So I get into work this morning and grab my snail-mail and throw it on my desk and go grab my morning oatmeal and glass of water. I get back to my desk and start eating my oatmeal as I go through my mail. Things like fake domain name renewal bills, pleas from wireless phone companies to switch services, a copy of Information Week, the normal crap that finds it way into the IT Managers inbox. Then I get to this weeks (August 22-28) copy of Mass High Tech and oatmeal spews out of my nose! Why? Freaking a big ass above the fold picture of Mudge’s fat smiling face staring back at me. Seriously his face takes up like half the damn page.
The online version is much smaller. Here is a scan of the front cover [PDF]. Just make sure you have finished your oatmeal before you open it.
Oh, the story? It is about finding security holes in heart defibrillators. Which is important I guess, and I suppose I would find it more interesting if I or someone I know actually had one of these implanted. Personally I can’t wait until someone starts looking at wireless utility meters.
The registration info for hackernews.com says the domain was first registered on July 29, 1998. Ten years ago, today. wow. You know, long strange trip and all that. News wasn’t actually posted to the site until a month or so later but July 29th is as good day as any to celebrate. (or should that be commiserate?) HNN was only around for a little under two years but I like to think the site had a pretty big impact, not just on the hacker underground it reported on, but the security industry as a whole. Hell, at one point MSNBC claimed that HNN was “the voice of reason” amongst all the hype. When HNN started search engines were just starting to aggregate news, hell even Slashdot was new, by the end the ‘security portal’ was all the rage. The site existed during that formative stage of the security industry before which security was something seldom thought of and after which Venture Capitalist where throwing money at it.
For a walk down memory lane take a look at the first news day September 10, 1998 (Spelling mistakes and all, ahhh Spaceronics!) and the last day I posted the news June 16, 2000 (What is really amazing is that the links to CNN on the 1998 page STILL WORK! ten years later. Kudos to whoever built that site.)
So about nine years ago Tan at the L0pht first wrote about the creation of a Cyber Underwriters Laboratory. Like the real UL the Cyber UL would be tasked with independently testing and evaluating software, specifically security related software without the influence of vendors. At the time no one paid much attention and the idea went pretty much nowhere. Since then, in the wake of broke non-secure USB drives and people still using XOR encryption, such luminaries such as Bruce Schneier and even myself have commented that such an organization is sorely needed.
Well Tan has now responded to himself with a followup to his original paper. The new paper Cyber Underwriters Laboratories – Reloaded takes a look at the PCI compliance required by VISA as a possible starting ground or model for such an organization.
Lets hope that this time people realize that the importance of such software evaluations is critical not just to the future of online commerce but is critical to the future of simply being online.
After .mudge off handedly announced that he was going to stand up a CyberUL at the request of the White House the haters came out in full force. Tan has written a response to the recent criticisms of his CyberUL idea and posted it here.
There have been a lot of things happening in the security world lately that I have wanted to write about like Geekonomics, the half million pictures pilfered from MySpace and the accompanying torrent file, how the NSA has wrestled control of the nations cyber-security away from DHS, how the recently proposed Protect America Act won’t, that Yahoo’s CAPTCHA has been cracked (not wide open but open enough), about Bruce Schnier’s excellent speech down under, how the Feds are getting rid of admin rights on XP boxes (about time) and of course about the CyberWar that wasn’t really. Like I said a lot of stuff going on recently to write about but I’ve just been to busy.
But what I really wanted to mention today was that the L0pht reuion I mentioned earlier seems to be becoming a pretty big deal. Did I mention the Pub Crawl?
P.S. Looks like the latest version of WordPress hosed some of my site. (Like the HNN archive) I’ll try to have it back online soon.
Well it looks there may be a mini reunion of old L0pht folks. We are still trying to round everyone up but there will more of us together on one stage than there has been for over ten years. (Damn, has it really been that long?) Anyway it will be at the Source 2008 conference in Boston in March. There are some other pretty damn big heavy hitters who will also be at the conference, Steven Levy (yes, of Hackers the book), Dan Geer (yes, of Athena), Richard Clarke (yes, that Richard Clarke). Not sure what day yet the L0pht panel will be speaking but it will be one hell of a conference.
So I wrote about the article in CSO Magazine by Michael Fitzgerald earlier this month when the print version came out. Finally it is now online for easy reading by all you non-subscribers. Previous Works sysop Jason Scott of Admin-D and Textfiles.com fame has written a rebuttal/commentary/analysis of the piece.
And finally in a completely unrelated story L0pht got a mention in the New York Times last Sunday.
The April 2007 print issue of CSO Magazine has a nice article on page 30 by Michael Fitzgerald entitled “L0pht In Transition.” Unfortunately they don’t have a version online or I would link to it. The article pretty much sums up what all of us are up to these days and asks the question if what we did made any differance. If anyone has a physical print copy I wouldn’t mind getting a hold of one.
Lopht.com Lives! Unfortunately with an Oh and not a zero, but we will take what we can get. Amazing what a spammer will pay for a half decent domain, looks like I am back to Mac&Cheese again for a while. Or I suppose you could say it is amazing (or stupid) what someone will pay to recapture the past. Either way, expensive. lopht.com is back online. Yeah!
Not a lot of people know where the L0pht was physically. It started out in an old artists co-op building near South Boston and then moved to an old warehouse in Watertown. If you were lucky enough to attend one of the orginal legendary L0pht parties you would not recognise either building now. The South End location has been remodeled into very trendy artist open studios While the Watertwon building was torn down shortly after we moved out and in its place a biotech lab building was built. During the bio-tech slowdown they converted the unused building into loft (haha) condos, the project is called RiverBank Condos and they are selling for about $400K each.