Now come on . . . what’s this “hoax device” b^llsh!t that you’re spreading? Can’t find a real law to enforce to justify this screwup?

There’s a problem with your charges of placing a hoax device . . . it’s called intent.  Were the devices intended to be a fake bomb, or were you just over excited by your recent anti-terror training?  Who’s the terrorist now?

insanity, homeland insecurity

While I can understand the checking of ID to verify you are the actual recipient of a package you are picking up, someone with ill intent attempting to ship a dangerous package is unlikely to provide their real ID . . . they’ll just use a fake.

So, who does this policy actually protect? UPS . . . you want to weigh in? Your website does not seem to disclose any information explaining this change.

false security, identification required, security theater, united parcel service, ups

CNN has an article on their site: “Hacker attack at UCLA affects 800,000 people“

I’m not quite sure how they were able to tell, but UC officials indicate that “there was no evidence any data (has) been misused”. An interesting statement, and completely untrue, as improper access is clearly misuse of the data in itself.

I’m really starting to suspect that this data is going into a fraudsters’ data warehouse somewhere . . . someone is systematically acquiring this data for some purpose that is yet to be realized by those of us on the good side.

Maybe we should start putting up marginally defended data systems containing real looking, but false data in order to pollute the fraudsters customer data collection attempts.

data breach, online fraud, online security, privacy, identity theft

Ad 1 and Ad 2 Via YouTube

And people wonder why I carry my PowerMac around to security conferences

EDIT: Looks like the official Apple site has all six ads . . . Â

mac, marketing, microsoft, security, apple

Maybe we should have a “day without a computer admin”; we could all shut down our networks and march in the streets to protest big brother’s attempt to put us Internet users down.

Just to drive the point home, the CNet Article point out:

Critics of DeGette’s proposal have said that, while the justification for Internet surveillance might be protecting children, the data would be accessible to any local or state law enforcement official investigating anything from drug possession to tax evasion. In addition, the one-year retention is a minimum; the FCC would receive the authority to require Internet companies to keep records “for not less than one year after a subscriber ceases to subscribe to such services.”

Scary, every site you visit would be logged and the data would be accessible to law enforcement at a moments notice. I guess the terrorist boogey man is played out . . . now they are playing the child porn card.

But seriously, ISPs don’t regularly log, let alone store the kind of data that these guys are trying to mandate . . . the volume of data is huge!

I’m turning off my logs right now in protest. Now were did I put that TOR install file . . .

freedom, politics, privacy, rant, george bush

As for timing, this may be a bad time for an acquisition as all US financials to comply with the FFIEC Multi-Factor authentication guidance by the end of the year. If RSA is unable to integrate quickly, there may be enough chaos to drive many of their potential customers into the arms of their competition.

This might be a good time to let both products carry forward without making any major changes . . . at least until the banks have chosen and deployed their solution of choice. Integration and deployment of a common platform could be presented as a version upgrade in the future.

Only time will tell.

ffiec, authentication, cyota, multi-factor, passmark security, rsa security

The consumer encryption problem is really a chicken and egg issue. On one side you the software developers that would rather not put the time and effort into making online identity and non-repudiation of transactions a standard feature in all Internet applications. On the other, you have the consumers, in desperate need of a standard – USABLE method for proving their identity online (or say, checking the identity of their eBay trading partner).

On the software side, the developers seem to be waiting for a critical mass of consumers to adopt a specific solution (which will never happen). On the consumer side, they continue to look for a solution that doesn’t require an engineering degree to install and a PHD to use.

Making the consumer credential free, drives the software industry in a direction . . . one, arguably, that I did not believe would be successful in the past (I have always thought that PKI for the masses will never fly duue to its complexity). While the consumer experience leaves a lot to be desired, its a great first step in the process of deploying some sort of digital credential to each Internet user.

Ok software developers, let’s start focusing on a usable consumer interface for this foundation that Thawte has deployed.

Also of note, Thawte does not seem to have a eassy way for you to integrate their certificates into the Apple OSX Mail.app. I have written a ‘quick’ rundown of the (35) steps that you will need to complete to make this work on a Mac. This process takes about 15 minutes.
Have fun, and happy signing!

mail.app, certificate, certificate authority, credential, identity, x.509

This ad has been seen making the rounds on the Internet.

A full size – readable screen shot is also available.

Not only is this ad in bad taste . . . the ad is asking potential recruits to enter their full name, address, phone number, birth date and other data on an non-secure form, a clear fraud and identity theft risk.

They even have the balls to ask you to refer a friend!

Digging into the “terms” of the offer results in some choice bits, including:

“Users must register by completing all required fields with valid, accurate information in order to receive iTunes®”

Does this mean that I have to stop using iTunes since I’m not in compliance with the Army National Guard terms? Does Apple know about this?

“Limit one (1) registration per person. Any attempt by any person to obtain more than the stated number of registrations by using multiple/different email addresses, identities, registrations and logins, or any other methods will void that participant’s registrations and that participant may be disqualified from receiving iTunes.”

Notice that they are quite specific about not giving you more than three free songs from iTunes if you enter more than once . . . though you will likely receive multiple calls from recruiters.

army national guard, military, recruiting, itunes