Michael Gracie

The Register reports that sensitive VoIP data may be vulnerable to attacks because of lax efforts in securing networks. The study comes from scanit, a security auditing vendor who I’ve personally never heard of, and none too surprising also does security implementation work.

The crux of the argument is that freely downloadable software can be used to tap voice calls and record tones, something people have been doing since the 3600 club was around and Kevin Mitnick was still on the run.

…not that I am skeptical of this report (or the PR crew that got it placed ;-).

Couldn’t think of a sarcastic title for this post, and I don’t think it makes a heck of a lot of difference anyway - it’s just news, and not much to worry about. The Google Search Appliance, that box companies throw on the rack to help them weed through data on their own networks, opens up a cross-site scripting vulnerability that can allow phishers to promote their own scams.

Google has already issued a fix, and if the organizations using the system don’t want to pay attention, it becomes their problem alone.

Slashdot pointed us to 10 Minute Mail, a neat little program designed by Devon Hillard. The web-based initiative was developed by Devon to sharpen his Seam skills and help people with their “bug-me-not” problems while registering with web sites.

10 Minute Mail is pretty simple. You click on a link, an email address is generated for you, and you then use that address for your registration desires. You keep the page open while you do your bidding, and your confirmation emails (if any) show up on screen.

The only problem I see with this - it isn’t going to take much time for sites to figure out they can block the 10minutemail.com domain. Getting a pile of domains on the cheap, and rotating their distribution to the given addresses randomly, would really shore up this service.

Some Canadian developers are about to release a tool that will allowed web users subject to government censorship to surf the net free of blockage. Psiphon is a product of the Open Society Institute, an arm of the Soros Foundation.

It is great that folks are aiming to provide a free, uncensored internet to less fortunate humans of our planet, but I have a big problem with this. The system in question doesn’t provide anonymity for the user, meaning any node running the software for said user can freely see what they are browsing. It is going to take about ten seconds for evil governments to set up nodes of their own in the free world, and nab their citizenry as they browse.

psiphon is not an anonymous software program. psiphon users are not anonymous from the psiphon provider. Although traffic between the psiphon user and psiphon provider is encrypted, psiphon providers can potentially monitor everything that is done by the psiphon users they host.

These guys should have taken a look at Tor first, although I suspect someone may have been looking for a grant instead of looking for something useful.

The European Commission met to discuss spam and spyware, and outlined a framework for stronger enforcement.

The group cited the Dutch, who’ve been able to reduce domestic spam by 85%, which leads me to believe that nothing will get accomplished here. Why? Domestic spam in the land of old windmills is like a gnat on an elephant’s ass compared to what comes out of the US, China, and South Korea.

According to CNET, the battle between PC and Mac security is shameless mudslinging - the Apple marketing machine has certainly exploited OS X’s inherent UNIX-based security at Microsoft’s expense. Apple’s customers are its best buzz-boosters in this arena - even I am am guilty of rubbing two blue-screen-of-death free years into others faces.

I’m hard pressed to find much mud on Apple, meaning Microsoft knows where they stand and are working hard to shore up their systems (success level, or lack thereof, notwithstanding).

The latest report out of Postini showed a nearly 60% increase in spam over the last three months.

So, Bill Gates is still very wrong, and spammers got a little jump start on the holiday season. All the stock spam could be the reason the market hasn’t plummeted yet either. Maybe spammers should hit the mortgage market again, or hell…start selling properties ;-).
Read more »

Identity theft is now the fastest growing crime in America - maybe that is because you don’t need a gun to do it (although I hear violent crime is rising as well). Of course, despite providing a few decent tips, this article goes on to review the danger of the internet, while I think you should stick to concentrating on the offline. Tips from our friends (and my two cents):

- Take care with your Social Security card (shit, I don’t even have mine anymore)
- Get copies of your credit report (how about using a fraud alert with the reporting agencies - it makes getting credit a little tougher, but nothing that a handy copy of your power bill and two forms of government issued photo ID won’t easily fix)
- Shred documents (get a scanner for important stuff, and use PGP disk to keep those scans safe too)
- Use the post office for outgoing mail (uh, use the post office for inbound mail too - PO boxes are the perfect separate between where you live - and where ID thieves go digging through those shredded docs in the trash - and where you get billed for everything).

Beyond that, since the net is primarily a credit card world, keep it that way. Don’t use bank accounts and/or debit cards for processing transactions online. And ask your card issuer for a new card every year or so - you’ll have to change recurring payment plans from a few vendors, but it is worth it (just in case an online merchant gets busted into).

Cheers.

It is quick and dirty, but Channel Register has an interview with Phil Zimmerman, creator of PGP. He says the internet is like downtown Baghdad. I’d hardly disagree - innocent people are being mauled daily on the net.

There’s more on PGP here, here, here, and here.

Parents are up in arms - WiFi is supposedly bad for kids - now wireless connections are rumored to be getting removed from schools everywhere.

While you are at it, parents, throw away those cordless phones. Ditto for the microwave ovens. Don’t let your kids visit any household that has either, and keep them away from 7-11s while you’re at it.

And if you clean up good, there is no way you can defend yourself against the RIAA (after your kid uses Kazaa to download 10,000 songs), by saying you had an open wireless hub. So ha!