Sunday, November 06, 2011


Dilbert was listening on Friday! This is exactly what we were discussing. The Privacy Foundation had one of its better Seminars, with insightful and inciting exchanges from the panel and attendees. Fortunately, dueling is no longer the preferred method for resolving such discussions...


Forward this to your Security Manager
"A new open source scanning tool has been released by engineers at independent security testing firm NSS Labs that can be used to detect Duqu drivers installed on a system. The tool was developed with the goal of discovering any additional drivers, and to enable researchers to learn more about the functionality, capabilities and ultimate purpose of the Duqu malware."


The problem I have with “reputation” based systems is that it worked so well and so long for Bernie Madoff...
"With all the publicity about breaches of SSL certificate authorities and a hack that exploits a vulnerability in the supposedly secure protocol, it's time to consider something else to protect Internet transactions. If only there were something else to turn to. Protecting SSL and its updated version TLS is vital because they support most e-commerce transactions by setting up end-to-end encrypted sessions that are authenticated, and that requires certificates that are verified by certificate authorities. One new model for authentication is called Convergence, and it similar to one being trialed at Carnegie Mellon University called Perspectives. Rather than trusted third parties whose trust can't be assured, SSL/TLS authentication would rely on a reputation system of verification."


Think of it as an “Inverse Catch 22” Having a law that every second-class citizen breaks (exhaling spreads germs and is illegal) means the “True Citizens” can decide to enforce the law at any time.
Privacy Victims by the Million: Federal Law Turns Parents and Children into Liars … and Criminals?
November 5, 2011 by Dissent
Over on Volokh.com, Stewart Baker uses Danah Boyd’s new study on under-age kids signing up for Facebook with their parents collaboration to lambast COPAA. He writes, in part:
Teaching kids to lie isn’t exactly a government policy to be proud of. But federal law has another unintended legal consequence in store for those parents and kids. As Orin Kerr and I have pointed out, Facebook users who violate the site’s terms of service also violate the Computer Fraud and Abuse Act, at least according to the Justice Department. Which would make every one of those parents and children guilty of a federal misdemeanor.
By my count, that’s well over ten million misdemeanors, not to mention ten million privacy victims.
Now, you might ask, “Who the hell is the government to take away the decision whether my kids can join Facebook?” Actually, most parents feel exactly this way. When the study asked them who should have the final say about whether or not their child should be able to use online services, 93% chose the parents, 3% opted for the company providing the service, 2% chose the government, and 2% would leave the decision to the child.
So how did we end up with an online regime that is this intrusive, stupid, and unpopular?
It wasn’t easy. It took a lot of lobbying, and the story may help explain why we have so many stupid privacy rules.
Read more on The Volokh Conspiracy.


As my Security by Design students discovered, you have to do some serious investigation to find little flaws, like “our servers are in North Korea.”
"Dropbox last month launched its Teams service, targeted at small and mid-sized businesses — but acknowledges it's not PCI-, HIPAA- or Sarbanes-Oxley compliant. Company executives say they also don't provide a highly visible warning largely because customers in beta tests didn't make it an issue. Should cloud services focused at businesses provide clear warnings if they are not compliant with key regulatory requirements, or should business customers just assume they are not?" [Since companies are incapable of “A” I would suggest “B” Bob]


Perhaps a business model that provides “failsafe” access when companies die?
antdude points out this article at opensource.com on the "graveyard" of digital rights management schemes — the death of each of which has left customers out in the cold. An excerpt:
"There are more than a few reasons digital rights management (DRM) has been largely unsuccessful. But the easiest way to explain to a consumer why DRM doesn't work is to put it in terms he understands: 'What happens to the music you paid for if that company changes its mind?' It was one thing when it was a theoretical question. Now it's a historical one ..."


Perspective: The “If This Then That” website creates ways to completely overrun your data limits... Automatically! (My selections from their selections)
10 Great ifttt Recipes To Automate Your Web Life
We’ve already introduced you to ifttt in a previous post
… To save you even more time and effort, I’ve assembled a list of 10 of the best Recipes that are currently available. With more than 5,000 public Recipes to browse through, here are the gems (in no particular order):


Arrrrrrrrgh! The case that will not die! (Some interesting things said about lawyers in the comments)
phands writes
"SCO has moved to partially reopen their 10 year old lawsuit against IBM. Unbelievable! Details at Groklaw."
From the article, quoting SCO's filing: "SCO respectfully requests that the Court rule on IBM’s Motion for Summary Judgment on SCO’s Unfair Competition Claim (SCO’s Sixth Cause of Action), dated September 25, 2006 (Docket No. 782), which motion is directed at the Project Monterey Claim, and IBM’s Motion for Summary Judgment on SCO’s Interference Claims (SCO’s Seventh, Eighth and Ninth Causes of Action), dated September 25, 2006 (Docket No. 783), which motion is directed at the Tortious Interference Claims."


This could be useful. Can I build my own Siri?
Give Your Computer A Voice With eSpeak [Windows & Linux]
Install eSpeak and you can make your computer say anything, in a wide variety of languages.
Looking for a lightweight text to speech program? Whether you want to listen to your favorite blog while doing the dishes, or just make your computer say naughty words to your friends so you can giggle like schoolchildren, eSpeak is a great tool for the job. It’s “a compact open source software speech synthesizer for English and other languages” according to its website. You can use official versions of eSpeak on Linux and Windows.
… You can save any particular string of speak to a .WAV file, perfect for dubbing over creepy footage for anonymous revolutions.
… Ready to install eSpeak? Find the download here.

No comments: