existing systems must…
-
Use a Firewall, Go to Jail
The states of Massachusetts and Texas are preparing to consider bills that apparently are intended to extend the national Digital Millennium Copyright Act. (TX bill; MA bill) The bills are obviously related to each other somehow, since they are textually similar. Here is one example of the far-reaching harmful effects of these bills. Both bills…
-
Leaks From CERT's "Good Guys" List
Brian McWilliams at Wired News reports on the leakage of unreleased security alerts from the government-funded CERT coordination center. Three secret alerts sent to members of CERT’s “good guys” club (known as the Information Security Alliance, or ISA) were reposted onto the open “Full Disclosure” mailing list. The person who did this may have violated…
-
DRM, and the First Rule of Security Analysis
When I teach Information Security, the first lecture is dedicated to the basics of security analysis. And the first rule of security analysis is this: understand your threat model. Experience teaches that if you don’t have a clear threat model – a clear idea of what you are trying to prevent and what technical capabilities…
-
Berman Bill May Not Return
According to an article by Jon Healey in Friday’s Los Angeles Times, Rep. Howard Berman may not reintroduce his “peer-to-peer hacking” bill in the new Congress. The bill, you may recall, would authorize copyright owners to launch some types of targeted denial of service attacks against people who are offering infringing files via peer-to-peer systems…
-
Spread of the Slammer/Sapphire Worm
A new paper by well-regarded networking researchers analyzes the spread of the recent Slammer/Sapphire worm. The worm spread at astonishing speed, doubling the number of infected hosts every 8.5 seconds, and infecting 90% of the susceptible machines on the Net within ten minutes. Researchers had predicted that such fast-spreading worms could exist, but this is…
-
Wacky Biometrics
I heard a presentation today by an expert on biometric security devices. He mentioned two new biometric devices under development. The first one uses body odor, detecting the unique combination of chemicals by your body. The second one fits on a chair; you sit on it and it measures the unique shape and weight distribution…
-
More on the Insecurity of Door Locks
Seth Finkelstein has unearthed two previous mentions of the method used in Matt Blaze’s door-lock attack. It’s clear that this problem was known in some circles. Now the rest of us know too. I wrote previously that I’m glad the DMCA doesn’t apply to door locks. Chris Smith, over at Mutatron, wonders whether the DMCA…
-
Most Door Locks Insecure
John Schwartz at the New York Times reports on a blockbuster piece of research by cryptographer Matt Blaze. Matt applied the principles of cryptography to good old fashioned door locks and keys, and what he found is pretty horrifying. Given a key to one of the locks in a building, and a small number of…
-
Law Firm Accused of Computer Intrusion
According to James Grimaldi’s column in Monday’s Washington Post, lawyers at the prominent firm Jones Day are accused of making unauthorized accesses to the password-protected web site of an opposing expert witness. Grimaldi writes, W. Kelly Stewart, of Jones Day’s Dallas office, testified last month that he entered Egilman’s site after Jones Day attempted and…