Privacy and security course from Don Blumenthal at the UM School of Information

Don Blumenthal is teaching this course at Michigan in the winter term:

Snippet from a course announcement for a winter class to be
taught by Don Blumenthal at the U-M School of Information:

This course will examine: 1) privacy issues related to the
safeguarding of sensitive information against inadvertent disclosure;
2) policy and societal questions concerning the value of security and
privacy regulations, the real world effects of data breaches on
individuals and businesses, and the balancing of interests among
individuals, government, and enterprises; 3) current and proposed laws
and regulations that govern data security and privacy; 4) self-help
and private sector regulatory efforts; 5) emerging technologies that
may affect security and privacy concerns; and 6) issues related to the
development of enterprise data security processes and programs that
take into account the requirements of all relevant constituencies:
e.g., technical, business, and legal.

Thanks to Brian Kerr for the pointer; more from and about Don Blumenthal on LinkedIn.

Technorati Tags: infosec, privacy, hosting, security, don-blumenthal, via:bkerr

Identity swap

When Jim Benson opened up his web browser one day, he discovered that he was someone else. One of the perils of using borrowed hardware to establish a temporary identity is that if you are not really careful, you can leave quite a bit of your identity behind.

This is as good a reason as any to put your temporary identity on a thumb drive, so that you don't leave droppings behind that cause confusion (or worse). Jeremy Wagstaff's Directory of Programs Designed for USB Drives is a good place to start for mostly Windows setups; Lifehacker's Carry your life on a thumb drive is good too.

Spam and the Limits of Interpersonal Collaboration / Nathaniel Borenstein / MOCHI / Feb 14 2007 / U of Michigan / 411 West Hall / 6pm

Dr. Nathaniel S. Borenstein will present at the next MOCHI meeting:

Spam and the Limits of Interpersonal Collaboration

Where: University of Michigan - 411 West Hall (Ehrlicher Room)

Feb 14, 2007
at 6:00pm (arrive eat network)
at 6:30pm (talk begins, lasting around an hour + Q&A)

Event Description:
Spam is an extremely complex and, so far, remarkably intractable problem, increasingly affecting not just email but virtually every kind of interpersonal electronic communication. In this talk, I will summarize the state of the art, survey the remarkably wide set of antispam activities currently under way at IBM and elsewhere, and present the outlines of a comprehensive strategy to fight spam. Unfortunately, the bottom line remains that we are still working very hard just to keep the spam problem from getting worse, and no one should expect a quick or painless solution to this problem. However, the fight against spam has the potential to advance technology in several ways that might be broadly useful in enabling new kinds of Internet infrastructure.

Dr. Nathaniel S. Borenstein is an IBM Distinguished Engineer, responsible for research and standards strategy for the Lotus brand. He has been an Internet user, innovator, standardizer, entrepreneur, and social activist since 1980. His credits and collaborations include the MIME standard, the Andrew Mail System, the metamail software, the Safe-Tcl programming language, the first working Internet payment system, the startups First Virtual Holdings and NetPOS.com, "Programming as if People Mattered" and two other books, three patents,and the "One Planet, One Net" manifesto. He is a past president of Computer Professionals for Social Responsibility, and former faculty member at the University of Michigan School of Information and at Carnegie-Mellon University.

Event Website URL: http://www.mochi.org/
This event is public.

--

Technorati Tags: annarbor, michigan, nsb, spam, umsi

The Doomsday Click (Michael Specter, The New Yorker / Assistive Media)

The Doomsday Click (MP3) is a Michael Specter piece from May 2001 on the engineering and spread of malware on the Internet. The full text is available. The MP3 is part of a collection at Assistive Media of New Yorker articles available as audio - good listening there.

Some things mentioned there include

Peter G. Neumann's RISKS Digest, Forum On Risks To The Public In Computers And Related Systems.

"To do this stuff is utterly trivial," Peter G. Neumann, who is a principal scientist at SRI International, the technological consulting firm, told me. "Every other kid can do it, and we know that. That isn't what worries me." Neumann, who is sixty-eight, has worked at and advised many of the nation's most important universities and government institutions, from the Navy and Harvard to the highly secretive National Security Agency. Mostly as a hobby, he moderates a forum on the Internet and produces a running list called "Illustrative Risks to the Public in the Use of Computer Systems and Related Technologies," which is the most frightening collection of random dangers I have ever seen. "What worries me is the big one," Neumann said, as we sat in his office in Menlo Park, California, one day. "People don't like to talk about this, because it's seen as encouraging the enemy, but absolutely everything is riddled with security flaws. Hackers can get into our most important systems in minutes, sometimes in seconds.

"And they do," he added. "The Internet is waiting for its Chernobyl, and I don't think we will be waiting much longer; we are running too close to the edge. When a third of the computer drives in America are wiped out in a single day, when the banking and commerce system is overcome, or the power grids and emergency-response systems of twenty states shut down because of a malicious computer attack, maybe then people will think about what's going on here."

Bruce Schneier's Schneier on Security blog.

"Computer security is a forty-year-old discipline," Bruce Schneier told me not long ago. Schneier created two of the most heavily used encryption algorithms, and his recent book on digital security, "Secrets & Lies," is perhaps the best popular exploration of the subject. "Every year, there is new research, new technology, and new products," he said. "Really good research, really good technology, and really good products. Yet every year the situation gets worse. Much worse. The Internet is just too complex to secure."

