My church uses Family Shield to block porn on the church computers. It also blocks the images on the Family Shield demo page:) which are supposed to be before and after shots http://family-shield.net/screenshots.html . I thought they should store those dirty dirty images in a hardware security module. Hmmm they didn't find that funny.
Yes, clock ensembling is key to security. We even suggest people use the automated computing timing service (ACTS) from NIST, NPL, IEN, etc which works over a POTS line. A few clocks using NTP v4 autokey and a server using ACTS
The one bit is a trusted time source... how do you know in 6 months from now that your systems had the right time. Pain to prove and who do you trust... alas nCipher has the answer but I digress.
-Disclaimer- nCipher, my employer, offers these products so I am a bit biased;)
Secret sharing schemes are available for code signing using either MS AuthentiCode, signtool, etc. The private key used to sign the code is stored in a hardware security module ensuring that the key is not exportable and used only within the module.
Some major software vendors use developer signatures as code source review and strip multiple user level signatures which contain certain attributes in the DN of the cert identifying the developer as either security code review or senior enough developer to assert that code is secure and ready for release.
And once you do have an organizational signature on your code you need to time-stamp the code to validate the cert used for signing the code was valid at the time of the signature. Time-stamping is becoming more important as OS's and other hardening techniques are used to ensure that the code is valid and from a valid source. Ahh phishing
Design patent pending on Whyachi and Son of Whyachi including the caged 3 armed spinning weapon. This patent is not intended to discourage any bot builder from using this design. If you are a bot builder, feel free to use any part of the design for nothing (case of beer).
I tried to find out when they would let up and the tech from AT&T said they plan on leveraging this to block other services. Here's an excerpt from a chat session w/ one of their techs:
You say, The contract states the use should not affect other's use of the network
You say, or degrade the network performance
w-David P says, 10.9 You agree that AT&T and ServiceCo shall each have the right to take any action that either AT&T or ServiceCo deems to protect the Road Runner Service, its facilities and equipment.
You say, Any action is a broad sword and is completely ineffective
You say, for the masses. Something more precise and targeted would be a better solution
You say, Because of the email viruses would you cut 110 so people couldn't get their POP3 mail from work/elsewhere?
w-David P says, You are entitled to your opinion.
You say, A good customer service... nothing against you.
You say, And good customer service
w-David P says, That is completely different. Email is used universally, web servers are not.
You say, I would be curious how Cerf would respond to that
You say, Thank you for your time
w-David P says, What is CERF?
Slashdot Mirror
My church uses Family Shield to block porn on the church computers. It also blocks the images on the Family Shield demo page :) which are supposed to be before and after shots http://family-shield.net/screenshots.html . I thought they should store those dirty dirty images in a hardware security module. Hmmm they didn't find that funny.
ntpdate someserver.somedomain.com will set the time of your box
Yes, clock ensembling is key to security. We even suggest people use the automated computing timing service (ACTS) from NIST, NPL, IEN, etc which works over a POTS line. A few clocks using NTP v4 autokey and a server using ACTS
Windows NT 4 forward supported the use of UTC via SNTP. The Windows Time Service (W2K forward) supports NTP v3.
The one bit is a trusted time source... how do you know in 6 months from now that your systems had the right time. Pain to prove and who do you trust... alas nCipher has the answer but I digress.
www.pricewatch.com should do the trick
-Disclaimer- nCipher, my employer, offers these products so I am a bit biased ;)
Secret sharing schemes are available for code signing using either MS AuthentiCode, signtool, etc. The private key used to sign the code is stored in a hardware security module ensuring that the key is not exportable and used only within the module.
Some major software vendors use developer signatures as code source review and strip multiple user level signatures which contain certain attributes in the DN of the cert identifying the developer as either security code review or senior enough developer to assert that code is secure and ready for release.
And once you do have an organizational signature on your code you need to time-stamp the code to validate the cert used for signing the code was valid at the time of the signature. Time-stamping is becoming more important as OS's and other hardening techniques are used to ensure that the code is valid and from a valid source. Ahh phishing
Has anyone checked out the CIA teddybear? The CIA are showing kids the important work they do.
PATENTS
Design patent pending on Whyachi and Son of Whyachi including the caged 3 armed spinning weapon. This patent is not intended to discourage any bot builder from using this design. If you are a bot builder, feel free to use any part of the design for nothing (case of beer).
I tried to find out when they would let up and the tech from AT&T said they plan on leveraging this to block other services. Here's an excerpt from a chat session w/ one of their techs:
You say, The contract states the use should not affect other's use of the network
You say, or degrade the network performance
w-David P says, 10.9 You agree that AT&T and ServiceCo shall each have the right to take any action that either AT&T or ServiceCo deems to protect the Road Runner Service, its facilities and equipment.
You say, Any action is a broad sword and is completely ineffective
You say, for the masses. Something more precise and targeted would be a better solution
You say, Because of the email viruses would you cut 110 so people couldn't get their POP3 mail from work/elsewhere?
w-David P says, You are entitled to your opinion.
You say, A good customer service... nothing against you.
You say, And good customer service
w-David P says, That is completely different. Email is used universally, web servers are not.
You say, I would be curious how Cerf would respond to that
You say, Thank you for your time
w-David P says, What is CERF?