Security is one of the main focuses on Internet2. But realistically:
Security and transparency can be
expected in any future network. But computer experts like to remind the
public that there is no such thing as a completely bug free computer
except, as the joke goes, “one that is encased in concrete and sitting
at the bottom of the ocean.”
Some might say it is impossible to secure Internet2. In some ways
I would say that they were correct. Or let me put it this way, it
could be secured but I couldn't really be called the Internet any
more. I guess if they did something like in which all systems
were connect with Peer to Peer VPN connections like Tor connections in
which all data is encrypted and digitally signed. I suspect that
eventually even the encryption would get cracked since all crypto
eventually meets its processor match.
It could be called the CryptoNet! Anyone logging on would have to
sign on with a digital signature stored on some sort of Certifing
Authority (CA). Of course, this would make it possible to do
MITM, man in the middle, attacks unless it was an enclave network in
which ALL nodes with IPs had to have a digital signature.
Such an implementation would greatly reduce the speed of connection but
would give incredible nonrepudiation, confidentiality, and
integrity. The availability would suffer big time.
Frankly, a “CryptoNet” would only be good for all the important
transactions such as banks, hospitals and time sheets. I would
not want something like that for 95% of what I do on the Internet.
Does anybody have any information on how I can get the hook up on “testing” the Internet2?
read more | digg story
NETGEAR ProSafe 802.11g Wireless VPN Firewall 8
read more | digg story
Windows remains the biggest single source of security holes, researchers are now finding significantly more flaws in the utilities we turn to for protection than in the operating system the software is meant to guard.
read more | digg story
Great site that lists the best software for finding and decrypting wireless AP's.
Morality of Wardriving tools.
I do not personally wardrive but I think it is a great way to do an
assessment of the security of your area. I know some people
wardrive just to find a free spot to surf. This is the equivalent
to walking up to every door in your neigborhood and twisting the knob
to see if the door is unlocked. Then walking in and watching
cable on their couch and eating popcorn. It is not right.
And I can not pretend that it is.
Privacy of Publically dispensed Wireless Data
But at the sametime, having a wireless service and NO security is like
having a house with no walls. How can there be a crime or theft
of data and service when the data and service is spilling out freely
into the air like a public water fountain.
Paying for Service and then serving it to the Public
I pay for the water service at my house so if anyone else walks into my
yard to use my water hose they are wrong. But if I put that same
hose into a nearby public park and turn it on, how guilty is anyone
going to feel about taking a sip or splashing their face with it?
So if you feel strongly about people NOT wardriving and not stealing
service than do something about it. I think that wardriving will
dry up when the masses finally get wind of wireless security, until
then “Surfs up.”
read more | digg story
OLD NEWs:
CardSystem lost 40 million credit cards and what is the result.
Credit card companies don't have to notify customers their personal
information has been stolen, a California Judge ruled today…
…In June, CardSystems admitted intruders had compromised the
confidentiality of 40 million credit card holders, and 200,000 records
had left the network. CardSystems had refused to notify the card
holders. The Rothken suit also requested that chargeback fees or
penalties on hapless card holders who were the victims of ID theft
should be waived.
But a San Francisco Superior Court Judge, Richard Kramer, disagreed.
“I don't see the emergency,” he said. “I don't think there is an
immediate threat of irreparable injury” to consumers… [*]
This company did not encrypt the credit card data! A gross violation of the Payment Card Industry Security Standard.
My comment and Voice of the evil doers:
It is amazing the kind of protection companies have.
From the begining that was the purpose of a corporate entity
“indemnity.” This allows the part owners ,shareholders, Legal
protection from loss.
40 million credit cards is a lot of loss.
I think is half-haves should all form our own companies so we can have
that kind of protection from loss, including the loss of our
identities. If fact, on paper we should not exist, but instead be
employee Identification numbers subject to our own companies, owning
nothing but controling every thing!
Nothing new about that idea.. this is one of the tactics of the wealthy.