A serious flaw exists in certain versions of the popular Sendmail open-source and commercial e-mail software, but fixes are available.
An attack could interfere with or intercept mail delivery, permit the intruder to tamper with other programs and data on the vulnerable system, and potentially provide access to other systems on the affected machine’s network.
Finally PGP Encryption for VOIP is out now though for Mac OS X and Linux only but Windows XP version will be available in mid-April.
Some of you may have heard of PGP (Pretty Good Privacy). PGP author Phil Zimmermann risked serious jail time for his initial release of PGP in the early 1990s. (The U.S. government eventually decided not to proceed after a 3-year-long investigation.) Thanks to Phil one’s email need not automatically be available to the authorities for them to read through at will.
Now he has done for VOIP (voice over IP) telephony what his earlier PGP did for email–make it all but invulnerable to interception by the authorities.
From the description on Phil’s web page, the software employs no central servers, but uses p2p principles. It features perfect forward secrecy, meaning that keys are destroyed at the end of a conversation, and cannot be retrieved. Even if one’s conversation were tapped/recorded, with the destruction of the key material, it would prove impossible to decrypt the conversation.
Zfone, like his earlier program PGP, is almost guaranteed to give the authorities fits.
More from Philip Zimmermann’s Site
Online codebreaking enthusiasts working to solve a series of German World War II ciphers have cracked the second of three codes.
Thousands of users around the world have joined the M4 Project, using spare computing power to crack the codes.
The messages were encoded using the German Enigma machine, and outfoxed wartime experts at Bletchley Park.
Project leaders have already failed to crack the last remaining message, but insist it can be broken.
The three messages were unearthed by amateur historian Ralph Erskine, who submitted them to a cryptology journal in 1995 as a challenge for codebreakers.
Anti-virus vendor McAfee is scrambling to contain the damage from a faulty definition update that incorrectly flagged hundreds of legitimate software programs as W95/CTX, a low-risk Windows 95 virus that was first detected in 2004.
The erroneous .DAT file (4715) was shipped late on March 10 with definitions for a wide range of new malware threats, but when the update was installed, it quarantined or deleted several widely deployed applications, including Microsoft Excel, Macromedia Flash Player, Adobe Update Manager and the Google Toolbar Installer.Santa Clara, Calif.-based McAfee acknowledged the gaffe and quickly shipped a new virus pattern file (4716), but for some users the damage was already done.
From New York Times
Recent debates about the National Security Agency’s warrantless-eavesdropping program have produced two very different pictures of the operation.
Announced in 2002, Adm. John Poindexter’s controversial Total Information Awareness program was an early effort to mine large volumes of data for hidden connections. But even before 9/11, an Army project called Able Danger sought to map Al Qaeda by “identifying linkages and patterns in large volumes of data,” and may have succeeded in identifying Atta as a suspect. As if to underline the project’s social-network principles, Able Danger analysts called it “the Kevin Bacon game.”
Given that the N.S.A. intercepts some 650 million communications worldwide every day, it’s not surprising that its analysts focus on a question well suited to network theory: whom should we listen to in the first place? Russell Tice, a former N.S.A. employee who worked on highly classified Special Access Programs, says that analysts start with a suspect and “spider-web” outward, looking at everyone he contacts, and everyone those people contact, until the list includes thousands of names.
This has troubling implications for civil liberties. But it also points to a practical obstacle for using link analysis to discover terror networks: information overload.
One way to make sense of these volumes of information is to look for network hubs. When Barabasi mapped the Internet, he found that sites like Google and Yahoo operate as hubs — much like an airline hub at Newark or O’Hare — maintaining exponentially more links than the average.
It’s easy to track America’s covert operatives. All you need to know is how to navigate the Internet.
She is 52 years old, married, grew up in the Kansas City suburbs and now lives in Virginia, in a new three-bedroom house.
Anyone who can qualify for a subscription to one of the online services that compile public information also can learn that she is a CIA employee who, over the past decade, has been assigned to several American embassies in Europe.
“He was the nicest guy you could possibly want to meet,” Pam Smith thought of Fain after they met on her birthday, February 24. “Now, I feel like a fool.”
Smith said Fain went to her office in Juvenile Court and met her co-workers the Friday afternoon he was captured. Pam said Fain was going to pick her up in the courthouse parking lot later that evening for dinner. Ten minutes before that was supposed to happen, a friend told her about looking people up on the internet.
This have a very bad implication as far as individual privacy and security of personal files and documents.
They should hire the services of a competent lawyer and can reliably argue the technical and very practical advantage of such deletion method.
All this years and with abound identity theft and fraud it is very important to employ secured deletion specially before selling or donating old pc’s and particularly hard drives.
In such cases , an encrypted container is well advised to be used specially the ones that have ‘on-the-fly’ encryption.
One of this days I will dedicate a section or a page on this topic of encrypted container and ‘on-the-fly’ encryption.
In the meantime here’s the full detail of the news
A very compelling and authoritative opinion from a great mathematician Bruce Schneier.
Bruce Schneier is the CTO of Counterpane Internet Security and the author of Beyond Fear: Thinking Sensibly About Security in an Uncertain World.
Many believe data mining is the crystal ball that will enable us to uncover future terrorist plots. But even in the most wildly optimistic projections, data mining isn’t tenable for that purpose. We’re not trading privacy for security; we’re giving up privacy and getting no security in return.
The promise of data mining is compelling, and convinces many. But it’s wrong. We’re not going to find terrorist plots through systems like this, and we’re going to waste valuable resources chasing down false alarms. To understand why, we have to look at the economics of the system.
Security is always a trade-off, and for a system to be worthwhile, the advantages have to be greater than the disadvantages. A national security data-mining program is going to find some percentage of real attacks and some percentage of false alarms. If the benefits of finding and stopping those attacks outweigh the cost — in money, liberties, etc. — then the system is a good one. If not, you’d be better off spending that capital elsewhere.
Reporters Without Borders is concerned about the decision of the Pakistan Telecommunications Authority (PTA) to block access to twelve websites that posted the cartoons of the prophet Mohammed, which appeared in the Danish daily “Jyllands-Posten”
