[RISKS] Risks Digest 26.73, WITH TWO ADDED COMMENTS! PLEASE READ THIS ONE.

From: RISKS List Owner <risko_at_private>
Date: Fri, 24 Feb 2012 10:11:29 PST
RISKS-LIST: Risks-Forum Digest  Friday 24 February 2012  Volume 26 : Issue 73

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/26.73.html>
The current issue can be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
Armored SUV could not protect U.S. agents in Mexico (Simson Garfinkel)
"It's A Brick" -- Tesla Motor's Devastating Design Problem (Michael Degusta)
Small coding mistake led to big Internet voting system failure (PGN)
QTH.com Server Outage Notice (Jim Reisert)
Less-than-random-number generation compromises encryption (PGN on
  Lenstra et al. and John Markoff)
Security of Self-Selected PINs Is Lacking (John Markoff on Ross Anderson
  et al.)
IL-PIN printed right on the IL-1040 PDF (jidanni)
Google Mobile Phone Tracker (Matthew Kruk)
Computers blamed once again (Keith Price)
Web Firms to Adopt 'No Track' Button (Lauren Weinstein)
WSJ: "The U.N. Threat to Internet Freedom" (Lauren Weinstein)
Re: Privacy on the Barbie! (Jeremy Ardley)
Bruce Schneier's Liars and Outliers (PGN)
REVIEW: Bruce Schneier, "Liars and Outliers: ... (Rob Slade)
REVIEW: "Identity Management: Concepts, Technologies, and Systems",
  Elisa Bertino/Kenji Takahashi (Rob Slade)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Wed, 15 Feb 2012 18:06:26 -0500
From: Simson Garfinkel <simsong_at_private>
Subject: Armored SUV could not protect U.S. agents in Mexico

Nick Miroff and William Booth, *The Washington Post*, 15 Feb 2012
http://www.washingtonpost.com/world/the_americas/armored-suv-could-not-protect-us-agents-in-mexico/2012/02/13/gIQACv1KFR_story.html?hpid=z2

When U.S. special agent Jaime Zapata was shot dead one year ago on a
notorious stretch of highway in central Mexico, he was driving a $160,000
armored Chevy Suburban, built to exacting government standards, designed to
defeat high-velocity gunfire, fragmentation grenades and land mines.
But the vehicle had a basic, fatal flaw.

Forced off the road in a well-coordinated ambush, surrounded by drug cartel
gunmen brandishing AK-47s, Zapata and his partner, Victor Avila, rolled to a
stop. Zapata put the vehicle in park.

The door locks popped open.

That terrifying sound -- a quiet click -- set into motion events that remain
under investigation. When Zapata needed it most, the Suburban's elaborate
armoring was rendered worthless by a consumer-friendly automatic setting
useful for family vacations and hurried commuters but not for U.S. agents
driving through a red zone in Mexico. ...

  [However, defaulting to all doors locked without manual overrides in cases
  of loss of power or fire is also not a happy choice.  I am reminded of the
  alternative defaults for elevators in case of power failure: by gravity
  balancing, mechanically go to the bottom floor (not good in floods), the
  top floor (not good in fires), or -- with a little more advanced planning
  and mechanical apparatus -- the main lobby (perhaps not good in case of
  front-door armed building takeovers).  A Trilemma, or maybe a less-well
  known example of Morton's Fork?  (Some of you may recall that I touched on
  some of this in a comment on the second item in RISKS-21.47.)  PGN]

------------------------------

Date: Wed, 22 Feb 2012 15:33:02 PST
From: "Peter G. Neumann" <neumann_at_private>
Subject: "It's A Brick" -- Tesla Motor's Devastating Design Problem
  (Michael Degusta)

A rather well-researched item in *The Understatement* claims that if a Tesla
battery becomes completely discharged, the all-electric vehicle becomes
totally immobile -- requiring installation of a new battery (at least
$32,000 plus labor and taxes).  Reportedly, this failure mode is covered
neither by dealer warranties nor by insurance policies.  If true, that is a
major risk!

http://theunderstatement.com/post/18030062041/its-a-brick-tesla-motors-devastating-design

  [Thanks to Lauren Weinstein for spotting this one.]

