Showing posts from April, 2004
Old Banks New Crime

April wasn’t a great month for the banks from a security perspective. Netcraft reports that attackers appeared to be actively scanning for Windows servers running Secure Sockets Layer (SSL) that remained unpatched against the Microsoft PCT (Private Communication Technology) security hole with the most active efforts apparently targeting Australian banks

Designed to support secure and spontaneous commercial transactions, PCT is similar to SSL in many ways. Like SSL, PCT operates on the transport level, making it independent of application protocols. PCT also incorporates RSA's asymmetric public/private key algorithm to authenticate both server and client, and is backward-compatible with SSL.

Ironically, claims that PCT corrects an earlier security hole in the design of SSL's handshake phase, a flaw through which potential attackers could gain access to session keys, which they could then use to authenticate a bogus client in a high-security e…
Censorship or Editing?

Curiously, Computer Weekly has removed a paragraph from my column on identity cards. The original, 'True Lies', can be found further below but you decide whether the next paragraph presents a problem or perhaps one is no longer allowed to report matters as one sees them.

"Of course and as one Sunday newspaper points out, when it comes to identity cards, technology runs second to the more important matter of political correctness and instead of a photograph, there will be an exemption for religious groups, who will only have to give fingerprint and iris-recognition data. So, no photograph then, a well-proven means of swiftly being able to tell if you happen to look like you and not Tom Jones and you’ll be able to point at the fingerprint on the card and say, “That’s me before I shaved off the beard and lost some weight”, conveniently ignoring a report published earlier this year in "New Scientist that claims that there is little scientific basis …
£2 billion and Still Only Less Than Half Way

English local authorities have so far spent £2 billion to reach less than halfway towards their overall plans for eGovernment, according to a new report by public sector business intelligence specialists eGov monitor.

Detailed analysis of eGovernment progress reports submitted by every English council has found that with a current stated budget of £1.2 bn now left to achieve Whitehall's current targets for e-enabling all services by 2005, a demanding workload still lies ahead for local government to complete. The challenging timescales that councils have set themselves for this complex task will require many crucial eGovernment projects to be pushed through at break-neck speed.

At this rate, the local eGovernment programme risks failure against its objectives unless Whitehall relaxes its centrally-driven e-targets enough to open up the way for councils to give greater attention to their local priorities.

The finding comes from eGov moni…
Both Serious and Organised

I’m off to an analyst-type meeting at Unisys tomorrow, so I was kind of interested in the news of their plans to set up a big centre in India and hire two thousand people.

You can be replaced you know. Well many of us feel that way today and look nervously at the newswires to see which company will be next in relocating its business as part of an enthusiastic Indian takeaway strategy.

I see that the site traffic has increased this month, so maybe visitors like the extra news snippets that I add each day. To be honest, these are as much for my own reference as anyone else’s, so you’ll find them a little eclectic in taste.

If you’re mildly interested in Serious & Organised Crime then the news is that I’ve applied for the role of chairman of SOCA, the new agency, “Britain’s FBI” according to the papers. History’s seen stranger choices, J. Edgar Hoover being one of them but I think I could do the job they have in mind, so we’ll see if the Home Office shares m…
Linux. Will it Replace Windows?

Linux on Your Desktop we chart the rise of the anti-Windows operating system and explain why you might--or might not--want to run it on your PC.

Tech Tuesday
Unisys to Set Up India Center, Hire 2,000 (AP) AP - Computer services and equipment company Unisys Corp. said Wednesday it has set up a software development and back-office center in India, with plans to hire 2,000 people and invest $180 million in five years. [via Yahoo! News - Technology]
Open-Source Backers Ready Longhorn Defense (Ziff Davis) Ziff Davis - Even though Longhorn is still two-plus years away, the open-source community can't afford to wait to build comparable technologies, advocates say. [via Yahoo! News - Technology]
Attackers Use SSL Exploit to Target Australian Banks Attackers appear to be actively scanning for Windows servers running Secure Sockets Layer (SSL) that remain unpatched against the PCT security hole announced by Microsoft, with the most active efforts targeting Australian banks, according to security providers. [via Netcraft]
Windows XP SP2: Early, Late or Right on Time? The educated "guesstimates" as to exactly when Microsoft will ship Windows XP Service Pack 2 are rolling in. [via Microsoft Watch from Mary Jo Foley]
MS rethinks security patch test scheme

Microsoft is having second thoughts about the idea of testing security patches with select users prior to their release.

