Security Alerts for the Week Ending 6/13/2010

feeds | grep links > Retiring “Info Wants To Be Free”, Another Attack on Quantum Crypto, and More on Those Behind Malware

  • Time to retire “info wants to be free”
    Cory’s latest Guardian column makes a thoughtful suggestion with regards to putting to rest Stewart Brand’s famous aphorism from the advent of the information age. He unpacks the much more nuanced interests of those big content wants to make out as info-anarchists. He suggests focusing more on the freedom of the net or more simply people.
  • Another attack on quantum cryptography
    As the post at Slashdot explains, this one relies on the normal error rate with which quantum crypto systems have to deal. The researchers have shown they can recover some information without raising the error rate above the previously acceptable level. I wrote about an earlier attack on quantum key distribution towards the end of last year.
  • More on those responsible for malware
    Earlier Brian Krebs had an article exploring the shallow end of the pool of online crime, an individual phisher responsible for an alarming number of attack sites. Today he discusses a Russian businessman whose reputation he has looked into before. Now, a Russian politico has spurred a government inquiry into the allegedly nefarious online criminal organizing and activity of “Redeye”, Pavel Vrublevsky.

Quick Security Alerts for Week Ending 3/21/2010

MS Security Chief Suggests Computer Security Tax

This ITworld piece details some of Scott Charney’s thoughts from the RSA conference. Scott is Microsoft Corporate Vice President for Trustworthy Computing.

He does a fair job of characterizing the issues, especially that non-secure PC’s aren’t just a burden to their owners. If they become part of a botnet, then they burden the network which shares the pain even with connected but uninfected systems.

Where his thought process goes astray is in considering a healthcare-like model. You know, because that is working extraordinarily well right now and hasn’t added its own burden of arguments and complications.

I don’t necessarily disagree with the idea of using social systems, including education and advocacy. But we have those already in the form of projects like StopBadWare.org. He seems to be saying that ISPs should take on these additional roles and that cost is the only barrier. Cost, unfortunately, is the least part of the equation. Neither market based solutions or another of his ill-consdired ideas, a new tax on computer users, is going to magically conjure up the expertise that either ISPs or other outfits need to pursue any number of viable schemes to reactively deal with malware.

Of course, here is another thought–how about Microsoft uses a bit of its hefty margin and/or cash in the bank to address the security issues that stem almost entirely from their own operating system?