US-CERT has a form for reporting security incidents – I wanted to report a .gov system that had been hacked and used as part of a phishing scam but cannot because it won’t accept my Australian phone number! Sigh..
The email to the technical contact in WHOIS will have to be sufficient then.
Bruce Schneier has posted a link to a story about the German Police having an interesting time with DNA analysis of a series of murders due to a consistent false positive result; Bruce writes:
The German police spent years and millions of dollars tracking a mysterious killer whose DNA had been found at the scenes of six murders. Finally they realized they were tracking a worker at the factory that assembled the prepackaged swabs used for DNA testing.
I hope this gives pause for thought to those who think that programs like CSI reflect reality and that DNA profiling is always right..
Shishir Nagaraja of the University of Illinois at Urbana-Champaign and Ross Anderson of Cambridge University have published a very interesting paper called “The snooping dragon: social-malware surveillance of the Tibetan movement” (abstract, full report) on how agents of the Chinese government managed to infiltrate the computer network of the Dalai Lama’s organisation through ingenious social engineering and gain access to intelligence information that could lead to peoples arrest and possible execution.
It’s a very interesting report and points out that the techniques used are within the reach of motivated individuals as well as government intelligence agencies and ponders how much less well known organisations can cope with such attacks; it also lends weight to the sage advice offered in Ross Andersons “Security Engineering” book. Both are well worth a read, even for those of us whose network security is not a literal matter of life or death.
I was listening to the BBC From Our Own Correspondent Podcast which had a great piece by John Sweeney about murky going ons in Liechtenstein. Part of it made me think that they’ve been going to the same school as Microsoft:
The next morning we heard that there was a banking seminar at the university on openness. This being Liechtenstein, the openness meeting was closed, at least to us.
John also has a wicked sense of humour..
Imagine my disappointment on discovering that Liechtenstein was, in fact, the most boring place on earth. I’m used to boredom – I work for the BBC, for heaven’s sake – but Liechtenstein was as dull as ditchwater, no duller. They bank behind closed doors. They create fuzzy trusts behind close doors. They make false teeth. And then they go to bed. The person who most looked like a ruthless killer was Howard, and he was the BBC producer.
Well worth a listen.. 😉
From the Washington Post:
Federal agents may take a traveler’s laptop or other electronic device to an off-site location for an unspecified period of time without any suspicion of wrongdoing, as part of border search policies the Department of Homeland Security recently disclosed. Also, officials may share copies of the laptop’s contents with other agencies and private entities for language translation, data decryption, or other reasons, according to the policies, dated July 16 and issued by two DHS agencies, US Customs and Border Protection and US Immigration and Customs Enforcement.
The full policy is available and it says that they have to destroy the information retained unless there is “probable cause“, except..
Copies may be retained by an assisting Federal agency or entity only if and to the extent that it has the independent legal authority to do so – for example, when the information is of national security or intelligence value.
So if you’re working for a company that competes with a US one you should probably be careful..
Update: Steve Bellovin points out that this applies when you leave America, too..
If you thought SCO couldn’t stoop any lower, think again. They have filed a motion in SCO versus IBM saying they wish to depose PJ, the creator of Groklaw.
I can say this: SCO in its wisdom has just guaranteed that the judges in SCO v. IBM and SCO v. Novell will have to read Groklaw. So, welcome Judge Kimball. Welcome, Judge Wells. We’ve enjoyed very much learning about the law by watching you at work. SCO told you something that isn’t true. No one tried to serve me that I knew about. No one informed me of any deposition date. That is true. It doesn’t feel so nice to be smeared like this, I can tell you that, and to have to pay a lawyer to deal with this harassment. I view it as such, as a kind of SLAPP suit, a vendetta to pay me back for blowing the whistle, and to shut Groklaw up. SCO wants to put a pin on a map and point to it and say, “Here’s PJ.” Then someone drops by and shoots me, I suppose. I certainly have nothing to tell them that is relevant to this litigation.
Basically SCO have gotten so fed up with PJ and the various other Groklaw contributors poking huge holes in the farcical SCO law suit that they have convinced themselves that the site is a front for IBM and that PJ doesn’t exist and now want to prove it. Sadly for them their fear-induced paranoia can’t change fact into fiction and so, as usual, they’ll loose eventually but they want to make life as painful as possible for anyone who dares to laugh at the emperors new clothes.
I do hope that this motion doesn’t succeed, but I feel that SCO will find it rather painful for their reality if it does.
The Electronic Discovery and Evidence blog has a category on e-mail which contains an interesting article on the fact that e-mail is considered inadmissible as evidence in India which should inform anyone who wants to do business with folks there about how best to communicate on anything substantive.
Blog found via the RISKS digest.