funsec mailing list archives
today's security news wrapup
From: Paul Vixie <paul () vix com>
Date: Mon, 18 Dec 2006 20:26:17 +0000
Homeland Security Director Defends Real ID http://politics.slashdot.org/article.pl?sid=06/12/14/2215219 "The Homeland Security chief, who is nearing his two-year mark with the agency, was likely trying to quell rampant skepticism about the IDs voiced by some privacy advocates, immigrants and other groups. Some have said they fear that the IDs are a stepping stone to a veritable police state, complete with ready surveillance of individuals. Some have argued that the idea of creating more tamperproof IDs is only a marginally better way to screen out those intent on committing terrorist acts because ID cards don't even begin to tackle a core crime prevention challenge: determining a person's unspoken intentions. " Give an Internet Freedom Disk http://linux.slashdot.org/article.pl?sid=06/12/17/2143249 An anonymous reader, perhaps the blogger himself, writes to tell us about a new blog aimed at getting non-techies excited over the idea of running from a Live CD. The blogger doesn't call it that, preferring instead "Internet Freedom Disk"; Linux is never mentioned. The submitter adds: "This is just a great gift to drop on your non-geek friends and potentially wake up a sleeping giant." Cheap, last-minute, and you can make them yourself. The blogger isn't selling anything; he provides links to Ubuntu and Knoppix Live CDs. Or pick your favorite. ORDB.org Going Offline http://it.slashdot.org/article.pl?sid=06/12/18/154259 "ORDB.org has announced that they will shut down their services after fighting open relays and spam for more than five and a half years. The RBL DNS service and mailing lists will be taken down today (December 18, 2006) and the website will vanish by December 31, 2006." Oklahoma Anti-Spammer Loses Big in Court http://www.circleid.com/posts/oklahoma_anti_spammer_loses/ In November, Mark Mumma, who runs a little design firm at webguy.com, lost an appeal in the Fourth Federal Circuit. He'd filed suit against cruise.com and their parent Omega World Travel under CAN SPAM and an Oklahoma anti-spam law. Omega countersued for defamation. The court threw out Mumma's case, and allowed part of the defamation case to proceed. At first blush, this looks like a big win for spammers. Jailed ID thieves thwart cops with crypto http://news.com.com/2100-7348_3-6144521.html ... When the gang's premises were raided by the members of the Serious and Organised Crime Agency (SOCA), Kostap was handcuffed with his hands in front of his body. He managed to leap up and flick an electrical switch that wiped databases that could have contained records of the gang's activities stretching back more than 10 years, SOCA said. Kostap's action also triggered intricate layers of encryption on the gang's computer systems, which SOCA's experts were unable to crack, the court heard. ... Hackers Selling Vista Zero-Day Exploit http://www.osnews.com/story.php?news_id=16742 Underground hackers are hawking zero-day exploits for Microsoft's new Windows Vista operating system at USD 50000 a pop, according to computer security researchers at Trend Micro. The Windows Vista exploit - which has not been independently verified - was just one of many zero-days available for sale at an auction-style marketplace infiltrated by the Tokyo-based anti-virus vendor. Justin Mason's Anti-Challenge-Response Linkfest http://www.oreillynet.com/onlamp/blog/2006/12/justin_masons_antichallengeres.html SpamAssassin hero Justin Mason has posted a summary of opinions against challenge-response mail systems. I particularly like the pyschopathic challenge-response system user in the comments who defends blowback by arguing that it only affects a few innocent users. Sorry, folks. CR fails my one question certification test for mail filter authors, and not just bad and wrong, but profoundly antisocialb _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- today's security news wrapup Paul Vixie (Dec 18)