This is a great idea — Neelie Kroes suggesting that there be a certification mark for EU companies who have top-of-the-line data protection practices.
Mikko Hypponen: “This makes British Government the only Western government known to have launched DDoS attacks.”
‘I want to reassure you that RTÉ explored every option available to it, including right of reply. Legal advice was sought and all avenues were explored, including an offer to make a donation to a neutral charity.’ And they folded. Notable lack of testicular fortitude by our national broadcaster.
‘The team’s obfuscator works by transforming a computer program into what Sahai calls a “multilinear jigsaw puzzle.” Each piece of the program gets obfuscated by mixing in random elements that are carefully chosen so that if you run the garbled program in the intended way, the randomness cancels out and the pieces fit together to compute the correct output. But if you try to do anything else with the program, the randomness makes each individual puzzle piece look meaningless. This obfuscation scheme is unbreakable, the team showed, provided that a certain newfangled problem about lattices is as hard to solve as the team thinks it is. Time will tell if this assumption is warranted, but the scheme has already resisted several attempts to crack it, and Sahai, Barak and Garg, together with Yael Tauman Kalai of Microsoft Research New England and Omer Paneth of Boston University, have proved that the most natural types of attacks on the system are guaranteed to fail. And the hard lattice problem, though new, is closely related to a family of hard problems that have stood up to testing and are used in practical encryption schemes.’ (via Tony Finch)
good blog post on Little’s Law, plugging quasar, pulsar, and comsat, 3 new open-source libs offering Erlang-like lightweight threads on the JVM
Avivah Litan, a fraud analyst with Gartner Inc., said that although the current PCI standard does not require organizations to maintain separate networks for payment and non-payment operations (page 7), it does require merchants to incorporate two-factor authentication for remote network access originating from outside the network by personnel and all third parties.Target shared the same network for outside contractor access and the critical POS devices. fail. (via Joe Feise)