Homebrew chemical terror bombs, hype or horror?

Security services themselves need to grasp this, to avoid deploying hundreds of operatives and millions of pounds (dollars) on investigations which in the final analysis do not add up. Essentially, they need to start doing risk assessment and to stop over-reacting on the strength of 'might'. While they're chasing 'might' they can all to easily be neglecting a whole stack of 'wills'.

Oh, but where would our media be without the Movie Plot Terrorist Attacks!? Can anyone recall when our own White House suggested folks wrap their homes with plastic wrap and duct tape? Local hardware stores ran out! I suggested a smaller, personal protection system -- seal yourself in a trash bag -- but no one would take me seriously.

Data Breach: Hotels.com Customers

Ernst & Young, which has been the outside auditor for Hotels.com for several years, notified the company of the security breach on May 3.

The computer contained personal information including names, addresses and credit card information of about 243,000 Hotels.com customers.

Both Hotels.com and Ernst & Young mailed letters to Hotels.com customers this past week encouraging them to take appropriate action to protect their personal information.

IT TOOK THESE CLOWNS A MONTH TO LET FOLKS KNOW THEIR CREDIT CARD HAD BEEN STOLEN!

The Perils of PC Posture

Ouch! Guilty as charged. Read the article and think about how you are sitting as you read it.

The 25 Worst Tech Products of All Time

As voted by PC World :

1. America Online (1989-2006)
2. RealNetworks RealPlayer (1999)
3. Syncronys SoftRAM (1995)
4. Microsoft Windows Millennium (2000)
5. Sony BMG Music CDs (2005)
6. Disney The Lion King CD-ROM (1994)
7. Microsoft Bob (1995)
8. Microsoft Internet Explorer 6 (2001)
9. Pressplay and Musicnet (2002)
10. dBASE IV (1988)
11. Priceline Groceries and Gas (2000)
12. PointCast (1996)
13. IBM PCjr. (1984)
14. Gateway 2000 10th Anniversary PC (1995)
15. Iomega Zip Drive (1998)
16. Comet Cursor (1997)
17. Apple Macintosh Portable (1989)
18. IBM Deskstar 75GXP (2000)
19. OQO Model 1 (2004)
20. CueCat (2000)
21. Eyetop Wearable DVD Player (2004)
22. Apple Pippin @World (1996)
23. Free PCs (1999)
24. DigiScents iSmell (2001)
25. Sharp RD3D Notebook (2004)

Black Box Voting

It is important to understand that these attacks are permanent in nature, surviving through the election cycles. Therefore, the contamination can happen at any point of the device's life cycle and remain active and undetected from the point of contamination on through multiple election cycles and even software upgrade cycles.

These are the same machines that delivered the state of Ohio to Bush and decided the election. You may recall that Diebold was a heavy contributor to the Bush campaign. In a fall 2003 fundraising letter sent to Republicans, from Diebold CEO Walden O'Dell:

"I am committed to helping Ohio deliver its electoral votes to the president."

Blue Security Quits

"When the company's founders first approached the broader anti-spam community and asked them what they thought of the idea, everyone said this was a terrible idea and that they would eventually cause a lot of collateral damage," Underwood said. "But it's also extremely unfortunate, because it shows how much the spammers are winning this battle."

Yes, this was a terrible idea -- one that should never have been launched. No one with half a clue would have considered these folks had even a remote chance of success. So what happened? The clueless spent their money and the bad guys won. Well, DUH! I can't call that "extremely unfortunate" -- it was a fore-gone, inevitable conclusion. And now it has concluded.

Who Owns Your Computer?

An excellent essay by Bruce Schneier:

Adware, software-as-a-service and Google Desktop search are all examples of some other company trying to own your computer. And Trusted Computing will only make the problem worse.

There is an inherent insecurity to technologies that try to own people's computers: They allow individuals other than the computers' legitimate owners to enforce policy on those machines. These systems invite attackers to assume the role of the third party and turn a user's device against him.