Liudvikas Bukys

Fred Avolio’s Weblog: Security Redux succinctly summarizes how many aspects of the security discussion are not new, but resurface because of ignorance of the field.

BBC NEWS | Technology | Bypassing China’s net firewall

CircleID: Another Good Decision on Internet “Gripe Sites”:

Lucas Nursery and Landscaping v. Grosse, 2004 WL 403213 (6th Circuit March 5, 2004).
This case involves Lucas Nursery, a landscaping company in the suburbs of Detroit, Michigan, which apparently botched work done for Michelle Gross – or at least that was her opinion. But, when she established a web site to tell her story, Lucas sued her under the Anticybersquatting Consumer Protection Act (“ACPA”). She took the site down but Lucas persisted, taking her gesture as a sign of weaknesses and hoping to get some blood – or, perhaps, to send a message to other critics. But the trial judge decided she had not posted her web site with a bad faith intent to profit, and the United States Court of Appeals for the Sixth Circuit has now affirmed.

I sympathize with the plaintiff, though I like the predisposition toward freedom of speech.

SecurityFocus: Pranksters bedevil TV weather announcment system:

But once approved, the system allowed a business to change their name and the details of the closing through the website without any further human attention.

“They didn’t actually get in there or compromise any of our equipment… They just signed up as a legitimate business, and then changed their information half-an-hour later,” Schell says.

CNET News.com: Document shows SCO prepped lawsuit against BofA

[via Slashdot | MS Word File Reveals Changes to SCO’s Plans]

See also Justin Mason:

This seems as good a time as any to re-plug

find-hidden-word-text, a quick perl hack to use ‘antiword’
to extract hidden text from MS Word documents in an automated
fashion, based on
Simon Byers’ paper Scalable Exploitation of, and Responses to Information
Leakage Through Hidden Data in Published Documents. It works
well ;)

SCADA vs. The Hackers

The problem is that programmable logic controllers, digital control systems, and supervisory control and data acquisition, or SCADA, systems were never designed with security in mind.

“When companies designed control systems worldwide, there were always two unwritten assumptions,” said Weiss, who served as the technical lead for control system cybersecurity at the Electric Power Research Institute in Palo Alto, Calif., before joining KEMA. “Everyone assumed the system would be isolated, not connected to anything else. We also assumed that the only people who would use the control system were people who were supposed to use it. That was a good assumption for another day.”

[via John Robb]

Larry Seltzer (eWeek) compares, contrasts, predicts
Who Will Win the SMTP Authentication Wars?:

This isn’t like three brands of bleach, where you’ve got the same chemicals in all three bottles. In fact, the more you look at these standards, the more different they look. I had been fearful that having three major standards competing would be discouraging to the market, since explaining even one of them isn’t easy. And consider that the three major mail providers in the United States—AOL, Yahoo! and Microsoft—are implementing the three different standards. I think, however, that the three, or at least two of them, could complement each other. The ideal solution may be all three, or some later standard that combines the features of two or three.

[via Christopher Allen]

Tight budgets choke WiFi at U-Mich

[via Wi-Fi Networking News]

Las Vegas has keyless encounters of the weird kind:

Was it the storm clouds, sun spots or Area 51?

By late Friday afternoon, some locksmiths, car dealerships and towing companies had been flooded with calls about mysteriously malfunctioning keyless vehicle entry devices.

[via Wi-Fi Networking News]

MIT Technology Review:
Mars Rover Image Interfaces

[Thanks to Dave Winer for the link.]