Humza Zaman, a co-conspirator in the hack of TJX and other companies, was sentenced Thursday in Boston to 46 months in prison and fined $75,000 for his role in the conspiracy. The sentence matches what prosecutors were seeking. Zaman, a 33-year-old former programmer at Barclays Bank, was charged with laundering between $600,000 and $800,000 for hacker Albert Gonzalez, who is currently awaiting sentencing on charges that he and others hacked... 

Deadlocked jurors in the Hal Turner hate blogger case were excused late Wednesday after deliberating two days. It’s the second mistrial in the government’s case to prosecute the New Jersey man for allegedly threatening to kill judges. Assistant U.S. Attorney William Hogan said a new trial was “highly likely .” A third trial was tentatively scheduled April 12 in New York federal court. Turner , of New Jersey, blogged at... 

Over at Wikibooks, they’re trying to write an open source cryptography textbook….  Read More →

It’s good to dream: IARPA’s five-year plan aims to design experiments that can measure trust with high certainty — a tricky proposition for a psychological study. Developing such experimental protocols could prove very useful for assessing levels of trust within one-on-one talks, or even during group interactions. A second part of the IARPA proposal might involve using new types of…  Read More →

Josh Gerstein over at Politico sent Threat Level his piece underscoring once again President Barack Obama is not the civil-liberties Knight In Shining Armor many were expecting. Gerstein posts a televised interview of Obama and John Walsh of America’s Most Wanted . The nation’s chief executive extols the virtues of mandatory DNA testing of Americans upon arrest, even absent charges or a conviction. Obama said, “It’s the... 

The site set up to locate long lost pals, Classmates.com, has been hit with a class action privacy lawsuit. It alleges the company violated the law when it decided to make user profiles public to compete with Facebook. The suit says Classmates.com duped its paying customers in late January when it sent them an e-mail telling members they’d have to opt out of new Facebook and iPhone apps to keep their data private. That’s a massive... 

Really: Since they are hard to conceal, the study says, noses would work well for identification in covert surveillance. The researchers say noses have been overlooked in the growing field of biometrics, studies into ways of identifying distinguishing traits in people. “Noses are prominent facial features and yet their use as a biometric has been largely unexplored,” said the University…  Read More →

My appearance on OWASP Podcast 61 is available. The .mp3 is 36 MB. Thanks to Jim Manico for inviting me to participate. We recorded the podcast in late January. Jim asked me the following questions: Would you care to tell us how did you get into IT and what lead you into a career in information security? What keeps you busy these days? What’s the difference between focusing on threats vs focusing on vulnerabilities? What is your problem... 

Good legal paper on the limits of identity cards: Stephen Mason and Nick Bohm, “Identity and its Verification,” in Computer Law & Security Review, Volume 26, Number 1, Jan 2010. Those faced with the problem of how to verify a person’s identity would be well advised to ask themselves the question, ‘Identity with what?’ An enquirer equipped with the answer…  Read More →

Can you hear that? That’s the sound of air escaping as we all finally recover from the RSA conference. Rich and Martin are back, and Zach… never left (but did celebrate a birthday last week). We do a quick recap of RSA and then dig into the security news… much of which had nothing to do with the conference. Weird. Network Security Podcast, Episode 188, March 9, 2010 Time:  Read More →

The U.S. Supreme Court is agreeing to decide how much personal information the federal bureaucracy may acquire on its workers. The justices, without comment, decided Monday to review a lower-court decision surrounding the concept of so-called “ informational privacy .” The 9th U.S. Circuit Court of Appeals in San Francisco struck down intrusive background checks last year on nearly three dozen National Aeronautics…  Read More →

The CEO of Lifelock, Todd Davis, became famous for advertising his Social Security number on television ads and banners painted on trucks promising his $10 monthly service would protect consumers from identity theft. The company also offered a $1 million guarantee to compensate customers for losses incurred if they became a victim of identity theft after signing up for the service. But the Federal Trade Commission said Tuesday that the claims... 

Pink Floyd and its label, EMI, are battling over online royalties stemming from a contested clause in their decade-old contract. The developer of The Dark Side of the Moon and other top-selling albums claims its contract with EMI requires its music to be sold as an entire album, not the single tracks that EMI has permitted iTunes to distribute. The band’s attorney, Robert Howe, told a London court on Tuesday, “It’s a matter... 

Interesting commentary: I don’t think this is really a case about ISP liability at all. It is a case about the use of a person’s image, without their consent, that generates commercial value for someone else. That is the essence of the Italian law at issue in this case. It is also how the right of privacy was first established…  Read More →

The “Microsoft Online Services Global Criminal Compliance Handbook (U.S. Domestic Version)” (also can be found here, here, and here) outlines exactly what Microsoft will do upon police request. Here’s a good summary of what’s in it: The Global Criminal Compliance Handbook is a quasi-comprehensive explanatory document meant for law enforcement officials seeking access to Microsoft’s stored user information. It also…...