Subscribe to this blog in Radio:
Didn't find what you were looking for?
E-mail this blog's author, Bruce Umbaugh:  |
|
 |
Monday, July 07, 2003 |
Sustainability gets an internet twist: State agency wants broadband
access in affordable housing. By
Aliza Earnshaw, Business Journal (Portland).
What we're looking to is social
sustainability, sustainability in personal daily life,
said [Bob] Repine [director of Oregon's Department of
Housing and Community Development]. Social sustainability
means that more
people who have been disenfranchised will be able to effectively
find opportunities to better educate and inform themselves, and
so improve their quality of life.
1:21:04 PM 
|
|
Study:
Wi-Fi users still don't encrypt, by Kevin Poulsen,
SecurityFocus.
Security vendor AirDefense set up two of its commercial
"AirDefense
Guard" sensors at opposite corners of the exhibit hall at the Boston
World Trade Center, the site of the conference, and for two days
analyzed the traffic flowing between conference-goers and 141
unencrypted access points set up by the conference for public use, and
by vendors on the floor.
What they found was that users checking their e-mail through
unencrypted POP connections vastly outnumbered those using a VPN or
another encrypted tunnel. Only three percent of e-mail downloads were
encrypted on the first day of the conference, 12 percent on the second
day.
. . .
And then there was the hacking. Passive eavesdropping is undetectable,
but AirDefense picked-up 149 active scans from war driving tools like
Netstumbler, 105 denial-of-service attacks, eight probes for known
exploits against access points, and thirty-two attempted
man-in-the-middle attacks -- three of the successful.
12:20:55 PM
|
|
A Simpler, More Personal Key to Protect Online Messages. A Silicon Valley start-up company plans to unveil a new approach to sending secure electronic messages and protecting data. By John Markoff. [New York Times: Business]
Color me puzzled. What problem is this supposed to solve? The article says that public key is too hard to learn to use, and there's some truth in that. But the advantage offered for this Voltage thing (to be announced, um, tomorrow, according to the story in the New York Times, um, today, that reads a lot like one of those, er, press release thingies, wtg John Markoff) is that you don't have to look up a user's public key, you just use the e-mail address.
Now, first of all, if tangentially given how I started above, I'm going to speculate that deriving a good key from known text is iffy at best. Knowing little about this (since it isn't even going to be announced until tomorrow, right?), it's hard to say much, but this seems like a losing approach from the outset, since you want sufficient randomness to generate a key that doesn't factor easily.
Second, and back to the main point, what does this make better? Yes, webs of trust, in which keys are signed by others to attest to their legitimacy and stored on central servers, are supposed to prevent man-in-the-middle attacks and so on and make public key infrastructures far more secure. But nothing prevents you from dropping a note to your intended corresponedent asking, "What's your PGP public key?" Yes, there's a non-zero, but in most instances arguably quite small probability that you compromise your communications channel by doing that. But that's exactly your situation with this Voltage thing based on the recipient's e-mail address -- if someone else is reading the mail, you're toast either way, but orthodox public key infrastructures at least give an alternative that is more secure.
Maybe we'll learn more when all questions are answered after the official announcement. 
7:13:37 AM
|
|
Blogs in the Workplace. Corporate Web logs are catching on. Are they performing a useful business communications function, or simply giving bores and blowhards one more opportunity to blather? By William O'shea. [New York Times: Business]
7:03:45 AM
|
|
Last.fm: Music to Listeners' Ears. An Internet radio station out of London is experimenting with a technique that automatically tailors the music it plays to individual listeners' tastes. Some say the approach, which uses collaborative filtering, could prove revolutionary. By Leander Kahney. [Wired News]
6:58:19 AM
|
|
|
