software development, security, opinion
Archive for the ‘LINKS’ Category.
CNET: .NET morphing over time ‘As Microsoft prepares to launch the first trials of .Net My Services this fall, key details of the plan are still “not figured out,” said Jim Allchin, Microsoft’s group vice president in charge of Windows and server software development. “I think we just got ahead of ourselves and didn’t get clear enough thinking,” he said, echoing similar concerns
voiced last August.’
Ephraim Schwartz details the man-in-the-middle attack that’s possible in the current iteration of 802.1x authentication: because of the way in which 802.1x pieces elements of security together, a man-in-the-middle attack is possible in which a hacker poses as an access point to a client and a client to an access point. William Arbaugh and his graduate student Arunesh Mishra at the University of Maryland have made their report available in PDF form. (If you don’t have PDF, use Adobe’s online PDF-to-HTML converter.)
Apache XML Security 1.0.0 released. The Apache XML Project have released the first stable version of their XML Security project, implementing Canonical XML and XML Signature. [xmlhack]
Schneier worried about SOAP security. Bruce Schneier has written,
in the latest issue of CRYPTO-GRAM,
an analysis of the security of Microsoft’s products, touching on .NET and SOAP. [xmlhack]
The FCC
Approves Initial Ultrawideband (UWB) Standards: UWB is a very, very clever idea. Instead of using swaths of spectrum at low or high power,even rotating frequencies and jumping, you use incredibly short-duration high-power pulses across broad swaths of bandwidth that a similarly synchronized device interprets. You can use existing spectrum without (proponents hope testing will bear out) interference because existing devices rely on, would be affect or damaged by, or listen to a different pattern. By the time a pulse would pass, existing equipment wouldn’t even tick over. Because of the broad amount of spectrum that could be reused, even many times in the same physical area, UWB might ultimately replace a number of existing technologies across a broad swath of consumer, scientific, medical, and military purposes. Here’s a highly technical article on it from EE Times.
Gartner: Network security in 2002. ZDNet Feb 11 2002 11:21AM ET [Moreover – Computer security news]
Snoop Software Shreds Reality. Wired News Feb 11 2002 6:39AM ET
David Gelertner, the world-renowned computer scientist, Yale professor, author and art critic — says he has a prescription for companies to avoid Enron-Arthur Andersen-type scandals: better management of corporate e-mails, Web pages, calendar items and other electronic documents.
…
Gelertner has more than a passing interest in pushing a solution for corporate ills that center around “knowledge management,” as it’s known in IT circles. He’s the chief scientist for a startup,
Mirror Worlds Technologies, which makes such a system. Xerox, Autonomy and Lotus are some of the company’s knowledge management competitors.
[via Moreover – Tech latest]
More evidence that the tune is changing. No longer are we the unwashed masses yearning to be taught the true path to enlightenment by the C developers, now they’re pleading with us to help them work around limits in their crippled environments. Heh. Now don’t go overboard. But the self-deprecation is appreciated. One of our mottos is It’s Even Worse Than It Appears. We are all members of the Church of Murphy, whether we use static or dynamic environments. 
[Scripting News]
MSDN: Don Box on the Importance of Being WSDL
Despite the years I spent trying to make SOAP a standard way for programs to communicate over the Internet; I find that raw SOAP and XML are at odds with all of these compilers I am now using. I am told that if you give me machine-readable contract definitions, my compiler can help me talk to your Web services. A lot.
If you don’t give me a machine-readable contract, then I am going to have to write one of these weird-looking WSDL files by hand, and that always makes me cranky. I understand that writing WSDL makes you cranky too, but I’ll bet if you wrote the WSDL once and put it on your Web site, everyone else would just use it, and no one would ever need to write that WSDL again. And if you wrote a ten-line WS-Inspection or DISCO file to go along with it, I could find out about all of your other services too.
I know that WSDL isn’t perfect. God knows I tried to make it better prior to publication. Luckily, the W3C just launched a WSDL working group and it looks like the community at large has the will to clean it up, just as SOAP was cleaned up once it got the attention of a large community of practitioners and experts. In fact, SOAPBuilders is running a WSDL bake-off in February that surely will yield some progress on this front.
I also know that writing WSDL for your script-based Web services is more work for you, but your suffering would benefit thousands or more developers anxious to use your stuff. And just think of the nice things they will say about you once you made their lives easier.
And not under their breath.
Via SANS Institute:
New Guide For Windows 2000 PRO
The US National Institute for Standards and Technology released
a security guide for Windows 2000 Professional desktop systems in
configurations used by office workers, at home users, or road-warriors.
NIST is inviting comments and suggestions on the guide.–31 January 2002 Lawrence Livermore Bans Wireless LANs
Lawrence Livermore National Laboratory, a national defense technology
research lab in California, has banned the use of wireless local area
networks (LANs) due to security concerns. A lab spokesman said that
Los Alamos National Laboratory might introduce a wireless network
ban as well.
[Editor’s (Murray) Note: Yesterday I received an ad for a wireless
access point for $130-, down 50% from a year ago. Connectivity
trumps security every time. A ban cannot succeed. The only way
to successfully exclude wireless is to close the network. Get used
to it.]–4 February 2002 Improving 802.11b Security
Wireless networking standards 802.11a and 802.11b are both popular and
vulnerable. A new security algorithm, called Temporal Key Integrity
Protocol is being tested. It generates a new encryption key for every
ten kilobytes of data transmitted.
You are currently browsing the archives for the LINKS category.
