Tuesday, July 20, 2004

First Windows CE virus emerges. Security companies this weekend identified a virus that's designed to demonstrate security holes in Microsoft Corp.'s Windows CE operating system. [Computerworld News] Like I was saying... 1:10:57 PM    comment []

E-voting rejected in Ohio. The decision by Ohio Secretary of State J. Kenneth Blackwell will block the deployment of e-voting systems from Diebold Election Systems in three counties. [Computerworld News] With the US elections only four months away (thank goodness), at least as scheduled, this should come not only as no surprise, but as a complete no brainer.  E-voting systems are NOT ready for prime time, because the underlying operating systems, most often a derivation of the one coming out of Redmond are not ready for truly secure operations being conducted on them. Now, don't get me wrong, I think some form of electronic voting is going to have to come into being.  There are far too many people casting ballots for each one to not only be counted by hand, but for them to be produced cost effectively in the first place (and we won't go into the Florida issue here).  Having run a small University election process with the old lever-type voting machines, I can tell you that counting the ballots is a PAIN.  However, most people are NOT comfortable with technology.  Don't believe me?  How do you think viruses are spread?  Not by those that know better.  Now, to build a truly secure electronic voting system, you will need to do a lot more than slap a copy of Windows(r) on a tablet PC and plug it into the wall - and not to belittle the efforts, but that is basically what they are doing.   1:09:29 PM    comment []

Apple Rolls Out Cheaper iPods (Reuters). Reuters - Apple Computer Inc. on Monday introduced lower-priced versions of its iPod digital music player with longer battery life, positioning itself against rivals trying to use lower prices to undercut iPod sales. [Yahoo! News - Technology] At one point I was seriously lusting after an iPod. I really wanted one.  I have over 30 Gigabytes of MP3s (all legally ripped from a collection of over 400 CDs in my basement) on my PC and loading my old, 64 MByte MP3 player was a bit of a pain.  Then I read an article in the Washington Post about a guy who's iPod battery had died.  Lo and behold, it had to be sent back to Apple for repair at a cost of about $200, or basically what the device was worth.  This got me thinking - who builds a device with a non-removable battery in it.  Turns out I own a couple of those devices, but so far (knock wood) I have not had an issue.  This got me thinking about the iPod.  Sure they look cool and they do have a couple of really good uses (besides being portable juke boxes), but the bloom is off the rose as they say.  I am NOT buying anything that is not user-serviceable in terms of the battery.  I don't care whether it runs on alkaline, Ni-Cads or Ni-MH batteries, but I want to be able to swap them when they go bad (and they ALL go bad eventually). So, longer battery life is not a big seller for me.  Replaceable batteries are...I think I will look at the Nomad...   12:58:27 PM    comment []

