Matt Blaze analyzes the implications of a recent Newsweek story on the Bush administration’s use of the NSA for domestic spying on communications, and questions whether the lower legal threshold for the collection of communications metadata is giving away too much to the government: ‘As electronic communication pervades more of our daily lives, transaction records — metadata — can reveal quite a bit about us, indeed often much more than a few out-of-context conversations might. Aggregated into databases with other people’s records (or perhaps everyone’s records) and analyzed by powerful software, metadata by itself can paint a remarkably detailed picture of connections, relationships, and other patterns that could never be recovered simply from listening to the conversations themselves.
Browsing Posts published in December, 2008
Randall Stross has just published a sobering article in The New York Times about how the four major US wireless carriers don’t want anyone to know the actual cost structure of text message services to avoid public outrage over the doubling of a-la-carte per-message fees over the last three years. The truth is that text messages are ’stowaways’ inside the control channel — bandwidth that is there whether it is used for texting or not — and 160 bytes per message is a tiny amount of data to store-and-forward over tower-to-tower landlines. In essence it costs carriers practically nothing to transmit even trillions of text messages. When text usage goes up, the carriers don’t even have to install new infrastructure as long as it is proportional to voice usage. This makes me dream of the day when there is real competition in the wireless industry, not this gang-of-four oligopoly.
and also
The cybersecurity trend lines and aggregate data reports for 2008 are available from some firms, and the results show a burgeoning market that rocked and reacted to many of the same forces as more legitimate occupations. Unfortunately, the US has taken the #1 spot as a malware-hosting country; hopefully we’ll manage to lose that particular distinction by this time in 2009.
Leaders from government and the private sector gather in D.C. for cyberwargames.
The National Security Agency has patented a technique for figuring out whether someone is messing with your network by measuring the amount of time it takes to send different types of data and sounding an alert if something takes too long. ‘The neat thing about this particular patent is that they look at the differences between the network layers,’ said Tadayoshi Kohno, an assistant professor of computer science at the University of Washington. But IOActive security researcher Dan Kaminsky wasn’t so impressed: ‘Think of it as — if your network gets a little slower, maybe a bad guy has physically inserted a device that is intercepting and retransmitting packets. Sure, that’s possible. Or perhaps you’re routing through a slower path for one of a billion reasons.
The National Security Agency has patented a technique for figuring out whether someone is messing with your network by measuring the amount of time it takes to send different types of data and sounding an alert if something takes too long. ‘The neat thing about this particular patent is that they look at the differences between the network layers,’ said Tadayoshi Kohno, an assistant professor of computer science at the University of Washington. But IOActive security researcher Dan Kaminsky wasn’t so impressed: ‘Think of it as — if your network gets a little slower, maybe a bad guy has physically inserted a device that is intercepting and retransmitting packets. Sure, that’s possible. Or perhaps you’re routing through a slower path for one of a billion reasons.
This story from Reuters-India tells us that Russian President Medvedev is talking up the possibility of leasing not only the ill-fated Nerpa but ’several’ Project-971 submarines to India, for 10-year leases. Although there isn’t any press on India’s response to this – the Nerpa deal was on, off, on, etc. after the recent accident – it’s got to be tempting, as Galrahn reminded us earlier. It’s a way to get into a serious nuclear submarine force for much less money and time than would required to build it domestically; and if they do decide to go the domestic route for attack boats (in addition to the oft-discussed ATV likely-SSBN) the lease deals would provide an excellent means to acquire a trained nuc cadre. It would also allow for quick acquisition of escorts capable of keeping up with the ATV when she goes to sea on deployment. [From Russia pushes India SSN lease deal]
The New York Times has published an editorial on funding the Pentagon in the coming years, along with specific recommendations on various big-name Pentagon procurement programs. I won’t repeat their recommendations here, since you can easily read them at the link above, but wanted to touch on a few of them.
They recommend canceling the Virginia-class submarine (SSN-774) program, and instead spending money to ‘extend the operating lives of the existing fleet of Los Angeles class fast-attack nuclear submarines, which can capably perform all needed post-cold-war missions — from launching cruise missiles to countering China’s expanding but technologically inferior submarine fleet.’ They further claim that this decision would produce net savings of $2.5 billion. Given that they describe the Virginias as costing $2 billion each, recommending that the U.S. put off the replacement of a submarine force which is already aging and which was acquired initially at a high rate, meaning that it will leave service at the same high rate, for savings amounting to little more than the cost of one of the current boats seems foolish to me. Also, given that the Virginia is one of the few programs which does in fact appear to be roughly on budget and on time, the message this would send appears counterproductive.
