Flyers Take Fast-Track In Airport Test
Everyone should read up on this. Everyone is now getting tricked into
giving up their privacy for convenience. If security checks are getting
slower, get more TSA personnel, build a bigger airport. They instead what
you to enroll yourself into their database and then pay for the convenience.
Refuse this service at any cost

'Registered Travelers' Program Tested At Five Airports
Frequent fliers will be able to avoid extrasecurity inspections at airports
by submitting to background checksas part of an experiment that begins in
Minneapolis later thismonth, the Transportation Security Administration said
onWednesday.

Congress ordered the agency to come up with such a program,called
"registered traveler," more than two years ago when itcreated the TSA in the
aftermath of the Sept. 11, 2001, hijackings.
Acting TSA Administrator David Stone said the agency didn'tsacrifice
security for the experiment.
"This pilot program will provide frequent travelers with themeans to
expedite the screening experience without compromising onsecurity," Stone
said in a statement.

The program will be offered to frequent fliers who travel atleast once a
week in selected markets.
Through the summer it willbe tested in four more airports.

Participants will give the TSA their name, address, phonenumber, birthdate
and "biometric identifier," includingfingerprint and iris scan.

That information will be matched againstlaw enforcement and intelligence
databases like the terrorist watchlist.

The passengers will also be checked for outstanding criminalwarrants.
Once they've signed up, they can pass through a registeredtraveler lane at
airport security checkpoints.

They will still haveto walk through the metal detector and have their
carry-on bagsscreened for dangerous items.

The advantage to the program is thatregistered travelers won't be taken
aside for more intensivesecondary screening, if they don't alarm the
equipment.

Currently, passengers receive secondary screening if they setoff the
security devices or if they are selected through a systemcalled the
Computer-Assisted Passenger Prescreening System, orCAPPS.
CAPPS selects people who pay for their ticket with cash or onlyfly one way.
It is largely viewed as ineffective.

The TSA has beentrying to replace it with CAPPS II, which would screen
passengersby comparing the same personal information used in
registeredtraveler - but without the biometric identifier -
againstcommercial and government databases.

CAPPS II is stalled because airlines refuse to turn overpassenger data for
testing because they fear criticism that itwould violate their customers'
privacy.

There won't be a charge to sign up for the experimental phase ofthe
registered traveler program.
Northwest Airlines will offer the program beginning atMinneapolis-St. Paul
International Airport.
In late July, theregistered traveler program will be tested at Los
AngelesInternational Airport with United Airlines.

Continental Airlineswill participate beginning in early August at George
BushIntercontinental Airport in Houston.

By the end of August theprogram will be available for American Airlines
customers atBoston's Logan International Airport and Ronald Reagan
WashingtonNational Airport.
Source: KTVU

Online personals business gets nastyOnline personals business gets
nasty
The online personals business is getting to be about as much of a jungle as
the dating market itself--at least from the looks of a battle between Barry
Diller's Match.com and an upstart competitor.
Diller's InterActiveCorp has launched legal action against six former
employees of its Match.com online dating service, who moved to
TrueBeginnings, a Texas-based relationship Web site.
Match.com had subpoenas served on the former employees to investigate
potential breach of contract, breach of fiduciary duty and other
interference with business relations, according to a TrueBeginnings
statement.

Match.com declined to comment on the legal issue, but TrueBeginnings CEO
Herb Vest was much ore vocal.

Vest took out full-page advertisements in the Monday and Tuesday editions of
The Wall Street Journal and The Dallas Morning News, calling the actions "a
blatant effort to intimidate these six individuals."

Like a hero in a romance novel, Vest vowed to defend his employees. "To get
to them, you must, first, come through me," Vest wrote in the ad. "True
reviewed the employees' agreements, and we firmly believe that we have not
broken any rules by hiring them."

The public tussle is the latest indication of the just how cutthroat the
business of online personals has become.

Even as revenue across the industry continues to grow, growth rates and
margins are shrinking, analysts say.

In the first quarter, Match.com revenue grew by 19 percent on a
year-over-year basis, compared with a higher rate of 29 percent growth in
the fourth quarter of last year. Profit margins were 13 percent in the first
quarter, compared with 17 percent in the fourth quarter of last year.
"If unit growth is accelerating, why is revenue growth decelerating?" said
Mark Mahaney, an analyst at American Technology Research.

Tim Sullivan, Match.com's CEO, disputed the notion that the industry is
slowing, and said profit margins weakened in the first quarter as the
company spent heavily on expanding its service into international markets.

Match.com now operates in 31 countries, including China, Sweden and the
United Kingdom.
"We're expecting to see solid returns in the latter part of this year,"
Sullivan said.
Indeed, interest has not waned in recent months. Analysts estimated that
about two out of five singles who are online in the U.S. have visited a
personals site, with nearly one in four having posted a profile, according
to Jupiter Research.

