Cody Taylor

In a recent blog post, CNet’s Jon Oitsik has called for a policy shift with respect to data encryption. A new standard by the Trusted Computing Group promises the availability of self-encrypting hard drives soon, leading some to call for immediate adoption. Will this create even more security problems due to lazy custodians, or should someone responsible for keeping your information safe be required to move to the new hardware? Hopefully the new hardware comes with a warning to continue to use other data protection measures as well.

Read more of this story at Slashdot.

brothke writes “The Shadow Factory: The Ultra-Secret NSA from 9/11 to the Eavesdropping on America is the third of James Bamford’s trilogy. Bamford started this with The Puzzle Palace in 1982 and Body of Secrets: Anatomy of the Ultra-Secret National Security Agency in 2001. The Shadow Factory is likely the last book Bamford will find the NSA cooperative to, given his often harsh treatment of the agency and its directors. It is also doubtful that former NSA Director Lt. Gen. Michael Hayden will grant Bamford additional dinner invitations, given his portrayal of Hayden as a weakling who could not stand up to Dick Cheney and other in the Bush administration.” Read below for the rest of Ben’s review.

Read more of this story at Slashdot.

Hugh Pickens writes “The US and the UK are trying to refurbish the aging W76 warheads that tip Trident missiles to prolong their life and ensure they are safe and reliable but plans have been put on hold because US scientists have forgotten how to manufacture a mysterious but very hazardous component of the warhead codenamed Fogbank. ‘NNSA had lost knowledge of how to manufacture the material because it had kept few records of the process when the material was made in the 1980s, and almost all staff with expertise on production had retired or left the agency,’ says the report by a US congressional committee. Fogbank is thought by some weapons experts to be a foam used between the fission and fusion stages of the thermonuclear bomb on the Trident Missile and US officials say that manufacturing Fogbank requires a solvent cleaning agent which is ‘extremely flammable’ and ‘explosive,’ and that the process involves dealing with ‘toxic materials’ hazardous to workers. ‘This is like James Bond destroying his instructions as soon as he has read them,’ says John Ainslie, the co-ordinator of the Scottish Campaign for Nuclear Disarmament, adding that ‘perhaps the plans for making Fogbank were so secret that no copies were kept.’ Thomas D’Agostino, administrator or the US National Nuclear Security Administration, told a congressional committee that the administration was spending ‘a lot of money’ trying to make ‘Fogbank’ at Y-12, but ‘we’re not out of the woods yet.'”

Read more of this story at Slashdot.

nodialtone writes with a Reuters report that Rod Beckstrom, director of the National Cybersecurity Center (NCSC), has tendered his resignation, citing clashes between the NCSC and the NSA with regard to who handles the nation’s online security efforts. In his resignation letter (PDF), he made the point that “The intelligence culture is very different than a network operations or security culture,” and said he wasn’t willing to “subjugate the NCSC underneath the NSA.” He also complained of budget roadblocks which kept the NCSC from receiving more than five weeks of funding in the past year. Wired has a related story from late February which discusses comments from Admiral Dennis Blair, director of National Intelligence, who thinks cyber security should be the NSA’s job to begin with.

Read more of this story at Slashdot.

Users still facing software issues while running the most current version of Mac OS X Leopard may take kindly to word that Mac OS X 10.5.7 is moving swiftly through its development cycle. Apple as early as this weekend is expected to equip its vast developer community with a new build of the maintenance and security release.

krebsatwpost writes “The Washington Post ran a piece earlier this week that confronts the myth that cyber criminal gangs in Russia and Eastern Europe avoid attacking their own, pointing to numerous examples of late that counter this common misconception. The story draws on data from Team Cyrmu about distributed denial-of-service attacks (DDoS) that target Russian and E. European organizations, intel from McAfee about Russian banks and federal agencies that appear to be under control over cyber gangs there, and tens of gigabytes of data stolen via keyloggers that disproportionately impact Russian systems, including that of a top Gazprom official. The piece begins: ‘If you ask security experts why more cyber criminals aren’t brought to justice, the answer you will probably hear is that US authorities simply aren’t getting the cooperation they need from law enforcement officials in Russia and other Eastern European nations, where some of the world’s most active cyber criminal gangs are thought to operate with impunity. But I wonder whether authorities in those countries would be any more willing to pursue cyber crooks in their own countries if they were forced to confront just how deeply those groups have penetrated key government and private computer networks in those regions?'”

Read more of this story at Slashdot.

DigitalDame2 writes “PCMag Security Analyst Neil Rubenking has always praised Symantec’s tech support. Lately, though, a number of readers have reported problems with chat support, so he investigated. Rubenking was trying to install Norton 360 version 3.0 on a malware-infested system when the computer crashed with a blue screen error. He connected with Symantec tech support and was told that they could fix the problem, but for a fee of 0! (Here is the transcript and screen-captures of the chat.) Even more, Symantec support suggested that he use a malware-removal tool that wasn’t even made by Symantec.”

Read more of this story at Slashdot.

Security researcher Charlie Miller, who last year won ,000 for hacking into a MacBook Air via Safari in just two minutes, says he thinks Safari will be the first browser to fall at this year’s Pwn2Own contest.

The Web browser’s second security update in a month addresses eight issues, six of which are deemed critical.

mask.of.sanity writes “The Australian government is trialling a new Quantum Key Distribution (QKD) system built by Aussie scientists. QKD is considered the world’s toughest security because the slightest attempt to intercept the one time keys, coded into lasers at the quantum level, will disrupt the beam. The technology differs from current cryptography tech primarily because it’s cheap. Well, less than the $US100k price tag of rival systems. It uses off-the-shelf networking gear instead of proprietary technology, and is built on open standards, so it’s easier to install. The random key is encoded at the quantum level in the sidebeam in the phase and amplitude, or brightness and colour, of a highly tuned laser beam. The creators, who built the system in part for their Ph.Ds, said it can be used to transport the most sensitive data like critical infrastructure and secret commercial IP. The days of hand-delivered security keys are numbered.”

Read more of this story at Slashdot.