Forgot your password?
typodupeerror

+ - Australian law enforcement pushes against encryption, advocates data retention->

Submitted by angry tapir
angry tapir (1463043) writes "Australia is in the middle of a parliamentary inquiry examining telecommunications interception laws. Law enforcement organisations using this to resurrect the idea of a scheme for mandatory data retention by telcos and ISPs. In addition, an Australian peak law enforcement body is pushing for rules that would force telcos help with decryption of communications."
Link to Original Source

+ - OpenSSL: The New Face Of Technology Monoculture->

Submitted by chicksdaddy
chicksdaddy (814965) writes "In a now-famous 2003 essay, “Cyberinsecurity: The Cost of Monopoly” (http://cryptome.org/cyberinsecurity.htm) Dr. Dan Geer (http://en.wikipedia.org/wiki/Dan_Geer) argued, persuasively, that Microsoft’s operating system monopoly constituted a grave risk to the security of the United States and international security, as well. It was in the interest of the U.S. government and others to break Redmond’s monopoly, or at least to lessen Microsoft’s ability to ‘lock in’ customers and limit choice. “The prevalence of security flaw (sp) in Microsoft’s products is an effect of monopoly power; it must not be allowed to become a reinforcer,” Geer wrote.

The essay cost Geer his job at the security consulting firm AtStake, which then counted Microsoft as a major customer.(http://cryptome.org/cyberinsecurity.htm#Fired) (AtStake was later acquired by Symantec.)

These days Geer is the Chief Security Officer at In-Q-Tel, the CIA’s venture capital arm. But he’s no less vigilant of the dangers of software monocultures. Security Ledger notes that, in a post today for the blog Lawfare (http://www.lawfareblog.com/2014/04/heartbleed-as-metaphor/), Geer is again warning about the dangers that come from an over-reliance on common platforms and code. His concern this time isn’t proprietary software managed by Redmond, however, it’s common, oft-reused hardware and software packages like the OpenSSL software at the heart (pun intended) of Heartbleed.(https://securityledger.com/2014/04/the-heartbleed-openssl-flaw-what-you-need-to-know/)

“The critical infrastructure’s monoculture question was once centered on Microsoft Windows,” he writes. “No more. The critical infrastructure’s monoculture problem, and hence its exposure to common mode risk, is now small devices and the chips which run them," Geer writes.

What happens when a critical and vulnerable component becomes ubiquitous — far more ubiquitous than OpenSSL? Geer wonders if the stability of the Internet itself is at stake.

“The Internet, per se, was designed for resistance to random faults; it was not designed for resistance to targeted faults,” Geer warns. “As the monocultures build, they do so in ever more pervasive, ever smaller packages, in ever less noticeable roles. The avenues to common mode failure proliferate.”"

Link to Original Source

Comment: Re:oh (Score 4, Interesting) 301

by Billly Gates (#46812459) Attached to: Our Education System Is Failing IT

You can. In India.

The fact that MBAs and CIOs are the ones whining make me always suspicious who of course get quoted in all these articles and probably contribute to them. How convenient this propaganda can now be used and passed around to politicians to increase H1B1 visas as a response.

Sadly many with years of experience now can be as good if not better than the native ones anyway so go cheap.

% APL is a natural extension of assembler language programming; ...and is best for educational purposes. -- A. Perlis

Working...