October 2005

Privacy & Security27 Oct 2005 04:13 pm

According to News.com, two researchers at the SANS Institute have discovered a problem with the security architecture of Oracle’s database software, allowing them to easily obtain the passwords of database users.

The technique Oracle uses to store and encrypt user passwords doesn’t provide sufficient security, said Joshua Wright of the SANS Institute and Carlos Sid of Royal Holloway College, University of London. Wright gave a presentation on the matter Wednesday at the SANS Network Security conference in Los Angeles. … Wright and Cid identified several vulnerabilities, including a weak hashing mechanism and a lack of case preservation–all passwords are converted to uppercase characters before calculating the hash.

In its rivalry to be bigger and better than Microsoft, Oracle has cut some of the same kinds of security corners. According to the article, Oracle has been increasingly scrutinized, and criticized, for a lax security architecture and failure to release security patches in a timely manner.

Privacy & Sillycon Valley Biz17 Oct 2005 05:46 pm

I’m travelling this week, but word reached me this afternoon that Google has issued a new privacy policy, according to AP.

I haven’t had a chance to review the document in detail, but the commentators are already suggesting that it’s just as vague as it was before on many key issues.

Most of Google’s privacy issues boil down to questions about precisely what information they are collecting about you, how they’re going to use it, and what ability do you have to exercise any control over what they’re doing.

If the new privacy policy doesn’t give concrete answers to these questions, then it’s probably not an improvement.

Law & Politics11 Oct 2005 09:58 pm

Merriam-Webster’s Online Dictionary says:

obsequious (&b-‘sE-kwE-&s), (adj.): marked by or exhibiting a fawning attentiveness

For example:

AUSTIN, Texas (AP) — U.S. Supreme Court nominee Harriet Miers told George W. Bush in a 1997 birthday card that he was “the best governor ever” and, in a separate note to her boss, said she hoped his twin daughters recognize their parents are “cool.”

Law & Politics06 Oct 2005 06:20 pm

In Federalist Paper # 76, Alexander Hamilton (writing as “Publius”) discusses the Senate confirmation process and how it serves as a check on unrestrained presidential power. In doing so, he explains:

To what purpose then require the co-operation of the Senate? [ . . . ] It would be an excellent check upon a spirit of favoritism in the President, and would tend greatly to prevent the appointment of unfit characters from State prejudice, from family connection, from personal attachment, or from a view to popularity. [ . . . ] He would be both ashamed and afraid to bring forward, for the most distinguished or lucrative stations, candidates who had no other merit than that of coming from the same State to which he particularly belonged, or of being in some way or other personally allied to him, or of possessing the necessary insignificance and pliancy to render them the obsequious instruments of his pleasure. [emphasis added]

Unfortunately, President Bush has shown that he feels no shame when doing the most blatantly self-indulgent and ill-advised things. But Hamilton and the other framers saw forward to the kind of corrupt leadership that could arise and wrote decisively some 217 years ago that Bush should “be both ashamed and afraid” to nominate his unqualified former personal lawyer to the highest court in the land. And any Senators who vote for her should be similarly ashamed.

Nothing against her personally… I’m sure she’s a nice lady and she may even be a competent corporate lawyer. But the court needs constitutional scholars, not people who are, in Hamilton’s words, “personally allied to” the president, who lack the personal experience and gravitas necessary to prevent them from becoming “the obsequious instruments of his pleasure.”