------------------------------

Date: Tue, 21 Feb 2012 19:20:23 PST
From: "Peter G. Neumann" <neumann_at_private>
Subject: Small coding mistake led to big Internet voting system failure

An outstanding new paper by Scott Wolchok, Eric Wustrow, Dawn Isabel and
J. Alex Halderman, Attacking the Washington, D.C. Internet Voting System,
was presented at Financial Crypto earlier this month.  This paper provides a
nicely reasoned analysis of what was described previously in RISKS-26.18,
19, and 20.  (https://jhalderm.com/pub/papers/dcvoting-fc12.pdf)
  [CORRECTED URL in archives.  PGN]

See also a FierceGovernmentIT article with the subject line of this item:
  http://www.fiercegovernmentit.com/story/small-coding-mistake-led-big-internet-voting-system-failure/2012-02-22?utm_campaign=twitter-Share-Web#.T0ZojwPn5A8.twitter

------------------------------

Date: Thu, 23 Feb 2012 16:34:51 -0700
From: Jim Reisert AD1C <jjreisert_at_private>
Subject: QTH.com Server Outage Notice

It's a good thing I wasn't working on my web site at the time!

-- -------- Forwarded message ----------
From: QTH.com Admin <qth-admin_at_private>
Date: Thu, Feb 23, 2012 at 11:40 AM
Subject: QTH.com Server Outage Notice

At approximately 6:30am CST this morning (2/23), our www5.qth.com became
unresponsive.  Technicians in our data center investigated and found the
server without power.  The server was powered back up, and after going
through the standard boot routine, disk health checks, etc., became fully
operational again, a little after 7am CST.

Now, why was the server without power?  As embarrassing as it is to report,
it was powered down because literally the power cord was unplugged from the
server!  A data center technician had been working on a nearby server and
somehow managed to snag the power cord of our server in the process.

I sincerely apologize for the outage and any inconvenience this caused you.

------------------------------

Date: Wed, 15 Feb 2012 8:24:42 PST
From: "Peter G. Neumann" <neumann_at_private>
Subject: Less-than-random-number generation compromises encryption

An article by Arjen K. Lenstra, James P. Hughes, Maxime Augier, Joppe
W. Bos, Thorsten Kleinjung, and Christophe Wachter, *Ron was wrong, Whit is
right*, will be presented at CRYPTO in Santa Barbara in August 2012.  The
authors have discovered an unexpected weakness in public-key encryption
systems used worldwide for online shopping, banking, e-mail and other
Internet services that require security and privacy.  The flaw involves on
the order of .2% of 7.1 million collected prime moduli used in RSA, ElGamal,
and DSA (plus just one ECDSA key), and arises when two different public keys
inadvertently share a common prime for their construction.  This
happenstance is algorithmically detectable, and knowledge of it obviously
greatly simplifies factoring!  This occurs despite standards to supposedly
prevent it.  [Sources: John Markoff, Flaw Found in an Online Encryption
Method, *The New York Times*, 14 Feb 2012:
and the Lenstra paper; PGN-ed and extensivesly oversimplified.]
  http://www.nytimes.com/2012/02/15/technology/researchers-find-flaw-in-an-online-encryption-method.html?_r=1&hpw
  http://eprint.iacr.org/2012/064.pdf

------------------------------

Date: Wed, 22 Feb 2012 22:36:34 PST
From: "Peter G. Neumann" <neumann_at_private>
Subject: Security of Self-Selected PINs Is Lacking (John Markoff on
  Ross Anderson et al.)

Weak PIN codes ... are a notorious vulnerability of banking cards. Now a
group of British computer security researchers have collected data to show
just how vulnerable they actually are.

A Cambridge University Computer Laboratory team collected statistics
on how people choose banking PINs when they are permitted to select
their own keys. The risk is that a thief who steals a wallet can
then try to siphon money from a bank account by guessing the
password, often with the aid of personal identification information
like the birth date found in the wallet.

