-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Judge Lifts Restraining Order: MIT Students Win

,----[ Quote ]
| So the attempt to stretch the Computer Fraud and Abuse Act has failed. Please
| read the statute for yourself, and ask yourself: do you want talking about
| computers and security to become a crime punishable by fines and imprisonment
| and subject to FBI and Secret Service oversight? That's what almost just
| happened.
`----

http://www.groklaw.net/article.php?s...80819142913408

Judge lifts gag order on MIT students on MBTA security

,----[ Quote ]
| A federal judge today lifted a gag order on three MIT students who were
| barred from talking publicly about security flaws they discovered in the
| state’s automated mass transit fare system, even as a lawyer acknowledged the
| system was "compromised."
`----

http://news.bostonherald.com/news/re...&position=also

Lessig on McCain on Tech

http://www.youtube.com/watch?v=uvohYMgp0oo


Recent:

MBTA v. Anderson

,----[ Quote ]
| Three students at the Massachusetts Institute of Technology (MIT) were
| ordered by a federal court judge to cancel their scheduled presentation at
| DEFCON about vulnerabilities in Boston's transit fare payment system,
| violating their First Amendment right to discuss their important research.
`----

http://www.eff.org/cases/mbta-v-anderson


MIT Students Bound and Gagged by Power-Mad Massachusetts Agency, Orwellian
Magistrate

,----[ Quote ]
| Where will it all end? Nobody knows the specifics, but we can suggest a few
| that we're pretty certain of. The students will be irreparably harmed, as
| they've lost the opportunity to make their presentation at DefCon, something
| they may never get to do again, and the importance of which Judge Woodlock
| was apparently completely unable to see.
`----

http://www.linuxjournal.com/content/...ian-magistrate
http://tinyurl.com/5nf8t6


Before the Gunfire, Cyberattacks

,----[ Quote ]
| "It costs about 4 cents per machine," Mr. Wood**** said. "You could fund an
| entire cyberwarfare campaign for the cost of replacing a tank tread, so you
| would be foolish not to."
`----

http://www.nytimes.com/2008/08/13/te...=1&oref=slogin


TJX Staffer Sacked After Talking About Security Problems

,----[ Quote ]
| In an e-mail interview, he said he was fired Wednesday for violating
| corporate policy by disclosing proprietary information.
|
| TJX is sensitive about information security after being the victim of a
| massive data theft, apparently made possible by poor security on the
| company's wireless networks. That breach, which compromised 94 million credit
| and debit card accounts, has cost the company tens of millions of dollars in
| legal settlements.
`----

http://www.pcworld.com/businesscente..._problems.html
http://tinyurl.com/6hoadz


Chipmaker sues to quash info on smart card security flaws

,----[ Quote ]
| A semiconductor company is suing a Dutch university to keep its researchers
| from publishing information about security flaws in the RFID chips used in up
| to 2 billion smart cards.
|
| [...]
|
| Call out the military
|
| Nohl said the problem lies in what he calls weak encryption in the MiFare
| Classic smart card. In March, he said that once he had broken the encryption,
| he would only need a laptop, a scanner and a few minutes to get the
| cryptographic key to an RFID door lock and create a duplicate card to open it
| at will.
`----

http://www.linuxworld.com.au/index.p...846447&rid=-50


Related:

New $2B Dutch Transport Card is Insecure

,----[ Quote ]
| Kerckhoffs’s Principle, one of the bedrock maxims of cryptography, says that
| security should never rely on keeping an algorithm secret. It’s okay to have
| a secret key, if the key is randomly chosen and can be changed when needed,
| but you should never bank on an algorithm remaining secret.
|
| Unfortunately the designers of Mifare Classic did not follow this principle.
| Instead, they chose to combine a secret algorithm with a relatively short
| 48-bit key. This is a problem because once you know the algorithm it’s
| possible for an attacker to search the entire 48-bit key space, and therefore
| to forge cards, in a matter or days or weeks.
|
| [...]
|
| Now the Dutch authorities have a mess on their hands. About $2 billion have
| been invested in this project, but serious fraud seems likely if it is
| deployed as designed. This kind of disaster would have been more likely had
| the design process been more open. Secrecy was not only an engineering
| mistake (violating Kerckhoffs’s Principle) but also a policy mistake, as it
| allowed the project to get so far along before independent analysts had a
| chance to critique it. A more open process, like the one the U.S. government
| used in choosing the Advanced Encryption Standard (AES) would have been
| safer. Governments seem to have a hard time understanding that openness can
| make you more secure.
`----

http://www.freedom-to-tinker.com/?p=1250


FCC ignores more than 100 years of wisdom

,----[ Quote ]
| In 1883 French cryptographer Auguste Kerckhoffs published a set of six
| design principles for military encryption systems. The second of these
| principles is generally known today under the observation that security
| through obscurity is not security. The Federal Communications Commission
| (FCC) seems not to have read the history books or to be aware of how its
| *sister federal agencies develop security standards....
`----

http://www.infoworld.nl/idgns/berich...257313005EC092


Consumer-control industry and their security damnation

..-----[ Quote ]
| By some ironic fortune, proprietary vendors like Apple and
| Microsoft will likely always suffer this damnation that their
| consumer-control inspired proprietary nature always brings with
| itself: security problems - exactly the thing they claim to prevent
| by being so control obsessed. You can stay damned with them or you
| can break free.
`----

http://www.libervis.com/article/cons...rity_damnation


Open source key to anti-terrorism efforts

,----[ Quote ]
| Open source = more security, not less. It's no surprise, then, that
| many of my own company's customers include those that place a premium
| on safety and security (US Federal Aviation Administration, UK's
| Ministry of Defense, French Air Force, plus others, including one
| that would surprise you...).
`----

http://weblog.infoworld.com/openreso...ource_key.html


Consumer-control industry and their security damnation

..----[ Quote ]
| By some ironic fortune, proprietary vendors like Apple and
| Microsoft will likely always suffer this damnation that their
| consumer-control inspired proprietary nature always brings with
| itself: security problems - exactly the thing they claim to prevent
| by being so control obsessed. You can stay damned with them or you
| can break free.
`----

http://www.libervis.com/article/cons...rity_damnation


Adobe fixes critical Flash bugs

,----[ Quote ]
| The last time Flash Player was patched was April, when Adobe repaired the
| Linux and Solaris plug-ins used with the Opera and Konqueror browsers. In
| March, Apple Inc. included a Flash fix in its 2007-003 security update that
| upped Mac OS X to Version 10.4.9.
`----

http://www.computerworld.com/action/...&intsrc=kc_top


RIM unconcerned by BlackBerry bugging software

,----[ Quote ]
| As reported yesterday, the latest version of legal spying software
| FlexiSPY enables remote third parties to bug the voice calls, log SMS
| and mobile e-mail messages and track the location of a BlackBerry
| user.
`----

http://www.zdnet.com.au/news/hardwar...9279555,00.htm


Laws Threaten Security Researchers

,----[ Quote ]
| Lee Tien, a member of the working group and a senior staff attorney
| for the Electronic Frontier Foundation, says Website vulnerabilities
| must be exposed so people's data and identities are secured. "The
| fewer vulnerabilities, the better."
`----

http://www.darkreading.com/document....WT.svl=news1_1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkir7bUACgkQU4xAY3RXLo6gZACgnFMAAmnyfN 8ws4e6v73QYhS9
WPMAoKimpFrBiH4i4Z7ikBQZfoyv0NNR
=TLHU
-----END PGP SIGNATURE-----