Paul Hardwick: Interviews

Administrivia: Possible unscheduled upgrade of Privacy Digest

Sun, 18 Mar 2007 01:39:04 GMT

Administrivia: Possible unscheduled upgrade of Privacy Digest.

I might be implementing an unscheduled upgrade of the site due to some problems with the software I am currently using to run the site. I had been working on upgrading the software to implement some new features but may have to implement sooner than originally planned. If you would like to take a peek at the planned software take a visit to http://www.PrivacyDigest.com/index.php Yes the full URL will have to be entered until I have completed the switch over.

There may be some hiccups during the process as the XML/RSS location will change along with access to the sub-topics. I plan to create mod-rewrite rules to take of this but they may not all be ready on day one.

Please let me know what you think.

C-SPAN Unchains Congressional Hearing Videos.

Thu, 08 Mar 2007 21:56:27 GMT

C-SPAN Unchains Congressional Hearing Videos.

C-SPAN has announced that, effective immediately, its videos of Congressional hearings, White House briefings, and other federal events will be freely available for noncommercial copying, sharing and posting, so long as attribution is included (sounds like the Creative Commons by-nc license, but no confirmation on whether that's what they are using). According to the C-SPAN press release, the move recognizes that we're in "an age of explosive growth of video file sharers, bloggers and online citizen journalists."

This is fantastic news! A considerable helping of the credit belongs to Carl Malamud, who responded to a copyright kerfuffle involving House Speaker Nanci Pelosi's use of C-SPAN hearing footage by writing an open letter to C-SPAN's CEO Brian Lamb challenging him to open up the archives to enable these kinds of public uses of C-SPAN content. Several meetings later, it appears C-SPAN decided to rise to the challenge.

Kudos to Carl, and kudos to C-SPAN. This is an amazing bit of public service all around. (Full disclosure: EFF represented Carl in connection with this issue, but we hardly lifted a finger -- all credit goes to Carl.)

[EFF: Deep Links]

Editor: Hmm maybe I'll have to consider making some snippets available in the future. A lot of hearings are dry, but every once in a while you get a real gem.

Nightline NSA Spy Exclusive: Dud.

Wed, 07 Mar 2007 16:07:37 GMT

Nightline NSA Spy Exclusive: Dud. AT&T whistleblower Mark Klein breaks silence to tell ABC News' Nightline about the NSA eavesdropping on the internet, but reveals little new information. In 27B Stroke 6. [Wired News: Top Stories]

Tonight(Tuesday) on Nightline - The NSA at AT&T

Tue, 06 Mar 2007 15:55:07 GMT

Tonight(Tuesday) on Nightline is an episode on the NSA having a monitoring station in the AT&T wire room. They have the guy who originally broke the story being interviewed tonight.

F2C: Freedom to Connect being webcast starting March 5

Mon, 05 Mar 2007 19:57:29 GMT

F2C is a meeting of people engaged with Internet connectivity and all that it enables, including vendors, customers, regulators, legislators, analysts, financiers, citizens and co-creators. This year, the theme of F2C is how universal connectivity and the plunging capital requirements of information production are changing our fundamental economic and social assumptions. (F2C is produced by David S. Isenberg of isen.com, LLC.)

Tune into F2C Group Chat beginning about 8:30AM, Monday 5 March

F2C Webcast available for those who can't be there. (Please participate in Group Chat too.)

Berners-Lee Speaks Out Against DRM, Advocates Net Neutrality.

Thu, 01 Mar 2007 23:31:36 GMT

Berners-Lee Speaks Out Against DRM, Advocates Net Neutrality. narramissic writes "Speaking before the House Subcommittee on Telecommunications and the Internet, Tim Berners-Lee advocated for net neutrality, saying that the Web deserves 'special treatment' as a communications medium to protect its nondiscriminatory approach to content. Berners-Lee's more controversial statements came on the topic of DRM, in which he suggested that instead of DRM, copyright holders should provide information on how to legally use online material, allowing users the opportunity 'to do the right thing.' This led to an odd exchange with Representative Mary Bono who compared Berner-Lee's suggestion to 'having a speed limit but not enforcing the speed limit.'" [Slashdot: Your Rights Online]

Administrivia: Now we have a overheated CPU ( 60 degrees centigrade )

Tue, 27 Feb 2007 23:39:01 GMT

OK, if the DDOS attack wasn't enough. Now our server went down with a temperature overload. We were up to 60 degrees centigrade when we shut down. The CPU and a broken fan have been replaced.

Administrivia: Our data-center was hit by a DDOS attack today.

Tue, 27 Feb 2007 21:19:59 GMT

Sorry for being either very slow or off the net for a while recently. The data-center we are part of was hit by a DDOS (Distributed Denial Of Service) attack recently. At the moment it looks to be under control, but we are keeping an eye on things.

Three Minutes With Sun's Security Guru.

Mon, 26 Feb 2007 21:35:39 GMT

Three Minutes With Sun's Security Guru. Privacy laws could hurt the little guy, warns cryptographer Whitfield Diffie. [PC World: Latest Technology News]

For Your Eyes Only? (Breaking the Story) NOW | PBS

Sun, 18 Feb 2007 18:43:54 GMT

NOW's Deborah Runcie speaks to journalist Ryan Singel, who covers civil liberty and privacy issues, about his investigative work involving AT&T and the government's alleged secret surveillance of personal electronic mail. Singel's coverage appeared in Wired News.

Smart Cards Key to Information and Identity Security, Says Gates, Others.

Wed, 14 Feb 2007 00:43:38 GMT

Smart Cards Key to Information and Identity Security, Says Gates, Others. "We need to secure the king instead of the castle. Information is king and it likes to move around." [GT: Security and Privacy]

Three Minutes With Vista Security Guru Ben Fathi.

Mon, 12 Feb 2007 18:44:25 GMT

Three Minutes With Vista Security Guru Ben Fathi. Vista's bug count so far is OK with the Windows security manager. [PC World: Latest Technology News]

I Was a Cybercrook for the FBI.

Fri, 02 Feb 2007 02:29:02 GMT

I Was a Cybercrook for the FBI. Hoi Polloi writes "Wired News has a series starting on internet crime. The first piece they have up covers the story of a cybercrook who specialized in credit card fraud. Caught in a sting operation in November of 2002, the man who identified himself as 'El Mariachi' on message boards would lead a double life for the next two years working for the FBI. As he reported on credit card scammers, dodged his former associates, and stopped criminals from defrauding the 2004 presidential campaign, he also tried to keep his life together. A fascinating tale that looks at the face of modern crime, and crime-stopping techniques." [Slashdot: Your Rights Online]

Earth to Alberto: Habeas Corpus-update-video added ( Crooks and Liars )

Sat, 27 Jan 2007 21:44:05 GMT

mcjoan says it so well:

A reader transcribed this exchange concerning habeas corpus from today's Senate Judiciary Committee hearings (no official transcript yet):

Specter: Now wait a minute, wait a minute. The Constitution says you can't take it away except in the case of invasion or rebellion. Doesn't that mean you have the right of habeas corpus?

