"New Scientist" - Crypto lockdown secures lost laptop data .
Stolen or lost laptops can now automatically encrypt all their data, thanks to new equipment that creates a wireless bond between the machine and its owner. When its "master" is out of range, it locks down, keeping the data from falling into the wrong hands.
Researchers at the University of Michigan have developed the system and say it should protect data even if files have been left open on screen
A radio transceiver installed inside the laptop's casing is programmed to identify its owner by means of a small transmitter worn like a wristwatch. This lets the laptop know how far away its master is. Whenever separated by a set distance, automatic encryption of data is triggered.
"And as soon as the user comes back within radio range, the computer will begin unlocking the computer so that it is ready to resume work when the user sits down," says researcher Brian Noble.
The idea could be used to secure confidential business information and even keep military secrets safe, Noble and co-creator Mark Corner believe. It could be useful for the UK's Ministry of Defence, which has admitted to having lost track of nearly 600 laptops.
Slashdot | Crypto Leash for Laptops?.
timman999 writes "New Scientist reports a new device that will automatically encrypt all the data on a laptop when it is separated from its owner. It uses a small receiver and the user has to wear a transmitter on his wrist."
Computerworld - Microsoft: SSL flaw is in operating system, not Web browser.
Microsoft Corp. said yesterday that the Secure Sockets Layer (SSL) flaw recently uncovered by an independent researcher is in multiple versions of the Windows operating system, not its Internet Explorer Web browser.
Company officials added that the flaw isn't in Microsoft's CryptoAPI application program interface (CAPI) either, which would have left a number of applications and Windows services vulnerable, not just Internet Explorer.
Security researcher Mike Benham reported that Internet Explorer had a security flaw that could undermine the security provided by SSL, a standard for securing online transactions and e-commerce. The flaw opens a vulnerability called a man-in-the-middle attack, where the attacker can hijack an SSL session and decrypt messages that could contain credit card or Social Security numbers.
Microsoft said it's working on patches for Windows 98, Me, NT4, 2000 and XP. It wouldn't say when the patches would be available.
"This SSL flaw has been described as an [Internet Explorer] problem, but it is a Windows issue. It's in the crypto of the operating system, so we have to patch the OS," said Scott Culp, manager of the Microsoft Security Response Center. "IE is a consumer of those crypto services."
Slashdot | Windows 98, Me, NT4, 2000 and XP SSL Flawed.
JoeSmack writes "In amazingly unexpected news, ComputerWorld is running an article that says the SSL security hole found in Internet Explorer is not a flaw in the browser, but in the operating system itself." --- The article mentions that Konqueror was patched against the same bug in 90 minutes.
Popular Science | Your ID Please, Citizen.
What a national ID card might look like.
September 11 was quickly followed by calls from some lawmakers and business leaders for a more robust national identification system: ID cards that possess sophisticated biometric data, making them harder to forge than today's driver's licenses. Privacy advocates are strongly opposed, arguing that such cards, while enabling the government to track individuals and access personal data, would do little to separate the innocent citizen from the walking security threat. For now, the Bush administration is cool to the idea, but it's not hard to envision the Department of Homeland Security re-examining the concept if further terrorist attacks occur. More than 30 countries, from Italy to Malaysia, have already introduced "smart" ID cards. If you're eventually issued a national card, it will likely incorporate several of the technologies shown here, combined to make the card readable by both high- and low-tech devices.
Slashdot | A Look Into National ID Cards.
mr.buddylee writes "Last month Slashdot reported a Popular Science story on your privacy. This month the magazine has a couple different articles about the future of security after the attacks on 9/11. Included is a very interesting read on National ID Cards which looks at possible technologies integrated into the card. For instance, how would you like a memory strip containing a digitized image of your fingerprints, your photo, your medical history and flight history stored in your wallet? All secured with what could be a less than secure Smart Card."
CNN.com - Catching crooks with e-mail evidence.
Electronic messages often leave incriminating trail
Not since the glory days of letter-writing, before the advent of the telephone, have people committed so much revealing stuff to written form as they do in the age of computers.
[ ... ]
Green teaches that a mistake as simple as turning off a computer can wipe away valuable evidence. Knowing such basics, and the ins and outs of privacy law, is essential when electronic evidence may play a role in so many cases.
"It's like the gift that keeps on giving," said Tom Greene, a deputy attorney general in California, one of the states suing Microsoft Corp. in an antitrust case built largely on computer messages. "People are so chatty in e-mail."
