Cyber UL – Reloaded

So about nine years ago Tan at the L0pht first wrote about the creation of a Cyber Underwriters Laboratory. Like the real UL the Cyber UL would be tasked with independently testing and evaluating software, specifically security related software without the influence of vendors. At the time no one paid much attention and the idea went pretty much nowhere. Since then, in the wake of broke non-secure USB drives and people still using XOR encryption, such luminaries such as Bruce Schneier and even myself have commented that such an organization is sorely needed.
Well Tan has now responded to himself with a followup to his original paper. The new paper Cyber Underwriters Laboratories – Reloaded takes a look at the PCI compliance required by VISA as a possible starting ground or model for such an organization.
Lets hope that this time people realize that the importance of such software evaluations is critical not just to the future of online commerce but is critical to the future of simply being online.
UPDATE: 2015.07.02
After .mudge off handedly announced that he was going to stand up a CyberUL at the request of the White House the haters came out in full force. Tan has written a response to the recent criticisms of his CyberUL idea and posted it here.

Quickies and L0pht News

There have been a lot of things happening in the security world lately that I have wanted to write about like Geekonomics, the half million pictures pilfered from MySpace and the accompanying torrent file, how the NSA has wrestled control of the nations cyber-security away from DHS, how the recently proposed Protect America Act won’t, that Yahoo’s CAPTCHA has been cracked (not wide open but open enough), about Bruce Schnier’s excellent speech down under, how the Feds are getting rid of admin rights on XP boxes (about time) and of course about the CyberWar that wasn’t really. Like I said a lot of stuff going on recently to write about but I’ve just been to busy.

But what I really wanted to mention today was that the L0pht reuion I mentioned earlier seems to be becoming a pretty big deal. Did I mention the Pub Crawl?
P.S. Looks like the latest version of WordPress hosed some of my site. (Like the HNN archive) I’ll try to have it back online soon.

L0pht reunion? Source 2008

Well it looks there may be a mini reunion of old L0pht folks. We are still trying to round everyone up but there will more of us together on one stage than there has been for over ten years. (Damn, has it really been that long?) Anyway it will be at the Source 2008 conference in Boston in March. There are some other pretty damn big heavy hitters who will also be at the conference, Steven Levy (yes, of Hackers the book), Dan Geer (yes, of Athena), Richard Clarke (yes, that Richard Clarke). Not sure what day yet the L0pht panel will be speaking but it will be one hell of a conference.

L0pht in Transition 2

So I wrote about the article in CSO Magazine by Michael Fitzgerald earlier this month when the print version came out. Finally it is now online for easy reading by all you non-subscribers. Previous Works sysop Jason Scott of Admin-D and fame has written a rebuttal/commentary/analysis of the piece.
And finally in a completely unrelated story L0pht got a mention in the New York Times last Sunday.

L0pht in Transition

The April 2007 print issue of CSO Magazine has a nice article on page 30 by Michael Fitzgerald entitled “L0pht In Transition.” Unfortunately they don’t have a version online or I would link to it. The article pretty much sums up what all of us are up to these days and asks the question if what we did made any differance. If anyone has a physical print copy I wouldn’t mind getting a hold of one. Lives! Lives! Unfortunately with an Oh and not a zero, but we will take what we can get. Amazing what a spammer will pay for a half decent domain, looks like I am back to Mac&Cheese again for a while. Or I suppose you could say it is amazing (or stupid) what someone will pay to recapture the past. Either way, expensive. is back online. Yeah!

L0pht Buildings

Not a lot of people know where the L0pht was physically. It started out in an old artists co-op building near South Boston and then moved to an old warehouse in Watertown. If you were lucky enough to attend one of the orginal legendary L0pht parties you would not recognise either building now. The South End location has been remodeled into very trendy artist open studios While the Watertwon building was torn down shortly after we moved out and in its place a biotech lab building was built. During the bio-tech slowdown they converted the unused building into loft (haha) condos, the project is called RiverBank Condos and they are selling for about $400K each.