Gonzales: I meant by that comment that the Constitution doesn't say that every individual in the United States or every citizen has or is assured the right of habeas corpus. It doesn't say that. It simply says that the right of habeas corpus shall not be suspended.

Article I, Section 9:

The Privilege of the Writ of Habeas Corpus shall not be suspended, unless when in Cases of Rebellion or Invasion the public Safety may require it.

Alberto Gonzales should not only be impeached for his willfully obtuse interpretations of the Constitution, he should be disbarred.

US Attorney General Questions Habeas Corpus.

Sat, 27 Jan 2007 21:32:22 GMT

US Attorney General Questions Habeas Corpus. spiedrazer writes "In yet another attempt to create legitimacy for the Bush Administration's many questionable legal practices, US attorney General Alberto Gonzales actually had the audacity to argue before a Congressional committee that the US Constitution doesn't explicitly bestow habeas corpus rights on US citizens. In his view it merely says when the so-called Great Writ can be suspended, but that doesn't necessarily mean that the rights are granted. The Attorney General was being questioned by Sen. Arlen Specter at a Senate Judiciary Committee hearing on Jan. 18. THe MSM are not covering this story but Colbert is (click on the fourth video down, 'Exact Words')." --- From the Baltimore Chronicle and Sentinel commentary: "While Gonzales's statement has a measure of quibbling precision to it, his logic is troubling because it would suggest that many other fundamental rights that Americans hold dear (such as free speech, freedom of religion, and the right to assemble peacefully) also don't exist because the Constitution often spells out those rights in the negative. It boggles the mind the lengths this administration will go to to systematically erode the rights and privileges we have all counted on and held up as the granite pillars of our society since our nation was founded." [Slashdot: Your Rights Online]

Computers, Freedom and Privacy - Montreal, May 1-4 2007

Thu, 28 Dec 2006 23:41:06 GMT

Come to CFP2007 in Montreal, May 1-4 2007. There's a lot at stake.

Computers, Freedom and Privacy 2007 - Call For Proposals

Thu, 28 Dec 2006 23:37:58 GMT

Call For Proposals - The deadline for proposals is January 20, 2006

The Program Committee of the Seventeenth Conference on Computers, Freedom, and Privacy (CFP2007) seeks your proposals for innovative conference sessions and speakers.

What Questions Would You Ask An RIAA 'Expert'?

Thu, 28 Dec 2006 22:31:59 GMT

What Questions Would You Ask An RIAA 'Expert'? NewYorkCountryLawyer asks: "In UMG v. Lindor, the RIAA has submitted an 'expert' report (pdf) and 26-page curriculum vitae (pdf), prepared by Dr. Doug Jacobson of Iowa State University who is the RIAA's expert witness in all of its cases against consumers, relating to alleged copyright infringement by means of a shared files folder on Kazaa, and supposed analysis of the hard drive of a computer in Ms. Lindor's apartment. The RIAA's 'experts' have been shut down in the Netherlands and Canada, having been shown by Prof. Sips and Dr. Pouwelse of Delft University's Parallel and Distributed Systems research group (pdf) to have failed to do their homework, but are still operating in the USA. The materials were submitted in connection with a motion to compel Ms. Lindor's son, who lives 4 miles away from her, to turn over his computer and music listening devices to the RIAA. Both Ms. Lindor's attorney (pdf) and Ms. Lindor's son's attorney (pdf) have objected to the introduction of these materials, but Dr. Jacobson's document production and deposition are scheduled for January and February, and we would love to get the tech community's ideas for questions to ask, and in general your reactions, thoughts, opinions, information, and any other input you can share with us. (In case you haven't guessed, we are the attorneys for Ms. Lindor.)" [Slashdot: Your Rights Online]

DRM 'Too Complicated' Says Gates.

Mon, 18 Dec 2006 21:02:32 GMT

DRM 'Too Complicated' Says Gates. arbirk writes "BBC News is reporting on comments made by Bill Gates concerning DRM. It seems he has got the point (DRM is bad for consumers), but that opinion differs widely from the approach taken by Microsoft on Zune and their other music related products. The comments were originally posted on Micro Persuasion. The article also has a take on Apple's DRM." --- From the BBC article: "Microsoft is one of the biggest exponents of DRM, which is used to protect music and video files on lots of different online services, including Napster and the Zune store. Blogger Michael Arrington, of Techcrunch.com, said Bill Gates' short-term advice for people wanting to transfer songs from one system to another was to 'buy a CD and rip it'. Most CDs do not have any copy protection and can be copied to a PC and to an MP3 player easily and, in the United States at least, legally." [Slashdot: Your Rights Online]

Reuters/Second Life Interview: Warner Music boss Edgar Bronfman

Wed, 06 Dec 2006 12:45:24 GMT

SECOND LIFE, Dec 1 (Reuters) - Warner Music Chief Executive Edgar Bronfman sat down in Second Life on Friday for a broad-ranging interview about CopyBot, the balancing act between the content industry's copyrights and the creativity of its customers, and the time he caught his own kids illegally downloading songs.

Boarding Pass Hacker Breaks Silence.

Wed, 29 Nov 2006 19:11:29 GMT

Boarding Pass Hacker Breaks Silence.

Chris Soghoian, the Indiana University doctoral student whose online demonstration of serious flaws in airport security prompted an FBI investigation, broke his silence this week after the government terminated its investigation into the matter.

Soghoian had refused to talk to the media ever since the FBI visited his home in Bloomington, Ind., on Oct. 27 and carted away computers and other equipment. The federal action came in response to Soghoian's decision to post a tool on his Web site that would allow someone to print a fake boarding pass that could be used to evade the "no-fly" list -- a key government tool in keeping suspected terrorists off of airplanes.

In an interview with Security Fix on Saturday, Soghoian said he was ready to set the record straight now that the FBI had ended its investigation and the local U.S. attorney had declined to press charges. A spokesperson for the FBI's Indianapolis field office confirmed that the investigation was closed on Nov. 14.

Soghoian's boarding pass generator highlighted a loophole in the Transportation Security Administration's policy for screening passengers against the no-fly list. The problem is that boarding passes are compared to a person's ID only at initial airport security checkpoints, not at the gates where passengers board planes. And the boarding passes are scanned and verified only at departure gates, not security checkpoints.

In discussing the tool that he created, Soghoian said that even if the TSA plugged the security loophole -- by requiring ticket readers at the initial terminal security checkpoint and integrating the no-fly list with every airlines' computer systems -- the current legal status of the TSA's policy allows anyone to refuse to show ID at check-in if they consent to additional screening.

"Everyone focused on this issue of fake boarding passes, but no one touched on the issue of a person [telling airline security screeners] that they don't have any ID on them," Soghoian said.

To help put Soghoian's point in perspective, consider the case of John Gilmore, co-founder the Electronic Frontier Foundation. In 2002, Gilmore refused to show his ID while checking in for a cross-country flight. He was told he could fly if he agreed to a "secondary screening," which he also refused. Gilmore said he was told that there were security directives that mandated the showing of ID, but that he was not allowed to view said rules.

