This page contains indexes of four periodicals published by the National Security Agency, plus a listing of publications from the NSA's Center for Cryptologic History. These indexes haven't been publicly released until now, and many of the Cryptologic History publications weren't previously known to the public. Researcher Michael Ravnitzky has discovered a huge cache of information about the NSA, intelligence, and cryptography.

During the initial testing of Greylisting in mid-2003, it was observed that the vast majority of spam appears to be sent from applications designed specifically for spamming. These applications appear to adopt the "fire-and-forget" methodology. That is, they attempt to send the spam to one or several MX hosts for a domain, but then never attempt a true retry as a real MTA would. From our testing, this means that in the test environment, based on a fairly conservative interpretation of testing data, we have attained an effectiveness of over 95%, and that is with no legitimate mail ever being permanently blocked.

This is what a technocracy looks like, folks!

Myself, I'll only vote by absentee ballot.

Targus might consider employing engineers that actually understand the most basic methods of defeat. If in fact they do possess such competence, then they are oblivious to the security needs of the consumers that rely upon them to secure their laptops. But, then, Targus does not guarantee the security of these products, just their workmanship to be free from defects.

As you probably have heard, British authorities have arrested 24 suspected terrorists who are alleged to have planned the bombing of 10 US-bound airplanes using binary agents disguised as beverages and a trigger disguised as an MP3 player. Consequently, authorities are moving to ban all kinds of liquids and gels in carry-on luggage. As with their plans to confiscate nail files at the security checkpoint, but not the nail files on sale in the boarding areas, they get an "A" for effort, but "F" for execution.

It turns out the TSA's solution is to just pour all suspect liquids into one big garbage can near the crowd of people queued up to pass the checkpoint. Brilliant! This is right up there with the TSA agent who arguably illegally searched John Perry Barlow's luggage and found marijuana when she shook and then opened an ibuprofen bottle she claimed was a suspected bomb.

I'm not sure which is more dangerous, these attempts to provide a false sense of security, or the other attempts to instill a false sense of insecurity.

From ConFonz dons his black hat:

The bar for talks is so low at DefCon, that even the lamest of talks was rendered mediocre by those around it. And a two-hour hold up on day 1 ensured a frustrated day for most everyone involved. Come on, Slashdot, the war rocketing talk could have been done in 5 minutes. And how many possible times can you see someone explain how to use Ethereal in one weekend? Six, evidently.

This year's controversial presentation at Black Hat was won by Device Drivers: Don't Build a House on a Shaky Foundation. In their demonstration (recorded before the conference to prevent attendees sniffing their attack technique) , johnny cache and David Maynor show the remote compromising of a wireless laptop by exploiting flaws in the software used by the operating system to drive the device. To sex things up, the laptop they compromise is a MacBook.

See, David Maynor has a bone to pick with Mac users who have bought into and perpetuate the myth that Apple software is more secure than Microsoft software. In an attempt to prove them wrong once and for all, Maynor slaps a third-party wireless device on to the MacBook and goes to town. "But wait!" those same Mac users cry, "He didn't demonstrate the attack with Apple's wireless driver, it's just the third-party driver!" Mr. Maynor defends the demonstration by claiming that the attack does work with Apple's driver, but that Apple pressured them to not show that because Apple hasn't released a patch yet.

Now, I'm willing to assume this is all true, but what do we really know? At the end of the day, nothing, really. They haven't released details to reproduce, third parties haven't released patches to reverse engineer, and no one has publicly disclosed a rediscovery of the flaws. We might as well assume that the demonstration was recorded on the same sound stage that NASA used to fake the moon landings! Kidding aside, the only take-away from their presentation is that device drivers are not immune from security bugs, which shouldn't come as a surprise to anyone... though it probably does.

None of this is to say that Apple software is more secure than Microsoft; the publicly disclosed vulnerabilities and security updates are testament enough to disprove the myth. The problem is that, while I wish folks like David Maynor well in their pursuit of humbling the hubristic, there are none so blind as those that will not see.