Starting Thursday morning, the U.S. government is seeking comment on who should create and vouch for the internet’s most crucial document — the root zone file — that serves as the cornerstone of the system that lets users get to websites and emails find their way to inboxes.

The non-profit ICANN, the for-profit Verisign and the Commerce Department’s National Telecommunications and Information Administration all have different answers to what is a long-standing, and geopolitically charged internet governance question.

But the only thing that matters for the security of the internet is the speed that they answer the question, according to domain-name system expert Paul Vixie.

“We’ve got to get the root signed, it does not matter by whom,” Vixie said by e-mail. “It’s necessary simply that it be done, by someone, and that we stop anyone from arguing about whether letting someone hold the root key would make them king.”

At issue is a massive net security hole that security researcher Dan Kaminsky discovered in early 2008 that was temporarily patched in July. If not given a complete fix soon, the vulnerability could allow so much net fraud that it would strip all trust from the internet users that any website they were visiting is the genuine article, experts say.

[via Threat Level]

*sniff* - Opus was my favorite idealist, an optimist despite all odds. Happy Herring-chasing, Opus…

This just in: The bowtie-wearing, tuba-playing, onetime vice presidential candidate on the National Radical Meadow Party ticket is headed for that great comic strip in the sky; cartoonist Berkeley Breathed announced today that he is giving up his Sunday comic strip Opus to focus on children’s books instead.

That announcement signals the end of Opus, the charming penguin who has entertained comics readers for nearly 30 years, starting with Bloom County. Though Breathed has retired the character before, this time, he says, he means it.

“I’ll be leaving Opus in a way that it should be very clear that this time there’s no going back home,” says Breathed.

Farewell Opus: NPR.

The Homeland Security Department has declared its right to seize laptops at the U.S. border indefinitely, but legislation introduced Thursday is intended to curb that power.

U.S. Sens. Russ Feingold (D-Wis.), Maria Cantwell (D-Wash.), and Rep. Adam Smith, (D-Wash.), introduced the Travelers Privacy Protection Act in response to the DHS policy allowing customs agents to detain a traveler’s laptop for an unspecified period of time to review its contents, even absent of individualized suspicion.

“Most Americans would be shocked to learn that upon their return to the U.S. from traveling abroad, the government could demand the password to their laptop, hold it for as long as it wants, pore over their documents, e-mails, and photographs, and examine which Web sites they visited–all without any suggestion of wrongdoing,” Feingold said. “Focusing our limited law enforcement resources on law-abiding Americans who present no basis for suspicion does not make us any safer and is a gross violation of privacy.”

The legislation would require DHS to form reasonable suspicion of illegal activity before searching electronic devices carried by U.S. residents. The DHS would also be required to provide probable cause and a warrant or court order to hold such a device for more than 24 hours. The bill also limits what information acquired through electronic searches the DHS can disclose, and it requires the department to report on its border searches to Congress. [ via CNET ]

Alerted via twitter (thx @ccg!) I had the yen to read Sunday morning comics “online” this morning.

Sinfest: The Webcomic To End all Webcomics.

I’m working back through the archives now, good stuff…happy Sunday morning, all.

Hmmm…Windows Update  “…has been used to patch third-party products” - I’ve only used WSUS to push custom policices and configs, and yet this still sounds so ominous on the consumer-side of things. Turns out to be a malicious Activex control under the hood of Yahoo Music player…but the idea of M$ owning the remote kill switch…

Lawyers in the “Windows Vista Capable” class-action lawsuit against Microsoft have asked a federal judge to force the company to use its Windows Update service to notify potential class members, court documents filed yesterday revealed.

In a motion submitted to U.S. District Judge Marsha Pechman, lawyers for the plaintiffs laid out a notification plan that would include print ads in publications such as USA Today, banner ads on sites including Yahoo.com and MSN.com, and a message that would be delivered to Windows users by Microsoft’s automatic update service.

Noting that Microsoft has repeatedly said it cannot identify the people who bought PCs under its Vista Capable marketing campaign in 2006 and early 2007, the plaintiffs’ attorneys pitched Pechman on the idea of using Windows Update to reach them. “Although Microsoft cannot identify class members, it can communicate to them through its Windows Update program,” the motion filed Thursday said.

Windows Update is the mechanism best known for delivering security patches to Windows users on the second Tuesday of each month. However, the service also is used by Microsoft to push non-security updates, and in some cases has been used to patch third-party products. [ via Computerworld Magazine ]

Quantum cryptography is supposed to be unbreakable. But a flaw in a common type of equipment used makes it possible to intercept messages without detection.

