Paul Vixie, Ph.D., presents us with a superlative analysis, via a short extract at CircleID and the full article at the ACM; in which, the good Dr. Vixie, with essentially combinatorial in scope targets focuses on technical and human rights componentry. Fundamentally an Edge versus Core argument, it's Today's MustRead.
News, via TechHive'sPhilip Michaels of the California Legislature's efforts (through this bill to mandate a s-called electronic kill-switch in all new mobile telephony devices manufactured after January 1, 2015,, by an act of that august body... All in the effort to curtail thievery; of course, this will also assist in stopping the wholesale cloning of mobile phones, and the sale of those devices worldwide, and complement the CTIA database as well.
via John Grant of Palantir Technologies, comes word of the appointment of four new members to the organizations Council of Advisors.
Namely, Alex Deane [Director of Big Brother Watch and Head of Public Affairs at Weber Shandwick], Sylvain Metille [Head of the Technology and Privacy practice at BCCC Attorneys-at-law LLC], Omer Tene [Vice President of Research and Education at the International Association of Privacy Professionals, Managing Director of Tene & Associates, and Deputy Dean of the College of Management School of Law] and Nico van Eijk [Professor of Media and Telecommunications Law and the Director of the Institute for Information Law at the University of Amsterdam].
I congratulate Palantir on this move, and look forward to the output of Palantir Council of Advisors weighing in on key issues revolving around Privacy, Civil Liberties and Information Security.
viaEugene Chow, writing at The Week, comes this mammalian tale of electronic skull-duggery of the most heinous sort. Tow wit, the take down of our critical infrastructure Power Grid by Secret Squirrels. Today's MustRead.
'Once, in 2008, I had to confiscate a bottle of alcohol from a group of Marines coming home from Afghanistan. It was celebration champagne intended for one of the men in the group — a young, decorated soldier. He was in a wheelchair, both legs lost to an I.E.D., and it fell to me to tell this kid who would never walk again that his homecoming champagne had to be taken away in the name of national security. There I was, an aspiring satire writer, earnestly acting on orders straight out of Catch-22. I quickly discovered I was working for an agency whose morale was among the lowest in the U.S. government. In private, most TSA officers I talked to told me they felt the agency’s day-to-day operations represented an abuse of public trust and funds.' - Jason Edward Harrington, Politico
You mention your being in your seventy-eighth year; I am in my seventy-ninth; we are grown old together. It is now more than sixty years since I left Boston, but I remember well both your father and grandfather, having heard them both in the pulpit and seen them in their houses. The last time I saw your father [Cotton Mather] was in the beginning of 1724, when I visited him after my first trip to Pennsylvania. He received me in his library, and on my taking leave showed me a shorter way out of the house through a narrow passage, which was crossed by a beam overhead. We were still talking as I withdrew, he accompanying me behind, and I turning partly towards him, when he said hastily, ‘Stoop, stoop!’ I did not understand him, till I felt my head hit against the beam. He was a man that never missed any occasion of giving instruction, and upon this he said to me, ‘You are young, and have the world before you; STOOP as you go through it, and you will miss many hard thumps.’ This advice, thus beat into my head, has frequently been of use to me; and I often think of it, when I see pride mortified, and misfortunes brought upon people by their carrying their heads too high. - B. Franklin
GoDaddy's Todd Redfoot fesses up to a human engineering atttack, which, in this case, led to the compromise of customer data, specifically Naoki Hiroshima’s GoDaddy account. The target? His highly sought after, single character Twitter account @N... proof, again, that social engineering may be the most difficult information security attack to thwart.
Over at SSL Labs, Ivan Ristić has announced the release of a new version of the eponymous Qualys SSL Rating Guide and a bright passenger to the Guide, the SSL Test. If you are in any way interested, responsible for, or just SSL obsessive, Monsieur Ristić's work should be considered your MustRead selection for the nonce, eh Baldric!
Why, oh why is RAM Scraping still an issue? Nearly five years after initial reports via Verizon Business of random access memory scrappage, why are commercial systems still susceptible? Whence goeth the company's information security engineers, whom should have been asssidulously scrutinizing - via both human and automatation- traffic monitoring and log analysis, not too mention file baseline monitoring (a la Tripwire)... aka The Hubris of Target, Neiman Marcus, Michaels and others.