New York Times - free registration required Judge Delays Order to Identify Detainees Until Appeals Ruling.
Two weeks after a federal judge ordered the Justice Department to reveal the names of hundreds of people detained in the investigation of the Sept. 11 terror attacks, the same judge ruled today that the names did not have to be made public immediately.
In a victory for the Bush administration's effort to keep the names secret, the judge, Gladys Kessler of Federal District Court in Washington, issued a stay of her original order and said the names need not be disclosed before an appeals court ruled on the issue, which could take weeks or months.
Under Judge Kessler's original order on Aug. 2, the Justice Department was required to produce the names of the detainees and their lawyers within 15 days.
In her ruling today, Judge Kessler said she agreed to the delay after assurances from the Justice Department that it would seek an "expedited" appeal in the case.
Her original ruling, which was hailed by immigration and civil liberties groups, found that the Bush administration had no right to conceal the identities of the detainees. She rejected the Justice Department's argument that disclosure would impede its investigation of terrorists.
Judge Kessler said that while the executive branch's obligation was to ensure the physical safety of American citizens, "the first priority of the judicial branch must be to ensure that our government always operates within the statutory and constitutional constraints which distinguish a democracy from a dictatorship."
Economist.com | Surveillance.
It is easier than ever for individuals to track their possessions, pets and loved ones
[ ... ]
In fact, the new generation of tracking devices combines two existing technologies. One is a global-positioning-system (GPS) chip, which uses radio signals from a network of satellites to work out where it is on the earth's surface to within a few metres. The other is a mobile-telephone chip, which broadcasts that location to whoever needs to know it. The result is a pocket-sized, or even wrist-sized, personal locator.
Applied Digital Solutions (ADS), of Palm Beach, Florida, calls its version of the technology a "digital angel". The angel comes in two versions. People get a pager-like device that clips on to their clothing. Animals get a collar.
For more background on Digital Angel see our archive from August 14,2000, September 4,2000, September 7,2000, October 18,2000, October 30,2000, February 22,2001, December 04,2001, December 06,2001, December 20,2001, January 09, 2002, January 25, 2002, April 25, 2002, May 02, 2002 and May 20, 2002
[ ... ]
More intrusive devices will soon be available. Next month Wherify, of Redwood Shores, California, plans to start selling a lockable bracelet designed, it says, for children up to the age of 12. This will allow a child's parents to use the web to see a recent satellite photograph of their offspring's location. Parents will also be able to track their child's recent movements, and set up an alert system so that they will know if he does not turn up somewhere he is expected. Expect trouble, though, if you try to insist that your privacy-loving teenager wears one.
For those who like their technology to be a little more integrated and invisible, there is now the prospect that parts of tracking devices could be implanted in the body. Indeed, ADS already produces a device the size of a grain of rice that can be inserted beneath the skin, and nine volunteers are trying it out.
MS-NBC - FBI agent charged with hacking.
I had problems loading this page. I got "UPSClient.UPSClient.1 error '80070057' / Invalid ID number. Does not appear to be a GUID or a Passport ID " instead of the article. Hopefully it will be back latter.
Slashdot | Your Rights Online - Russian Agency Charges FBI Agent With Hacking.
eNonymous Coward writes "An FBI agent who helped lure two Russian 'hackers' to the USA in 2000 so that they could be arrested is now being charged with hacking himself by the Russian FSB. You might remember that Gorshkov and Ivanov exploited an NT vulnerability to steal information from corporate networks, which was then used to extort money from the companies; they're also accused of being behind the CDUniverse and Western Union credit card database thefts. Last year a federal judge ruled that the FBI's action was legal, but the FSB disagrees."
Counterpane: Crypto-Gram: August 15, 2002 .
Slashdot | Schneier Analyzes Palladium.
bcrowell writes "This month's CryptoGram from Bruce Schneier has an analysis of what little information people have been able to glean (without signing an NDA) about Microsoft's Palladium initiative." --- We might as well throw in a direct link to Schneier's look at the MPAA License to Hack bill as well.
lii.org Possible Resources Blog found us the Founders' Constitution.
The librarian who suggested this wrote, "A Web version of this classic publication. This provides a close examination of the Constitution and the first 12 amendments as seen through the historical documents on which they are based. Hundreds of hyperlinks available."
This Web Edition is a joint venture of the University of Chicago Press and the Liberty Fund.
|
