CSO Magazine recently released a bunch of really useful security resources. Check them out:
A lot of my work involves network tracing (hence my recent wiki page), and it would be great if i could do this with a really simple, transportable device. Ideally it would have these characteristics:
- Pocket-sized, lightweight
- Two Gigabit Ethernet ports configured as a bridge, so that it can be placed inline on any network connection without affecting traffic flow.
- LEDs for each interface indicating link, incoming packets, link speed, and ideally, duplex and POE settings. Whenever one of the network interfaces becomes active, a packet capture of all traffic in libpcap format would be started automatically. The file would be named for the date and time of the start of the capture.
- 1-2 GB RAM for storing packet captures
- USB 2.0 interface, which would be used for retrieving packet captures from the device (which would appear as a USB flash disk)
- NTP support so that packet captures are always accurately timed and named
- Powered via USB or a rechargeable battery (which itself would be charged via USB)
Some nice to have features:
COLUMBUS, Ohio – Ohio’s electronic voting systems have “critical security failures” which could impact the integrity of elections in the Buckeye State, according to a review of the systems commissioned by Secretary of State Jennifer Brunner.
“The results underscore the need for a fundamental change in the structure of Ohio’s election system to ensure ballot and voting system security while still making voting convenient and accessible to all Ohio voters, “ Secretary Brunner said Friday in unveiling the report.
“In an era of computer-based voting systems, voters have a right to expect that their voting system is at least as secure as the systems they use for banking and communication,” she said.
If that isn’t seriously underrepresenting voters’ rights and expectations, i don’t know what to call it. With banking and communications systems there are appropriate failure modes. If an EFTPOS line goes down, we can pay cash, or use a manual credit card transaction. If someone steals my credit card details and uses them to buy things online, my liability is limited to $50 if i can demonstrate that i follow appropriate security practices. If my vote goes astray due to accidental or malicious electronic errors at the polling booth, no amount of recounts can fix it. The only failure mode is a by-election, which people generally see as undesirable.
While democracy has its warts, it’s better than all of the other systems out there. (I’m sure Winston Churchill had a wittier version of that statement…) In my involvement with the last federal election, i discovered that there are a lot of things that make our democracy here in Australia a little less democratic than it should be (like who buys the best media coverage). Electronic voting machines magnify this possibility way out of proportion by raising the possibility that an entire election could be hijacked by an inside job, or, in a worst-case scenario, by a remote exploit. Anyone who cares the slightest amount about freedom should oppose vigorously any use of electronic voting systems without paper records and verification mechanisms.
(As an aside, electronic counting systems for paper ballots would offer huge speed and handling improvements, and could be easily manually checked.)
Now this is just plain bizarre:
Major Australian ISP Pulls OpenOffice – thefickler writes “Australia’s largest Internet service provider Telstra BigPond has removed OpenOffice from its unmetered file download area following the launch of its own, free, hosted, office application, BigPond Office. The removal of OpenOffice was brought to TECH.BLORGE’s attention by a reader, who complained to Telstra BigPond’s support department about no longer being able to download OpenOffice updates. The support people were quite open about why OpenOffice was no longer available, i.e. because it was perceived to be competitive with BigPond Office.”
Bigpond has always been an ISP well worth not using (in fact, it’s the only one i disrecommend based on personal experience), due to their unreliable mail services and poor technical support. This just reinforces the point – they are a company that doesn’t care about their customers. I agree with the original article in that i don’t think Telstra is being unethical by choosing not to provide a certain service – they are simply doing what they think is best for their commercial interests. However, what is best for the company is not always best for the consumer, and this is a definite case in point. Bigpond appears to be trying to create another AOL – and we all know how successful that was…
If you are currently considering getting broadband or switching providers, i urge you to choose an ISP who does not discriminate against FLOSS, like Internode, iiNet, or Netspace. Or check for plans with other ISPs that also offer better value than Bigpond at Broadband Choice.
And for more fodder, check out this news at Whirlpool. James Purser’s view that Telstra needs to be split into network and retail entities and the network bought back by the Commonwealth Government is looking more sensible all the time.
“Totally bogus dude” gets my points for insight on why the GPLv3 is not going down well in some circles. My take: it’s a very deliberate effort by the FSF to tip the balance of copyright law from the copyright holder towards the user. (Obviously this balance can only be affected to the extent that the GPLv3 applies to a work.)
All copyright law is a balance, and recent changes in copyright law in Australia have mirrored the U.S. DMCA’s approach of tipping the copyright balance in favour of the copyright holder. Because the FSF have gone the opposite direction, it is natural that they will disenchant people and companies whose principal business relies on their copyright holdings.
For my mind, there are very few companies or persons who are wholly or even predominantly producers of copyrighted or patented works. Nearly everyone uses technology every day that they have had no hand in producing. (This occurs even if they are major producers of technology.) Thus it is in everyone’s benefit to tip the balance towards “consumers” of copyrighted works, whereas it is in the interests of a select few to tip the balance towards producer. I for one am glad that someone is thinking of users first, and that makes me happy to see the arrival of GPLv3.