"It's the biggest form of paid content," said Nate Elliott, an analyst at
Jupiter Research, who estimated the industry is expected to generate $398
million in sales this year, and about $642 million by 2008.
source: cnet news

Akamai blames 'global DNS attack' for disruptions
Source: IDG News Service

A global attack on the DNS (domain name system) caused disruptions affecting
customers of Internet hosting company Akamai Technologies Inc., including
search engine sites, said Jeff Young, an Akamai spokesman.

Akamai disputed early reports that the disruption in service to the sites,
including yahoo.com, google.com and microsoft.com, was specific to its
network of DNS servers, which translate user-friendly domain names into
numeric IP (Internet Protocol) addresses. Instead, the problem on Akamai's
network was part of a "large scale international attack on the Internet
infrastructure," Young said. However, at least one Web performance
monitoring company said it has no evidence of a wider attack.

The attack, which Young declined to describe, started shortly before 9 a.m.
Eastern Daylight Time (EDT) in the U.S. The attack affected Akamai's
Internet name service and a "small number" of the company's customers,
primarily search engines that use Akamai to manage traffic to their Web
sites, he said.

"There was an intermittent service issue. It was not an outage on the Akamai
network. The name service continued to operate throughout the incident," he
said. "We have no information that leads us to believe the attack was
directed specifically at Akamai."

However, others aren't so sure.

Systems at Web performance monitoring company Keynote Systems Inc. noted a
decrease in performance at leading Web sites starting at 8:30 a.m. EDT and
said that a number of sites, including those for Microsoft Corp., Yahoo
Inc., Google Inc. and Symantec Corp. were only at 20 percent capacity for as
much as an hour Tuesday, according to Lloyd Taylor, vice president of
technology at Keynote.

The companies affected appear to be Akamai customers. Keynote could not rule
out a broader attack, but said that the company lacks any evidence to
support such. However, traffic to other companies on Keynote's Business 40
Internet Performance Index, which includes the corporate Web sites of Cisco
Systems Inc., 3Com Corp. and Charles Schwab & Co. Inc. were not slowed, he
said.

"There's nothing that has shown up as performance issues yet," Taylor said.

Akamai could not provide details about the nature of the attack, where it
came from or organizations other than its customers that were affected.
However, networks around the world experienced the attack, Young said.

The interruptions at Akamai have the fingerprint of a denial of service
attack, in which hundreds or thousands of machines work together to flood a
specific Internet address or addresses with malicious traffic, slowing it
down, Taylor said.

"You saw things get bad suddenly, then get better slowly," he said.

In contrast, service is typically restored quickly after hardware or
software failures, once the cause of the failure is determined, he said.

In the meantime, most of the affected customers have switched and are using
their own DNS servers or those hosted by other companies, Taylor said.
However, the Akamai DNS service appeared to be up and running, and Google
was still using it to resolve requests to their site Tuesday, he said.

Breaking codes: An impossible task?
BBC News Online

Recent reports that the United States had broken codes used by the Iranian
intelligence service have intrigued experts on cryptology because a modern
cipher should be unbreakable.
Four leading British experts told BBC News Online that the story, if true,
points to an operating failure by the Iranians or a backdoor way in by the
National Security Agency (NSA) - the American electronic intelligence
organization.


The reports, from Washington, suggested that the Iranians had been tipped
off by Ahmed Chalabi, an Iraqi political leader with links to Iran.

He is said to have learned about the code-breaking from an American official
who was drunk.

Simon Singh, author of "The Code Book", a history of codes, said: "Modern
codes are effectively unbreakable, very cheap and widely available. I could
send an email today and all the world's secret services using all the
computers in the world would not be able to break it. The code maker
definitely has a huge advantage over the code breaker."

The reason for this is that an encoded text is so complex that it can resist
all efforts to break it.

The key to codes

It is probable, though not certain of course, that Iran was using what's
called public-private key or asymmetric cryptography. In this system, the
message is encoded by someone using a freely distributed public key. This
can be decoded only by someone using a different private key.

Modern codes are effectively unbreakable, very cheap and widely available
Simon Singh
The public-private key method has largely taken over from the purely private
or symmetric system in which the sender and receiver use the same key to
encrypt and decrypt a message.

Some ciphers use a mixture. A private key encrypts and decrypts the message
because this way is less complicated and therefore quicker but the key
itself is sent by the public-private method.

Professor Alistair Fitt, head of the School of Mathematics at Southampton
University, said: "The private-private key is seen as obsolete. The
public-private key is better. It does away with the problem of transporting
the key between the two parties."

I asked Professor Fitt if he would feel confident of using it if he was an
intelligence chief. He replied "Yes."