So Schneier decided to stop trying. Instead, he started Counterpane Internet Security, which relies on the skills of humans, flawed and inconsistent as they are, to manage the risks. Counterpane installs a special warning box--a Sentry--in every computer network it monitors. The sentries funnel information to a central knowledge base that keeps track of each client's idiosyncrasies. "We are like a fire brigade," Schneier told me. "Or an emergency room. In the real world, this kind of expertise is always farmed out."

Counterpane was recently acquired by British Telecom.

Google blog hacked - alleged hole in Metaweblog API

Techcrunch reports "Strange things afoot at the Google blog", with an unauthorized post sneaking into their Blogger-hosted offiical news blog. This comment is recent.

# Mike McMan

October 8th, 2006 at 7:05 pm

The bug that was used to hack Google’s blog is not a Blogger specific bug, it is a bug in RSS and MetaWeblogAPI. All blogging platforms that support the two are vulnerable including Blogger (now fixed), Wordpress, and Typepad. Currently no details on how the bug works have been made public and there are no official patches for it.

This qualifies as unconfirmed rumor in my book, but if you run a blog platform it would make sense to XYZ, PDQ.

Technorati Tags: infosec, google, blogger, metaweblog, typepad, wordpress, movabletype, rumor, innuendo, techcrunch

Wandering Wi-Fi: Myspace not welcome

I was going to see the new Myspace site for The Ark music club in Ann Arbor here at Caribou, and got this for my troubles instead:

This site is blocked by WanderingWiFi content filtering service.

It looks like they're using SonicWALL. Haven't probed the rest of the net yet to see what other brokenness there is, but I do note that Facebook does seem to work.

It's hard to put a value on social networking sites, but I'm certain that they're less valuable when you are cut off from them arbitrarily based on where you happen to be.

Technorati Tags: caribou, coffee, myspace, facebook, theark

Security and software for cybercafes: call for chapters

as seen on ciresearchers:

CALL FOR CHAPTERS
Proposals Submission Deadline: 10/1/2006
Full Chapters Due: 1/31/2007

Security and Software for Cybercafes
A book edited by Dr. Esharenana E. Adomi, Delta State University, Abraka, Nigeria

Introduction
Cybercafes, which are places where Internet access is provided for a fee, provide the opportunity for people without access to the Internet, or who are traveling, to access web mail and instant messages, read newspapers and explore other resources of the Net. Due to the important role Internet cafes play in facilitating access to information, there is a need for their systems to have well-installed software in order to ensure smooth service delivery. A good understanding of security measures and software requirements is a sine qua non for efficient management of cybercafes.

The Overall Objective of the Book
In the field of information science, technology and management, there is dire need for an edited collection of articles in this area. The intent of the book is to provide relevant theoretical frameworks and current empirical research findings in the area. The book will be aimed toward professionals, scholars, researchers and teachers of information technology who want to improve their knowledge and understanding of security management and software requirements of cybercafes, both in industrialized and developing countries.

The Target Audience
The audience of the book will consist of professionals, scholars and researchers working in the field of information science, education, technology and management, as well as related disciplines. The text is also intended for all library and information sciences users. The book will particularly provide those working in cybercafes/cybercafe operators with insight into how to control the risks related to cybercafe networks.

Recommended topics includes, but are not limited to, the following:
# Cybercafe systems security
# Viruses and virus protection in cybercafes
# Network security devices
# Software requirements
# Cybercafe management software
# Information and security policies
# Cyber laws and cybercafes
# Government control of cybercafes
# Research in cybercafe security and software
# Cybercafes cybercrime, detection and prevention
# Case study on any of the topics

SUBMISSION PROCEDURE
Researchers and professionals are invited to submit on or before October 1, 2006 a 2-5 page manuscript proposal clearly explaining the mission and concerns of the proposed chapter. Authors of accepted proposals will be notified by November 1, 2006 about the status of their proposals and sent chapter organizational guidelines. Full chapters are expected to be submitted by January 31, 2007. All submitted chapters, will be reviewed on a double-blind review basis. The book is scheduled to be published by Idea Group, Inc., www.idea-group.com, publisher of the Idea Group Publishing, Information Science Publishing, IRM Press, CyberTech Publishing and Idea Group Reference imprints.

Inquiries and submissions can be forwarded electronically (Word document) or by mail to:

Dr. Esharenana E. Adomi
Department of Library and Information Science
Delta State University
Abraka, Nigeria
Tel: +234 802 (0) 842 9087
E-mail: esharenana.adomi@gmail.com

(add this to the "information security" category)

Technorati Tags: cybercafe, infosec

Barcelona, "Social Engineering" MP3 from March Records

March Records has a bunch of singles from their labels output online - the idea being fair enough that if you listen to the music you'll want to buy it. UPDATE: It was great while it lasted, but all this music is down - you'll have to dig it up some other way.

What just came up on shuffle is Barcelona's Social Engineering (last.fm). How would you describe it - new wave, somewhat geeky, late 1980s sound with late 1990s lyrics. I heard about the band from Prentiss Riddle's annual holiday compilation.

I've been thinking about network and systems security from the perspective of someone who is working with people who are looking at adding new collaboration technologies into their workplace. There are lots of risks to using electronic mail for detailed collaboration efforts, given all of the relative ease of sending hard-to-trace forged email. Not that it's not impossible to trace, but SMTP as a protocol never put much stock in sender authentication from the very start, and it's such an old protocol that there's little chance that it could be re-engineered without being totally scrapped.

Are you better off with real-time protocols like Jabber that let you do human challenge-response of a sender's authenticity on the fly? Or tools like the Socialtext workspace that force all collaboration efforts through a password authentication and track all changes so that you can see in more detail what's going on?

Some days e-mail just feels so old-school, like sending postcards or telegrams around to each other and hoping nothing gets read in transit.