They recommend cancelling DD-1000 (unsurprisingly) but explicitly choose to do so in order to favor funding the LCS acquisition. I’m not sure I should even bother going into that here – and I won’t. I’m sure Galrahn and Yankee Sailor will chime in if they think anything even needs to be said. They want to cut a CVBG (at least one) and offer straight-ahead acquisition cost numbers to justify this.
Their general positions is made explicitly clear on page 2, where they call for reductions in the Navy and Air Force in order to fund needed increases in ground forces. Especially for the Times, this seems odd – since the primary cause of those ‘necessary increases’ is ground wars which they have been unabashedly critical of in the past. They also seem quite sure that the U.S. Navy’s current blue-water dominance is something which can be confidently assumed to continue into the near to medium future, even with said reductions in ship procurement. I would argue instead that while ground forces are a possible reaction to events which affect the U.S. overseas, access to those locations is a prerequisite, and the Navy is what buys the U.S. that access. Furthermore, the Navy is much more about the classic defense of the United States’ sovereign territory than the Army. The Army exists in present day to enforce U.S. foreign policy, even if that policy is in ‘defense’ of the United States. However, in order to perform classic defense of the U.S., you need to prevent intrusion onto the U.S, its territories and those of its core allies. That is done not, in fact, by an expanded Army, but by a strong and ready Navy and Air Force. Claiming that an expanded ground force is the primary means of defense of the United States is to state that either the U.S. has thrown away its traditional advantages of sea power and would prefer to engage enemies after they have come ashore, or that a vigorous prosecution of foreign interventions is now critical to U.S. core defense. While the latter may be possible, it runs counter to much of what the Times has spent a great deal of time claiming.
For this post, I would offer the opinion that for the moment, improving the efficiency, predictability and reliability of U.S. weapons procurement will offer much more valuable savings as well as more assets than a hasty attempt to control total procurement dollars by cutting large programs for their acquisition cost savings. Although I don’t presently know the answer, I would be much more inclined to listen to calls for extending the 688 boats vs. funding 774s if there was any evidence presented that the operating costs (as opposed to simply the acquisition total costs) would be lower. None is forthcoming.
Snarkily selected image is a Victor-III being dismantled. Har, har, ‘cut submarine,’ I’m such a card. [From The Grey Lady Weighs In]
The 1962 song Wipe Out, with its energetic drum solo started, was the impetus for many people to take up playing the drums. Similarly, Nmap, the legendary network scanner, likely interested many in the art of hacking, and for some, started a career for security professionals and hackers. Nmap and its creator Fyodor need no introduction to anyone on Slashdot. With that, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning, is a most useful guide to anyone interested in fully utilizing Nmap.” Read on for the rest of Ben’s review
[From Nmap Network Scanning]
Seven leading domain name vendors — representing more than 112 million domain names, or 65% of all registered names — have formed an industry coalition to work together to adopt DNSSEC. Members of the DNSSEC Industry Coalition include: VeriSign, which operates the .com and .net registries; NeuStar, which operates the .biz and .us registries; .info operator Afilias Limited; .edu operator EDUCAUSE; and The Public Interest Registry, which operates .org.” The gTLD operators are falling in line behind government initiatives, which we discussed last month. In light of these developments, Dan Bernstein’s push for DNSCurve might face an uphill slog. Reader data2 writes: “Dan Bernstein, the creator of djbdns and daemontools, has created his own proposal to improve upon the current DNS protocol. He has been opposed to DNSSEC for quite some time, and now he has proposed a concrete alternative, DNSCurve. He has posted a comparison between the two systems. His proposal makes use of elliptic curves, while DNSSEC favors RSA. He uses a curve named Curve25519, which he also developed.
The new alpha version of BitTorrent client µTorrent transfers data over UDP, making it either easier or harder on ISP networks than existing BitTorrent clients.
[From µTorrent's switch to UDP and why the sky isn't falling]
Clear your mind, Clearwire and Sprint Nextel say, as they announce the completion of their merger of assets into the new Clearwire to deploy WiMAX across the US under the Clear brand name. Google, Intel, and others chipped in an expected $3.2 billion to fund the first phase.
[From Future of WiMAX is Clear as Sprint, Clearwire close deal]