Gilmore later sued the government to gain access to the rules. The case wound its way up to the 9th Circuit Court of Appeals, which privately viewed the rules and decided that airline passengers could either present identification OR opt to be subjected to a more extensive search.

[Security Fix]

UK Chief Answers ID Card Questions.

Wed, 15 Nov 2006 05:15:49 GMT

UK Chief Answers ID Card Questions. Citizens question privacy, security of information and biometrics in live chat [GT: Security and Privacy]

Lack of E-Voting Paper Trail Precludes Full Recount in Virginia, Elsewhere.

Thu, 09 Nov 2006 03:10:29 GMT

Lack of E-Voting Paper Trail Precludes Full Recount in Virginia, Elsewhere.

Many Virginians were among the millions of voters nationwide that cast their votes on electronic voting machines which lack paper trails. Voters thus could not verify that their votes were accurately recorded, and election officials will not be able to conduct a full and thorough recount.

That's bad enough, and with the close margin in Virginia's Senate race and the U.S. Senate at stake, it is especially tragic for the entire country, regardless of who is ultimately declared the winner. Simple precautions could have been taken to prevent this and myriad other e-voting problems. Indeed, Montana fortunately requires a paper trail, which could aid a recount in its tight Senate race.

Thankfully, there's an existing solution for the whole country: Rep. Rush Holt's Voter Confidence and Increased Accessibility Act (HR 550) contains several critically important election reforms, including the requirement of a paper audit trail for all electronic voting machines, random audits, and public availability of all code used in elections. The bill has gained the support of 220 bipartisan cosponsors, and, according to Holt, it even has a chance to pass before the next Congress takes office in January.

Make your voice heard on HR 550 now using the form below and tell Congress to support this crucial reform.

Listen to our podcast interview with Holt here.

[EFF: Deep Links]

China: We don't censor the Internet. Really | CNET News.com

Tue, 31 Oct 2006 17:24:18 GMT

ATHENS, Greece--While many countries block off some Web sites, China has long drawn heightened scrutiny because of the breadth and sophistication of its Internet censorship

Which is why it came as a surprise on Tuesday when a Chinese government official claimed at a United Nations summit here that no Net censorship existed at all.

The only problem: Few cases of Net censorship are as carefully and publicly documented as the Great Firewall of China. A study by researchers at Harvard Law School found 19,032 Web sites that were inaccessible inside China.

A report from a consortium of British, American and Canadian universities concluded: "China's Internet-filtering regime is the most sophisticated effort of its kind in the world. Compared to similar efforts in other states, China's filtering regime is pervasive, sophisticated and effective."

In fact, Google has cited China's intermittent blocking of Google.com as the primary factor in the company's creation of the Google.cn censored search site.

Democracy Now! | FCC Commissioner Michael Copps and Juan Gonzalez on the Color of Media Consolidation

Wed, 25 Oct 2006 19:44:02 GMT

Copps and Gonzalez spoke at last week's town hall meeting in New York on diversity and media ownership. The FCC is reconsidering a number of broadcast rules -including whether a single company should be able to own both a newspaper and television station in the same market. [includes rush transcript]

A town hall meeting on diversity and media ownership was held last week here in New York City. All five commissioners from the Federal Communications Commission were invited. Only two showed up - Commissioners Michael Copps and Jonathan Adelstein. More than 300 activists and citizens came out to show their opposition to further media consolidation as the FCC reconsiders a number of broadcast rules - including whether a single company should be able to own both a newspaper and television station in the same market.

Michael Copps, FCC Commissioner.
Juan Gonzalez, Daily News columnist and Democracy Now co-host.

Moyers on Net Neutrality.

Wed, 11 Oct 2006 01:41:51 GMT

Moyers on Net Neutrality.

Bill Moyers has a 90-minute documentary on Net Neutrality that will air over Public Broadcasting Service stations on Tuesday evening, Oct. 18. Check your local listings for time.

Here[base ']s a link to the (show:) [http://www.pbs.org/moyers/moyersonamerica/net/index.html], called [base "]The Net at Risk.[per thou] Watch the preview, and you can get a feel for the show.

Moyers and his staff held an online chat this afternoon to talk about the show. The first hour will be a look at the struggles over the issue at the federal and state levels. The last half-hour will focus on how low-power radio stations kept information flowing in the Gulf Coast following Hurricane Katrina at a time when commercial stations were shut down.

Moyers said in the chat that while there[base ']s a great deal of public support for an open Internet, large campaign contributions have prevented Congress from acting, much as such contributions have contributed on a variety of other issues. Moyers noted that over time, each new medium has been promised to enlighten the public and further the goals of democracy, whether the medium was radio, TV or cable. Today, however, those are all controlled [base "]by commercial and corporate interests.[per thou] He warned that, [base "]If past is prelude, we shouldn[base ']t be sanguine about the Internet because large economic interests can move the agenda to benefit their interest and purposes.[per thou]

[Public Knowledge - Policy Blog]

10 Tough Questions & How to Answer Them.

Wed, 11 Oct 2006 01:34:38 GMT

10 Tough Questions & How to Answer Them. Recently hired CSOs share what hiring execs want to know in interviews. Note: Experience counts, and it pays to do your homework [CSO Online Data Security Briefing]

HPGate: CEO approved Ethic Officer's Sting on Reporter.

Mon, 25 Sep 2006 03:32:15 GMT

HPGate: CEO approved Ethic Officer's Sting on Reporter.
High level executives at HP, including the CEO Mark Hurd, who will soon replace the disgraced Patricia C. Dunn as HP's chairman, approved a complicated plot to figure out a CNet reporter's sources by creating a fictional whistleblower who would feed the reporter tidbits of information that had web-tracking or keylogging software in it, according to the Washington Post.

The man in charge of creating the fake persona and figuring out what tidbits to lead: HP's chief ethics officer Kevin Hunsaker.

Determined to ferret out the source's identity, HP senior counsel Kevin Hunsaker, who led the HP investigation ordered by Dunn, and an HP colleague in Boston created a fictitious persona, "Jacob," who would pose as a disgruntled HP "senior level executive" and cultivate Kawamoto by saying he was "an avid reader of your columns."

The idea, evidently, was to induce Kawamoto to open an e-mail attachment with a "tracer" in it that would allow them to see who she forwarded it to. They hoped it would pinpoint board member Keyworth as her source, according to the documents.

On Feb. 2, Hunsaker made a PowerPoint presentation to Dunn, called Project Kona II, in which she was shown the "covert" e-mail sent to Kawamoto on Jan. 26. In it, "Jacob" wrote that "tired of broken promises, misguided initiatives and generally bad treatment," he had information to pass on to her.

The computer-generated presentation included a proposed " 'next step' covert e-mail" in which "Jacob" would establish his insider bona fides with Kawamoto by telling her that, contrary to an article she wrote, a potential HP deal with "CSC," or Computer Sciences Corp. was "definitely on HP's radar . . . I know because I was involved in preparing the briefing documents."

