June 30, 2005 - Psychology and Organized Crime
by Jeff Moss
Sometimes we're so stuck on the screen that we forget to look beyond it. Mudge and Geers are here to remind us of the security angles we seldom explore, but that have an effect on what we do daily. On today's page we keep in mind economics, psychology, and the Russian mob when thinking about security.
The Security Disconnect
by Mudge posted June 30, 2005
In all of my years engaged in computer and network security, from the L0pht, @Stake, BBN, and the government - there has always seemed to be a disconnect between the attack, defense, research, and commercial worlds. While my talk does not pretend to be THE answer, it offers several novel ways to approach attacks, defense, and other fields. Culled from my work regarding Intelligence Communities, Economics principles, physics, and human nature the talk can be used for both offensive and/or defensive purposes (just like L0phtCrack, AntiSniff, etc.). It is not my position to presume who or what is good or bad, but instead to hopefully offer new and novel ways of engaging in information security (or the lack thereof).
From Russia With Love
by Kenneth Geers posted June 30, 2005
Oh shit. Another email from Citibank San Francisco! I have never been to San Francisco. I open the email header to check the IP address, and it again resolves to Moscow, Russia. Enough is enough. This time I will track Boris and Natasha down. I don't know Russian, but that's not a problem. I boldly log on to one of the most informative Russian hacker sites, go to the forum, open a second window, and translate my questions and answers in real-time. I feel like I could beat Garry Kasparov at chess right now. Preliminary research done. Now I have some decent information to compare my problem set against. OK, here we go. Number one on my list of questions for Russian law enforcement, cut and paste:
Response received, and double-secret Russian encryption broken. Anna Kournikova, I will soon have your e-mail address (Paris Hilton's was too easy). Now I have all the information I need in order to rat on at least this one group. Soon, I will script this, and flood Russia with abuse complaints. OK, my log entry and notes are in the right format, and it's ready to send. Linguistically, culturally, and politically lamer hackers could never have pulled this off. Pass the vodka.
Above the Law
A popular issue for the world's top security researchers is the unique relationship between security practices and their legal implications. Every aspect of today's security involves some form of legality. The justice system has allowed governments to enforce encryption bans, corporations to file mass lawsuits for identity thefts, and the U.S. Congress to debate the need for federal preemption. Jennifer Granick and Robert Clark continuously offer fresh perspectives on the ever changing legal landscape. This Black Page is dedicated to why I miss crime... read more
Smile, You're on P2P
If you've logged on to your favorite file sharing peer-to-peer network recently there is a good chance a node is waiting to log your every download. Securing and providing anonymity on p2p systems is a critical step in protecting the free flow of digital information. Luckily, Ian Clarke and Oskar Sandberg are the kind of guys that can pull something like this off. On today's page, Ian takes a look on how to keep peer-to-peer networks dark, searchable, secure and efficient. Whether it is Freenet or their work on the free music-sharing client, Indy, Ian and Oskar have the lockdown on p2p. Word... read more
The Black Page is always looking for concise and interesting comments from researchers and experts about issues that affect the security community. Contact us here to learn more about submission rules