Quantum cryptography has been used by some banks to protect data, and even to hide election results in Switzerland last year. But it has been discovered that shining bright light into the sensitive equipment needed makes it possible to hijack communications without a trace.

“It turns the equipment into a puppet-box that an eavesdropper can control,” says Vadim Makarov from the Norwegian University of Science and Technology in Trondheim, who uncovered the vulnerability.

[ via New Scientist Tech].

The Los Alamos National Laboratory suffers from cybersecurity weaknesses that affect how it protects information on its sensitive but unclassified network, according to a new report from the Government Accountability Office.

That network includes sensitive data such as controlled nuclear information, export control information, and personally identifiable information about employees of the national lab, the GAO report released Sept. 25 explained.

The nuclear weapons lab, in Los Alamos, N.M., has experienced breaches in its security in several incidents over the last decade. It was budgeted nearly $200 million in fiscal 2007 to provide for physical and cybersecurity. Despite improvements, the facility continues to have gaps in its physical security and cybersecurity, the GAO report concluded.

GAO: Los Alamos Lab has cybersecurity gaps.

Wow. I think his work was so wonderful, and so prolific, that somehow, there would always be Paul Newman.

I have an endless lists of favorite movies, but I love his more obscure stuff. Yet,  the well-known ‘Cool Hand Luke’ does leap to mind as an inspiration, a character who persisted against all circumstance and opposition. His characters could be jaded and realist, yet still optimistic; pushing, persisting to eventual escape or triumph.

Other characters were the flawed ‘everyman’ whose struggles may have been smaller, but no less inspirational to the movie audience. Paul gave every character a dignity that transcended the screen. Thank you for so many years of great work, Paul.

Paul Newman, 83, the actor and sex symbol who surged to stardom by playing loners as well as criminal and moral outlaws — anything to downplay his astonishing looks — died of cancer Friday at his farmhouse near Westport, Conn.

Newman was an Academy Award-winning actor and acclaimed director, and he used his fame to propel his political activism, race car driving and philanthropy. He donated all the profits from his Newman’s Own food company — more than $150 million — to charities and social welfare organizations.

Brooding and sinewy, with luminous blue eyes and a husky voice, Newman resembled a preppy Greek God in his earliest screen roles. He quickly rebelled against conventional casting that tried to turn him into a pretty-boy alternative to Marlon Brando and James Dean. He became known as an introspective and nonconformist performer — a perfect anti-hero idol for the socially rebellious 1960s and 1970s.

In many of Newman’s best films — “The Hustler,” “Hud,” “Harper,” “Cool Hand Luke,” “Butch Cassidy and the Sundance Kid,” “The Sting,” “Slap Shot,” “The Verdict,” “Nobody’s Fool” and “The Color of Money” (for which he won the Oscar) — he played amoral rats, genial louts, self-destructive idealists, drunkards and has-beens. Some of his characters redeem themselves by being defeated or killed, and others just continue bumming along.

[ continues at the Washington Post ]

A federal judge on Wednesday set aside the nation’s first and only federal jury verdict against a peer-to-peer file sharer for distributing copyrighted music on a peer-to-peer network without the labels’ authorization.

U.S. District Judge Michael Davis of Duluth, Minnesota, declared a mistrial in the case of Jammie Thomas, a Minnesota mother of three, setting aside the $222,000 penalty levied by a federal jury last year for copyright infringement — $9,250 for each of the 24 infringing music tracks she made publicly available on the Kazaa file sharing network.Michaeljdavis_2

Davis’ decision means the Recording Industry Association of America’s five-year copyright infringement litigation campaign has never been successful at trial.

[via Threat Level from Wired.com ]

The lifeline linking notorious service provider Intercage to the rest of the Internet has been severed.

Intercage, which has also done business under the name Atrivo, was knocked offline late Saturday night when the last upstream provider connecting it to the Internet’s backbone, Pacific Internet Exchange, terminated Intercage’s service.

Intercage president Emil Kacperski said Pacific did not tell him why his company had been knocked offline, but he believes it was in response to pressure from Spamhaus, a volunteer-run antispam group, which has been highly critical of Intercage’s business practices. A spokesman for Pacific could not immediately comment on why the company terminated Intercage’s service.

Spamhaus placed Pacific on its Spamhaus Block List on Sept. 12, after it began peering with Intercage, said Spamhaus CIO Richard Cox.

The Spamhaus list of untrusted Internet addresses is used to filter unsolicited e-mail from about 1.5 billion e-mail boxes, so being added to the list would almost certainly have caught Pacific’s attention. “Obviously, they were feeling the displeasure of the rest of the Internet,” Cox said.

[ via ComputerWorld]