From a Washington Post article on the hunt for the sniper in DC: the average American is recorded on camera 8 to 10 times a day.
posted by mt at 09:52

From the SJ Mercury news:

The FBI is creating a $3 million computer forensics lab in Silicon Valley, using the latest imaging software and high-end computers to sleuth for cyber-clues of child pornography, corruption, murder and more.

The 12,000-square-foot Regional Computer Forensics Laboratory, at the foot of the Dumbarton Bridge in Menlo Park, will be available to help detectives from San Francisco, San Mateo, Santa Clara and Alameda counties hunt for digital clues. Investigators can bring seized computers and disks to be searched for incriminating e-mails, encrypted documents and other evidence within hardware or software.

posted by mt at 09:37

Bruce Schneier's Crypto-gram has been released, always worth a look.
posted by mt at 09:35

Investigative (or tabloid) journalism meets phreaking.

PR advisers to the rich and famous are warning their clients to be on their guard amid claims that journalists are resorting to increasingly underhand methods to hack into celebrities' mobile phones.

As competition for celebrity stories increases, unscrupulous journalists are using hacking techniques to beat their rivals to scoops.

posted by mt at 09:33

A decent overview from Newsfactor.

"I personally find that the open source side of the debate has the stronger argument, even though you might see more vulnerabilities being reported," he said. "Just because software is closed and [most] people don't know there are security holes doesn't mean that security holes don't exist [or that] nobody knows about them. The security holes are still there." As a result, he noted, systems might contain significant vulnerabilities that administrators are unaware of.

posted by mt at 08:16

A nice story on us this week in the Business Journal. Check it out.

While traditional firewalls can protect a business' standard, wired network or ethernet, protecting a wireless network currently requires an IT professional dedicated to the task, said Tanase, who is targeting a January 2003 release of a wireless security software product designed to help identify intrusion or misuse.

posted by mt at 08:14

A fantastic piece from noted San Jose Mercury News columnist Dan Gilmour on chokepoints - something we avoid when designing the security of a system. It's a concept fundamental to security engineering - a must read.

In a world where rationality prevailed, we'd launch a new kind of Manhattan Project to remove the energy and communications choke points. We'd actively discourage a software monoculture that leaves us so open to cyber-vandalism and corporate power hunger. We'd work harder to establish more competition for telecommunications, not let the industry consolidate to a tiny number of players.

posted by mt at 10:56

Some anomaly detection news - the University of Buffalo is working on a user-level system. A project very similar to a paper I wrote earlier this year on the concept. On a related note, I'm hoping to wrap up a piece on mitigating distributed denial of service attacks this week.

"We have developed a new paradigm, proactively encapsulating user intent where you basically generate a profile for every single user in the system where security is a major concern," said Shambhu Upadhyaya, Ph.D., associate professor of computer science and engineering at UB and co-author of the paper.

posted by mt at 10:51

Still trying to catch up - moving, work, etc. Hopefully more posts later today.
posted by mt at 09:47