Maybe a new (most likely old) virus/worm/trojan floating. This morning, a screen name called ‘facebook’ sent me spam instant messages. I don’t use the Facebook social networking website, nor have I ever. Still, the messages came in to a screen name I publish in my Digg profile.

The day might come when biometrics completely replaces the function served with passwords. But will it matter? The fact is, that that biometric reality grows closer every day. Right now, hardware becoming cheap and software environments becoming virtual, has many such realities racing at us like a wild mustang. But, I know you. You’re human, you need to see it in action. Well, do I have the perfect software for you. You or anyone can download for free something called Ophcrack. Ophcrack uses Rainbow Tables (and well). Take a look at it here, where Lifehacker has a gallery of screenshots of Ophcrack at work under Windows.

What does all that mean? I’ll keep it simple. Ophcrack can crack the password “Fgpyyih804423″ in 160 seconds (or for more here for Thomas Ptacek’s work on the subject or here where Darknet talks about its history). Anyone with Computer or Network Security experience (or that has tried to guess a password) will tell you, thats expected to be a difficult password to crack, and being cracked in 160 seconds is jaw dropping. “Fgpyyih804423″ is not very human relative and by that I mean its not a word in any language, nor a composite of any word in any language ( its not even some tokenized expression). In fact, the string of characters looks to be (because it is) quite random.

Worried yet? If not, some forward thinking might get you bit concerned. Implementations of biometrics really don’t solve this issue (they’re conceptually the same). They just make the string’s identity larger and thereby, by today’s standards, more difficult to crack. But, as technology grows to facilitate biometrics, so will that which is used to subvert biometrics and in not so different ways than we see here. So, my question to you is, what will you do, when you can’t trust your own reflection?

Alright, so, what exactly is going on over at Wired? And, precisely what is Bruce Schneier smoking? Better yet, where can we all purchase some to sell to terrorists when we run into them (since thats what all the talk is lately)?

Talk about shitting the bed…

This is desire directing science and about as bad as it gets. The theory discussed in the article is used in quite a strange way. Mangled in order to make predictions about the resultant conditions of terrorism on a whole society, the corespondent inference theory, they say here, indicates terrorism doesn’t work. Certainly something scientists would like to believe, if you ask me, anyhow — I admit, that is just my opinion, about the only evidence I have of what I allege is the article and the way the idea is used.

Allow me though, using all my mighty force, to engage in a most epic debate. But, whilest I do this and rather quickly I might add, I will need… one, and only one piece of evidence, to make my case. Brace yourself, so you aren’t startled by the dramatic entrance of booming percussion, ladies and gentlemen.

I give you, my evidence: the United States of America.

Terrorism from the analytical perspective of the tactician offers clear and pure lines of thinking on the ultimate goal of the terrorist — to win. Terror is only a tactic, terrorist only a label. Terrorists employ as we’ve seen, extremely violent even self-violating acts to oppose enemies only hoping to create a viral air of concern — what we have also seen is that, that works just fine. This, in turn, leads to a progressive change in the way of life for said enemy, and change in their respective tactics. And, especially for Americans, who lived a very different way prior to the morning of September 11th, 2001. Or, did everyone forget that?

To say terrorism is ineffective, is to wash away any possible excuse for the behavior of the American public in our last two Presidential elections, that is for sure. Truly, it says then what about America if terror is entirely ineffective against us? How desensitized have we become? What then is the cause for our current state too?

I cannot believe this idea that the small demands of terrorism are not in some way met, when all is imbalanced in our country. You may run the circular argument that our country is this way because of corruption, but then, one must question, who is corrupting those politicians or leaders, if not the same kind of criminal element both foreign and domestic, each not worth the various labels prescribed them.

Boy, the IFPI does not like file sharing. Oh, for anyone who does not know what the IFPI is, the statement below was taken from their mission page:

IFPI represents the recording industry worldwide with some 1400 members in 75 countries and affiliated industry associations in 49 countries.

Here are few things they call “Inconvenient Truths” on the topic of file-sharing, released recently.

Read the rest of this entry »

When I opened this site, I vowed that if I was to link to another site permanently, it would only be because I read the content there faithfully. While that may mean any number of things; things like I may or may not like the idea or the people involved, personally; or, that I may agree or disagree with the idea, or people involved, on any number of other issues; it certainly does means one very important thing: I take being associated with people very seriously. And, I’ll tell you, thats because I’m a tactician…

Read the rest of this entry »

As much as I respect Bruce Schneier, and regard his comments as expert in the field, this recent batch seems less than insightful. Its not that they are fantastic or pie in the sky — that I love about these ideas. Utopia is something worth striving toward especially in the technological sense. It is that these ideas do not acknowledge the nature of the IT security industry. They simply speak from the entrance of some dreamy state. The fact that someone of Bruce Schneier’s caliber made these statements at all, seems akin to something like Stephen Hawking saying, “Wouldn’t it be hot if we had warp drive, dawg!?”

Read the rest of this entry »

This is an interesting approach to trying to understand, and discuss computer-related security. It looks at the differences in Open-Source and Closed-Source software development models and their methodologies. The article looks at some of the well-known schools of thought like “security through obscurity” or “security through visibility”. And, at the same time it offers some insight on exactly how niche environments can dictate their preferred method. I found it to be unbiased, well conceived, and well written.