N.Korea Ready to Negotiate Nuclear Program-Official (Reuters). Reuters - A senior North Korean representative said on Tuesday his government was ready to end its nuclear weapons program if the United States changes its "hostile policy" toward Pyongyang. [Yahoo! News - Top Stories] Call me a cynic, but why did the United States send troops to Iraq when a much more oppressive and active nuclear power existed in the world in the form of North Korea?  Please explain this to me, because I just don't understand it. 12:49:45 PM    comment []

-----BEGIN PGP MESSAGE----- Version: PGP 8.0.3 qANQR1DBwU4DR7yu8gmJIsQQB/4zE1A2xJxIoI1fzHFL3MgYQ50bXi40pibcshqQ 8kuEH4eXexPA8oAzZcBXivoY4OsAIGJrmb2jaRzNRbGQdJbAInjm8/HqV+y8LTEq g3yMiI5KhzVaXYi/hynN2KAhDb8MQqmxt2u+Sya3KWvvboZ6rEYz5KrlZYTIqHxu vmymZlINAi6gFyvdZZrZVHTAlKiLtCaClSXOktfTNcYztG0WjbW564vff2OYnVfE YrGzgQPJH87ISISB1PHMWcv9l73XDd8PJqifvyYVvhyCg3LHGCH9NaJoRpKyn3qt PsSJtnp7f1PZ1xhOqX22owg5tY6OKdN12HKKzDJmEIFsyvyHCAC4B2NfUET8vVC0 KUSTadV5bcgEvD91DmxBpDGNUnG/Gy9+OQAoomarFHFPCX2ApDzanjnwltVn8+uW gIZ6a6vwQDVCRpqe6JrEucYcG/UgsMxCXHsBT5Ytb4ZMDECgPNjSNDxbTCgrW1/l uMUQIVcxElz8oEjuXH6AfmfqXAC6ho79ervai2hgZPC9w5b09zfGTsgY03uzo73g PT+qa4lHHtLhd2lSuRkQJKnoCfvBz31sx87aj5W/jFYTl8ZbPM/qEK3wSU1Q1YTS qNh6W/wwpCZuMTPLArfUyR6lw5l6vHT5jhDcuwcP+iTThznNW5RFsP3jqC7X+4va OlsBOQYmwcJOAwPpIMDlHsJCEAv/RWKzsbGtM5mrP3u2OhMiK07TIFX89iPpYZxa XT2RE57l3UEKYDiMPwcEfVDkUrPjhD3j5em+wmNePyiGtc7Ys3022YRWLH2DCd+V rTml1n8h6kjj9XH0VvkOtlTtQHGqIf060AYMExgGU9anvt47MZJTiYhiL0aVmvEh yKZhdrthTR3Wb7MtmBzneX55kKVjblsFvZpL34XS6khwOXtdlCE9FtBuxrjzobru q4mbaBWOEXHV0THK9vGf5yWm04xk5dRs8ZlhFN/HJH7qeBfkHDc+40+C25NDcVMI 21vPlbqk63RcnM/jau6ZpOjms+nLL1TI5HKNyuirJOehqqHyMgh1kWwbjhb5NhWY Y1f/oT0oKpDYG4wzCCtPnPmHrgfh/Mg7vNwBNSsLpmlS//XQl46ubC3fOjBmezIb zoeDgD7hvaaf4nx3186k7btsSjg4eH96fqxCW4cp+1JjgIJrl1suBsB//NkYoaXL OJQRjT/7APcJC84O5X085cBadY2LDACinThTLmqQxNNERh967+ffdVWwANQogzRR /80zNi2tlwdS7bBslvpQnyclW4b6MK2K84ayAvDR+tJSIcfY0i2KuUWV741+ZW1v vzF5HNrcikniV/MgsjYG+COvQTQqOT5QqXdKG76WptX+U1m+3TJ0T7aA6AQ2Sh/7 UxiZKMiblpy7y4V4VNOpJSH/JoF33SpjH3zkDYikfpnUzwQCobYomV4ZurUBDoAp z9TJ09QuqdHqvehAHfWItbMcU20H7v07LsgyLG0h1ZIb4/FRVGRfJfdD0lY0XT3a sLpXCjM+VzXwE1Zo5BwGMSjsELOYdlXloILw42DeXChktScZhnJsIyHG/1KP/jz5 bsVdMFQf1VDF4G06ujV3efYtucaXHkpsHLtO6PUnYNUltEMDBGPrhdNpLcCllpRQ Qk9LEJ0tdjwdx/IMrZCkzMUDLsGrmhJAy0EGODI8wZmjkPqU59ScCCDWRLa+OpD2 9rfFe54aHG0ceFgywpZMrZRARJHzJW7Jay2aj+0sFs6CFv+3DnyCNXxeLcOkoEqp 1Z9CdX3goUb+UUHFZIaLl1HbPCQp1gk0KhdE4Zm2no4cwQ6D3JZGDeEH+jwdG+Eb kb+of5jX5JqVZwZLxrmYGumj7EQhQl9W4qFLyUSuotoU2JkM =SjJL -----END PGP MESSAGE----- Can you read the message above?  Probably not because it is encrypted for only one person (and if that person should trip over it, feel free to decode it). Now, you may wonder why I would do that - after all, email and blogs and such are so open that anyone can read them.  The reason is to bring to light another Supreme Court decision (there is something in the water over there - I just don't want to drink it).  A couple of weeks ago now, the Supreme Court ruled that ISPs, those folks that control most of the email flowing through the Internet can read your email without so much as a by-your-leave.  