Ross Anderson: ``A thief can expect to get lucky every 18th wallet -- except
for those banks which negligently allow their customers to choose really
dumb PINs like 1111 and 1234.  There the thief cashes out once every 11
wallets.  There is every incentive for the bad guys to try guessing PINs on
every card that they steal, There will be a certain percentage that will be
guessed, particularly if a bank allows its customers to choose PINs.''

The researchers describing the criminal practice of guessing PIN numbers
from stolen bank cards as *jackpotting*.  Their conclusions were not
entirely bleak, however. They concluded that user choices of banking PINs
were not as weak as with other security codes like passwords.  Moreover,
they also found that there were lower rates of reuse and sharing of PIN
numbers than was frequently the case with passwords. ...

The researchers wrote that there were two lessons to be drawn from
their study. First, customers should never use date of birth as a
PIN or password. Second, banks should institute blacklists of common
passwords, or prohibit user selection of passwords entirely.

  [Source: John Markoff, *The New York Times*, 20 Feb 2012; PGN-ed]
http://bits.blogs.nytimes.com/2012/02/20/security-of-self-selected-pins-is-lacking/?src=recg

------------------------------

Date: Fri, 24 Feb 2012 05:39:05 +0800
From: jidanni_at_private
Subject: IL-PIN printed right on the IL-1040 PDF

Dear Rev.Ifile_at_private, One can't help but notice ones IL-PIN ends up
right on the IL-1040 PDF one keeps for their records when electronically
filing their taxes. The IRS uses a separate file in such cases, so PINs
don't get exposed if one needs to share their tax forms with others e.g.,
when applying for loans or tuition assistance, etc.  Illinois should
consider doing the same.

------------------------------

Date: Thu, 23 Feb 2012 17:07:42 -0700
From: "Matthew Kruk" <mkrukg_at_private>
Subject: Google Mobile Phone Tracker

 [BEWARE.  This has the aura of a nasty scam / malware / whatever.  PGN]  

Oh joy.

http://googlephone.page.tl/

Google Mobile Phone Tracker v6.5.8

Way back in November 2007, Google location-enabled all of their Google Maps
for mobile clients to bring location awareness to the masses and improve the
local search experience. Using My Location, millions of you have been able
to easily find yourselves on a map at the touch of a button. But what about
finding other people? Lots of you have been requesting to see where your
friends are in a map, too. Well, now you can with Google Mobile Phone
Tracker v6.5.8.

Google Mobile Phone Tracker v6.5.8 is a new feature for Google Maps in
mobile, as well as home PCs, that allows you to see your friend's
locations. You can use your Google account to sign in and easily search
friends from your existing list of contacts or by entering their mobile
numbers. Google Talk is integrated with Google Mobile Phone Tracker v6.5.8,
so you and your friends can update your status messages and profile photos
and see what everyone is up to. You can also call, SMS, IM, or email each
other within the app.

Google has gone to great lengths to put this on as many personal PCs and
smartphone devices as possible from day one so that most of the people you
know will be able to use Google Mobile Phone Tracker v6.5.8 right away. The
application is free and to be used for legal purposes with the knowledge of
the owner of mobile number to be tracked. Start using Google Mobile Phone
Tracker v6.5.8 right now from the link below :

http://googlephone.com/Apps/Google_Mobile_Phone_Tracker_v6.5.8

------------------------------

Date: Fri, 17 Feb 2012 13:16:34 -0800
From: Keith Price <price_at_private>
Subject: Computers blamed once again

Last Saturday night I-10 between Palm Springs and Los Angeles (a stretch
with no alternate routes) was partially closed for routine road work, but
because of a problem in delivering concrete it remained closed all day
Sunday. Buried deep in the printed version (on 2/17) (but not the online
version as of 2/17) of the story is that it was caused by computer failure
at the concrete plant.

http://latimesblogs.latimes.com/lanow/2012/02/caltrans-slammed-after-roadwork-causes-25-mile-backup.html

------------------------------

Date: Wed, 22 Feb 2012 22:52:44 -0800
From: Lauren Weinstein <lauren_at_private>
Subject: Web Firms to Adopt 'No Track' Button

(via Network Neutrality Squad)
http://j.mp/zZGRLs  (This message on Google+)
http://j.mp/Aq94K2  (WSJ)

  "A coalition of Internet giants including Google Inc. has agreed to
  support a do-not-track button to be embedded in most Web browsers-a move
  that the industry had been resisting for more than a year."

