Ulf Möller found murdered

Another of the key contributors to the Mixmaster Remailer project has died violently. Ulf Möller was found dead in his car in Eastern Germany. Apparently the victim of a robbery / murder.
Here are some reports of the incident (in German):

DOJ want to criminalize fibbing

Declan McCullagh in CNET reports that the Justice Department is pushing an absurd over broadening of the CFAA to criminalize violating website terms of service agreements.

The idea would be to treat all website terms of service as contracts fully limiting access to the site, therefor any violation of the TOS would be unauthorized access (A.K.A. Hacking) which is a felony.

Don't lie about your age, weight, height, or job title on that dating site!

Anonymizer Survey: Anti-virus and Firewall popular but ineffective privacy protectors

Anonymizer just released the results of a new survey of people's use of privacy protecting technologies. The short answer is that the old standards, anti-virus and firewalls, are widely used. Unfortunately they don't actually do much to protect your privacy. They are more about security.

For full details, read the article.

This is a really interesting article on the lack of terrorism against the US.

This statistic really reinforces a point that I keep making. We are putting effort and treasure into fighting terrorism orders of magnitude out of proportion to its impact.

Why Is It So Hard to Find a Suicide Bomber These Days? - By Charles Kurzman | Foreign Policy:

Out of more than 150,000 murders in the United States since 9/11 -- currently more than 14,000 each year -- Islamist terrorists accounted for fewer than three dozen deaths by the end of 2010. Part of the credit for this is surely due to the law-enforcement officers and community members who have worked to uncover plots before they could be carried out. But fewer than 200 Muslim Americans have been involved in violent plots since 9/11, most of them overseas, so credit for the low level of violence must be due primarily to the millions of Muslims who have refrained from answering the call to terrorism.


Responsibilities of Security / Technology Professionals

I posted this as a comment over on LinkedIn, but thought it was worth reposting on its own.

Privacy professionals can haggle over whether any given situation requires overwrite, multi-pass overwrite, degaussing, physical destruction or whatever else. The 99% issue is that people treat the trashcan icon on their computers as though it really and completely disposed of the file. 
Closely related is the fallacy that your login password will protect your hard drive if your computer is sold / stolen. 

I heard something recently at a conference which really struck a chord with me. It was about USB drives as attack vectors, but the argument applies very broadly. 
We have spent many years trying to educate our way to computer security. It is very clear that is a failed strategy and given the relative immutability of human nature it is highly unlikely to ever be a successful strategy. 
At this point, if I sell my password protected computer and that leads to my identity being stolen, shame on us as engineers who designed such a fragile system with such a huge and foreseeable failure mode. 

We can argue about whether it should be a password or pass phrase, if there should be biometrics or other multi-factor authentication schemes, but lets at least make sure there is a door on the house and ensure that it is closed before debating tumbler lock vs. keypad.