A cute animation about trusted computing.:A cute animation about trusted computing. Unfortunately, its message is basically “The Man controls everything, and The Man doesn’t trust you”, which is hardly an education in the subject.
Browsing Posts in Security
Intrusion Prevention and Active Response:nazarijo writes “The security world has been taken by storm by intrusion prevention system (IPS) products in the past couple of years. After all, a typical intrusion detection system (IDS) only alerts you that something malicious may have happened, and an IPS reacts to it and can prevent the attack.
Brute Force:ijones writes “Brute Force, by Matt Curtin, is about an event that many Slashdotters will remember: the cracking of the Data Encryption Standard…. Four and a half months earlier, RSA had issued a challenge to the cryptography community, offering $10,000 to the first group to crack a 56-bit DES encrypted message.
It even has pictures 
“IPSec is a suite of protocols for securing network connections, but the details and many variations quickly become overwhelming. This is particularly the case when trying to interoperate between disparate systems, causing more than one engineer to just mindlessly turn the knobs when attempting to bring up a new connection.”
What is Responsible Disclosure for Security Flaws?:Silverdot writes “In an article on ZDNet, the author brought up a few cases of uneasy relationships between security researchers and software firms. While those who report the bugs should first seek to notify and work with the software firm to resolve the flaw, One researcher commented: ”All researchers should follow responsible disclosure guidelines, but if a vendor like Microsoft takes six months to a year to fix a flaw, a researcher has every right to release the details.“
Open-source Solaris crypto code imminent:Blog: Sun Microsystems plans to integrate several encryption components of Solaris into the OpenSolaris open-source operating system…
New Cisco flaw could pose threat to Net:Networking giant warns that a serious flaw in its software puts computer networks at risk of cyberattack.See, all the FUD after Blackhat 2005 might have finally broken the mold!!!
News: Big debate over small packets:After a summer of debate over whether flaws in ICMP are a serious threat, an Argentinian researcher continues to lobby the Internet’s technical standards body to implement his proposal to fix the issues.
Security Lessons of the Response to Hurricane Katrina:There are many, large and small, but I want to mention two that I haven’t seen discussed elsewhere.1…. We need multiple organizations with overlapping capabilities, all helping in their own way: FEMA, DHS, the military, the Red Cross, etc. We need overcapacity, in water pumping capabilities, communications, emergency supplies, and so on. I wrote about this back in 2001, in opposition to the formation of the Department of Homeland Security.
IMlogic ups shields against IM threats:New product moves beyond signature-based protection to analyze instant messaging traffic for unknown worms and other pests.