There is some history here, but unless you have been on the Internet for more than 5 years, you probably don't know anything about it.  One of the pieces of that history it wrapped up in encryption and PGP, so let me go back a few years and follow the bouncing ball - if you are as irate as I am, you will want to have my PGP key (which is posted to the key server, as well as at the end of this rant). Prior to 1990 (that is before most of the children on the Net today were born, or even thought of), the Internet was little more than an experiment.  Some ubernerds were wondering what they could do with these super computers they had access to (which by today's standards were little more than glorified PDAs in terms of processing power and memory, although they did fill several rooms).  They started connecting them together and sending emails to each other.  I remember a good friend of mine explaining it to my parents at the time - he said it is like making a local phone call all around the world and passing a text message.  A strange analogy, especially given the current state of affairs, but at the time, that was it.  There were no pretty interfaces, no colour (other than green) and certainly no images.  This was raw text. Jump forward a few years and e-mail (note the dash) began to take hold, especially in companies that did a lot of business with the government.  Most of this e-mail was routed through proprietary systems that, for the most part, didn't talk to each other.  If you wanted to send a message from one system to another, you needed to have a VERY in depth knowledge of the internetworkings of not only computers, but the software, and the telephone network.  The ubergeeks that knew this stuff were selling there services for LARGE amounts.  I was fortunate to work with three of them. By this time, a few very brilliant people began to worry about the effects of email.  These big thinkers likened email to little more than sending a post card through the mail (and they are right).  However, instead of a simple "Having fun, wish you were here." message, they foresaw large corporations sending critical data in clear though multiple, uncontrolled (in this case by either the sender or the receiver) systems.  Now you have to remember a couple of things - one, SPAM was not prevalent at this time and two - the volume of the email traveling through the systems was of such a low volume that it was possible to READ every message that came through. Jump forward to 1995 and the Federal government, in the form of the FBI starts getting upset.  People are actually starting to encrypt their traffic (mainly in the form of SSL web based transactions) and the FBI complains that there will come a time when they will be unable to read the email as freely as they once could.  They decided they needed a scheme to do it - it was called Carnivore.  It was supposed to be a back-door into all encryption schemes that were to be deployed - and for those that didn't have a back-door, they would be forced to deposit with the FBI a key that would unlock anyone's encryption...this went over like a tonne of bricks. Now remember, the law of the land at the time (and still today) requires that the FBI and others must obtain a COURT ORDER to listen in on your phone calls, but no such provisions are in place for your email and yet more and more sensitive information travels by email than by phone (any more).  