After the presentation, Hunsaker sent Dunn an e-mail thanking her for "taking such a big chunk of time" to meet with his team. Dunn replied with an e-mail to Hunsaker, saying that she was "encouraged that this effort is on the right track."

As the project evolved, Hunsaker and Anthony Gentilucci, an HP global investigations manager in Boston, began to refine Jacob's character. "I think we have to figure out who Jacob is, weak, strong, vindictive, a Bill and Dave fan, possibly lower level employee . . . will dictate the tone of the e-mail," Gentilucci wrote on Jan. 28.

Over the next week, HP investigators designed a plan to give Kawamoto a "[small] accurate piece of advance information" about a new handheld product, before they would "spring the false one," referring to a fabricated news tip about HP opening a computer data farm. That first tip, about the handheld device, would be sent in an e-mail that would include the tracking software.

If this were some rinky-dink Web 2.0 outlet trying to figure out how ValleyWag got dirt on their CEO's ponytail extensions, it'd be funny.

But this is HP, where one would expect that grown-ups would be in charge.

Dunn had the cojones last night to go accept a "Hall of Fame" award from the Bay Area Council, where she was lauded for epitomizing "the special spirit and qualities that our country and the Bay Area have long cherished," according to ZDNet.

The rich really are different from you and me.

[27B Stroke 6]

Dallas Morning News | Cornyn seeking the facts on RFID

Thu, 31 Aug 2006 23:36:55 GMT

Radio frequency identification technology will eventually be in the products you buy, the credit cards you buy them with, and the driver's license you carry while driving home from the store.

But the proliferation of RFID has raised concerns among privacy advocates who worry that consumers will be at greater risk of fraud and identity theft. State and federal lawmakers are starting to look at regulating the technology.

In July, U.S. Sen. John Cornyn of Texas co-founded the Senate RFID Caucus.

Wednesday, the senator was in Dallas to deliver the keynote speech at the Texas Competitiveness Summit at the University of Texas at Dallas.

He also sat down to discuss his interest in RFID technology, why he started the caucus, and his thoughts on the privacy concerns.

Here are excerpts from the interview.

WSJ Search History/Privacy Debate.

Fri, 18 Aug 2006 16:21:03 GMT

WSJ Search History/Privacy Debate.

The Wall Street Journal has published a debate (well, an e-mail exchange) between Kevin Bankston, a privacy lawyer at the Electronic Frontier Foundation, and Markham Erickson, a lobbyist for Internet firms including Google and Yahoo, on the topic of the privacy of web search histories. Here[base ']s a choice excerpt where Bankston takes Erickson to task about innovation vs. monetization as the true motivation behind retaining user search history records:

Erickson: [sigma]This transactional information, separated from the personal information of the user, is used by companies to improve their abilities to provide more pertinent results for the user. Don[base ']t you think that companies should have the freedom to innovate by using transactional information to improve their products?

Bankston: Markham, you say that Internet companies don[base ']t match up users[base '] personal information, yet that[base ']s exactly what AOL stores [~] search logs tied that can be tied to particular user screen names, which can be matched up with your billing information. Other search engines with account-based services also can tie their search logs to your particular screen name or email address, and then there are IP addresses, cookies and other methods of tracking individual users.

Furthermore, and contrary to your suggestion, these search logs reveal much more information than directory assistance logs; they[base ']re more like a print-out of your brain. A quick spin through the AOL logs via aolsearchdatabase.com, or a browsing of some of the more notable search histories being discussed on the bulletin board at data.aolsearchlogs.com [~] will demonstrate that. These logs represent the most secret hopes, deepest fears and dirtiest laundry of every user. They provide a snapshot of incredibly intimate events and ideas, often revealing personal problems, financial difficulties, medical ailments, sexual preferences, and more.

I[base ']m all for innovation, but at what cost? Does Google really need a decade of search histories to innovate? I think that rather than innovation, what you[base ']re talking about is monetization: data-mining all of this private information for marketing information, whether to be used internally or sold to business partners.

[via John Battelle]

[michaelzimmer.org]

The Black Hat Wireless Exploit Interview, Verbatim.

Wed, 16 Aug 2006 17:38:59 GMT

The Black Hat Wireless Exploit Interview, Verbatim.

I've received an overwhelming amount of hate mail from Mac enthusiasts over two previous posts on a wireless-device-driver presentation at the Black Hat hacker conference, with people accusing me of all kinds of nasty things. Rather than respond to every wild accusation under the sun, I thought it best to give readers all of the information that I have on this. I am posting here a word-for-word transcription of a taped interview I had with David Maynor of SecureWorks in his hotel room on Tuesday, Aug. 1 -- the eve of his presentation at Black Hat.

I've been asked this many times, so let me make this crystal clear: I had the opportunity to see a live version of the demo Maynor gave to a public audience the next day. In the video shown at Black Hat, he plugged a third-party USB wireless card into the Macbook -- but in the demo Maynor showed me personally, he exploited the Macbook without any third-party wireless card plugged in. As far as I'm aware, only one other person at the conference saw the demo the way I saw it (a Black Hat staff member whom I'm not at liberty to name); the discrepancy over the wireless card is probably the biggest reason why the Mac community was so confused and upset by my original post. I tried to clarify that in a follow-up, and am posting the contents of that interview -- verbatim -- to give the public all of the information I have about this particular exploit.

As I turned the tape on, Maynor was just beginning to demonstrate the exploit for me.

Maynor: OK, so the first step in this is we want to turn this [Windows laptop] into a wireless access point.

BK: Oh, so you do have to have it connected?

Maynor: No, this is just for the demo. This is the way we've developed the demo. If I explained it any other way, you wouldn't see anything. It would just say, "Exploit done." This way you can see the results of it.

[Maynor runs the connect-back script that leverages the flaw in the Macbook's wireless device drivers to connect back to the Windows laptop to which it was already associated.]

Maynor: So, I'm going to place a file on the desktop here on the Macbook using this machine here. What should I call it?

BK: I dunno. How about "owned"? [A text file named "owned" shows up on the Macbook desktop.] Wait, OK. Explain to me exactly what you're exploiting in here. Is it a flaw in the Macbook itself?

Maynor: Yes, it's a device driver. The thing is, there's a flaw in the OS, but I don't want to specifically point to it, so in the video you'll see I used a third-party USB device. What I'm trying to do is highlight the problems in device drivers themselves, not any one particular flaw. [Maynor misspoke here, and I later clarified this point with him. The wireless device driver that powers the internal wireless card on the Macbook contains flaws that -- when exploited -- give the attacker the ability to create or delete files, or modify system settings. The flaw is in fact in the Macbook's wireless device driver, which is made by a third party. So again, to be clear, the flaw is not, as he suggests in the transcript of this interview, in the Mac OS X operating system itself.]

