Liudvikas Bukys

ESJ: Aberdeen security predictions for 2003:

• “What we’re saying here is that [the] original notion of IDS has just fallen over at this point.”
  The problem is that an IDS that flags anything possibly malicious simply produces too many alerts, says the analyst. “If you’re dealing with more alerts than you can interpret, it doesn’t do you any good.” So companies today opt for more than just alerts. “Increasingly, we’ll see them not just looking for IDS, but intrusion prevention,” he says. Of course not everything can be prevented, but more automation at least frees security managers from just responding to alerts all day.
• Another interesting prediction is that this is the year e-mail administrators will take back the network. “Last year, about 25% of what went through corporate gateways was spam,” says Hemmendinger. “We think it doubles this year, and that’s because the spam artists are sufficiently creative that they’ve been able to stay ahead of the bulk of the tools that are in the marketplace.”

Fun: The Flash Mind Reader, and how it works (try to figure it out yourself first though).

Lots of good stuff related to digital identity management can be found at the
weblog of Andre Durand.

Democracy in the Dark: Public Access Restrictions from Westlaw and LexisNexis
“Mr. Veeck purchased an electronic (CD-ROM) copy of local building codes and copied them onto his free Web site for anyone to use. When the author and purported copyright holder of the codes, Southern Building Code Congress Inc., ordered Mr. Veeck to remove the codes, he sued them, claiming the codes were in the public domain because they had been adopted in full by the local communities as official building codes. Mr. Veeck lost at the district and circuit court levels but appealed to the Fifth Circuit Court of Appeals for a hearing en banc ­ a hearing by all of the judges on the court, rather than the smaller panel of judges that had ruled against him. On June 7, 2002, in an 8 to 6 split, the Court ruled in Mr. Veeck’s favor. In the court opinion, Judge Edith Jones quoted from a 115-year-old decision by the U.S. Supreme Court, Banks v. Manchester14, that exempted court opinions from copyright law as a matter of public policy. FindLaw’s free database of Supreme Court opinions only goes back to 1896, but fortunately Mr. Veeck had posted a copy of the case
on his Web site.”

RIPE/NCC: Sapphire/Slammer Worm
Impact on Internet Performance
“Looking at all data we can conclude that the Internet did not come to a global “meltdown” even though some individual sites were highly affected by this worm. Sixty percent of the measured relations do not show any sign of deterioration. This indicates most backbone links were fine and the problems were localized in edge sites or their immediate upstream provider. Also, eleven of the thirteen root servers remained accessible.”

CORBA vs SOAP rant on Advogato. “ SOAP is an interesting technology for document exchange, but it’s role in enterprise computing is highly, highly, highly overrated, and CORBA is a wonderful jewel that so many people overlook out of fear. But really, it’s not that complicated.”

Internet gets its own country code – 87810 [via Dave Farber’s Interesting-People list]

State Attorney General Eliot Spitzer today announced
a multistate agreement with high-tech publisher Ziff Davis Media Inc. to redress an Internet security breach that exposed the personal information of thousands of magazine subscribers online.

Can’t verify this but it’s interesting if true:

Glenn Reynolds:
“Salam Pax” is a pseudonymous blogger from Baghdad. He’s been
blogging for a while, and he seems to be genuine — people who
know the area have had a lot of correspondence with him and
think so. Here’s what he
reports:

A quick run thru what is going on in Baghdad before
uncles and aunts flood the house. The juiciest bit of
news actually happened about a week ago but I was told
about it today. A couple of days ago it was rumored
that all top officials had their phone numbers changed,
well who cares it’s not like I call Saddam every night
to chat, but today a friend explained why. Around six
days ago the phone lines of the Iraqi air defense units
were “attacked”. When you picked up the phone in some
of the command units you didn’t get a dial tone but a
male voice speaking in broken Arabic. What it said is
close to what the infamous email said, don’t use
chemical or biological weapons, don’t offer resistance,
and don’t obey commands to attack civilian areas and so
on. This went on for a couple of hours. Now everyone
has new numbers. I have no idea how that is at all
possible. I do know that for some rural areas we use
microwave signals for phone connections but they can’t
be so stupid as to use it for military purposes.

Way to go uncle Sam. This is going to make one hell of
a James Bond movie.

Microsoft Research:
The Penny Black Project
“The introduction of the Penny Black stamp played an important role in the reform of the British Postal System during the 1830’s. Before this time, postage fees were based on weight and on distance involved. Postage had to be calculated for each letter, and was typically paid by the addressee. The introduction of the Penny Black shifted the cost of postage to the sender and eliminated the complexity of postage computation by requiring a uniform, low rate. … The Penny Black project is investigating several techniques to reduce spam by making the sender pay. We’re considering several currencies for payment: CPU cycles, memory cycles, Turing tests (proof that a human was involved), and plain old cash. There are multiple system organizations that can support this: senders can pre-compute the appropriate function, tied to a particular message; senders can come up with the payment in response to a challenge after they’ve submitted their message; senders can acquire a ticket pre-authorizing the message. Recipients would aggressively white-list good senders.”