User: Password:
|
|
Subscribe / Log in / New account

Security quotes of the week

Now that we’ve [the IETF] decided pervasive monitoring is an attack, anyone can ask how a proposed protocol (or change to a protocol) counters that attack. If it doesn’t handle the attack and there is a way to address the attack, then we will be in a stronger position arguing the threat could be addressed.
Sam Hartman

But the [UK] Conservative Party has removed the archive from its public facing website, erasing records of speeches and press releases going back to the year 2000 and up until it was elected in May 2010.

It also struck the record of their past speeches off internet engines including Google, which had been a role model for Cameron and Osborne's "open source politics".

And it erased the official record of their speeches from the Internet Archive, the public record of the net - with an effect as alarming as sending Men in Black to strip history books from a public library and burn them in the car park.

ComputerWeekly.com

We have known for some time that traffic analysis is more powerful than content analysis. If I know everything about to whom you communicate including when, where, with what inter-message latency and at what length, then I know you. If all I have is the undated, unaddressed text of your messages, then I am an archaeologist, not a case officer. The soothing mendacity of proxies for the President saying "It's only metadata" relies on the ignorance of the listener.
Dan Geer (worth reading in full)
(Log in to post comments)

Security quotes of the week

Posted Nov 16, 2013 13:32 UTC (Sat) by robert_s (subscriber, #42402) [Link]

> But the [UK] Conservative Party ... up until it was elected in May 2010.

Just a minor note - the Conservative Party were not elected, they built a coalition after they failed to be directly elected. It's an important distinction.

Security quotes of the week

Posted Nov 16, 2013 16:55 UTC (Sat) by apoelstra (subscriber, #75205) [Link]

There is an amusing (albeit immature) response to the alarmist language used in that Computer Weekly article, here:
http://www.theregister.co.uk/2013/11/13/sorry_the_tories_...

Security quotes of the week

Posted Nov 19, 2013 16:39 UTC (Tue) by Baylink (guest, #755) [Link]

As it happens, the Reg got the one important point wrong:

The issue is not whether Wayback's *crawler* respects the robots.txt file; yes, that would get them banned.

It's that WM *makes a fresh check when you ask it for something*, to see if robots.txt has been changed to block it now, and declines to give you stuff it already has.

Even if the domain has changed hands, and the administrative span of control of the *new* robots.txt file has nothing to do with the saved content. I've complained about that; Brewster's sidekick in operations tells me my ticket is about 6000 deep. :-)

Security quotes of the week

Posted Nov 19, 2013 16:32 UTC (Tue) by Baylink (guest, #755) [Link]

> And it erased the official record of their speeches from the Internet Archive, the public record of the net - with an effect as alarming as sending Men in Black to strip history books from a public library and burn them in the car park.

Well, no. They may have -- and probably did -- realize that the Wayback Machine blocks access to pages where the URL is *presently* blocked by a robots.txt file, but even so, equating that motivation to a misfired (if you'll pardon the three-layer pun) Farenheit 451 reference is indeed more than a bit overblown...

Security quotes of the week

Posted Nov 22, 2013 17:29 UTC (Fri) by glaesera (guest, #91429) [Link]

To be honest I am quite unsure about, what the darkmail alliance actually is and what their goals are. If they want to provide something like absolutely secure WebMail-services, then they probably have a long way to go yet.
At this time I would not trust any Web-Browser, because, there may be Java, JavaScript and other things running inside it, that make it potentially insecure. Probably even the HTTP(S)- and other traffic, which is actually the browsers main use case may pose potential security risks.
Maybe the Encrypted Media Extension in HTML5 might be a way out of the misery:
http://www.w3.org/TR/2013/WD-encrypted-media-20130510/
I am guessing, that it might be more useful for transporting any encrypted contents, than only for Hollywood-content.


Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds