Michael Gracie

I was out last night (fancy that), and as can be expected when you order a Guiness Stout, I was asked for my ID. What happened next was interesting, to say the least.

The gal who asked for the ID disappeared with it. Turns out, she was off swiping on an “ID Check” system. Never said she was going to do it either. I wasn’t boarding a plane, getting a concealed weapons permit, or applying to adopt a child. I was buying a fricken beer.

The manager showed up a few minutes later (actually, we found him lingering around behind us, attempting to eavesdrop on our unrelated conversation). His excuse was the system was “the law,” comparing the process to what happens at the neighborhood strip club (which I don’t go to, but obviously he does). No apology for the blatant lack of disclosure was given.

I guess you can’t have a drink anymore without someone watching. And I am still looking for that “law.”

UPDATE: More on ID swipes and concerns.

A company in China was just fined by its government for spamming.

Yes. That would be the same Chinese that people point the finger at for the spam problem, while guys in Boca Raton, Florida are laughing.

Or at least that is what Bruce Schneier is suggesting.

TrackMeNot is a Firefox plugin that is supposed to do just that, by sending random search queries out to engines while you are doing something besides searching for porn and bomb-making instructions.

It sounds to me like it just makes for lengthier data mining periods, and a good chance you will eventually get your IP address blocked by search engines. Of course, you could use an anonymizer to prevent the latter, then you only have to worry about your browser eating up 99.99% of your CPU cycles waiting for results.

The debate continues, even though many say the Mac is only less susceptible to malware because there are less Macs in the world. Tom Yager provides more “guts” on the matter.

No judgement here - I just want to hear those security through obscurity comments from Windows users again.

Qwest was recently praised for ingoring a request from the NSA for data on it’s subscribers. They looked like good guys and gals. People purportedly rushed to get their services. Their employees certainly ran around town, chatting it up.

Fast forward.

Qwest is at it again, only this time the talk is heavy endorsement of mandatory data retention laws being proposed for ISPs. Several Colorado politicians who had previously jumped on the Qwest hero worship are endorsing (and in one case, sponsoring) said measures.

The local Rocky Mountain News had noted:

Qwest has done its share to reinvent the company in recent years, but it may have generated an unexpected windfall by rebuffing the National Security Agency.

So..now that they have all those subscribers, what are they going to do with all that extra data they want to retain? Let’s just hope they don’t pull “an AOL.”

***UPDATE***

Oops. Someone at a big telco has admitted they misspoke, which has to be a first: Qwest endorses a more reasonable local law, not the federal mandate.

That day would be this last Sunday, and that former hacker turned security expert would be Kevin Mitnick and his website.

I shut down my personal blog at thoughtmarket.com a few weeks back. Reasons:

1) I don’t have time (too busy fishing);
2) I am a crappy writer (highly apparent, even here);
3) I know precisely jack shit about politics and economics (although I have about the same knowledge base regarding internet security, and people still seem to read this fricken thing);
4) Did I say I was an ass yet?

Ok, that should do it for excuses. Nevertheless, there were a few pretty popular posts over there, mostly related to technology, so I brought them over.

In no particular order…

- A cool rig of Fedora Core 3 on a Dell Latitude C840, with two drives and two MBRs, at A decent Linux laptop;

- My hopped up Linksys router running IPv6 into the house, in IPv6 in the house was no big deal; and

- The personal favorite (although not really tech related) - my retorts on a Hugh Mcleod/Gaping Void post about lying bloggers, in Simple responses to Top Ten Blogger Lies (even Hugh got a kick out of it).

Yes, there are a few more stuffed in here and there. But thankfully, all the posts about politicians doing stupid shit on or with the internet are gone forever.

Regards,

Michael

**UPDATE**

Almost forgot, everybody’s favorite site to be scared of…Taming the MySpace monster.

Why? Hacking has become big business, yet malcreants don’t seem interested in the site.

I wonder if advertisers will get the same idea.

A taped demo at Blackhat (taped because the demonstrators were fearful someone would interfere) was supposed to show a MacBook wireless vulnerability. As it turns out, the drivers that SecureWorks researchers used were from a third party.

So much for taped demos.

***UPDATE***

You have to love this line:

“As part of a responsible disclosure policy, we are not disclosing the name of the third-party wireless device driver until a patch is available.”

Responsible disclosure my ass. Can anyone say “banned from Blackhat demos, for life?”

***UPDATE 2***

Maybe that should be journalists banned from Blackhat instead.

ConsumerReports just completed a study which tested anti-virus softwares for their effectiveness. But instead of just using the known threats and existing signatures, they created thousands of virus variants of their own to see if protective measures did any good. Of course, you have to be a subscriber to their magazine to get the results, so I’d love to hear from someone as to who won the battle, but nevertheless I thought it was a great idea.

Not everyone did.

The watchdog group is now being slammed for their approach, and I say this should serve as a warning to everyone who trusts their boxed anti-virus kit. Graham Cluley of Sophos noted:

“When I read about what ConsumerReports has done I want to bash my head against a brick wall. With over 185,000 viruses in existence was it really necessary for this magazine to create 5,000 more? It’s irresponsible behavior, and will be frowned upon by the antivirus industry. Leave antivirus testing to the independent testing bodies with expertise in the field”

Alarms aren’t designed to set themselves and subsequently go off only on designated burglar days, but anti-virus is certainly designed to trigger against known threats. That is what ConsumerReports was trying to get at - could anti-virus protect against previously unknown viruses. They even used existing signatures, varying them just slightly (like malcreants do). And I found no mention of ConsumerReports releasing them into the open, as the quote infers.

Maybe Graham wants to bash his head against the wall because his product doesn’t really protect like it should, and now he and his entire industry have been called out?

***UPDATE***

No argument from Slashdotters.