Archive for the ‘LINKS’ Category.
June 30, 2004, 10:45 am
Rogue/Suspect Anti-Spyware Products & Web Sites
[via Diary Date]
See also some dissent about the specifics.
The problem is the bad platform.
The symptom is the miserythat so many users are living with.
The cottage industry for solutions is better than nothing, but it’s still a mess.
June 22, 2004, 10:51 am
Jim Chow, Ben Pfaff, Tal Garfinkel, Kevin Christopher, Mendel Rosenblum:
Understanding Data Lifetime via Whole System Simulation:
We have used TaintBochs to analyze sensitive data handling in several
large, real world applications. Among these were Mozilla, Apache,
and Perl, which are used to process millions of passwords, credit card
numbers, etc. on a daily basis. Our investigation reveals that these
applications and the components they rely upon take virtually no measures
to limit the lifetime of sensitive data they handle, leaving passwords
and other sensitive data scattered throughout user and kernel memory. We
show how a few simple and practical changes can greatly reduce sensitive
data lifetime in these applications.
[via Justin Mason]
June 3, 2004, 9:34 am
Jack Shafer in the Slate article
E-mail Confidential – Who’s afraid of Time Inc.’s legal disclaimer? has his attorney dissect an email disclaimer in detail.
This boilerplate proliferates because professionals
in the legal, auditing, and security consulting industries
feel compelled to recommend its use.
Unfortunately, the ratcheting ever-more-onerous language that
gets accreted by these things for cover-your-butt reasons results in most of them being statements that are intellectually ridiculous, legally dubious, and rude.
At this point, consulting professionals should be embarrassed to recommend this stuff.
[via Jeff Nolan via Techdirt]
May 21, 2004, 4:13 pm
Keith Pleas: “Brutal” Architecture is an instant classic, about the newly-constructed Seattle Public Library, plus understated and apt commentary on software architecture.
[via Jon Udell]
May 19, 2004, 10:19 am
Yahoo publishes its DomainKeys specification.
FAQ at Yahoo! Anti-Spam Resource Center – DomainKeys.
I must say that I share Justin Mason’s distrust and disdain for software patents.
What the heck is patentable among these ideas anyway? They seem like obvious applications of digital signatures and DNS publication.
The most generous interpretation is that these might be defensive patents, and that for all intents, the IETF-required license is good enough.
Is this or SPF
likely to take the world by storm?
Either one permits senders to publish records that permit receivers to make some authentication judgments.
Well, deployment by senders is a bit more work (sign those messages) for DK than for SPF. But SPF breaks what has been considered normal forwarding behavior, in a way that the sender has no control over except by saying “put up with it” or by turning off SPF.
Deployment by receivers has no particular downside for either scheme — you’re basically implementing sender-requested filtering, and who can complain about that?
Of course, initially, rather than trying to subvert either scheme, spammers will avoid both. Is it possible that the world will shift so much that just being a non-DK domain will count against the sender? I do think it’s possible. At which point, yes, spammers adopt the technology but subvert it with throwaway domains and proxy zombies with access to signing servers.
You can’t avoid reputation systems in the end,
trusted third parties, (some even having good incentives to rate
accurately and respond quickly), blacklists, etc.
May 5, 2004, 2:10 pm
Microsoft Shelves NGSCB Project As NX Moves To Center Stage
A lot of decisions have yet to be made,” said Mario Juarez, product manager in Microsoft’s Security and Technology Business Unit. “We’re going to come out later this year with a complete story.”
followed by hedging:
Microsoft: ‘Palladium’ Is Still Alive and Kicking
Juarez said Microsoft is not providing any of its NGSCB bits as part of the new Longhorn pre-alpha release that it is distributing this week to WinHEC attendees. But he denied that this means that the company is exorcising NGSCB from the product. Instead, he said that the NGSCB team decided that the driver developers at the show wouldn’t be the right targets for this code.
Update 2004/05/19: Real details from Microsoft pointed to by Dana Epp
April 30, 2004, 8:11 am
Nice building
for the UIUC CS Department.
[via Slashdot]
April 29, 2004, 8:26 am
More on Gary Robinson’s improved chi-squared evidence combination at Handling Redundancy in Email Token Probabilities