Now, here are the real ironies.  As you'll see from reading the story, what
this is about is mainly personalized advertising from online services.  But
reputable firms have been handling this through mechanisms that typically
don't tie back to individuals' actual identities in the first place.  Some
(like Google) provide a "dashboard" that users can already employ to control
personalized ads or turn off personalization completely.

Turn off personalization, and two things happen.  (1) You get more "random"
ads (you're still going to get ads) that are less likely to be of any
interest.  (2) Those ads will be less valuable to advertisers, over time
potentially undermining the financial support structures of many Web
services most users enjoy for free.

Meanwhile, out in the brick and mortar world, information regarding our bank
transactions, credit card purchases, voting records (yes, voting activity
records!), and all manner of other activities are tracked, sold, sliced, and
diced, then fed to the credit reporting agencies, in ways that *really* can
impact people's lives in serious (and often negative) ways.  This data is
often tied to our *real* identities through bank accounts, social security
numbers, and so on.

Yet most of the political public attention is on personalized Web ads, which
are usually deployed through anonymous mechanisms.

Interesting priorities, eh?

Lauren Weinstein (lauren@private): http://www.vortex.com/lauren
Network Neutrality Squad: http://www.nnsquad.org
Tel: +1 (818) 225-2800 / Skype: vortex.com

------------------------------

Date: Wed, 22 Feb 2012 11:00:59 -0800
From: Lauren Weinstein <lauren_at_private>
Subject: WSJ: "The U.N. Threat to Internet Freedom" (via NNSquad)

*Wall Street Journal*: "The U.N. Threat to Internet Freedom" (+ my comments)
http://j.mp/zwZqVB  (This message on Google+)
http://j.mp/yKbWLq  (WSJ)

  "On Feb. 27, a diplomatic process will begin in Geneva that could result
  in a new treaty giving the United Nations unprecedented powers over the
  Internet. Dozens of countries, including Russia and China, are pushing
  hard to reach this goal by year's end. As Russian Prime Minister Vladimir
  Putin said last June, his goal and that of his allies is to establish
  "international control over the Internet" through the International
  Telecommunication Union (ITU), a treaty-based organization under
  U.N. auspices ...  Merely saying "no" to any changes to the current
  structure of Internet governance is likely to be a losing proposition. A
  more successful strategy would be for proponents of Internet freedom and
  prosperity within every nation to encourage a dialogue among all
  interested parties, including governments and the ITU, to broaden the
  multi-stakeholder umbrella with the goal of reaching consensus to address
  reasonable concerns. As part of this conversation, we should underscore
  the tremendous benefits that the Internet has yielded for the developing
  world through the multi-stakeholder model."

For those of us who have spent many years warning that the stage was being
set for potentially disastrous regulatory outcomes for the Internet, and
have been pushing for alternatives all along, the emotions triggered are
complex indeed.

Every time we tried to discuss alternative methodologies in this sphere, the
standard push-back response has been, "Oh, if we tamper with ICANN or the
rest of the existing structure, the UN/ITU might take over and we don't want
that!"

But that's exactly what could happen anyway.

It's been a "comfortable" arrangement for the U.S. to effectively control
the Internet, but it's always been clear to many of us that the current path
could lead to exactly the kind of outcome that we all wanted to avoid.

ICANN has plowed ahead with their extortive get-rich-quick gTLD expansion
scheme.  The U.S. has turned the DNS into a mechanism for unilateral actions
over entities in other countries, without such niceities as due process being
required.  The list goes on and on.

So no wonder the rest of the world pushes for changes -- and threatens
network fragemention -- even as their proposed regulatory regimes could do
enormous damage to the Net.

The status quo is going to be history, one way or another.

I have long called for consideration of a purpose-built international
organization to address these issues, unrelated to existing organizations
loaded down with political baggage like the U.N. and ITU.

There may still be time to chart better outcomes than the ones now barreling
toward us.

