Liudvikas Bukys

Appeals Court Reverses Decision on Music Download Case:

In a major setback for the recording industry, a federal appeals court on Friday struck down a ruling ordering Internet service providers to identify customers using the Internet to share copyrighted music.

Thanks to TechDirt here is the text of the
full decision (PDF).

News @ Cisco: Cisco, Anti-Virus Vendors Discuss Milestone Initiative for Network Security:

The Cisco Self-Defending Network Initiative aims to dramatically improve the ability of networks to identify, defend against, and adapt to growing security threats. As part of this strategic initiative, Cisco is working in conjunction with Network Associates, Symantec and Trend Micro to launch the Cisco Network Admission Control (NAC) program.

…

NAC is an automated identity and security assessment mechanism that leverages partnerships with the anti-virus vendors. When a device connects to a network, it is checked to see if it is compliant with corporate security policy. NAC prevents non-compliant end points from joining the larger network and possibly infecting other machines.

Network Associates, Symantec and Trend Micro will license the Cisco Trust Agent, which communicates the current policy state of an end point to a policy server. Non-compliant machines can then be quickly brought into compliance with automated downloads of anti-virus software. NAC may also be implemented with the Cisco Security Agent, a new behavioral-based intrusion prevention technology that prevents malicious activity while permitting activity compliant with established security policies.

Tim Bray: Insecurity by Obscurity: A legal department’s weblog is open to the world, and easily discovered via referer logs.

Two more scam victims tell their tales – theage.com.au:

“They transferred $20,000 to my bank account and then sent me details to transfer money via Western Union to some place in Russia,” he said. “I told them that it would take five working days to take the money out, as I wanted to make sure this money weren’t stolen.

One must note that, having given account information to a stranger, it’s amazing that these dolts have any money left at all.

Clay Shirky:The RIAA Succeeds Where the Cypherpunks Failed:

In response to the RIAA’s suits, users who want to share music files
are adopting tools like WINW and BadBlue, that
allow them to create encrypted spaces where they can share files and
converse with one another. As a result, all their communications in
these spaces, even messages with no more commercial content than
“BRITN3Y SUX!!!1!” are hidden from prying eyes. This is not because
such messages are sensitive, but rather because once a user starts
encrypting messages and files, it’s often easier to encrypt everything
than to pick and choose. Note that the broadening adoption of
encryption is not because users have become libertarians, but because
they have become criminals; to a first approximation, every PC owner
under the age of 35 is now a felon.

Via Dave Farber: [IP] 25,000 ton spam relay, with photos of it!]:

Steve Gillmor: BitTorrent and RSS Create Disruptive Revolution.

My first reaction: a good idea.

On second thought, it’s all a question of balance and tradeoffs.

• Most RSS publishers are low volume and the cost of supporting a small number of RSS pollers is insignificant.
• Since BitTorrent’s intended application is content distribution of large files, for small sites the cost of supporting BitTorrent downloads of tiny RSS files may exceed the cost of HTTP polling.
• At some point in the subscription curve, the multitude-of-pollers model becomes too costly and the publisher wishes they had figured out a content distribution mechanism instead.
• Sites transitioning from low-traffic to high-traffic HTTP slam their foreheads in just the same way. So it’s not a new issue.
• The solution for HTTP has been to wait until you need it, then build or buy high-end content distribution. Replicate. Akamize. This works, except when it doesn’t. (Most web servers are small and are subject to the SlashDot effect.)
• There is currently no trivial smooth transition from small to large.
• A low-overhead automatic ad-hoc content distribution network would be great for both RSS and HTML distribution. Maybe BitTorrent fits that bill, maybe something else. Further research is called for.

All chapters available for free download, courtesy of CRC Press: Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone: Handbook of Applied Cryptography

[via Dana Epp’s Weblog]

Intel Software Accelerates Development Of Computers That ‘Anticipate’ The Needs Of Users: Intel adds open-source
Probabilistic Networks Library to its already-released Computer Vision and Audio-Visual Speech Recognition libraries.

Robert Moskowitz (ICSA Labs) on WiFi SSID hiding (PDF):

Contrary to a common belief that the SSID is a WLAN security feature and its exposure a security risk, the SSID is nothing more than a wireless-space group label. It cannot be successfully hidden. Attempts to hide it will not only fail, but will negatively impact WLAN performance, and may result in additional exposure of the SSID to passive scanning. The performance impact of this misguided effort will be felt in multiple WLAN scenarios, including simple operations like joining a WLAN, and in significantly longer roaming times.

Trying to hide the SSID does not strengthen security in WLANs. The scarce resources of today s WLAN administrator are better spent tuning WLAN performance and operations with full SSID usage, and enhancing WLAN security by deploying modern security technology, such as link-layer encryption, and IEEE 802.1X authentication.