At the Infosecurity Europe conference, the software giant said it was considering introducing an external testing programme to improve the quality of its security patches. [via The Register]
Clueless user: ditch the victim mentality
The solution is to have "effective, free, constantly updated security service requiring little or no user intervention" which would "fend off all kinds of threats and invasions of privacy, including viruses and spyware, without getting all tangled up in academic distinctions". Since Microsoft makes billions of dollars off of the victim user from its "court-certified" monopoly, and the Bush administration turns a blind eye to it, they owe us. [via The Register]
IT security to go offshore. MaybeInfosecurity Europe 2004 Nothing is sacred [via The Register]
Computer helps map ancient Rome Computer technology is helping piece together a fragmented stone map of ancient Rome. [via BBC News | Technology | UK Edition]
A Web of Electronic Denial No one downloads spyware, watches video clips or listens to music files at work, yet these items infest nearly every corporate computer. Perception meets fact in a new poll. [via Wired News]
Security is two-way street, vendors say As IT users, assailed with security threats such as viruses and hackers, increasingly look to vendors to help protect their systems, they may find the vendors staring right back at them. [via InfoWorld: Security]
Windows Desktop Market Share to Shrink to 58 Percent by 2007? IDC research is claiming that by 2007, Windows will constitute a much more modest 58 percent of the client-operating system market. [via Microsoft Watch from Mary Jo Foley]
Computer hacking costs billions Three-quarters of UK companies are hit by security breaches in their computer systems, according to a report. [via BBC News | Technology | UK Edition]
BT broadband to reach almost all The telecoms giant announces that by the middle of next year 99.6% of UK homes and businesses will be able to have broadband access. [via BBC News | News Front Page | UK Edition]
Father of the IPod The unacknowledged father of Apple's iPod is engineer Tony Fadell, who created the gadget as an independent contractor. Apple wants the story kept under wraps, but little by little, it's leaking out. Read more at Leander Kahney's Cult of Mac Blog. [via Wired News]
UK government works with telcos in a secret attempt to secure the internet from denial of service attacks

Telecoms companies and internet service providers worked with the UK government in a race to secure the net before news of a serious flaw that could allow hackers to disrupt global internet communications became public last week.

Fourteen communications providers including BT, mobile phone operators and top-tier ISPs worked for six weeks to secure networks in the UK and overseas as part of an international effort to protect the internet."

Computer Weekly
To Train or Not to Train Is there a dearth of skills in the United Kingdom or is there not? More particularly, is the field of Information Technology, especially the area of Software Development, lacking in the talents and skills? [via Impartial News Analysis]
Sun Sticks 'Proprietary' Label on Red Hat Linux According to Sun President Jonathan Schwartz, Red Hat's enterprise Linux offering is a proprietary fork of Linux. No surprise, Red Hat and even Linux founder Linus Torvalds see it differently. [via eWEEK Technology News]
Microsoft Office vs. OpenOffice Face-Off: The Winner Is? Although's OpenOffice desktop isn't for everyone, it may be just the ticket for small/midsize businesses unwilling or unable to pay Microsoft Office licensing fees, according to eWEEK Labs. [via Microsoft Watch from Mary Jo Foley]
'Laser vision' offers new insights A system that projects light beams directly onto the eye's retina could change the way we view the world.  [via BBC News | Technology | UK Edition]
Madrasas Slowly Warm to Computers Religious schools called madrasas have a reputation as incubators of Muslim militants. Fighting that image, many Pakistani madrasas have installed PCs, but most refuse to teach science or math. Manu Joseph reports from Lahore, Pakistan. [via Wired News]
The GPL And The Legal Challenge To It The GPL is, as far as I can see, the most innovative adjustment to copyright and IP contracts that has occurred for decades - maybe even centuries. [via - Strategy]
The GPL - A Simple Guide There is alot of controversy associated with the (Linux) GPL, so it makes sense to review the basic legal points involved - if for no other reason than to address the confusion caused by the SCO v IBM case  [via - Strategy]
Bundling Antivirus a Good Idea?
On Saturday, Seattle Post-Intelligencer published a story (here) about whether Microsoft would ever add antivirus protection to Windows.
The story, by reporter Todd Bishop, quotes Microsoft general counsel Brad Smith as saying Microsoft "to date" has made no decision about whether to include antivirus in future Windows versions. Apparently, Mr. Smith also expressed cautious approach, because of Microsoft's ongoing antitrust problems stemming from bundling Internet Explorer and Windows Media Player with the operating system.
"I have to say, it is a real cause for concern for us that 70 percent of consumer PCs do not have current antivirus protection," Mr. Bishop quoted Mr. Smith as saying.
I'm surprised by the 70-percent assertion. According to Jupiter Research surveys, about 73 percent of U.S. consumers say they have antivirus software on their primary PC. As explained in my report, "Windows Fragmentation: The Problem with …
Phishing scams cost UK banks £1m+ Brute force and ignorance [via The Register]
ID card £2,500 fine threat People who refuse to register for the government's planned ID card scheme could face a "civil financial penalty". [via BBC News | News Front Page | UK Edition]
Saudi School Exchanges?