Too hard to crack

Take a public key based on a huge number which is the result of two prime
numbers multiplied together (a prime number being one which can be divided
only by itself or by one). You use this number to encode your message but
you do not need to know the two original prime numbers. Only the person
decoding the message needs to know, because the text was encoded using an
equation and both numbers are needed to reverse that equation.


You design the numbers so that if you have more computers than there are in
the world and you run them for ever, they are not enough
Professor Alistair Fitt
The system is safe because it is a curious feature of mathematics that when
two prime numbers are multiplied, it is very difficult to factor, that is to
work out, the two original numbers. Mathematicians have been trying to find
a way to do this quickly for hundreds of years and have failed so far.
Since even computers take time to wade their way through all prime numbers
to find the correct ones, it has been estimated that, if the number is big
enough, the world could end before they succeed. A guess would have a better
chance.

A large key

The text to be enciphered is basically converted into numbers to which a
numerical key is applied in a mathematical formula. It is important that the
key has enough numbers to keep it safe but not enough to slow the whole
process down too much.

Professor Fitt commented: "If you are making a code, you design the numbers
so that if you have more computers than there are in the world and you run
them for ever, they are not enough."


The current assessment is that a key containing 128-bits (the binary units
used by computers) is safe.
In a web article "Encryption Basics", Jonathan Hassell of Soho Security said
that it was "extremely difficult and time-consuming" to determine the key
because the numbers were so big: "Mathematically, 128-bit numbers have
3,402,823,669,209,384,634,633,746,074,300,000,
000,000,000,000,000,000,000,000,000,000,000 possible combinations for the
numerical sequence."

A decade ago, a key of 40 or 56-bits was thought to be secure from what is
called a brute attack by computers but no longer so.

Note that the increase in bits is exponential, because each bit doubles the
total. 128-bits is 309,485,009,821,345,068,724,781,056 times larger than 40.


Seeking another answer

You can see that the code breakers, or cryptanalysts, have to find some
other solution.

Ross Anderson of the Computer Laboratory at Cambridge University pointed to
some of them: "As the former chief scientist of the NSA once remarked at one
of our security workshops, almost all breaks of cipher systems are due to
implementation errors, operational failures, burglary, blackmail and
bribery.


There is a difference between breaking a code and breaking a system
Professor Fred Piper
"As for cryptanalysis, it happens, but very much less often than most people
think."
Professor Fred Piper of the Royal Holloway College made the same point
strongly: "There is a difference between breaking a code and breaking a
system.

"In general it is true that a system using a practically unbreakable cipher
might be broken though a management fault."

The three B's

Such faults might include lazy operating procedures or even leaving your key
around on a CD which someone else could read.

This is reminiscent of one of the ways the German Enigma codes were broken
during World War II. One German operator always used the name of his
girlfriend Cillie to send a test message. Thereafter the British
code-breakers called all such vulnerable messages "cillies."

The three "Bs" - burglary, blackmail and bribery - might have to be employed
if there is no other way of getting at the key. We are back to the world of
spies.

Perhaps the need to find keys was what lay behind the former British MI5
agent Peter Wright's revelation in his book "Spycatcher" that he "bugged and
burgled" his way across London.

Hidden software

Simon Singh says that sometimes there is a backdoor way in through
deliberately corrupted software: "There is always the chance of human error.
Encryption requires a key, and if I get hold of your key then I can read
your messages. Or if I plant some software in I get to see the message
before you encrypt it."

Software allowing decryption is known to have been implanted in some ciphers
in the past. In his book "Security Engineering", Ross Anderson tells the
story of how this happened in Sweden: "The Swedish government got upset when
they learned that the 'export version' of Lotus Notes which they used widely
in public service had its cryptography deliberately weakened to allow NSA
access."

In another case, intriguingly involving Iran, Ross Anderson reported: "A
salesman for the Swiss firm Crypto AG was arrested in Iran in 1992 and the
authorities accused him of selling them cipher machines which had been
tampered with so that the NSA could get at the plaintext. After he had spent
some time in prison, Crypto AG paid about a $1m to bail him but then fired
him once he got back to Switzerland."

Whether something similar happened in this case involving Iran is simply not
known.

The internet - is it secure?

All this has important implications, incidentally, for internet security.
When you enter a secure area on the internet, to buy something for example,
you are using an encryption system.

Professor Alistair Fitt says that the internet codes are safe: "I do not
understand why some people do not trust the internet yet they give their
credit card to some waiter who disappears with it into a back room."

You can also use 128-bit encryption for your e-mails. This used not to be
the case. It was only in 2000 that the United States lifted most export
controls on strong encryption programs.

Using such encryption, your e-mails should be safe. Unless what apparently
happened to the Iranians happens to you.

Story from BBC NEWS:
http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/3804895.stm