Interesting wired article. The article has the links to a few good papers and explains why the forces of economy dictate IT security.

(Source: Bruce G. Blair, CDI) Last month I asked Robert McNamara, the secretary of defense during the Kennedy and Johnson administrations, what he believed back in the 1960s was the status of technical locks on the Minuteman intercontinental missiles. These long-range nuclear-tipped missiles first came on line during the Cuban missile crisis and grew to a force of 1,000 during the Mc Namara years the backbone of the U.S. strategic deterrent through the late 1960s. Mc Namara replied, in his trade-mark, assertively confident manner that he personally saw to it that these special locks (known to wonks as Permissive Action Links) were installed on the Minuteman force, and that he regarded them as essential to strict central control and preventing unauthorized launch.

 

The Strategic Air Command (SAC) in Omaha quietly decided to set the locks to all zeros in order to circumvent this safeguard. During the early to mid-1970s, during my stint as a Minuteman launch officer, they still had not been changed. Our launch checklist in fact instructed us, the firing crew, to double-check the locking panel in our underground launch bunker to ensure that no digits other than zero had been inadvertently dialed into the panel. SAC remained far less concerned about unauthorized launches than about the potential of these safeguards to interfere with the implementation of wartime launch orders. And so the secret unlock code during the height of the nuclear crises of the Cold War remained constant at OOOOOOOO.

...

The locks were activated in 1977. link

Spy-blog added: Submarine launched ballistic missiles, of course, have always eschewed PALs, due to the difficulty of sending Presidential or Prime Ministerial "launch code" authorisation. They work on the principle of "we will launch our missiles at a certain time unless we hear an order not to launch", and/or if the submarine can no longer contact home after a certain period. This includes listening to see if BBC Radio 4 is still on the air etc.

 

(Source: Register, March 10, 2004) Google is in many ways most dangerous website on the Internet for thousands of individuals and organisations, writes SecurityFocus[?] columnist Scott Granneman. Most computers users still have no idea that they may be revealing far more to the world than they would want.

I'm not putting down Google. Far from it: it's a great search engine, and I use it all the time. I couldn't do my many jobs without Google, so I've spent some time learning how to maximize its value, how to find exactly what I want, how to plumb its depths to find just the right nugget of information that I need. In the same way that Google can be used for good, though, it can also be used by malevolent individuals to root out vulnerabilities, discover passwords and other sensitive data, and in general find out way more about systems than they need to know. And, of course, Google's not the only game in town - but it is certainly the biggest, the most widely-used, and in many ways the easiest to use. link

(Source: The Age) A senior consultant with the biggest private US computer security firm says there is no use in keeping one's anti-virus software up-to-date to guard against attacks unless one has a risk management policy in place. link

Not a big surprise, but people/companies should develop better technology.

(Source: EETimes, UK) Anti-virus firms worked Tuesday (June 15) to block the first network worm that spreads via mobile phones, but generally agreed that it's more a demonstration than an actually attack, and poses little threat.

 

Security firm Kaspersky Labs dubbed the worm "Cabir" on Monday and said it uses the Bluetooth wireless feature of smart phones that rely on the Symbian operating system. Cabir arrives in the phone's inbox as a file named "caribe.sis"; when accepted by the recipient, the worm activates and starts looking for new devices to infect over Bluetooth. link

 

(Source coredump.cx) This is not an exciting story: I happened to be browsing aimlessly through case studies and other publications released by Microsoft as a part of their "Get the facts" initiative. At one point, I stumbled upon a Word file I wanted to read - and as soon as I ran it through wvWare, I noticed there is a good deal of amusing change tracking information still recorded within the document. Naturally, publishing documents with "collaboration" data is not unheard of in the corporate world, but the fact Microsoft had became a victim of their own technology, and had failed to run their own tools against these publications makes it more entertaining.

 

A pointless idea came to my mind that instant: why not run a gentle web spider against all Microsoft sites in English, specifically looking for other instances of tracking data not removed from documents? I coded a bunch of scripts and let them run through the night, fetching approximately 10,000 unique documents; over 10% was identified as containing change tracking records. I decided to collect only those with deleted text still present, yielding a crop of over 5% of all documents. Quite impressive. Below, you will find a brief (and rest assured, incomplete) list of the most entertaining samples I've run into, along with some speculation (and only speculation) as to the reasons we see them.

link to the article and tool.

Speicher von Computern, Digitalkameras oder Kopierern werden meist unzureichend gelöscht - vertrauliche Daten lassen sich leicht rekonstruieren.

 

Je schlauer die Geräte werden, desto dümmer stehen bisweilen ihre Benutzer da. In Norwegen zum Beispiel dachte ein Angestellter, er sei ganz besonders gerissen. Bevor er bei seiner Firma kündigte und zur Konkurrenz wechselte, vervielfältigte er noch schnell vertrauliche Unterlagen am Bürokopierer. Obwohl er keine sichtbaren Spuren hinterließ und niemand ihn dabei beobachtete, wurde er verpfiffen - vom Kopierer, der den Vorgang in seinem Speicher festhielt. link