Stand up any parents willing to send their children to a school exchange in Saudi Arabia. This must be a joke?

More than 30,000 primary and secondary schools in Britain are being sent posters and information on, a website designed to establish contact between schools in the two countries. Pupil exchanges will follow.

Times Online
True Lies

It’s all rather worthy of a satirical Bremner, Bird and Fortune sketch, last week’s news on identity cards that is. Lot’s of photo opportunities for Home Office Ministers to wave examples of the new cards around, supported by popular consent. 80% of those questioned by Mori, appear unworried by any civil liberties argument and overwhelmingly support the idea, convinced of course that identity cards, which will carry one’s name and age and date and will be linked to a national database which will contain information on criminal records, health details and social security information, offers solid and irrevocable proof of well, identity, whatever that might be?

The Home Secretary argues that his £3 billion scheme to introduce ID cards will help fight against organised crime, illegal immigration, terrorism, identity fraud and 'health tourism' but then nobody actually has to carry one but will have to produce a card within a limited period if asked by the police. This …
ID card plans due to be unveiled Draft legislation outlining plans for a national ID card scheme will be unveiled by the government today.  [via BBC News | News Front Page | UK Edition]
Reluctant Tiger

I’ve just been trying to start a reluctant Tiger Moth. This one was built in 1939 and has been around the block a few times, Angola, Rhodesia and of course the sea wall at Clacton, where it last crashed before it was rebuilt from its various component pieces. This one, I’m assured is the only one flying with an engine of its size in its current configuration. All the others have crashed at one time or another, which is reassuring and I’m sure concentrates the pilot’s mind wonderfully.

That said, she’s a beautiful old aircraft, even if she doesn’t want to start. Of course, installing and electric starter like that in the replica Stampe which is now almost finished would be cheating. After all, they didn’t have electric starters in 1939, so you simply have to hang on to the propeller and keep pulling until the engine explodes into life or simply continues to sulk like a spoiled and temperamental old lady.

The Stampe – a cousin of the Tiger Moth – is almost ready for its m…
'Bin Laden Captured' E-mail Downloads Trojan A new e-mail attack bearing the subject "Osama Bin Laden Captured" downloads a trojan onto the computers of recipients who click on a link promising additional details, according to antivirus vendor Panda Software. [via Netcraft]
US defends cybercrime treaty Your secrets are safe with us  [via The Register]
Online pirates revealed as robbers, not Robin Hoods

They are among the most sophisticated criminal syndicates on the planet, trading in a commodity worth hundreds of millions of pounds, and yet most of the members have never met one another. Operating under such names as WLW, Razor911 and ShadowRealm, they are part of the highly secretive 'warez scene' - an online community of hi-tech criminals responsible for pirating 90 per cent of the world's music, computer software and DVD movies.

The Observer
Muslim women exempt from ID card photos

Thousands of Muslim women will be exempted from having to show their faces on identity cards as the Government moves to allay fears among British Muslims that the new cards will be used to target them in the 'war on terror'.

The Observer | Politics |
Losta Costa

You might think you were on the Costa del Sol, here on the North Kent coast this morning. The weather is stunning and the sea, visible through a gap between the two buildings in front of me, is as smooth as glass.

Today, I’m helping a friend drag a banner around Northampton, so we’ll leave around lunchtime and fly low-level, over the Thames Estuary towards Southend before tracking in the direction of the gap between Luton and Stansted, to keep out of the way of the larger aircraft.

I started this morning with an Atkins breakfast at Beano’s café which should last me until this evening. As a means of losing weight it seems to work with five kilos gone in the last week with some hard exercise on top. The next five seem to be a little tougher and perhaps I’m asking too much of myself, now pushing fifty, trying to get down to what used to be my peak fitness weight when I tried ‘Running the Sahara’ in 98.

