June 30, 2005 - Psychology and Organized Crime
by Jeff Moss
Sometimes
we're so stuck on the screen that we forget to look
beyond it. Mudge
and Geers
are here to remind us of the security angles we seldom
explore, but that have an effect on what we do daily.
On today's page we keep in mind economics, psychology,
and the Russian mob when thinking about security.
The Security Disconnect
by Mudge posted June 30, 2005
In
all of my years engaged in computer and network
security, from the L0pht, @Stake, BBN,
and the
government - there has always seemed to be a disconnect
between the attack, defense, research, and commercial
worlds. While my
talk does not pretend to be THE answer, it offers
several novel ways to approach attacks, defense, and
other fields. Culled from my work regarding Intelligence
Communities, Economics principles, physics, and human
nature the talk can be used for both offensive and/or
defensive purposes (just like L0phtCrack,
AntiSniff,
etc.). It is not my position to presume who or what
is good or bad, but instead to hopefully offer new
and novel ways of engaging in information security
(or the lack thereof).
cheers,
mudge
From Russia With Love
by Kenneth Geers posted June 30, 2005
Oh shit. Another email from Citibank San Francisco!
I have never been to San Francisco. I open the email
header to check the IP address, and it again resolves
to Moscow, Russia. Enough is enough. This time I
will track Boris and Natasha down. I don't know
Russian, but that's not a problem. I boldly log on
to one of the most informative Russian hacker sites,
go to the forum, open a second window, and translate
my questions and answers in real-time. I feel like
I could beat Garry
Kasparov at chess right now. Preliminary research
done. Now I have some decent information to compare
my problem set against. OK, here we go. Number one
on my list of questions for Russian
law enforcement, cut and paste:
Response received, and double-secret Russian encryption
broken. Anna Kournikova, I will soon have your e-mail
address (Paris Hilton's
was too easy). Now I have all the information I need
in order to rat on at least this one group. Soon,
I will script this, and flood Russia with abuse complaints.
OK, my log entry and notes are in the right format,
and it's ready to send. Linguistically, culturally,
and politically lamer hackers could never have pulled
this off. Pass
the vodka.
Above the Law
A popular issue for the world's top security researchers is the unique relationship between security practices and their legal implications. Every aspect of today's security involves some form of legality. The justice system has allowed governments to enforce encryption bans, corporations to file mass lawsuits for identity thefts, and the U.S. Congress to debate the need for federal preemption. Jennifer Granick and Robert Clark continuously offer fresh perspectives on the ever changing legal landscape. This Black Page is dedicated to why I miss crime... read more
Smile, You're on P2P
If you've logged on to your favorite file sharing peer-to-peer network recently there is a good chance a node is waiting to log your every download. Securing and providing anonymity on p2p systems is a critical step in protecting the free flow of digital information. Luckily, Ian Clarke and Oskar Sandberg are the kind of guys that can pull something like this off. On today's page, Ian takes a look on how to keep peer-to-peer networks dark, searchable, secure and efficient. Whether it is Freenet or their work on the free music-sharing client, Indy, Ian and Oskar have the lockdown on p2p. Word... read more
The Black Page is always looking for concise and interesting comments from researchers and experts about issues that affect the security community. Contact us here to learn more about submission rules