An Experiment

I've been using Del.icio.us as a tool for capturing interesting stuff I find on the Net and it's worked pretty well thus far. It is what drives the Link Dump section on this blog. However, over the last several months I have been using the Google Reader as my main means of collecting information on the Web. Google Reader has a tool that allows me to share the stuff I find immediately by clicking an icon. This ends up in my Shared Items Feed. Yes, Google has caught some flack for this feature, but I understand the potential implications of sharing anything online and I'm OK with it.

With Del.icio.us I need to click the link to visit the page, come up with a blurb that is 255 characters or less, and then come up with some tags to describe the page. Lots more work than just clicking an icon, but it give a lot more context for a page.

What I'm going to try for the next month is using both. I'll see which one I use more and then start using that one exclusively. While I'm doing this I'll have both feeds in a side bar.

An Experiment

I've been using Del.icio.us as a tool for capturing interesting stuff I find on the Net and it's worked pretty well thus far. It is what drives the Link Dump section on this blog. However, over the last several months I have been using the Google Reader as my main means of collecting information on the Web. Google Reader has a tool that allows me to share the stuff I find immediately by clicking an icon. This ends up in my Shared Items Feed. Yes, Google has caught some flack for this feature, but I understand the potential implications of sharing anything online and I'm OK with it.

With Del.icio.us I need to click the link to visit the page, come up with a blurb that is 255 characters or less, and then come up with some tags to describe the page. Lots more work than just clicking an icon, but it give a lot more context for a page.

What I'm going to try for the next month is using both. I'll see which one I use more and then start using that one exclusively. While I'm doing this I'll have both feeds in a side bar.

A Shameless Plea for Help

I have a photo posted over on the JPG magazine web site. If you're not familiar with JPG, it is a photo magazine that gets its content from its readers. For each episode there are three themes for photos and you can submit your work for consideration. Everyone that visits the site can vote on the photos they think should be published in the next issue.

I have submitted a photo to the Surroundings theme called Solitude. Please go there and take a look at the photo and you like it click the green "Yeah! It rocks." button. Encourage everyone you know to do the same.

In the interest of full disclosure, if I get published, I get $100 and a free print subscription to the magazine.

Thanks!

This Should be Interesting

The Lakota Indians are essentially trying to secede from the United States. If things go their way, you'll now need a passport to travel to parts of Nebraska, South Dakota, North Dakota, Montana, and Wyoming. On the upside, you can live there tax free if you renounce your US citizenship. The Lakotas are on a tour of embassies in an effort to have foreign governments recognize their sovereignty. If I had to guess, they'll get recognition from a couple Middle Eastern countries and Venezuela just because it's a good opportunity to poke the US in the eye.

I'll be curious to see if the mainstream media picks this one up. The last time anyone tried to secede things got a little interesting.

AFP: Descendants of Sitting Bull, Crazy Horse break away from US

TJX Dodges a Bullet

TJX settled with New England banks over their massive, and preventable IMO, security breach. The settlement commits TJX to pay a portion of the legal bills for banks and trade organizations in Massachusetts, Connecticut, and Maine. The total dollar amount was not disclosed but it will include the $40.9 million in settlements previously covered with Visa. Despite the settlement, the total damages have not yet been tallied. There is an Alabama bank that is still making claims against TJX and federal and state organizations are still conducting investigations. These will probably add some more to the final price tag.

On the surface, this settlement seems somewhat surprising. Why would these banks settle for some legal fees when it appears that they could have squeezed TJX for much more considering the egregiousness of their breach? The answer is that a federal district court made it very difficult for all of the affected banks to join their efforts in a class action lawsuit. This decision makes it extremely expensive for individual banks to fund legal assaults on TJX for compensation in court. The most cost effective decision is to settle.

I'm not thrilled about the way this is all working out. It seems that our justice system is enabling TJX to avoid taking full responsibility for its poor security practices. However, I'm just a mere security peon about whose opinion the justice system could care less. That said, I have learned one thing from this mess. Legal wrangling and shenanigans are legitimate defensive layers in your corporate information security plan.

What do you think? I dare you to comment. Chicken.

TJX, banks reach settlement in data breach - The Boston Globe

Does the Fifth Amendment Apply to Passwords?