But there is no time at all to waste.

http://lists.nnsquad.org/mailman/listinfo/nnsquad

------------------------------

Date: Wed, 15 Feb 2012 12:20:32 +0800
From: Jeremy Ardley <jeremy.ardley_at_private>
Subject: Re: Privacy on the Barbie! (RISKS-26.72)

I work as forensic information analyst in Australia. I've had a number of
recent criminal cases where historical records are or would-be useful.
These records include SMTP records, login records etc.

In actual fact, SMTP records are not kept (At least by the ISPs I was
investigating) and from what I can make out there is no record of IP
addresses for 3G connections - admittedly my sample was small but it
included Telstra 3G/NextG.

Conversion to keeping SMTP records and IP records appears possible but
eventually the data will become significantly large.

Of more importance are the records held by providers like Hotmail and
Gmail. They do not include SMTP records in their lawful disclosure
guides. Even with the data they do retain there has a fairly short expiry
time.

If Australia does make this law then retained data will be very incomplete
and the law will effectively penalise Australian ISP operators in comparison
to global operators of email and other services.

As for privacy, I'm assuming the new law requires a Warrant to access the
information. However Australia's Telecommunication Interception Act has been
a movable feast. So far it's been in fairly brisk time order:

- The Police could demand records without Warrant
- Police needed a Warrant to demand records.
- The Telco could give records to the Police without a Warrant - so long
  as the Police didn't ask for them.
- Any records obtained by Police had to have a Warrant.

I sense that the laws are being made up on the spot and the effects of not
thinking it through are obvious. It certainly makes my job harder having to
know which laws were in effect at any particular time.

------------------------------

Date: Tue, 21 Feb 2012 16:43:51 PST
From: "Peter G. Neumann" <neumann_at_private>
Subject: Bruce Schneier's Liars and Outliers

Bruce Schneier
Liars and Outliers: Enabling the Trust That Society Needs to Thrive
John Wiley & Sons, Inc., 2012, xv+366

  Schneier's Liars and Outliers
  inquires of cyberfires,
  bemires taps of wires, spyers,
    hires, cybergyres, and conspirers,
  acquires admirers,
  aspires to eyers and buyers,
  inspires choirs of lyres.
  It sires 8 quires*.
  Shy-ers beware!

* Note: approximately, the number of sheets of paper.

This book runs the gamut of the roles of trust in a world in which many
elements -- systems, people, applications, and so on -- may be either
inherently or potentially unworthy of being trusted: untrustworthy third
parties, insiders, clouds, you name it.  RISKS readers should find it
provocative.  See Rob Slade's review, next in this issue.

------------------------------

Date: Mon, 20 Feb 2012 14:08:57 -0800
From: Rob Slade <rmslade_at_private>
Subject: REVIEW: Bruce Schneier, "Liars and Outliers: ...

BKLRSOTL.RVW   20120104

"Liars and Outliers: Enabling the Trust that Society Needs to Thrive",
Bruce Schneier, 2012, 978-1-118-14330-8, U$24.95/C$29.95
%A   Bruce Schneier www.Schneier.com
%C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
%D   2012
%E   Editor (of book or series)
%G   978-1-118-14330-8 1-118-14330-2
%I   John Wiley & Sons, Inc.
%O   U$24.95/C$29.95 416-236-4433 fax: 416-236-4448 www.wiley.com
%O  http://www.amazon.com/exec/obidos/ASIN/1118143302/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/1118143302/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1118143302/robsladesin03-20
%O   Audience n+ Tech 2 Writing 3 (see revfaq.htm for explanation)
%P   365 p.
%T   "Liars and Outliers: Enabling the Trust that Society Needs to
      Thrive"

Chapter one is what would ordinarily constitute an introduction or preface
to the book.  Schneier states that the book is about trust: the trust that
we need to operate as a society.  In these terms, trust is the confidence we
can have that other people will reliably behave in certain ways, and not in
others.  In any group, there is a desire in having people cooperate and act
in the interest of all the members of the group.  In all individuals, there
is a possibility that they will defect and act against the interests of the
group, either for their own competing interest, or simply in opposition to
the group.  (The author notes that defection is not always negative:
positive social change is generally driven by defectors.)  Actually, the
text may be more about social engineering, because Schneier does a very
comprehensive job of exploring how confident we can be about trust, and they
ways we can increase (and sometimes inadvertently decrease) that
reliability.

