| |
|
Sunday, March 11, 2007
|
|
Rather than passing through SSL sessions between clients and servers located in remote data centers, some WAN optimization gear can terminate the SSL sessions, shrink the traffic and re-encrypt it for the next leg of the trip. These chains of encrypted sessions introduce potential vulnerabilities that different vendors address in different ways.
SSL traffic represents a growing percentage of total traffic on WAN
links, according to Forrester Research. So SSL support in WAN
optimization appliances will become more important to businesses that
want to keep traffic secure while minimizing the size of their WAN
links.
In a survey last month of 1,300 IT executives by WAN-optimization vendor Blue Coat Systems, one-third of respondents said that 25% of their WAN traffic is SSL. And of those surveyed, 45% plan to roll out more SSL
applications this year.
About
a third of all WAN traffic at Richardson Partners Financial Ltd. in
Toronto is SSL, says Andrew McKinney, director of technical services
for the firm. But if only the urgent business traffic is considered,
the percentage is much higher. "For critical business traffic, it's all
encrypted," he says. So he uses Blue Coat Systems gear to secure
traffic and optimize it for good performance.
1:45:40 PM 
|
|
SSL Optimization Over WAN Needs Scrutiny. coondoggie writes with word of the expansion of WAN optimization appliances to handle SSL traffic and the security concerns this brings up. From the article: "With more and more WAN optimization vendors extending their capabilities to include encrypted traffic, corporate IT executives have a decision to make: Should they trust the security these devices provide? Rather than passing through SSL sessions between clients and servers located in remote data centers, some WAN optimization gear can terminate the SSL sessions, shrink the traffic, and re-encrypt it for the next leg of the trip. These chains of encrypted sessions introduce potential vulnerabilities that different vendors address in different ways. SSL traffic represents a growing percentage of total traffic on WAN links, according to Forrester Research. So SSL support in WAN optimization appliances will become more important to businesses that want to keep traffic secure while minimizing the size of their WAN links." [ Slashdot]
1:41:59 PM
|
|
"We are, after all, for the first time in the history of a liberty-loving nation, creating a national identification card ... with all the ramifications of that. ... Real ID was stuffed into the supplemental appropriations bill for Hurricane Katrina and the troops in Iraq, so of course, we had to vote for the bill, but we had no chance to amend it -- no debate, no hearing, and no consideration of other alternatives, And now we impose on the states an $11 billion unfunded mandate. ... I would say we wouldn't be doing our job if we didn't stop and think about what we've done." Sen. Lamar Alexander's recent comments about the Real ID Act echo the widespread bipartisan resistance to this new law. In 2005, Congress passed the Real ID Act, a law that proposed a sea change in how states issue driver's licenses. In essence, the law would federalize all state departments of motor vehicles and turn our driver's licenses into national identity cards. The burdens of compliance are onerous and guarantee longer lines, higher fees and huge bureaucratic and financial nightmares for state government.However, the real nightmare of Real ID is the law's assault on our privacy rights. The law mandates a central, interlinked database containing a wealth of personal information, including name, address, date of birth, biometric information and an assigned identification number. Over time, the database will inevitably become the repository for more and more of citizens' personal data and will be used for an ever-wider set of purposes, moving us closer to a surveillance society.
1:28:25 PM
|
|
SALT LAKE CITY -- The odor of burning marijuana didn't justify a
search of a trailer without a warrant, the Utah Supreme Court said
Friday.
Police officers broke through the door of a trailer in
April 2003 because they believed the suspects were eliminating evidence
by smoking it. The court, however, said there was no sign that
Bernadette Duran knew authorities were around.
1:24:33 PM
|
|
(AP)
St. Paul Amid a court fight over a Minneapolis's stop-on-red
camera program, a Senate committee has approved legislation that would
allow all Minnesota cities the power to put PhotoCops at intersections.
The
Senate Transportation Committee voted 11 to 5 on Friday to move the
bill along, but not without serious questions about its use as a
revenue generating tool and its threat to privacy.
Minneapolis
began the program to catch and ticket red-light runners, but it was
halted by court actions questioning whether it overstepped state law.
The Supreme Court is due to hear arguments in the case next week.
The
bill permits cities to install cameras to record violators and mail out
citations to the owners of the photographed vehicles.