BK: Oh. OK, well, then aside from this Macbook example, how many other machines have you been able to find this kind of --

[Security Fix]

Mozilla VP Talks the State of Firefox.

Tue, 08 Aug 2006 16:39:26 GMT

Mozilla VP Talks the State of Firefox. isah writes "As Firefox downloads pass the 200 million mark, people are talking about how its security features stack up against IE7 and protect against malware. Mozilla VP Mike Schroepfer told NewsForge's Joe 'Zonker' Brockmeier that security will continue to be an issue 'for anything written in native code' but Mozilla intends to meet the challenge by including JavaScript 1.7 with the browser's 2.0 release. Schroepfer also talked about the timeline of future releases and offered just enough information to wet our whistles for 3.0."[Slashdot]

Weblogs, Inc. CEO Tells His AOL Bosses To "Not Keep Logs of Search Data".

Tue, 08 Aug 2006 15:02:12 GMT

Weblogs, Inc. CEO Tells His AOL Bosses To "Not Keep Logs of Search Data".

Jason Calacanis is CEO of blogging network Weblogs, Inc., which AOL bought last year. In light of AOL's disclosure of 658,000 users' search queries, Calacanis publicly denounced this massive privacy violation and gave his bosses one clear message: "Frankly, I want us to NOT KEEP LOGS of our search data" (emphasis, his).

Exactly -- as discussed in our "Best Practices" white paper, online service providers shouldn't be keeping these kinds of logs. Voluntary limits on data retention would help prevent another Data Valdez like AOL's, but Congress should also strengthen and clarify privacy protections.

[EFF: Deep Links]

Confessions of a Cybermule.

Fri, 28 Jul 2006 15:40:32 GMT

Confessions of a Cybermule. He's a 44-year-old "casher" who turned stolen credit-card accounts into cash for East European hackers. Now his life at the bottom of the cybercrime food chain has landed him in jail, and federal agents are sniffing at his heels. By Kim Zetter. [Wired News: Security Blanket]

Internet Pioneers Debate Net Neutrality.

Wed, 19 Jul 2006 16:29:17 GMT

Internet Pioneers Debate Net Neutrality. Existing antitrust laws are enough to keep broadband providers in line, one expert says. [PC World: Latest Technology News]

Congressional confusion on Internet privacy | Perspectives | CNET News.com

Mon, 10 Jul 2006 16:06:23 GMT

When it comes to Internet privacy, Rep. Joe Barton embodies contradictions.

The Texas Republican, chairman of the House Energy and Commerce Committee, claims to be a steadfast supporter of online privacy. He's piped up at innumerable hearings about Social Security number misuse and data breaches and has pledged, as recently as May, to enact a sweeping law protecting Americans' privacy rights.

He seems serious enough. "Whether Social Security numbers should be sold by Internet data brokers to anyone willing to pay, indistinguishable from sports scores or stock quotes...to me, that's a no-brainer," Barton said. Such a practice should not be allowed, he said. "Period. End of debate."

Which is why it's so odd that Barton is just as serious about forcing Internet providers to snoop on what Americans are doing online--which would create a much bigger privacy threat, after all, than a few bottom-feeding information brokers.

Barton said last week that he was going to push for a "comprehensive" child protection law that will probably include data retention.

Blue Box ETel2006 Podcast #5 - Interview with Alec Saunders of Iotum.

Mon, 10 Jul 2006 14:44:33 GMT

Blue Box ETel2006 Podcast #5 - Interview with Alec Saunders of Iotum.

Synopsis: Interview with Alec Saunders, CEO and "Relevance Revolutionary" of Iotum about security and privacy as they relate to Iotum's new relevance engine. The interview was recorded at O'Reilly's Emerging Telephony Conference in January 2006.

Welcome a special edition of Blue Box: The VoIP Security Podcast from the floor of the Emerging Telephony Conference in San Francisco, CA. Every now and then startups emerge that are just doing things that I personally find interesting. Iotum is one of those companies. The main thing they are focused on is making communication more relevant to you... as they say on their home page:

iotum is the world's first smart platform that lets you control who reaches you and how. Get the calls you want, where you want, and avoid those you don't.

As I came to know more about the company, I was curious to know about how they handled securely gathering all the context information about you and how they preserved the privacy. So out at ETel 2006 I sat down with Iotum CEO Alec Saunders to talk about what Iotum is doing and issues around security and privacy. In this interview, we covered those points and also ranged into a wide variety of other privacy-related issues such as GPS and cellphones in Japan, social issues around privacy and other points. While it is a bit outside the realm of topics we normally cover, I hope you find it as interesting as I did.

If you would like to learn more about Iotum, Alec Saunders also maintains his own weblog where he writes on Iotum, VoIP and other topics. I'll also note that Alec's "mug shot" photo is not from any recent trip to jail but rather from a bit of fun the company had creating images for all the company members. (Ahh, the things you can do as a startup...)

Download the show here (MP3, 18MB) or subscribe to the RSS feed to download the show automatically. The interview runs about 20 minutes.

NOTE: This is the last of the interviews and shows coming out of ETel 2006.

[Blue Box: The VoIP Security Podcast]

Blue Box Podcast Spring VON #1 - Phil Zimmermann interview about Zfone.

Mon, 10 Jul 2006 14:40:38 GMT

Blue Box Podcast Spring VON #1 - Phil Zimmermann interview about Zfone.

Synopsis: Interview with Phil Zimmermann about his new Zfone project, the ZRTP protocol and other related topics. The interview was recorded at the Spring VON show in San Jose, California, on March 16, 2006.

Welcome a special edition of Blue Box: The VoIP Security Podcast from the floor of the Spring 2006 VON conference in San Francisco, CA. In this interview with Phil Zimmermann we talk about his Zfone project and how it has evolved since it was first announced in January (which we covered here). Phil explains the origins of his ideas, how Zfone works, how ZRTP works and how people can get involved with the public Zfone beta program. More information is available at http://www.philzimmermann.com/

Download the show here (MP3, 20MB) or subscribe to the RSS feed to download the show automatically. The interview runs about 22 minutes.

[Blue Box: The VoIP Security Podcast]

Planning the future of privacy at Microsoft Arcon5 News

Wed, 05 Jul 2006 13:54:00 GMT

Peter Cullen, Microsoft's chief privacy strategist, found himself in the front line in the wake of the software giant's recent antipiracy controversy. He talks about his role at the company, and what's in store for the future.

Planning the Future of Privacy at Microsoft.

Wed, 05 Jul 2006 13:49:52 GMT

Planning the Future of Privacy at Microsoft. Tony writes "Peter Cullen, Microsoft's chief privacy strategist, found himself in the front line in the wake of the software giant's recent antipiracy controversy. He talks about his role at the company, and what's in store for the future." From the interview: "Cullen, Microsoft's chief privacy strategist, has been very involved with the issue and readily admits that the software maker dropped the ball on WGA Notifications. The flap puts him on the front line, rather than his usual role behind the scenes. For the most part, Cullen, who joined Microsoft three years ago from the Royal Bank of Canada in Toronto, is happy with his role at the software giant. He works on things such as guidelines for developers and privacy policies." [Slashdot: Your Rights Online]

The Fourth of July, 2006 is Privacy Digest's 7th Anniversary

Mon, 03 Jul 2006 16:14:11 GMT

Tomorrow, The Fourth of July 2006, Privacy Digest will have been publishing as this domain for seven years. We were actually around a bit longer as part of another blog. But on July 4, 1999, I decided that the issue was important enough to warrant it's own dedicated domain.