An interesting case is brewing in Vermont. It seems that Sebastien Boucher, a Canadian that is a permanent US resident, was entering the US when one of the border guards asked to see his laptop. The guard allegedly observed child pornography on the laptop and immediately arrested Boucher. Sounds like an open and shut case but it isn't.

Boucher secured his laptop hard disk with PGP Whole Disk Encryption. This means that the investigators cannot confirm the border guard's allegations of child pornography on the laptop. The prosecutors bypassed this speed bump by getting a subpoena from a Grand Jury forcing the Boucher to cough up his password. However, Boucher claims that giving up his password would lead to self-incrimination and invokes the Fifth Amendment to maintain the secrecy of his disk encryption password. Jerome Niedermeier, a US Magistrate Judge in Vermont, agrees.

The interesting thing is that people can be forced under subpoena to turn over keys to a locked container containing incriminating evidence. As best as I can tell, a memorized authentication token, such as a password, must be spoken or written to be usable by others. Because of the manner in which it must be shared, memorized authentication tokens are considered testimony. The federal judge is therefore protecting the accused's right against self-incrimination, which is clearly protected by the Fifth Amendment. Presumably, this is in contrast to producing a key to open a safe, which could be considered submitting evidence. This is the only way I can find to split this hair.

Regardless of the legal precedents in play, I don't see the difference between a physical key and a password. They are both authentication mechanisms that control access to a resource. Is the fact that one has a physical manifestation and the other does not really have that much impact? Disclosing either has the same outcome.

I have to wonder if someone that had memorized the combination to a safe containing incriminating documents would be afforded the same protection as our alleged pedophile.

I'd appreciate any insight from anyone resembling a legal professional. Heck, even if you're not, other opinions are welcome. I agree with the Tech Dirt article that this will probably end up in the Supreme Court eventually. Until then we won't have a definitive answer but it will be fun to argue about in the meantime.

Telecom Immunity Vote in the Senate

On Monday the Senate will vote on whether to grant US Telecom companies retroactive immunity for supporting the governments illegal wiretapping initiative. I'm not against conducting surveillance of US citizens, but we have rules and procedures in place to make sure that it is done fairly and with oversight. Based on what I know about this situation, the telecom companies involved knew that there were no warrants, knew it was illegal, and lacked the ethics to stand up to the government and deny their requests. Now the government wants to encourage ignoring its own rules by providing immunity to the companies that assisted its illegal surveillance program.

The Electronic Frontier Foundation (EFF) has a handy online form that will submit a letter to your Senator urging him or her to vote against the legislation that will grant these companies immunity. If you believe in your Constitutional right to protection against unlawful search and seizure, I encourage you to send a message to your Senator to vote down this legislation.

Again, just to clarify my position, I have no problem with conducting surveillance against US citizens. I just want the government to follow its own rules.

Aaron's Photoblog

I've decided to set up a Photoblog to focus on my photography. If you are in to such things also, please go on over an take a look to see what you think and contribute some comments.

I'll continue to use My Soapbox to rant and rave on INFOSEC issues, stupid drivers, science issues, and the occasional political tirade. Lately I've been trying to resist the urge to comment on some of the current events in the US and globally, but I'm not sure I'll be able to hold out for too much longer.

Switching Blog Platforms

I have officially moved from Wordpress to Blogger as my blogging platform. I've done this for a couple of reasons. Most of those reasons revolve around flexibility. Blogger allows me to:

1. Use my own domain name.
2. Incorporate AdWords and AdSense.
3. Not worry about bandwidth or storage space.

I can do most of that stuff with Wordpress, but it costs extra. I can do it all for free with Blogger. But there is one other reason that I decided to change to Blogger. I want to support Google.

Why on earth would I want to support Google? Well, I think that Google puts out good products and I think that they're on the leading edge of technology in a lot of respects. Their Android specification, pending bid on wireless spectrum, and their recent challenge to generate a gigawatt of renewable electricity at a cost below electricity from coal-fired power plants are all reasons I want to support Google's efforts. That and their other stuff rocks too.

So that's that. Please update your bookmarks and RSS readers.

PS - I'm also working on a photoblog. More on that as it develops.