The courts, I see have released an Algerian allegedly suspected of terroris…
Clear Commerce And The Battle Against Cyber Fraud Cyber crime spawns technology battles. There are battles between virus writers and anti-virus vendors, between digital intruders and intrusion detection technology and between spammers and spam filtering technology. [via Impartial News Analysis]
TCP catastrophe? Last week's announcement hit the security community like a love tap from a sumo wrestler. Nearly every router on the Internet, even those only distantly connected, was vulnerable to a potential exploit that could shut down whole sections of a network and maybe even the Internet itself. Worse, the vulnerability was something so basic -- the design of TCP itself -- that the problem touches everyone. (You can find a detailed, very technical description at Cisco.) [via InfoWorld: Security]
E-mail scams cost banks £1m E-mail scams have so far cost UK banks more than £1m and there is concern the bill could rise . [via BBC News | News Front Page | UK Edition]
Microsoft Q3 FY2004 Highlights
Yesterday afternoon, Microsoft announced results for its fiscal 2004 third quarter, which ended March 31, 2004. The company reported quarterly revenues of $9.18 billion, up 17 percent year over year. Operating income was $1.28 billion.
Three of Microsoft?s seven business divisions--Client, Information Worker and MSN--posted operating profits. In the previous quarter five divisions, including MSN, lost money. This is the second consecutive quarter Microsoft?s server division posted losses.
In January, Microsoft had projected revenue between $8.6 billion and $8.7 billion and operating income between $3 billion and $3.1 billion, which includes $750 million in employee stock compensation. Earnings-per-share estimate was 23 cents to 24 cents, including stock compensation of 5 cents.
Not surprisingly, Microsoft set aside $1.89 billion (after-tax amount) for its settlement with Sun and European Union fine. I blogged about Microsoft?s ongoing settlement strategy her…
Desperately seeking Web Search 2.0 It has been claimed that Google employs 100,000 computers for its search platform - making it the biggest and highest-profile Linux deployment in the world. But its store of 4 billion pages is only 20 times the current number on the upstart search engine Gigablast, which runs on just eight servers. [via Netcraft]
What if Google Morphed Into GoogleOS? What if Google expanded on its search-engine (and now e-mail) wares into a full-fledged operating system? [via Microsoft Watch from Mary Jo Foley]
Microsoft's Spyware Primer
Yesterday I learned that on Friday Microsoft posted a primer on spyware (here). Coincidentally, the same day I posted a blog recommending that Microsoft treat spyware more seriously in Windows XP Service Pack 2. The spyware primer is a great start. Microsoft provides clear information on what is spyware, what kind of strange behavior might indicate spyware installation and links to tools for removing the software.
I'd like to see better spyware sniffer support in Windows XP. Maybe Microsoft's treating spyware more seriously foreshadows changes to come.[via Microsoft Monitor]
Interview: The changing politics of grid Grid computing is a noteworthy topic, particularly this week, with formation of the Enterprise Grid Alliance by Oracle, Hewlett-Packard, Sun Microsystems, and others. [via InfoWorld: Top News]
E-commerce Firm 2Checkout Reports DDoS Extortion Attack E-commerce firm 2Checkout, which processes credit card payments for online merchants, says it has been hit with a distributed denial of service ((DDoS) attack after it rebuffed an extortion attempt. [via Netcraft]
Secret Repairs Preceded TCP Flaw Release Only the math had changed. But the emergence of a workable exploit for an old TCP security hole prompted a secret initiative to fix the Internet, giving network operators a week to secure vulnerable routers. [via Netcraft]
More Than 400 Phishing Attacks in March Phishing attacks jumped 43 percent in March with 402 unique scams, according to monthly data from the Anti-Phishing Working Group. The total again marked a new record, easily topping February's 282 attacks. Activity increased throughout the March, peaking with 94 attacks in the final four days of the month - nearly 24 campaigns per day. [via Netcraft]
The Spooky Weirdness Of Quantum Computing People have been talking about quantum computing for a while now, and from this article it sounds like an important advancement has been made (and it's even explained in a way that's not all that difficult to understand). Still, it sounds like we're very far away from any sort of useful quantum computing application. [via Techdirt]
IT voices drowned in corporate governance rush Ignore the techies at your peril [via The Register]
Hackable bug found in net's heart A serious security vulnerabilty has been found in one of the net's core components. [via BBC News | Technology | UK Edition]
Inside the Magic Kingdom

I'm guessing that this weblog is banned in Saudi Arabia. Apparently authored by an English speaking Saudi, like Salem Pax's 'Baghdad Blog' before him it presents a unique, controversial and uncensored view of life in the Kingdom.

"In Memory of the lives of 15 Makkah Schoolgirls, lost when their school burnt down on Monday, 11th March, 2002. The Religious Police would not allow them to leave the building, nor allow the Firemen to enter."

The author's view of the Internet is equally interesting.

"All the Saudi ISP's connect to a massive bank of servers run by KACST, the King AbdulAziz City for Science and Technology. They can therefore screen everything that goes in or out, and stop the "wicked" sites from being seen. Try and go to a porno site, and a big ugly screen will pop up, telling you that access has been prohibited. As technology goes, it's not bad. However it will often block innocuous sites. I was on…
It’s That Time Again.