If you would like to help out my Amazon wishlist has a few things I need. More ideas on ways to support us can be found here.

Line Noise Goes to Washington.

Wed, 21 Jun 2006 14:26:23 GMT

Line Noise Goes to Washington.

Our latest EFF podcast reverses the polarity of the standard media interview, as we quiz Washington journalist Drew Clark, the National Journal's tech policy expert. He gives us his impartial, frontline view of the battle for the broadcast and audio flags in Congress.

Line Noise is available, as ever, from our MP3 or OGG podcast feeds, or as direct MP3 or OGG downloads.

[EFF: Deep Links]

HNS - Interview with Kenny Paterson, Professor of Information Security at Royal Holloway, University of London

Wed, 14 Jun 2006 14:23:28 GMT

The Information Security Group at Royal Holloway is one of the world's largest academic research groups in information security, with about 15 permanent academic staff, 50 PhD students and a thriving masters programme. They carry out research in many areas of the subject, including network security. That is one of Kenny Paterson's areas of specialism, and he teaches their masters course on the topic, and carries out research in the area.

(IN)SECURE Magazine Issue 7.

Thu, 08 Jun 2006 13:16:28 GMT

(IN)SECURE Magazine Issue 7. Articles in this issue include: SSH port forwarding: security from two perspectives, part one, An inside job, CEO spotlight: Q and A with Patricia Sueltz at SurfControl, Server monitoring with munin and monit, Compliance vs. awareness in 2006, 2005 *nix malware evolution, Overview of quality security podcasts and coverage of Infosecurity 2006 and InfoSec World 2006. [(IN)SECURE Magazine Notifications RSS]

Hayden Defends NSA Surveillance Program at CIA Nomination.

Sun, 21 May 2006 23:47:40 GMT

Hayden Defends NSA Surveillance Program at CIA Nomination. Air Force Gen. Michael Hayden, President Bush[base ']s nominee for CIA director, fielded questions from the Senate Intelligence Committee about the National Security Agency[base ']s domestic surveillance program created after Sept. 11th while Hayden was head of NSA. By NewsHour with Jim Lehrer. [NewsHour with Jim Lehrer Podcast | PBS]

U.K. official advocates jail time for data trading.

Sun, 21 May 2006 22:05:07 GMT

U.K. official advocates jail time for data trading. Traders in illicitly obtained personal information should be jailed for up to two years, according to the U.K. information commissioner, Richard Thomas [Network World on Privacy]

Salon.com News | The NSA is on the line -- all of them

Sun, 21 May 2006 22:01:13 GMT

Having studied the NSA and its history extensively, were you surprised and concerned to discover that, since 2001, the agency has been amassing a database of phone records, and possibly other information, on U.S. citizens?

The fact that the federal government has my phone records scares the living daylights out of me. They won't learn much from them other than I like ordering pizza on Friday night and I don't call my mother as often as I should. But it should scare the living daylights out of everybody, even if you're willing to permit the government certain leeways to conduct the war on terrorism.

We should be terrified that Congress has not been doing its job and because all of the checks and balances put in place to prevent this have been deliberately obviated. In order to get this done, the NSA and White House went around all of the checks and balances. I'm convinced that 20 years from now we, as historians, will be looking back at this as one of the darkest eras in American history. And we're just beginning to sort of peel back the first layers of the onion.

Siva on NPR's 'On The Media' on Net Neutrality | Public Knowledge

Fri, 19 May 2006 16:05:10 GMT

Siva Vaidhyanathan was on On the Media to talk about net neutrality.

You can read a transcript of the interview or listen to the audio.

Found from Boing Boing.

IBM Chief Privacy Officer Harriet Pearson: Privacy on the CEO/CIO Agenda ( On Demand Business : Blogs : Todd "Turbo" Watson -- IBM Corporation )

Wed, 10 May 2006 15:54:12 GMT

IBM Chief Privacy Officer Harriet Pearson: Privacy on the CEO/CIO Agenda

IBM Chief Privacy Officer (CPO) Harriet Pearson recently sat down with ComputerWorld for an interview to discuss what CIOs and CEOs need to understand about data privacy and protection, the role of the CPO, and other relevant risk management topics.

Harriet has been a key thought leader in the data protection and privacy space for some years now, and I had the opportunity many Internet dog years ago to work with her on a number of Internet-related privacy issues on behalf of IBM. It's clear from this interview that the privacy space has matured since that time.

In the interview, Harriet also discusses ever more practical considerations, such as the optimum reporting structure for privacy officers and the characteristics that make up a good CPO.

You can also hear from Harriet directly in a podcast conducted recently entitled "The Future of Privacy."

Disclosure Laws Driving Data Privacy Efforts, Says IBM Exec.

Wed, 10 May 2006 14:17:33 GMT

Disclosure Laws Driving Data Privacy Efforts, Says IBM Exec. Q&A: Harriet Pearson, IBM's chief privacy officer, says many different state security breach notification laws are driving the privacy agenda. [Computerworld Privacy News]

IT Conversations: Alan Cox - Computer Security - The Next 50 Years

Wed, 10 May 2006 11:26:57 GMT

Security and validation are critical issues in computing, and the next fifty years will be harder than the last. There are a number of proven programming techniques and design approaches which are already helping to harden our modern systems, but each of these must be carefully balanced with usability in order to be effective. In this talk, Alan Cox, fellow at Red Hat Linux, explores the future of what may be the biggest threat facing software engineers, the unverified user.

[runtime: 00:20:56, 9.6 mb, recorded 2005-10-18]

RFID Journal - PBS Video Spotlights RFID

Fri, 28 Apr 2006 16:01:18 GMT

Apr. 27, 2006--An educational video about radio frequency identification and its uses is set to air onU.S. Public Broadcast Service (PBS) channels across the country starting next week. The six-minute video will be broadcast as part of the Spotlight On series of industry and business educational programs that has been broadcasting nationally on public television for the past 17 years.

Spotlight On is produced by Trivue Entertainment, based in Watchung, N.J. PBS initially approached AIM Global about potentially creating a program on RFID. AIM, a trade association dedicated to accelerating the growth and use of RFID and other automatic-identification technologies and services around the world, has 900 members in 43 countries. The organization saw the documentary as a way to extend its advocacy role further.

[...]

Aimed at both businesses and consumers, the video does not explore the privacy concerns that have been raised about the use of RFID, focusing instead on the basics of the technology and its current and future applications. "There isn't time to look at privacy in the context of a six-minute video," says Mullen. "Privacy would require a program in itself, and would have to address more than RFID to look at data privacy and security as well."

