Categories
Archives
- May 2008
- April 2008
- March 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- September 2005
- July 2005
- June 2005
- May 2005
- April 2005
- March 2005
- February 2005
- January 2005
- December 2004
- November 2004
Westchester County reponds [they were the folks who wanted to criminalize unsecured Wireless Internet]:
The legislation does not seek to ban or outlaw the use of Wi-Fi.
Rather, it is designed to get "commercial businesses" that collect
personal information or who offer their customers Internet service to
install minimum security safeguards. The legislation does not
criminalize the use of Wi-Fi, does not require businesses to pay permit
or licensing fees, and does not cover the use of private wireless
service at home.The legislation is aimed at raising public awareness to get commercial
businesses to better protect the personal information of their
customers and to advise people who use the Internet in public access
areas of the risks involved with Wi-Fi. We anticipate that members of
the business community, many of whom are entirely unaware of this
problem, will do the right thing and take the necessary precautions to
protect their databases.[…]
The intent of this law is largely to educate the public that though
wireless networking is a great convenience, like all technology, it
requires intelligent use. Although many businesses have already taken
simple and inexpensive steps to protect their data, a significant
fraction has not.We recognize that the law’s current definition of minimum security as a
"firewall" has been ambiguously drafted. The definition will be
modified to address the concerns raised.- Andy Spano, Westchester County executive for the state of New York.
Education via criminalization? Maybe it would work, but shouldn’t we let the market solve such problems? A business incapable of securing elementary infrastructure will not last long.
[Via CNET News.com, United States -]
Is it race to the top or rate to the bottom? Recently we reported on a device that would decrypt all SSL traffic at a network gateway level to "sniff" for malware. Now security researchers report that bots will start including encryption to hide their presence from sniffing tools.
"We will see encrypted sessions, and as things become
encrypted, we’ll have a more difficult time investigating
botnets," said Adam Meyers, an information assurance
engineer at SRA International
The goal for bot creators is to evade intrusion detection systems (IDSes) and to obfuscate anything they are doing to make it impossible or at least harder to figure out what that piece of network traffic contains. In the world of fast-spreading vulnerabilities (and even increasing level of zero-day vulnerabilities) this means that any advantage in time bot writers can get is likely to translate to increase in affected systems.
Recent Posts
- No download? Maybe no infringement in another Federal District Court
- CAN-SPAM Rules Modified
- CFAA Damages Calculation Includes Cost of Tracking Hacker
- Courts split on whether making a copyrighted song available for download violates copyright law.
- How to Respond to Data Breach
- Border Agents Can Search Laptops
- What is your return address?
- Proposed FRE 502 is good for electronic discovery, but it is not going to drastically reduce the cost of litigation as the authors are hoping.
- British Authorities: Insult to Injury
- Introduction to James Paulick
- TXJ Costs Continue Increasing
- Proposed Amendments to Section 1030
- Securing the Endpoints
- Measurement of Spam Damages For Federal Sentencing Purposes
- Email Attack Targets Executives