1:21:18 PM
|
|
A new Homeland Security program aims to analyze existing, legally
collected computer data, not gather new personal information on U.S.
citizens, Secretary Michael Chertoff said Friday in defending the
program from congressional critics. The project, still in pilot
stage, will help investigators understand evidence gathered through
subpoenas but won't troll computers for new, private information,
Chertoff said in an interview with The Associated Press. 'It's
an experiment to see how you can better analyze data that you already
have, that you've already legally collected, to see if you can
understand it, sort it and make use of it more readily than simply
doing it manually,' Chertoff said. Called ADVISE _ for Analysis,
Dissemination, Visualization, Insight and Semantic Enhancement _ the
program can be used to find 'relationships or patterns' from
information including financial and telephone records, he said.
1:18:50 PM
|
|
DNA testing is in the news a lot these days,
and not solely because of the saga of Anna Nicole Smith, whose burial
was delayed amid a legal tussle over the paternity of her 5-month-old
daughter, Daniellyn.
The growing success in obtaining
convictions by genetic matching (since the O.J. Simpson trial anyway)
has made it the preferred identification technology for law
enforcement, as well as by other federal agencies. The U.S. military
requires every serviceman to give blood for future DNA analysis,
presumably for body identification.
States are among the most
aggressive users of DNA testing. The New Jersey Supreme Court recently
upheld a Garden State law requiring DNA testing of all felons, with the
results maintained in a state database and submitted to the FBI.
Other
states that have initiated extensive DNA collection policies include
Virginia and Arizona -- the latter tests, collects, and stores the
results not only from convicted felons but also from most people who
are simply arrested for a felony. Florida is now considering collecting
DNA from everyone convicted of a felony, as well as from those found
guilty of certain misdemeanors.
Municipalities are climbing
onto the DNA testing bandwagon, too. A blood bank in Seattle has begun
collecting and analyzing DNA from donated blood without obtaining
explicit permission, although donors may opt out. The program is funded
by the U.S. military. To protect the privacy of donors, the Puget Sound
blood bank labels the samples with codes instead of printed names. For
the record, that's not a very secure strategy.
Race Traces
A
little-noticed provision in the recently passed Violence Against Women
Act may soon trigger the largest sweep of DNA information in this
country. The Justice Dept. plans to collect DNA from anyone arrested or
detained by federal agents. This will, by definition, include all
illegal immigrants.
The increasingly widespread use of DNA
testing opens a Pandora's Box of privacy issues. Technicians can
extrapolate information about a person from the sample of their brother
or son. In Houston last year, a man's conviction of rape was partially
based on DNA evidence collected from his twin brother.
And
the process isn't without its bizarre anomalies. For example, people
who have received bone-marrow transplants can in certain cases match
the DNA of a donor.
1:15:40 PM
|
|
Popular Internet social-networking sites like MySpace and Facebook would have to verify users' ages and get parental permission before minors could post profiles under a proposed law pending in the General Assembly.
Connecticut would become a national leader in protecting minors on the Internet if it adopts the tighter age restrictions, state Attorney General Richard Blumenthal said.
The bill cleared its first major hurdle Thursday when it won unanimous approval from the legislature's general law committee.
The intent of the bill is clear. Unclear is what form parental permission would take and what would prevent youths from faking permission.
1:08:47 PM
|
|
Connecticut Wants to Restrict Social Networking. csefft writes "According to the Hartford Courant, Connecticut became the latest state to want to restrict the use of MySpace and other social networking sites. The proposed bill would require that all such sites verify the identity and age of users, as well as get parent's permission for those under 18. Sites that failed to comply would be subject to a $5,000 per day fine. Attorney General Richard Blumenthal said of the proposition, 'If we can put a man on the moon, we can verify age on the Internet,' but quickly followed with the acknowledgment that there is no foolproof method." [Slashdot: Your Rights Online]
1:06:21 PM
|
|
Anybody who objects to their personal details going on the new "Big
Brother" ID cards database will be banned from having a passport.
James Hall, the official in charge of the supposedly-voluntary
scheme, said the Government would allow people to opt out - but in
return they must "forgo the ability" to have a travel document.
With one in every eight people saying they will refuse to
sign-up, up to five million adults could effectively be refused
permission to leave the country.
Campaigners reacted to Mr Hall's remarks with fury, saying they
were yet more evidence of the lurch towards "Big Brother" Britain.
Phil Booth, of the NO2ID group, said: "The idea that ID cards scheme is voluntary, and people can opt-out, is a joke.
"There are all sorts of reasons why people need to travel, not just for holidays. There is work, visiting relatives.
"What are these people supposed to do? It stretches the
definition of voluntary beyond breaking point. They will go to any
length to get personal information for this huge database. Who knows
what will happen to it then?"
12:56:16 PM
|
|
|
© Copyright 2007 Paul Hardwick.
Last update: 3/18/07; 9:31:05 PM.
|
|
|