Wiretap Whistle-Blower's Account.

Mon, 10 Apr 2006 15:57:01 GMT

Wiretap Whistle-Blower's Account. Former AT&T technician Mark Klein speaks out in support of the EFF's lawsuit against AT&T for its alleged complicity in the NSA's extrajudicial electronic surveillance. Wired News presents Klein's public statement on the purported spying. [Wired News: Security Blanket]

Smithsonian Deal With Showtime Restricts Access By Filmmakers

Sun, 09 Apr 2006 16:07:07 GMT

As part of a near-exclusive deal with Showtime Networks, the Smithsonian Institution is restricting filmmakers' access to its scientists and archives, prompting another outcry over the museum's attempts to make money.

Filmmakers who have relied on the vast holdings of the Smithsonian, and typically pay to use historic film or copy an artifact, have raised objections to the new policy of limited access to the public collections. Now most filmmakers will not have in-depth use of Smithsonian materials unless they are creating work for the Smithsonian/Showtime unit.

Such films would be available through the Smithsonian on Demand cable channel to the small fraction of viewers with digital cable -- about 25 million homes.

Jeanny Kim, the vice president for media services at Smithsonian Business Ventures, said the filmmakers who were doing "more than an incidental treatment" of a subject mainly from Smithsonian materials or wishing to focus on a Smithsonian curator or scientist would first have to offer the idea to Smithsonian/Showtime. Otherwise, the archives could not be used outside the realm of news programs (such as "60 Minutes" and "Dateline") in most cases.

The new restrictions have outraged some filmmakers and researchers, who are criticizing the limitations placed on public archives, as well as the Smithsonian's refusal to reveal the details of its Showtime contract. Inside the institution, some staff raised questions about the lack of consultation regarding the new policy. Others said the change was overdue because the Smithsonian had lacked control over its property.

"I think this is obscene," said Laurie Kahn-Leavitt, a filmmaker whose award-winning documentary about Tupperware relied heavily on materials at the Smithsonian. "That film would not have been made without the papers of Earl Tupper and Brownie Wise that are at the Smithsonian."

Kahn-Leavitt added, "I am not against them having a deal with Showtime that is lucrative. But the archives are for the public to use."

The materials at the Smithsonian cover almost every aspect of American life, from U.S. presidents to inventors to musicians to oceanographers to astronauts. Ken Burns mined material at the National Museum of American History for his PBS series "Jazz." The History Channel included film from the same archive for a program on the Chrysler Building. The Discovery Channel has used aviation footage from the National Air and Space Museum for its programs.

The National Museum of Natural History has an active relationship with filmmakers, who often want materials on such subjects as forensic anthropology, human origins, the Hope diamond and dinosaurs. Last year nearly 500 researchers spent almost 900 days working at American History. That archive receives about 5,000 e-mails a year, ranging from students to professionals, asking about materials to study.

EFF PSAs for Your Podcast or Online Radio Show.

Sun, 09 Apr 2006 15:32:27 GMT

EFF PSAs for Your Podcast or Online Radio Show.

If you podcast or produce online radio shows, you can help support EFF by featuring a PSA in your programs. EFF Fellow Cory Doctorow along with EFF Boardmembers Larry Lessig, John Gilmore, Brad Templeton, Joe Kraus, and Sarah Deutsch have all recorded clips for your listening pleasure.

[EFF: Deep Links]

Open source security testing methodology

Fri, 31 Mar 2006 15:33:02 GMT

Truth is made of numbers. Following this golden rule, Federico Biancuzzi interviewed Pete Herzog, founder of ISECOM and creator of the OSSTMM, to talk about the upcoming revision 3.0 of the Open Source Security Testing Methodology Manual. He discusses why we need a testing methodology, why use open source, the value of certifications, and plans for a new vulnerability scanner developed with a different approach than Nessus.

NPR's Justice Talking: Whose Internet Is It?

Tue, 28 Mar 2006 15:49:25 GMT

NPR's Justice Talking: Whose Internet Is It?

This is an audio file of a show on Net Neutrality featuring, among others, PK's Art Brodsky and Dave McClure of the U.S. Internet Industry Association.

[Public Knowledge - Breaking News]

Q & A With Canada's Michael Geist.

Sat, 25 Mar 2006 18:46:05 GMT

Q & A With Canada's Michael Geist. Torrentz writes "P2PNet is running a question and answer session with Canada's Michael Geist, a leading Internet and copyright expert. Geist discusses P2P, the music business, and the future direction of copyright law." From the interview: "My focus has traditionally been on Internet issues and I'm very active on privacy, spam, Internet governance issues. The growing attention to copyright merely reflects its critical importance to the Internet and to creativity and culture more generally." [Slashdot: Your Rights Online]

NOW | PBS - next week / Pentagon's controversial TALON information-gathering program

Sat, 18 Mar 2006 01:29:30 GMT

The Pentagon's controversial TALON information-gathering program will be the topic for next weeks episode.

IT Conversations: Cory Doctorow - Europe's Coming Broadcast Flag

Sat, 18 Mar 2006 01:08:23 GMT

The motion picture and television industries have seemingly declared global war on copyright infringement. This is understandable, of course, most of us want the creators of works to be able to enjoy their rights and profit from their efforts. But in the enduring battle for stricter restrictions on usage, the rights to create technology that's potentially infringing is caught in the crossfire. Cory Doctorow argues that these battles have little to do with the real intent of copyright and stresses that open source developers have a real stake in the outcome of this battle.

European mandates such as the Digital Video Broadcasting organization's Content Protection & Copy Management are similar to the American broadcast flag but possibly more draconian in scope. Doctorow argues that digital rights management (DRM) is based on the notion that you can design a safe "so strong you can leave it in the robber's living room" and that DRM technologies treat users as attackers. According to Doctorow, DRM does little to protect copyright and is not a contract, as some might argue. At stake, he believes, is the open source community's ability to write software, understand and improve technology, and disrupt markets with new and better way to create or distribute creative works.

An active question and answer period follows Cory's talk.

IT Conversations: Gary McGraw - Software Security

Sat, 18 Mar 2006 01:05:16 GMT

Security is a major concern in the IT industry, but most people think of securing the network rather than the software we all use every day. Gary McGraw argues that we need to move beyond the firewall and build security into software as it is being created in order to achieve a more secure environment.

Most security practitioners focus on the network, though most attackers aim their attacks at the code. In order to combat these attacks, it is the code that need to be strengthened. Dr. McGraw offers seven concrete ways that software engineers can make their code secure from the design stage through to implementation.

Blue Box Podcast #19 - VoIP security news, interview about VoIP over cable and much more.

Sat, 18 Mar 2006 00:57:34 GMT

Blue Box Podcast #19 - VoIP security news, interview about VoIP over cable and much more.