Part I explores the background of trust, in both the hard and soft sciences.
Chapter two looks at biology and game theory for the basics.  Chapter three
will be familiar to those who have studied sociobiology, or other
evolutionary perspectives on behaviour.  A historical view of sociology and
scaling makes up chapter four.  Chapter five returns to game theory to
examine conflict and societal dilemmas.

Schneier says that part II develops a model of trust.  This may not be
evident at a cursory reading: the model consists of moral pressures,
reputational pressures, institutional pressures, and security systems, and
the author is very careful to explain each part in chapters seven through
ten: so careful that it is sometimes hard to follow the structure of the
arguments.

Part III applies the model to the real world, examining competing interests,
organizations, corporations, and institutions.  The relative utility of the
four parts of the model is analyzed in respect to different scales (sizes
and complexities) of society.  The author also notes, in a number of places,
that distrust, and therefore excessive institutional pressures or security
systems, is very expensive for individuals and society as a whole.

Part IV reviews the ways societal pressures fail, with particular emphasis
on technology, and information technology.  Schneier discusses situations
where carelessly chosen institutional pressures can create the opposite of
the effect intended.

The author lists, and proposes, a number of additional models.  There are
Ostrom's rules for managing commons (a model for self-regulating societies),
Dunbar's numbers, and other existing structures.  But Schneier has also
created a categorization of reasons for defection, a new set of security
control types, a set of principles for designing effective societal
pressures, and an array of the relation between these control types and his
trust model.  Not all of them are perfect.  His list of control types has
gaps and ambiguities (but then, so does the existing military/governmental
catalogue).  In his figure of the feedback loops in societal pressures, it
is difficult to find a distinction between "side effects" and "unintended
consequences."  However, despite minor problems, all of these paradigms can
be useful in reviewing both the human factors in security systems, and in
public policy.

Schneier writes as well as he always does, and his research is extensive.
In part one, possibly too extensive.  A great many studies and results are
mentioned, but few are examined in any depth.  This does not help the
central thrust of the book.  After all, eventually Schneier wants to talk
about the technology of trust, what works, and what doesn't.  In laying the
basic foundation, the question of the far historical origin of altruism may
be of academic philosophical interest, but that does not necessarily
translate into an understanding of current moral mechanisms.  It may be that
God intended us to be altruistic, and therefore gave us an ethical code to
shape our behaviour.  Or, it may be that random mutation produced entities
that acted altruistically and more of them survived than did others, so the
population created expectations and laws to encourage that behaviour, and
God to explain and enforce it.  But trying to explore which of those (and
many other variant) options might be right only muddies the understanding of
what options actually help us form a secure society today.

Schneier has, as with "Beyond Fear" (cf. BKBYNDFR.RVW) and "Secrets and
Lies" (cf. BKSECLIE.RVW), not only made a useful addition to the security
literature, but created something of value to those involved with public
policy, and a fascinating philosophical tome for the general public.
Security professionals can use a number of the models to assess controls in
security systems, with a view to what will work, what won't (and what areas
are just too expensive to protect).  Public policy will benefit from
examination of which formal structures are likely to have a desired effect.
(As I am finishing this review the debate over SOPA and PIPA is going on:
measures unlikely to protect intellectual property in any meaningful way,
and guaranteed to have enormous adverse effects.)  And Schneier has brought
together a wealth of ideas and research in the fields of trust and society,
with his usual clarity and readability.

copyright, Robert M. Slade   2011     BKLRSOTL.RVW   20120104
rslade_at_private     slade_at_private     rslade_at_private
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/

------------------------------

Date: Wed, 15 Feb 2012 15:58:09 -0800
From: Rob Slade <rmslade_at_private>
Subject: REVIEW: "Identity Management: Concepts, Technologies, and Systems",
  Elisa Bertino/Kenji Takahashi

