| New User, Welcome! Login |
Bruce Schneier
> picks random pages among the results, then spiders from there (well it
> is spidering except that it only follows one URL at a time within a
> session thus simulating a user).
There's a few things wrong with this approach. Most of them were
outlined by Bruce Schneier when he reviewed "TrackMeNot"[1] last year.
The same issues with TrackMeNot apply to Hayneedle, including
potential false positives, and list of word combinations that can be
filtered out easily, and well, the list goes on.
>> n.runs claim is true, then many customers might be less protected than
>> they would if German laws did not have the chilling effect they are
>> demonstrating.
>>
>> It should be noted that in 2000, a veritable Who's Who of computer
>> security - including Bruce Schneier, Gene Spafford, Matt Bishop, Elias
>> Levy, Alan Paller, and other well-known security professionals -
>> published a statement of concern about the Council of Europe draft
>> treaty on Crime in Cyberspace, which I believe was the predecessor to
>> the legal changes that have been happening in Germany:
>>
http://msdn.microsoft.com/en-us/library/aa378749(VS.85).aspx
[3] Microsoft Security Bulletin Advance Notification for February 2010
http://www.microsoft.com/technet/security/Bulletin/ms10-feb.mspx
[4] Bruce Schneier, Applied Cryptography (Second Edition), 1996.
Chapter 16, pp 369.
8.Disclaimer
------------
I want to remind everyone that CONFidence is happening in less than two weeks.
http://2009.confidence.org.pl/warsztaty
CONFidence is an international conference that has been taking place in May in Poland for the last 5 years. CONFidence is focused on research and best practices of database, application, systems and network security. CONFidence is a two-day event, (15-16 May, 2009) divided in three tracks. The speakers list includes: Bruce Schneier, Tavis Ormandy, Jacob Appelbaum, Joanna Rutkowska, Rich Smith, Mario Heiderich, Mark Schoenefeld and many many more top security experts.
Moreover, just before CONFidence amazing trainings will be organized:
# w3af ninja - Andres Riancho - 12th May 2009
# Discovery and exploitation of web application vulnerabilities - Andres Riancho - 13th May 2009
# Analyzing and Securing Enterprise Application Code by Blueinfy - Shreeraj Shah & Vimal Patel - 14th May 2009
# Secure Java Programming - Marc Schoenefeld - 14th May 2009
> n.runs claim is true, then many customers might be less protected than
> they would if German laws did not have the chilling effect they are
> demonstrating.
>
> It should be noted that in 2000, a veritable Who's Who of computer
> security - including Bruce Schneier, Gene Spafford, Matt Bishop, Elias
> Levy, Alan Paller, and other well-known security professionals -
> published a statement of concern about the Council of Europe draft
> treaty on Crime in Cyberspace, which I believe was the predecessor to
> the legal changes that have been happening in Germany:
>
The CFP for HITBSecConf2008 - Dubai is now open.
Our 2008 event is expected to attract over 300 attendees from around the
EMEA region and will see keynote speakers Bruce Schneier (Founder and
CTO, BT Counterpane) and Jeremiah Grossman (Founder and CTO, White Hat
Security). The event is supported and endorsed by the UAE
Telecommunications and Regulatory Authority.
Being a deep-knowledge technical conference, talks that are more
technical or that discuss new and never before seen attack methods are
n.runs claim is true, then many customers might be less protected than
they would if German laws did not have the chilling effect they are
demonstrating.
It should be noted that in 2000, a veritable Who's Who of computer
security - including Bruce Schneier, Gene Spafford, Matt Bishop, Elias
Levy, Alan Paller, and other well-known security professionals -
published a statement of concern about the Council of Europe draft
treaty on Crime in Cyberspace, which I believe was the predecessor to
the legal changes that have been happening in Germany:
>> picks random pages among the results, then spiders from there (well it
>> is spidering except that it only follows one URL at a time within a
>> session thus simulating a user).
>
> There's a few things wrong with this approach. Most of them were
> outlined by Bruce Schneier when he reviewed "TrackMeNot"[1] last year.
>
> The same issues with TrackMeNot apply to Hayneedle, including potential
> false positives, and list of word combinations that can be filtered out
> easily, and well, the list goes on.
>
Camera-ready papers are due March 1, 2010. They will be presented at
the conference by the author(s) and published in the conference
proceedings.
2010 KEYNOTE: Bruce Schneier, BT Chief Security Technology Officer,
author of Applied Cryptography, Secrets and Lies, Beyond Fear,
Schneier on Security, and the monthly newsletter Crypto-Gram, with
over 150,000 readers worldwide.
Questions: cwcon ... / at / ... ccdcoe.org
We are also hosting the finals of Malcon at ClubHack2010, for more
information & CFP of malcon see http://malcon.org/
3rd December - Malcon workshop
4th December - Keynote by Bruce Schneier & Other talks
5th December - Malcon awards and Other talks
(Event plan may change in future)
:: Scope ::
(includes, but not limited to)
> when that
> agency needs funding for a new uber Cyber(buzzword)Crime fighting
> department. You
> guessed it. Hey "Up-and-coming security buff..." Kiss your terminal
> goodbye, and from
> here on out, your dreams of becoming the next Bruce Schneier will be
> close to non-
> existent. It happens.