A large balloon hangs over West London, pointing the way to this year’s Infosec Show and with it the hanging promise or perhaps more accurately, the faint hope of better information security in 2004 than was available a year earlier.

Last year, when I wrote a long and detailed eGov monitor and Computer Weekly sponsored ‘Special Report’ on information security to coincide with the Infosec show, I was reminded of the final scene of Monty Python’s ‘Life of Brian’, and the chorus singing, “Always look on the bright side of life”. After all and like the movie, it was a year of few choices, “Crucifixion or stoning”? Blaster or Sobig and sadly, a great deal more besides.

This year doesn’t promise to be any better in the information security space and the industry appears almost frantic in its search for new ideas and new technologies to plug the gaps which continue to appear, week in and week out.

In the last six months, Microsoft’s constant patching process has improved…
Billions wasted due to IT skills deficit Not enough professionalism either.

The report reckons that the UK public sector has spent an estimated £12.4bn on software in the last year, while the overall UK spend on IT is projected to be an eye-watering £22.6bn - [via The Register]
Companies becoming more complacent about security I wrote recently about the internal threats facing organisations - citing a survey by the FBI and CSI that concluded that insider abuse of network access was the most common security threat faced by companies. [via - Information Security]
Electronic Data misuse in UK Government departments: a significant problem? Electronic data misuse is fact of life in both Public and Commercial Enterprises, in spite of the operational processes and procedures to prevent and to detect it. [via Impartial News Analysis]
Microsoft executives face questions on XP SP2 Executives from Microsoft Corp.'s security group demonstrated some of the new security features planned for the next major Windows XP software update, known as Service Pack 2, and faced persistent questions Tuesday from customers about whether the new features will interfere with other security technology. [via InfoWorld: Top News]
Fundamental Internet Flaw Revealed Well, there's a flurry of news article being rushed online today as news comes out about a "fundamental flaw" with TCP that could allow hackers to basically screw up routers all over the world, severely impacting internet traffic. The flaw was discovered a few months back, and people have apparently been working on a fix, but the article isn't entirely clear on whether or not important routers have really been patched, or if it's still being worked on. Either way, the guy who discovered the flaw is set to make a presentation about it on Thursday, after which he believes just about any smart hacker should be able to exploit it and do their best to take down the internet. The news is still pretty vague otherwise about this threat, and I'm always a little skeptical about "this will bring down the internet!" style claims, so if anyone has more info about how serious (or not) this is, feel free to share. Update: As note…
One third of email now spam Cost to business measured in millions [via The Register]
Hackers: Under The Hood - Interviews with leading members of the hacker community/
ID card technology under scrutiny UK MPs are to hear from firms specializing in ID cards, following government approval. [via BBC News | Technology | UK Edition]
The problems with Instant Messaging According to filtering technology firm Secure Control, around 40% of employees at UK companies use instant messaging systems whilst in the office. [via Impartial News Analysis]
CIOs Focus on Internet, Web Services (NewsFactor) NewsFactor - Implementing Web services and coping with the continuing impact of the Internet are top priorities for I.T. leaders in many organizations. [via Yahoo! News - Technology]
Exploit Targets Windows SSL Vulnerability Working exploits have been released for a Windows SSL vulnerability which leaves servers open to denial of service (DoS) attacks. Code for the exploit, known as SSL Bomb, was released last Wednesday, just a day after the vulnerability was described in Microsoft's recent security updates.
[via Netcraft]
Will Forthcoming Exploits Target New Windows Holes? Rumors are swirling about possible "super exploits" that could target several of the Windows vulnerabilities unveiled by Microsoft last week. [via Microsoft Watch from Mary Jo Foley]
Symantec Merges Security With Server and Storage Management Symantec uniting security, server, storage management. [via eWEEK Technology News]
NetScreen Unveils Firewall, VPN App NetScreen Technologies has introduced its ISG 2000, a multifunction security appliance based on the company's latest ASIC.
[via eWEEK Technology News]
IT Role Cited in Blackout The worst electric power failure in U.S. history could have been avoided in part through better business continuity planning and IT management.
[via eWEEK Technology News]
Cyber-Security Chief Voices Concerns About Software Quality Amit Yoran, director of the National Cyber Security Division at the Department of Homeland Security, urges software vendors to devise better ways to examine code for flaws before it is released. [via eWEEK Technology News]
Only Danes more 'e-ready' than UK

The UK has the world's second most favourable environment for technology, bettered only by that of Denmark, a survey has shown.

