Liudvikas Bukys

At Rose-Hulman Institute of Technology:

Earlier this week, a hacker infiltrated the website of a company in France, defacing the site and using it to send vulgar emails. The hacker was not a Rose-Hulman student. But through a router maintained by a Rose-Hulman student, the hacker was able to do this anonymously.

The student, senior computer science major David Yip, was maintaining a router on his computer called a Tor onion router.

There are many ways to describe this activity: exercise of freedom, negligence, lack of due diligence, accomplice or accessory to crime. Is it a social contribution or an anti-social practice? Drawing the lines is very difficult (as legislators trying to ban open access points will discover).
One example of how universities do tend to have a stricter social compact than, say, ISPs.

[via Justin Mason]

While discussing the current venture capital situation, Paul Graham points out

An experienced CFO I know said flatly: “I would not want to be CFO of a public company now.”

and

This law was created to prevent future Enrons, not to destroy the IPO market. Since the IPO market was practically dead when it passed, few saw what bad effects it would have. But now that technology has recovered from the last bust, we can see clearly what a bottleneck Sarbanes-Oxley has become.

As always, read the whole thing.

Kumar, Paxson, Weaver: “Outwitting the Witty Worm: Exploiting Underlying Structure for Detailed Reconstruction of an Internet Scale Event” is a brilliant forensic analysis. Their overview:

Many Internet worms use pseudo-random numbers to scan the IP address-space. In this project, we reverse engineered the state of the pseudo-random number generator (pRNG) which the Witty worm used to generate packets. By combining our knowledge of Witty’s code with the pRNG state, we performed a detailed recreation of the worm’s spread. We were able to discover several characteristics of the infected systems, including their uptime, network access bandwidth, and number of disks. Additionally, we were able to find specific details about the worm author’s deliberate targeting of a US Military base, and determine the identity of Patient 0, the system used to launch the worm.

and there’s interesting followon discussion at SecurityFocus.

My personal log of “this could be you” security examples
here
wasn’t ever exhaustive, and tended to be university-centric.
For those looking for a thorough view, these look like good places to keep an eye on:

• Adam Shostack’s
  breaches blog
• the Privacy Rights Clearinghouse
  chronology

At some point, the frequency will overwhelm the reporters, the readers’ eyes may glaze over, data will be available but more aggregated. Right now the California SB1798 requirement plus the high public scrutiny seem to be causing improvement in de facto standards for reporting. That will level off as companies and institutions test what they can get away with.

myNetWatchman’s SecCheck is a handy tool available as ActiveX or DOS executable. It dumps out a bunch of configuration detail from your system:

• Currently active processes
• Defined services
• Startup folder items
• Startup Registry Key contents
• Applications listening for inbound connections
• Applications with active network communications
• Active Browser Helper objects (BHOs)
• Installed ActiveX controls
• Module dump (DLLs) for all active applications

If you don’t mind trusting the executable content from myNetWatchman, it’s faster and easier than downloading a bunch of separate tools (fport, etc) to do the same thing.

As a former university information security officer I take particular interest in these things (this could be you):
Hacker compromises data at George Mason University – Computerworld:

The names, photos and Social Security numbers of more than 32,000 students and staff at George Mason University in Fairfax, Va., have been compromised as the result of a hacker attack against the university’s main ID server.
The attack was discovered during a routine review of system files and prompted the school to disconnect the compromised server from the network, according to an e-mail sent to members of the university community yesterday by Joy Hughes, the school’s vice president for information technology.

Via Roland Piquepaille’s Technology Trends: iPod Imaging:

… several thousands of doctors are using the free OsiriX software to manage their medical images on their iPods and Macintoshes …

It’s an interesting route-around of the usual IT solutions (which offer not enough space and are less convenient). My cursory inspection of all the linked-to articles and software documentation shows zero discussion of privacy, security, and HIPAA — yet. Is sending a medical image via iChat secure enough?

Two hoary protocols get even more final nails driven into them:

• George Ou (ZDNet): PPTP VPN authentication protocol proven very susceptible to attack; LEAP and WPA are weak too.
  [via Wi-Fi Networking News]

• Michael Ossmann (SecurityFocus): WEP: Dead Again
  [via Wi-Fi Networking News]

Government Uses Color Laser Printer Technology to Track Documents:

Next time you make a printout from your color laser printer, shine an LED flashlight beam on it and examine it closely with a magnifying glass. You might be able to see the small, scattered yellow dots printer there that could be used to trace the document back to you.

According to experts, several printer companies quietly encode the serial number and the manufacturing code of their color laser printers and color copiers on every document those machines produce. Governments, including the United States, already use the hidden markings to track counterfeiters.

Peter Crean, a senior research fellow at Xerox, says his company’s laser printers, copiers and multifunction workstations, such as its WorkCentre Pro series, put the “serial number of each machine coded in little yellow dots” in every printout. The millimeter-sized dots appear about every inch on a page, nestled within the printed words and margins.

“It’s a trail back to you, like a license plate,” Crean says.

[via Alex Pang]

[see also Ed Felten]

Via Stanford Center for Internet and Society:

Magistrate Judge Arlander Keys rejected Polska’s assertion of hearsay, holding that the archived copies were not themselves statements susceptible to hearsay exclusion, since they merely showed what Polska had previously posted on its site. He also noted that, since Polska was seeking to suppress evidence of its own previous statements, the snapshots would not be barred even if they were hearsay. Over Polska’s objection, Judge Keys accepted an affidavit from an Internet Archive employee as sufficient to authenticate the snapshots for admissibility.