>
> Anyhow, re-emphasizing... Shame on Microsoft for forwarding your data
> without telling
Final Call for Papers!
Calling all practitioners in the field of IT security!
The 5th edition of the best Polish IT security conference, CONFIDENCE
2009, is taking place on May 15/16, 2009 in Krakow.
The Keynote Speakers will be Bruce Schneier, Joanna Rutkowska.
http://2009.confidence.org.pl
We invited all to send the proposed topic and abstracts of
presentation till the 5th of February. Please, remember that CONFidence
is an open, international conference and all presentations should be
This year, we're moving to a new, bigger and better venue -- the
award winning Okura Hotel right in middle of Amsterdam with easy access
via public transportation. #HITB2012AMS will be a quad-track conference
featuring keynote speakers Andy Ellis (Chief Security Officer, Akamai)
and Bruce Schneier (Chief Security Technology Officer, BT)!
As always, talks that are more technical or that discuss new and never
before seen attack methods are of more interest than a subject that has
been covered several times before.
-----
H.E. Toomas Hendrik Ilves, President of the Republic of Estonia
Bruce Schneier, BT Chief Security Technology Officer
Mike Schmitt, Dean, Marshall Center
Mikko Hyppnen, Chief Research Officer, F-Secure
The CFP for HITBSecConf2008 - Dubai is now open.
Our 2008 event is expected to attract over 300 attendees from around the
EMEA region and will see keynote speakers Bruce Schneier (Founder and
CTO, BT Counterpane) and Jeremiah Grossman (Founder and CTO, White Hat
Security). The event is supported and endorsed by the UAE
Telecommunications and Regulatory Authority.
Being a deep-knowledge technical conference, talks that are more
technical or that discuss new and never before seen attack methods are
he was moronic to join an irc channel filled with bots, sure he was idiotic in downloading
the code for the sake of learning. Fact is he might have. Guess what will happen to him
when a Law Enforcement Agency raids his house? Guess what will happen when that
agency needs funding for a new uber Cyber(buzzword)Crime fighting department. You
guessed it. Hey "Up-and-coming security buff..." Kiss your terminal goodbye, and from
here on out, your dreams of becoming the next Bruce Schneier will be close to non-
existent. It happens.
Anyhow, re-emphasizing... Shame on Microsoft for forwarding your data without telling
you. Shame on Microsoft for not asking you if you wanted to "PARTICIPATE" in
sending data. Shame on Microsoft for not explicitly stating: The data we are sneaking off
>
> Could you please be more specific? Do you mean, Google had crawled an entire MySQL DB and had access to the contents of the password field in encrypted form? Or had the contents of a /etc/shadow file? Or has a huge rainbow table repo. to compare hashes against? Or... ?
I think this is the original report
http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/
which Bruce Schneier highlighted
http://www.schneier.com/blog/archives/2007/11/using_google_to.html
The basic idea: somebody had a hash, 20f1aeb7819d7858684c898d1e98c1bb, and
searched for that hash on Google, and discovered it was a hash for the
string "Anthony".
> n.runs claim is true, then many customers might be less protected than
> they would if German laws did not have the chilling effect they are
> demonstrating.
>
> It should be noted that in 2000, a veritable Who's Who of computer
> security - including Bruce Schneier, Gene Spafford, Matt Bishop, Elias
> Levy, Alan Paller, and other well-known security professionals -
> published a statement of concern about the Council of Europe draft
> treaty on Crime in Cyberspace, which I believe was the predecessor to
> the legal changes that have been happening in Germany:
>
> forced to work in isolation without the open collaboration with our peers that
> we need, especially in complex cases like this, where creative thinking and
> input from experts in multiple disciplines is required to join the dots.
>
> A good place to start researching full disclosure would be this accessible
> and insightful essay by Bruce Schneier.
>
> http://www.schneier.com/essay-146.html
>
> His balanced coverage of the debate is also available in this essay.
>
forced to work in isolation without the open collaboration with our peers that
we need, especially in complex cases like this, where creative thinking and
input from experts in multiple disciplines is required to join the dots.
A good place to start researching full disclosure would be this accessible
and insightful essay by Bruce Schneier.
http://www.schneier.com/essay-146.html
His balanced coverage of the debate is also available in this essay.
forced to work in isolation without the open collaboration with our peers that
we need, especially in complex cases like this, where creative thinking and
input from experts in multiple disciplines is required to join the dots.
A good place to start researching full disclosure would be this accessible
and insightful essay by Bruce Schneier.
http://www.schneier.com/essay-146.html
His balanced coverage of the debate is also available in this essay.
|
|
|