The FBI, being thwarted on the Carnivore front, mainly by ISPs telling them to get out of their POPs (points of presence) went to court.  And they have done it more than once.  Well, in the post September 11 days, they have finally won.  ISPs can monitor your email without your permission or knowledge...and if you think this is something the ISPs want to do, you are mistaken.  This is strictly for the benefit of the law enforcement agencies under the guise of tracking the "bad guys."  Can you say Big Brother.  Orwell would be appalled. So run, don't walk to your nearest PGP retailer (http://www.pgp.com) and get your protection now. (Linux comes with GPG, the open source version already installed or at least on the distrobution discs).  My key is below (it is good for PGP version 6 and up). USE IT.  (If you want my 2.6.2 key, it is on the key servers - pull the key for dekker@gwis2.circ.gwu.edu - I no longer use that account, but I maintain the key). -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGP 8.0.3 mQGiBDx/1+QRBADSj5HIP5KhVR84JU+CEsHbmgJU9Q254oAiiZVQg0hnl47Ente7 AFCUC+BAOXC6MVj13ubdl4aitez/bzjAAny6ETQf2OGIaYs8x92ihzqL9R2qK0Af 3wmCpwV0FOLElqQWvKhFIL5LZW2uv91pMkjpcS6wzPPfKVyARhwenWSpAQCg/+th xmrMGLyJ/0/DSo3jTN99EMkEAIxfcdFNuNaWE68TSlFL/HuC4u5dLbPp/BljTcoy u9k3YnBD1mXEEv9MHXsj4/BQB3E7056E7jwb/NW3jPzOGdPw+c/Fm74Zaga96ojZ H2/NA6V82zlcY+HzzeJNl7YbaWaAf6heJPD77jdjXHLQR7FtKYxerE+hnao64ZC1 TuT1A/983OtcofWOvxRYh6krQNY0CItg7nbtTmrJc9jkHH5PyUtCvxMpNwskxEhu wmPCECTRWJCYF/309v8Bp5xlHuazOfuHxU4lOHApgmpDDz4toJRtondetysiUssD AqHlMvS83UwS1Yy4rJ6fJxJuXDbsXGQ9dBalc0cGcjuXm7ozo7QfRGF2aWQgQS4g TGFuZSA8a2c0Z2l5QGFycmwubmV0PokATgQQEQIADgUCPH/X5AQLAwIBAhkBAAoJ EM1XwpEKUzwZwPgAn0M1KErb6BfRusHh16468S3F8UX7AJ40heeN8ouT9YQV4Bx0 8RuSTBvOpbkDDQQ8f9fkEAwAzB13VyQ4SuLE8OiOE2eXTpITYfbb6yUOF/32mPfI fHmwch04dfv2wXPEgxEmK0Ngw+Po1gr9oSgmC66prrNlD6IAUwGgfNaroxIe+g8q zh90hE/K8xfzpEDp19J3tkItAjbBJstoXp18mAkKjX4t7eRdefXUkk+bGI78KqdL fDL2Qle3CH8IF3KiutapQvMF6PlTETlPtvFuuUs4INoBp1ajFOmPQFXz0AfGy0Op lK33TGSGSfgMg71l6RfUodNQ+PVZX9x2Uk89PY3bzpnhV5JZzf24rnRPxfx2vIPF RzBhznzJZv8V+bv9kV7HAarTW56NoKVyOtQa8L9GAFgr5fSI/VhOSdvNILSd5JEH NmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsYjY67VYy4XTjTNP18F1dDox0YbN4z ISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWakXUGf nHy9iUsiGSa6q6Jew1XpTDJvAAICC/9iULoOtGXeq2BGOGX5CdQJ6UrzO3VUSZkh 56AwMXBtMOzpjH0E6eDDKLNEzlwVmRWwKA5PunvoKgu0qI8L56ahrjoae2kOUWAe PRmiuISnd1QXCtKFAXhIs1keSYph2JBW5E8dg3T2O7spHdTLZjmEw7mjrSTVAjzO pUcBru9ZJ5Cc41vKURYK8SR20CAtiShZhSC5u6JOt1pfwm0euA2SE0ZR4UqWc03q mI9jxzeca7hB1YG0ZuD9uY1dwZtF1Ntp+iRZpBNgr3j+zCiO6dDUWkRcXh4CpS0t 0w207/Sf745TF4ALUAICMOutGZfZgppMav5cF8D5fSwNXmQ25W604VXT+xSLAcXO VPY4GvWTQeAHBKNrfzK2xgCRPm4+f88Z7PLznwc+w3CAa6dRAa/aOazchSUNgE+p nj7tadX3qS7+oG35qQxdrZAY8fMW53vvh4VKk5xpSge+IBiiGtn7VyEDZFGQza03 IZ3XYwO01MMlbaYcyFh2CGv2aHzP5cWJAEYEGBECAAYFAjx/1+QACgkQzVfCkQpT PBlfOQCfT+RIpyq1EZgskqvpabDEh6B8Z9AAoLvPgb6TiFlZQ0lGNGWEkpf8ZtSA =nIWh -----END PGP PUBLIC KEY BLOCK----- 10:37:28 AM    comment []

© Copyright 2004 David Lane.