The fifth annual "e-readiness" survey from IBM's Institute for Business Value and the Economist's Intelligence Unit looks at technology infrastructure, business use of technology, support services and use of ecommerce by business and consumers, broadband access and mobile use to rank countries most favourable for e-business

The Register
Aerial Photography

Young Charlotte and I have decided that her photo results from the aircraft are so good that she’s going to try her first steps at aerial photography to earn pocket money. So if you want your house photographed from the air, anywhere in the North Kent triangle between Dover, North Foreland and Whitstable, let us know. Going rate is £25.00 to cover her fuel costs and only if 100% satisfied by the results.

Cathedrals photographed at no extra price.

You’ve Got Mail – At A Price

Let me tell you a story.

It starts with an eGov monitor report that “The National Programme for NHS IT (NPfIT) is re-tendering for a national email and directory service for 1.2 million staff after deciding to terminate a £91 million contract with EDS last month”.

In a tender notice issued on 3 April, the Department of Health said the existing service was to be withdrawn, with a new service provider being sought "urgently" to provide continuity. The tender's estimated value is between £50m to £90m, which when compared to the contract for the current service, awarded to EDS by the NHS Information Authority in October 2002, and would indicate scope for significant saving in cost.

Reading this, I was struck by an overwhelming sense of Déjà vu because, you may remember from Computer Weekly and even The Guardian from November 8th 2002, that I’ve written about this fiasco once before. Wondering how on earth government could justify spending £91 mill…
Zen & Confucius in the Art of Swordsmanship

Outside, winter has returned with a lashing gale and I've pulled from my bookcase, a twenty year old copy of 'The Tengu-geijutsu-ron of Chozan Shissai', his 17th century treatise on the interpretation and art of Japanese swordsmanship. Together with Yamamoto Tsunetomo's 'Hagakure' and of course, Miyamoto Musashi's 'Book of Five Rings', this book represents one of the principal philosophical works on kenjutsu and its objective of technical self mastery, "The four fundamental virtues of swordsmanship"; of being "Motionless in motion".

Meanwhile, Hollywood gives us the vengeance-loaded 'Kill Bill' and Tom Cruise in 'The Last Samurai" and generally misses the point in sweeping, wide screen dramatisation which goes down well with popcorn in the cinemas. It's good to know that in the 21st century, anything profound, religious or faintly spritual, can be reduced into a …
This Ain't Woody Allen's Orb Proponents of ubiquitous computing hope to build computers into objects that fit naturally into daily life. One application is the Orb, a large glowing egg that tracks trends in a variety of subjects and transmits the information visually. [via Wired News]
InfoWorld: Can e-mail be saved? Paul Boutin. Instead of tinkering with ever more complex anti-spam filters and gateways, it's time to rethink the way e-mail works in the enterprise. With that in mind, we rounded up a half dozen successful software entrepreneurs -- plus one unrepentant spammer -- and asked them how they would change the system to remove mass-marketers' incentives to flood your workplace with ads. [via Tomalak's Realm]
Passport control and Iraq
This from Michael Moore's latest missive:
The funniest story my guys tell me is how when they fly into Baghdad, they don't have to show a passport or go through immigration. Why not? Because they have not traveled from a foreign country -- they're coming from America TO America, a place that is ours, a new American territory called Iraq.[via funferal]
Supercomputer hacks highlight ed security challenge The recent intrusions on supercomputers at leading U.S. research universities highlight a growing problem: struggling to maintain academic openness while protecting staff and students from Internet-borne viruses and malicious hackers. [via InfoWorld: Security]
Security report’s good start When the National Cyber Security Summit (NCSS) Corporate Governance task force released its much anticipated report a few days ago, it focused on five recommendations. The recommendations were very good, and every enterprise with an IT department should implement them immediately. These five recommendations would have all companies make information security an integral part of their corporate governance process. [via InfoWorld: Security]
Microsoft goes Opensource The Windows Installer XML toolset released last week became the first project from Microsoft to be released under an OSS approved license, the Common Public License. [via Netcraft]
Phishing Trojan Grabs Browser Screen Shots A phishing trojan discovered last week captures screen shots of browser activity when an infected machine visits a banking site, adding an imaging capability to the malware's keylogging function. The trojan has apparently found a way to defeat one of the banking industry's more secure login systems. [via Netcraft]
Renewed warnings over 'phishing' E-mail fraud from customer bank accounts has rocketed. [via BBC News | Technology | UK Edition]
Trek communicator ready to go A US firm has invented a wireless communicator just like the ones used in the Star Trek. [via BBC News | Technology | UK Edition]
'Net ninjas' take on web censorship A small group of 'hacktivists' in Toronto are looking at ways of bypassing government controls on the internet. [via BBC News | Technology | UK Edition]
Firms become digital detectives Growing abuse of net access is forcing firms to get familiar with data forensics. [via BBC News | Technology | UK Edition]
Tilting at Maypole

I notice that the road through the village of Hoath has sprouted a couple more fluorescent orange posters protesting against "Commercial Development of Maypole Airfield".

