The IMA is a rather public place where students, faculty, and spouses can take fitness classes, lift weights, or use an expansive cardio room.
The assests include fitness machines, sports equipement, and simply the space, which when occupied by a unwelcome visitor, makes it unusable to a valid ima-goer. In addition, there is wifi access, as well as internet ready terminals. (Read on …)
The Husky Union Building is the center of life on campus. It is home to the Associated Students of the University of Washington, hundreds of student clubs and organizations, the university bookstore, food vendors, university employee payroll and accounting, information services, games area, campus-wide lost & found, US Bank, bike shop, hair salon, newsstand, event services, and many more departments.
In a recent interview with “Condé Nast Portfolio”, Google CEO Eric Schmidt warns us all that a Microsoft-Yahoo merger might “break the internet” due to the consolidation of web-mail, instant messaging, and other services that would follow as a result. This relates to a still on the table 40+ billion dollar offer that Microsoft has proposed to Yahoo. While the deal is not cemented yet, representatives for the respective companies have reportedly had frequent rendezvous at Mayflower conference rooms to “feel things out” before big money exchanges hands.
The big issue at hand is the oncoming breaking of the Internet, which clearly has broad reaching implications, particularly for Google. The search giant has bet its entire business model on the premise that the Internet be categorically unbroken, at least most of the time, and has a vested interest in ensuring the continued heartbeat of the web. This is in contrast with Microsoft, which could deal with an Internet breakage without all that much worry for its bottom line. This fact should alarm anyone with perceptive eyes; perhaps “breaking the Internet” is the first gunshot in a drawn out war of attrition Microsoft has planned.
According to Schmidt, Microsoft’s previous antitrust trial was about breaking interoperable open systems. Thus, we should all be wondering what level of nefariousness currently runs through Microsoft’s veins that it would embark on a conquest to contort the consolidation of Yahoo’s web offerings in someway as to weaponize open systems into a torrent of Internet pain and disruptiveness. One can only grimace at the proverbial ring of power Microsoft will be able to wield when it is able commit such acts as merging its MSN messenger userbase with that of the wildly popular Yahoo Messenger.
The Internet using public should assess the risk for Internet breakage and policy makers should react accordingly. But we should also keep in mind that if a Microsoft Yahoo merger could break the Internet, smaller deals might lead to some sort of fractures or cracks in the Internet. For example, Microsoft recently invested several hundred million dollars into Facebook, which caused observable tremors in the Internet’s various tubes. Caveat emptor.
Source: http://www.portfolio.com/executives/features/2008/03/14/Google-CEO-Eric-Schmidt-Interview
As our professor has continually emphasized throughout the quarter, one of the primary aims of our course has been to go beyond technical details of current computer security in order to learn the security mindset. This new way of thinking enables us to analyze security issues in the future regardless of particular directions that technology may take. It also enables us to examine the security of less technical entities like physical locks, parking meters, etc. As I was considering some of these less technical systems, I began to realize the pervasive implications of applying the security mindset to broader aspects of life and so began my examination of the human heart.
Recently, Governor Eliot Spitzer of New York was revealed to have been involved with a prostitution ring despite his façade of crusading against white collar crime. As a result, his reputation was tarnished, his career ended and his family has been deeply hurt. Although this is just another note in the continual drumbeat of tragedies we hear about in the news, the frequency of these incidents, clearly demonstrate that each of us is vulnerable to fall in similar ways. How can we defend our lives (and hearts) against being deceived into compromising our integrity and falling into these common pitfalls?
A second observation motivating this study comes from the fact that insiders are often the adversaries who cause the most damage and harm because they are trusted and by nature must have access to the assets we desire to protect. Human beings are often the weakest component of any security system. This review of the human heart will hopefully provide insight into ways to protect the integrity of trusted insiders as well as our own hearts in relation to the people who trust us.
Finally, defending the human heart has significant ramifications in every aspect of physical/computer security. Much of the violence that takes place on campuses (e.g. shootings, assault, etc.) have at their root a compromised heart (e.g. someone who has been continually hurt and lashes out in despair to cause pain to others after he/she has received so much). Many of the adversaries in computer security scenarios are motivated by financial gain, prestige, and other related incentives, which are deceptive and violate the worth and personhood of the people they attack. If people’s hearts were able to be defended, many of the human adversaries that we encounter in typical security reviews might in fact become allies; the ideas in this post are tools that can provide another layer of defense in depth.
I was recently informed about a rather interesting service that is being used in Kenya called M-PESA. According to their website, “M-PESA provides an affordable, fast, convenient and safe way to transfer money by SMS anywhere in Kenya. Through M-PESA you can:
At first glance, I thought that the original intent M-PESA was for buying and transferring airtime while financial transactions were just a side affect; however, according to the FAQ M-PESA is intended to be “an innovative mobile payment solution that enables customers to complete simple financial transactions including person to person money transfer. It is aimed at mobile customers who do not have a bank account, either through choice, because they do not have access to a bank or because they do not have sufficient income to justify a bank account.” (Read on …)
Zone-H(http://www.zone-h.org/content/view/14928/30/) has recently released a statistical breakdown of all the attacks from last three years. Surprisingly, Linux servers are the most attacked servers, even more than all version of windows combined. They suspect the reason for this is due to the fact that most server migrated to Linux, thus the attacks migrate too. I think this statistics is very interesting, because it really shows how “assets” comes into the play. It is not really the vulnerability or security weak spots within the operation system that draws most of the attack, but the assets guarded by them.
Hey everyone. I found a website where you can try to use various ways to hack through levels of password. I think this is a fun way to get in touch with our security mindsets and see how far you can go. I wish everyone good luck 
http://hackerskills.com/
According to an article found at Dark Reading, Adam Boileau from Immunity Inc, has decided after two years to make publicly available his tool Winlockpwn that “lets an attacker take over a ‘locked’ Windows machine without even stealing its password” via the Firewire port. This exploit is not exactly new news since similar tactics have been demonstrated in the past against both Linux and OS X, but it now adds Windows to the list of operating systems vulnerable via a Firewire feature that allows devices connected to the Firewire port to read and write memory. According to SEC Consult, even Vista is not immune to an attack via Firewire. Unfortunately, there is not really an easy fix for this as it is a security flaw in the way Firewire was designed and not a bug in the implementation. However, hopefully this flaw will serve as a constant reminder to developers that security must be an integral part of the design process and not tacked on at the end as an afterthought.
Summary
Most people have probably heard a car alarm go off sometime in their life, and the chances are that it was a false positive are also pretty good. Usually cars that have an alarm have some sort of alarm in place will try to advertise this fact, such as having a small blinking red light to indicate that there is some sort of security in place. Car alarms can trigger on a variety of events. Some of these triggers are vibrations, rotations, contact, pulling of a handle, changes in battery voltage, and sound. When triggered, the car will emit some sort of loud, repetitive, obnoxious sound for many minutes, or until it is turned off using some sort of authentication, usually the clicker of the car. The general idea is that sound attracts attention, so if some set of illegitimate events are happening to someone’s car, other might notice and come to the rescue. One of the most likely people to react to the sound of a car alarm is the owner. However if someone breaks a car’s window, the alarm goes off, and then they run away, the owner still loses. So the alarm really is more of a deterrent than a real physical barrier. (Read on …)
ATMs are surprisingly easy to hack according to CNET. From a report on ATMs, up to 90 percent of the ATMs in the U.K. could be at risk for worms, denial-of-service attacks, getting customer data intercepted, and having money stolen from their safes. (Read on …)