I know most people don't pay attention to the various viruses and other nasties floating about the internet. Conficker is bad. And it's going to get worse.

Here's a simple test to check if your computer is infected: Conficker Eye Chart.

Help kill these nasties.
That is all.

Reading this entry from Bruce Schneier just boggles my mind:

According to the U.S. Federal Aviation Administration, the new Boeing 787 Dreamliner aeroplane may have a serious security vulnerability in its on-board computer networks that could allow passengers to access the plane's control systems.

I agree that there isn't information to properly comment, but... What idiot doesn't realize that you have to keep mission critical systems isolated from potential tampering? Seriously. A malicious hacker could cause serious harm if the flight controls are vulnerable.

I realize that the airlines are trying to make flying a more entertaining experience. On flights, I've enjoyed using different external cameras, as well as checking out the flight maps. It wouldn't be hard to design a component that copies information from the flight computers to an area served by the computer system serving the passengers. Just don't directly integrate the two.

There is always a balance between security and privacy. But, people should know the rules of the game, so to speak. Wired has a good article on how the FBI used spyware to track down a teen making bomb threats. People should pay particular attention to this:

[The FBI's spyware] lurks on the target computer and monitors its internet use, logging the IP address of every computer to which the machine connects for up to 60 days.

Under a ruling this month by the 9th U.S. Circuit Court of Appeals, such surveillance -- which does not capture the content of the communications -- can be conducted without a wiretap warrant, because internet users have no "reasonable expectation of privacy" in the data when using the internet.

This may bother some people, but it is true. Any thing done on the net (email, browsing, etc) can potentially be seen by anybody so long as the information is unencrypted.

Now, it's one thing if the FBI's program is running on your ISP's machines, it's another thing if it's secretly running on your machine. What may be more disturbing is that there isn't a guarantee that anti-virus programs will inform you if they detect the FBI's software.

Another Wired article provides a good analysis of this issue.

As I said, there is a balance. I don't believe there is any reason why the FBI would monitor my browsing, but you never know. I've always known such information isn't private. They are welcome to such information if they really want it. But, I don't want any software running on my computer that I didn't install. So, if I find something I don't recognize, it will be removed.

Well, it's a start. Microsoft is openly challenging hackers and security professionals to crack Vista. Unfortunately, this is only a publicity stunt. I say this for two reasons: time and closed source.

Time is a big problem. It's not likely that hackers can find serious flaws at the conference. Sure some flaws could be found, and promptly fixed, but the window of opportunity is too small. Serious flaws are usually found only after lengthy investigations. Its a matter of gathering enough information to make an informed attack.

Which ties closely to my point about closed source. If security professionals cannot examine the source code then they cannot adequately test Vista's security. If Microsoft really wants to make Vista secure, they should provide as much information as possible to the hackers. This will allow them to make informed attacks immediately, while at the conference.

Microsoft, of course, won't make this information available. It goes against many common-sense, but wrong, approaches to security. After the conference, I'm sure Microsoft will be touting how well Vista did against the hackers. Like I said, it's a publicity stunt.

I don't doubt that Microsoft is trying to make Vista secure. They've had so much bad publicity over recent years that security has to be a priority for them now. But being the #1 operating system in the world also means you are the #1 target. Microsoft needs to engage the security community more effectively if they are truly serious about improving Vista's security.

There's a short, but good article by Bruce Schneier on The problems of data mining for terrorist threats. The problem? Six degrees of separation.