It's probably time that the airfield owner fought back with equally colourful arguments with headlines such as "Completely Daft" or "Absolute Rubbish". In fact, he's put a poster up outside his own home protesting against the planned development of his own airstrip, which illustrates how ridiculous this campaign against the non-existent along Hoath's high street is.

You might think that people would have more sense and might even want to find out what's true and what's not? In this case however, they appear quite happy to tilt at windmills, like the celebrated and mildly insane Spanish knight, Don Quixote.

Seems rather silly behaviour from adults from where I sit.

EarthLink finds rampant spyware, trojans Internet service provider EarthLink and Webroot Software released a report on Thursday that said an average of almost 28 spyware programs are running on each computer. More serious, Trojan horse or system monitoring programs were found on more than 30 percent of all systems scanned, raising fears of identity theft. [via InfoWorld: Security]
What a day today My day today starts with trying to take some money out of an ATM and finding I was £10,000 overdrawn (yes, 10 thousand) - surely that couldn't be me (I have no o/d limit). Someone's taken thousands of pounds out of my bank account [via e-Government @large]
Too Much Demand for Too Few Patching ServersFrom Microsoft Watch: It sounded like a good idea: Instead of dribbling out a fix here and a patch there, release all your security fixes once a month, in a few, fairly easily digestible bundles. But with more and more Microsoft customers hitting the company's Windows Update site on the second Tuesday of each month (right after Microsoft releases its latest collection of fixes), bottlenecks are becoming the order of the day. [via Microsoft Watch from Mary Jo Foley]
Longhorn: The First Cut Is the Deepest? Microsoft blogger Jeremy Mazner has more on last week's stories on how Microsoft is fine-tuning Longhorn to try to get it out the door. [via Microsoft Watch from Mary Jo Foley]
All About Me

With national identity cards only a matter of time, I’m confused and not really certain who I am anymore, so perhaps the arrival of a piece of plastic displaying my photo and thumb-print will clear up any doubt that I am, after all who I think I am and not who the Government thinks I am?

In the IT industry, we very much think of identity in terms of authentication and authorisation. Are you acting as an individual or as an employee of someone else? Are you a citizen of the UK or are you a member of a specific group or organisation?

Once this has been established in a rather arbitrary manner, then we need to be authorized, as in holding a driving license or having the right to enter certain buildings, access systems and networks and sign or authorize documents, payments, tax returns and all the other pieces of red tape that define modern existence.

Increasingly then, identity management is used to streamline and eliminate business processes and is integrating the individual…
Attacks at universities raise security concerns Malicious hackers in recent weeks have infiltrated computer systems at universities in the U.S. and worldwide, leading to questions about the security of scientific research data, according to an official at the U.S. National Science Foundation. [via InfoWorld: Security]
Yes, But When Can I Switch Off From Work? Welcome to the modern "always on, always connected" work world. It's gotten to the point where Microsoft discovered, after handing out smart phones, tablet PCs and broadband connections to employees that they needed to give their employees special instructions on how to turn off work. This isn't a new problem, and it's certainly been discussed before. While some people can handle the work/life balance without a problem - it's not so easy for everyone else. Even for those who can switch off, it's made more difficult by their colleagues who can't - and who contact them at odd hours with work requests. This is going to become a bigger issue for modern companies to deal with. There are, obviously, some advantages, but people need to learn their limits. [via Techdirt]
Who says biology need be destiny? Sana Security founder Steven Hofmeyr says parallels between computer security and human immunology threaten to take the industry down paths that may prove to be dead ends. [via CNET]
When Fewer Security Alerts are More
Yesterday, Microsoft issued four security alerts that extend a strategy adopted about a year ago that I assume is designed to diminish the apparent number of vulnerabilities. Microsoft started consolidating related, multiple security vulnerabilities into single bulletins, rather than issuing separate warnings.
The four new alerts--three of which rank highest rating of "critical"--consolidate a hefty number of vulnerabilities into a much smaller number of alerts. Critical alert MS04-011 covers 11 separate vulnerabilities, while MS04-012 adds another four. That works out to 15 separate vulnerabilities, but only two alerts issued.
I view the consolidation tactic as part of what I call Microsoft's "security by PR," meaning public relations, strategy. Certainly, Microsoft should be commended for warning customers of vulnerabilities and issuing the appropriate patches. But, I don't think customers' best interests, or even Mic…
Microsoft SSL Vulnerability gives attackers opportunity to gain control of leading banking sites Microsoft has issued a fix for a security hole that has exposed tens of thousands of SSL servers to potential compromise. The bug, a buffer overflow in Microsoft's Secure Sockets Layer (SSL) library, enables remote attackers to gain control of Windows 2000 and Windows NT4 servers handling banking and e-commerce transactions. [via Netcraft]
Windows Update struggling to remain available Microsoft's Windows Update web site has been experiencing slow response times in the wake of yesterday's release of critical security updates. In some cases it is possible to successfully download and install updates, with failed requests and response times in excess of ten seconds commonplace. [via Netcraft]
Microsoft Extends MS Java's Shelf Life Microsoft gives its Java virtual machine technology a three-year reprieve in the wake of its antitrust settlement with Sun Microsystems. But don't expect any new MSJVM enhancements. [via eWEEK Technology News]
419 Scams As A Way Of Keeping Up On Current Events I'm beginning to think that it could be an interesting subject to study what cultural/national situations are referenced by 419 "advance fee" scam emails. While the most common such email comes from Nigeria, they've adjusted over time to pick up on other countries such as Iraq and Afghanistan. Now, they're trying to pick up on events, like the Olympics. They all look pretty much the same, though - and if your pattern matching ability is so weak that you can't realize this is the exact same scam you've got other problems. Still, some people continue to fall for such scams on a regular basis. [via Techdirt]
The Internet As The Fifth Estate? The Internet is changing the face of democracy in ways we can't even completely fathom yet. It is allowing citizens to interact in complex ways, bypassing or at least checking a whole host of middlemen. Perhaps we ought to start calling it the Fifth Estate [via Techdirt]
Terrorism and high technologies