BKIMCTAS.RVW   20110326

"Identity Management: Concepts, Technologies, and Systems", Elisa
Bertino/Kenji Takahashi, 2011, 978-1-60807-039-8
%A   Elisa Bertino
%A   Kenji Takahashi
%C   685 Canton St., Norwood, MA   02062
%D   2011
%G   978-1-60807-039-8 1-60807-039-5
%I   Artech House/Horizon
%O   800-225-9977 fax: +1-617-769-6334 artech_at_artech-house.com
%O  http://www.amazon.com/exec/obidos/ASIN/1608070395/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/1608070395/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1608070395/robsladesin03-20
%O   Audience i- Tech 2 Writing 1 (see revfaq.htm for explanation)
%P   196 p.
%T   "Identity Management: Concepts, Technologies, and Systems"

Chapter one, the introduction, is a review of general identity related
issues.  The definition of identity management, in chapter two, is thorough
and detailed, covering the broad range of different types and uses of
identities, the various loci of control, the identity lifecycle (in depth),
and a very effective technical definition of privacy.  (The transactional
attribute is perhaps defined too narrowly, as it could relate to
non-commercial activities.)  "Fundamental technologies and processes"
addresses credentials, PKI (Public Key Infrastructure), single sign-on,
Kerberos, privacy, and anonymous systems in chapter three.  The level of
detail varies: most of the material is specific with limited examples, while
attribute federation is handled quite abstractly.  Chapter four turns to
standards and systems, reviewing SAML (Security Assertion Markup Language),
Web Services Framework, OpenID, Information Card-Based Identity Management
(IC-IDM), interoperability, other prototypes, examples, and projects, with
an odd digression into the fundamental confidentiality, integrity, and
availability concepts.  Challenges are noted in chapter five, briefly
examining usability, access control, privacy, trust management,
interoperability (from the human, rather than machine, perspective,
particularly expectations, experience, and jargon), and finally biometrics.

This book raises a number of important questions, and mentions many new
areas of work and development.  For experienced security professionals
needing to move into this area as a new field, it can serve as an
introduction to the topics which need to be discussed.  Those looking for
assistance with an identity management project will probably need to look
elsewhere.

copyright, Robert M. Slade   2011     BKIMCTAS.RVW   20110326
rslade_at_private     slade_at_private     rslade_at_private
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links

------------------------------

Date: Mon, 6 Jun 2011 20:01:16 -0900
From: RISKS-request_at_private
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.  The mailman Web interface can
 be used directly to subscribe and unsubscribe:
   http://lists.csl.sri.com/mailman/listinfo/risks
 Alternatively, to subscribe or unsubscribe via e-mail to mailman
 your FROM: address, send a message to
   risks-request_at_private
 containing only the one-word text subscribe or unsubscribe.  You may
 also specify a different receiving address: subscribe address= ... .
 You may short-circuit that process by sending directly to either
   risks-subscribe_at_private or risks-unsubscribe_at_private
 depending on which action is to be taken.

 Subscription and unsubscription requests require that you reply to a
 confirmation message sent to the subscribing mail address.  Instructions
 are included in the confirmation message.  Each issue of RISKS that you
 receive contains information on how to post, unsubscribe, etc.

=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 The full info file may appear now and then in RISKS issues.
 *** Contributors are assumed to have read the full info file for guidelines.

=> .UK users may contact <Lindsay.Marshall_at_private>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you NEVER send mail!
=> SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line.
 *** NOTE: Including the string "notsp" at the beginning or end of the subject
 *** line will be very helpful in separating real contributions from spam.
 *** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
     or ftp://ftp.sri.com/VL/risks for previous VoLume
 http://www.risks.org takes you to Lindsay Marshall's searchable archive at
 newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
   Lindsay has also added to the Newcastle catless site a palmtop version
   of the most recent RISKS issue and a WAP version that works for many but
   not all telephones: http://catless.ncl.ac.uk/w/r
 <http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    <http://www.csl.sri.com/illustrative.html> for browsing,
    <http://www.csl.sri.com/illustrative.pdf> or .ps for printing
  is no longer maintained up-to-date except for recent election problems.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 26.73
************************
Received on Fri Feb 24 2012 - 10:11:29 PST

This archive was generated by hypermail 2.2.0 : Fri Feb 24 2012 - 10:36:02 PST