Monthly Archives: June 2006

Adam Shostack Joins Microsoft

If hell hasn’t frozen over, then at least the temperature must have dropped a little on the news that cyber-security guru Adam Shostack is Joining Microsoft.

Most of the people in the circles he and I overlap in tend to speak derisively of Microsoft, but the reasons Shostack gives for signing on make Microsoft look pretty good,

Over the last few years, I’ve watched Microsoft embrace security. I’ve watched them make very large investments in security, including hiring my friends and colleagues. And really, I’ve watched them produce results.

In making this decision, I’ve had conversations with many people and organizations. The one theme that stands out was the difference in the conversations I had with Microsoft versus other software producers. Some of things that Microsoft does and are looking to improve haven’t even made it in rudimentary form anywhere else. I found myself having to shift gears and explain Microsoft’s Security Development Lifecycle. I noticed no one else with a Blue Hat conference. No one else stopping feature development to hunt for bugs. I (re-)discovered how few organizations have even basic formal security processes in place, and how few of those have audit to make sure that their processes are followed.

I realized just how many smart people are thinking about these questions at Microsoft, and I’m glad to be joining them

I just hope it won’t affect his blogging too much.

Posted in Cryptography | 3 Comments


This is sort of cute, but doesn’t really fit this page’s design:

Can I resist another cute piece of clutter for the right margin?

Posted in | 7 Comments

Miami’s Dangerous Terrorist Cell

The Justice Department has a terrible track record of exaggeration when it comes to claiming that they’ve uncovered terrorist cells in the US. As the Carpetbagger reminds us,

By any reasonable measure, the Bush administration’s track record on exposing dangerous terrorist plots isn’t terribly impressive. When Abu Zubaydah was captured in Pakistan in March 2002, the president described him as al Queda’s chief of operations and emphasized the significance of his capture. Bush was wrong. The plot to destroy the Brooklyn Bridge wasn’t quite what it was cracked up to be. Jose Padilla was not actually prepared to detonate a dirty bomb in DC. Former Homeland Security chief Tom Ridge eventually conceded that flimsy evidence led the administration to raise the threat level in 2004.

And then there’s the reconstruction from Unqualified Offerings, Money for Nothing,

Wild speculation: You don’t suppose the Seas of David Cell was just trying to scam their “al-Qaeda contact” (FBI informant) out of a lot of cool shit, do you? Reading the indictment (pdf) is suggestive.

Have you noticed that if explosives appeared on either wish list, the indictment hasn’t considered it worth mentioning? Have you noticed that $50,000 is a lot of money, vehicles you can drive and that you could probably find buyers for bullet proof vests and firearms in Liberty City without too much trouble?

They weren’t Muslims. They weren’t al-Qaeda. Could they just have been (incompetent) scam artists?

Back to the Carpetbagger (although there’s lots more in both posts for anyone interested in the case),

Just to be clear, I’m not saying that the capture of these lunatics is trivial. These people clearly wanted to kill innocent people and commit domestic terrorist attacks. Intelligence officials deserve kudos for infiltrating the group and stopping these would-be terrorists before they became dangerous.

That said, anyone who claims that the administration just broke up a plot to attack the Sears Tower is overstating what’s occurred here. The “Miami 7” could hardly attack a convenience store.

Moreover, this seems to be a pattern with the Bush gang. There’s a major announcement that receives blanket coverage about terrorist plots — which turns out to be far less significant than advertised. Dick Cheney said yesterday that this cult in Miami was “a very real threat.” Except, after scratching beneath the surface just a little, there’s ample reason to believe that’s not the case.

Posted in Miami | 3 Comments

Sealand RIP?

Would-be data-haven and self-styled independent nation Sealand suffered a major fire, burning a substantial fraction of the nation’s territory and requiring the evacuation of the entire resident population (one person).

Posted in Internet | 1 Comment

Friday Grumble

I spent waaay too much of the past 48 hours doing these:

  • Calling around town to find out if anyone has any Altusa Fumé roof tiles that I need to fix the damage from hurricane Wilma. They just laughed. So much for efficient markets. I need about 60 ridge tiles and about a dozen of the S-tiles (aka “field” tiles). Only guy who says he has any says he'll sell me ridge tiles, but I have to buy 10 field tiles for each ridge, because that's how they come. Not that desperate yet. Yet. I may just buy some that are a clashing color instead.
  • Trying to figure out why I got billed $37.04 in late fees on a discount store credit card. (We use the store credit card in that store rather than a bank credit card because they give you a discount when you use it. But this just ate a lot of it.) I pay the bills via my Very Large Bank's online bill payment system, and I always send in payments a few days early. I call the store to find out what gives. Hold. Punch wildly at buttons to get a human. Eventually the human says the store got the payment ten days late even though my records say I ordered it sent seven days early. I call Very Large Bank. The first guy says I have to talk to a different guy. We hold. We hold. I am switched to the call center somewhere several continents away, and in due course, “Armando” (yah, right) says they mailed it on time, seven days early like I asked them to, to the address in Illinois.

    Whoops. According to the bill I'm looking at the store's payment address is now in Tampa. Since the store presumes you will pay by check, and the address printed on the bill will show through the little hole in their envelope, they never did anything to call the change to my attention and of course I had no reason to notice: I typed the old address into Very Large Bank's bill payment service several years ago, and I don't even see it when I say how much to send the store. It seems that even though store's credit operation is run by GE Finance, they don't have electronic systems that talk with Very Large Bank. So my internet e-payment causes Very Large Bank to mail a physical check to GE Payments. Which went to Illinois before being forwarded to Tampa, a seventeen day trip.

  • Putting together the paperwork needed to convince my university-provided health insurance company that the on-campus medical center that billed them for a visit last December is an actual medical office staffed by real doctors entitled to payment under health insurance rather than by me.

Oh, and did I mention that my campus email account hosted at has been down since 10pm last night? Fortunately, my other mail is working fine if you want to reach me.

Posted in Econ & Money | 2 Comments


I was going to suggest that this is today’s best blog posting anywhere–but it seems that the part about the bearded lady and the talking seal was made up.

But most of the rest about the clowns appears to be true.

Posted in Blogs | Leave a comment