Synopsis: Interview with Geoff Devine from Cedar Point Communications about the security of VoIP over cable networks, VoIP security news and much more

Welcome to Blue Box: The VoIP Security Podcast show #19, a 63-minute podcast from Dan York and Jonathan Zar around news and commentary in the world of VoIP security. This show features a 36-minute interview with Geoff Devine from Cedar Point Communications about security of VoIP over cable networks. As usual, the show also features news and comments from listeners.

Download the show here (MP3, 33MB) or subscribe to the RSS feed to download the show automatically.

Blue Box: The VoIP Security Podcast]

Blue Box Podcast Spring VON #1 - Phil Zimmermann interview about Zfone.

Sat, 18 Mar 2006 00:51:50 GMT

Blue Box Podcast Spring VON #1 - Phil Zimmermann interview about Zfone.

Download the show here (MP3, 20MB) or subscribe to the RSS feed to download the show automatically. The interview runs about 22 minutes.

[Blue Box: The VoIP Security Podcast]

Downloadable RMS Lectures About Software Freedom.

Tue, 14 Mar 2006 13:36:20 GMT

Downloadable RMS Lectures About Software Freedom. Goran Gugic writes "On a recent visit to Croatia Richard Stallman gave two speeches which are now available as podcasts: 'Dangers of Software Patents' (OGG, 80MB, 132') and 'GNU Movement, Free Software and the Future of Freedom' (OGG, 65MB, 110'). The files can be found in the podcast section (site in Croatian). A higher-bandwidth mirror is also available" [Slashdot: Your Rights Online]

heraldsun.com: Cooper talks about public records, open meetings laws

Mon, 13 Mar 2006 01:58:32 GMT

RALEIGH, N.C. -- Attorney General Roy Cooper is among the speakers at Monday's conference, "Are We Safer in the Dark?", sponsored by the North Carolina Open Government Coalition in Raleigh. The event will examine trends in public access to government records and meetings in North Carolina and nationwide.

In advance of the conference and Sunshine Week, Cooper spoke with Associated Press state government reporter Gary Robertson about the state of public records and open meetings laws in North Carolina.

Gary McGraw: Software Security.

Wed, 08 Mar 2006 04:43:56 GMT

Gary McGraw: Software Security. Security is not a feature - it's a requirement for today's software. According to Gary McGraw, the good news about software security is that we know how to do it, but the bad news is that we aren't. In this interview with Sondra Schneider, Dr. McGraw describes how to build secure software and what the security challenges are for the software industry. [ITC: All Programs]

Q&A: Legislation won't end data breaches, says former FTC member - Computerworld

Sat, 04 Mar 2006 14:38:31 GMT

'There's no new law, there's no new technology ... to solve this problem,' says Orson Swindle

[...]

Swindle talked with Computerworld about some of the privacy challenges facing corporate America.

Editor: While a notification law won't stop the problem in and of itself. It can let us know who to stay away from due to poor security.

Security Pipeline | Q&A: Got Data? Beware Privacy Pitfalls, Big Brother

Fri, 03 Mar 2006 22:40:05 GMT

With controversy swirling around ID theft and electronic surveillance by the government, what should corporations do to protect customer data? Jim Dempsey, policy director at The Center for Democracy & Technology (CDT), spells out controversial advice such as "gather less data" and seemingly dire warnings such as "if you gather the data, the government will come calling." Whether you view CDT as an advocate or an adversary, its voice is being heard on Capitol Hill, so it's important to be aware of its stance on important corporate data policies and related issues.

Security Fix Live

Wed, 01 Mar 2006 02:44:27 GMT

Security Fix Live . Security Fix blogger Brian Krebs will be online to answer your questions about the latest computer security threats and offer ways to protect yourself and your personal information. By Brian Krebs. [washingtonpost.com - Technology - Industry News, Policy, and Reviews]

bit-tech.net | A conversation with Cory Doctorow

Mon, 27 Feb 2006 22:15:54 GMT

Cory Doctorow is something of an online legend. He's famous for a number of things: for being a great Sci-Fi writer, for his work as a copyright activist, and for being co-editor of what Technorati has suggested is the Most Linked-to Blog in the World, Boing Boing. Now resident in London, we took a trip down to the capital to talk to Cory about his blogs, his writing and his opinions on the world of content and DRM.

Doctorow on DRM and Activism.

Mon, 27 Feb 2006 22:13:54 GMT

Doctorow on DRM and Activism. Might E. Mouse writes "Cory Doctorow, co-editor of 'the world's most linked-to' blog, BoingBoing, spoke recently at an event in London, UK. Afterwords, he gave an interview with bit-tech discussing topics like DRM and the commercialization of podcasting. He was particularly scathing towards the BBC. From the article: 'If you're in the UK, hold the BBC to account. Why is it shipping the IMP, a DRM crippled player? Is there a point in the future where the BBC imagines that bits are going to get harder to copy? And that the IMP will solve its problem? Really, what the BBC is saying is that there's two ways you can get its content after it airs on the TV; one is that you can get it through the IMP and have a crippled experience, the other is that you can be a criminal.'" [Slashdot: Your Rights Online]

Steve Gibson: Internet Privacy. [ITC: All Programs]

Sun, 12 Feb 2006 23:24:06 GMT

Steve Gibson: Internet Privacy. Recently, the news has reported that the US Department of Justice has requested user information from some major internet search engines and service providers. In this conversation, Larry Magid talks with internet security expert Steve Gibson about the ramifications of these requests. They talk about what is possible and, more importantly, what is likely to be learned about an individual's surfing habits. [ITC: All Programs]

RSA Conference 2006 - WebCasts

Thu, 09 Feb 2006 19:44:08 GMT

On-demand replays of selected RSA(r) Conference 2006 keynotes will be available on this page within 24 hours of the live keynote in San Jose. You do not need to be a registered attendee of RSA Conference to view the keynotes, however you will need to answer a few brief registration questions before you can start downloading the web cast replays.

Please bookmark this page and visit again beginning February 15, 2006 to view replays of the following keynote presentations:

Editor: For those of us who can't make it.

Congress Granted Oversight For NSA Surveillance Program. [NewsHour with Jim Lehrer Podcast | PBS]

Thu, 09 Feb 2006 19:36:20 GMT

Congress Granted Oversight For NSA Surveillance Program. In a position reversal, the Bush administration will to brief House and Senate Committees on the NSA wiretapping program. Rep. Jane Harman and Sen. Lindsey Graham discuss the announcement. By NewsHour with Jim Lehrer. [NewsHour with Jim Lehrer Podcast | PBS]

Ben Laurie: Apache and SSL. [Opening Move audio from IT Conversations]

Wed, 08 Feb 2006 03:25:34 GMT

Ben Laurie: Apache and SSL. Security vulnerabilities are something network administrators have dealt with since before the dawn of the web, and now people with less experience have to be aware of the security implications of their software choices. Ben Laurie, Director of Security for the Apache Foundation speaks with Scott Mace about the comparison between Microsoft's and Apache's security, how security is implemented within Apache, the future of SSL and other security issues. [Opening Move audio from IT Conversations] [ITC: All Programs]