Last week French police managed to arrest a certain Mustafa Baachi, high tech expert of Al-Qaeda who allegedly committed numerous e-frauds and organized of assaults on French financial institutions. His brother Hassan helped him, having been working as a guard in a bank.

Representatives of Spanish and French special services think that data received from these arrested Al-Qaeda members will allow to disclose schemes of Al-Qaeda units' collaboration in the whole Europe and to cut off many sources of their financing.

Terrorism and high technologies
E-mail provider tries message fingerprinting to unveil protection service that can stop bounced e-mail messages [via InfoWorld: Security]
Security Business Unit to Get More Fire Power Microsoft's security business and technology unit (SBTU) is poised to add a couple more big names to its player roster: Rich Kaplan and Gordon Mangione. [via Microsoft Watch from Mary Jo Foley]
Cyberterrorism or Cyberhype?

This month, I’ve been asked to research any potential or actual convergence between cybercrime and terrorism. Just back from a short tour of the Middle East, I don’t see any immediate evidence of one touching upon the other but in the coming weeks, I’ll be knocking on the doors of friends at the different law-enforcement and intelligence agencies in a bid to find out.

Georgetown University Professor, Dorothy Denning pointed out as far back as 1999 that the Internet presented a tool for influencing foreign policy. She commented, “What can be said is that the threat of cyberterrorism, combined with hacking threats in general, is influencing policy decisions related to cyberdefense at both a national and international level”

Asking “Who are the cyber terrorists”, Dr. Mudawi Mukhtar Elmusharaf of the computer crime research centre writes, “

“From American point of view the most dangerous terrorist group is Al-Qaeda”. The evidence indicates that the group has sc…
Use Superglue Says the Doctor

I’m waiting for the superglue on my thumb to set.

One of the dangers of practising Iaido with a ‘Shinken’, a live blade, is that a moment’s inattention is punished. In this case, my wandering thumb was caught on the draw and in a millisecond, was neatly sliced.

Run inside and look for the tube of superglue, which is quickly pressed along the cut to close it and stop the bleeding. It works too. Every house should have superglue in its first aid kit and one day, you’ll thank me for this little tip.

Once I’ve finished writing this I should be able to carry on where I left off. My thumb looks messy under a hard shell of superglue but it’s done the trick.

This morning Charlotte and I took advantage of the glorious Easter weather to visit Headcorn airfield for breakfast and to watch the skydiving. On the way home, she took some nice aerial shots of Canterbury Cathedral, which aren’t bad for a nine year old.

Outside then and see what other digits I can cut off. T…
Chocolate Free Zone

A perfect Easter Sunday from a weather perspective. Kuwait now seems a very long way away, a week that came and went in the blink of an eye.

Simon Moores with Gartner's John Nammour

Time for a little relaxation but no chocolate Eggs as I’ve decided that I’d best start a diet before rather than after Easter as a damage limitation exercise. I’ve been working too hard and not exercising enough this year. Time to explore the wonders of the Dr Atkins diet while my suits still fit.

Ballmer: Everyone has stake in cybersecurity Microsoft CEO says we need to 'anticipate and act against' cyber crimes [via InfoWorld: Security]