I really love the Model S. Beats the BMW every day, and actually not more expensive than a series 7...

Have you looked at the work going on in the IETF and other places to deploy "perfect forward secrecy?" The idea is to use a Diffie-Hellman exchange to negotiate a random key, and then only use the server certificate to prove the server's identity and knowledge of the key. Pretty much the same result as client certificates, easier to deploy, and with the added advantage that even if the server's key is compromised, the sessions' keys remain secret.

Actually, no. There is proof that Dual_EC_DRBG is much weaker than advertised. But the story is about the other elliptic curves that NIST standardized based on "contributions" from the NSA.

Not so long ago, when we heard a reference to "the IAB," what came to mind was the "Internet Architecture Board" (http://www.iab.org/). That was the place were Postel or Cerf contributed... Times have changed.

Great idea. I can see that, a "cookie exchange bank." You donate a cookie to it, and in return it provides you with a cookie donated by some random user. There are a few precautions to take, e.g., do not donate your bank's password, but it could definitely be fun.

He could not in fact patent something as broad as 'a mechanism for generating electrical energy from human input' because such mechanisms have been around for maybe 100 years. The old bicycles, for example, had a little dynamo that powered the head light and back light. It got its power from friction on the wheel, which was powered by the human cyclist...

What this story really exposes is the hubris of the inventor. Say you work a couple of months on an invention, and file a patent. Do you really expect years and years of revenue? Really?

Everybody thinks that if an "https" connection is securely established, if the browser displays a green light, then they are good. But it only proves that the other end of the connection showed a "valid" certificate, where "valid" is defined a "signed by one of the hundreds of authorities allowed to do so, or by any entity who somehow obtained a certificate with signing rights from one of these authorities."

We have seen attacks like that before, e.g. the "Comodo" hacker (http://arstechnica.com/security/2011/09/comodo-hacker-i-hacked-diginotar-too-other-cas-breached/). My bet is that we will continue to see more of these, because the attack surface is just too large.

VOIP will protect the data if the content is properly encrypted, but headers and locations are still exposed. The phone can still be identified and located, which is already great information for the police. The IP addresses can be tracked in the header and voila, pen-register services without a warrant. And if VOIP is not encrypted, or if the encryption is weak, even the content can be accessed.

Another requirement is to pass physical and medical tests. The Legion won't take you if you have poor eyesight, weight too much, or are otherwise unfit. The mythical slashdot readers who spend their days snacking in front of the computer might have a hard time getting accepted.

On the other hand, if you are accepted in the Legion, you will have a fun time in places like Afghanistan, Djibouti or the Ivory Coast, to name a few. If you goal was to escape being shot at, you may want to reconsider.

ICANN was supposed to managed the legacy of Jon Postel. Instead, it is managing the interests of a coterie of Internet parasites. As the parent said, "the new top-level domains (and some of the existing top-level domains) are basically a money grab," effectively allowing the new registrars to levy taxes on trademark owners. Good old fashion blackmail, as in "nice trademark you have here, you would not want something bad to happen, like having it managed by a porn site or a competitor, what about getting some protection?"

Randomness will produce everything indeed. But this experiment is not random. The monkeys are not *producing* the work of Shakespeare. They are *reproducing* it. The master program already know the work, and has it programmed in its tests. There is a big filter here: take this random bit, and decide whether it is "part of Shakespeare's work." Not quite the same as letting the monkeys type a full page, and then have readers decided whether this is "as good as Shakespeare." Prior knowledge killed Schrödinger's Cat!

This is a vexing problem because not all patent holders participate in the standard making. If a company participates in the standard making, the standard organization has leverage: guarantee that others can use your patents under reasonable conditions, preferably free, or we will not consider your contributions. But if a company does not participate, the standard making organization has no leverage at all.

Consider for example what happen to Wi-Fi. The IEEE has a fairly detailed patent policy, and the Wi-Fi standards have been very successful. But after millions of cards were sold, CSIRO came out of the blue and asserted a patent on indoor OFDM that they said covered Wi-Fi. The resulting lawsuits have costed millions.

Microsoft's analysis is published at: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FMorto.A

The list of password that the worm tries is interesting. Apart from the obvious abc123 and the like, the worm tries "RavMonD" and "zhudongfangyu". Is that a clue? Some Chinese hommage to the bazar?

The problem with NTLM has been known for some time, but it is not just NTLM. It is in fact any challenge response protocol. Check this slide deck presented at the IETF in 2005: http://www.huitema.net/talks/ietf63-security.ppt. The punch line is simple: don't rely on challenge response protocols! If the attacker can see both the challenge and the hash, and if the password can be remembered by the user, it will probably be cracked.