Free Hossein Derakhshan

Apparently, the Iranian Government has sentenced Hossein “Hoder” Derakhshan to 19.5 years in jail for “collaborating with enemy states, creating propaganda against the Islamic regime, insulting religious sanctity, and creating propaganda for anti-revolutionary groups.” If you think putting bloggers or journalists in jail is wrong, please, please take a moment to sign the petition to free him.

I’m shocked and appalled. I’d met Hoder once, when I was working with the Committee to Protect Bloggers on ways to help bloggers in repressive regimes protect their privacy and freedom of speech. He was a nice fellow, and helped me understand some little bit of the complexity of the Iranian blogosphere.

Regardless of our having met and him being a nice guy, the sentence can not be described except as insane and unjust.

No one should be in jail because of peaceful efforts to improve understanding between societies.

For more, please see the Free Hoder blog has an interview with Hoder’s mom, and there’s another blog Free the Blogfather, which is in French.

Please take a moment to sign the petition to free him, and ask your friends to do the same.

Bleg: Picture editor?

I used to use “Galerie” on my Mac to put nice pretty frames around pictures I posted here. (See some examples.) Galerie was dependent on … blah, blah, won’t work anymore without some components no longer installed by default. So I’m looking for a replacement that will, with little effort, put pictures in a nice frame for me as I post them.

I’m willing to spend a little money, but not a lot of time per photo.

Your advice please?

Malware reports? (A bleg)

I’m doing some work that involves seeing what people are saying about the state of malware in 2010, and search terms like “malware report” get a lot of results, they don’t always help me find thinks like the Symantec ISTR, the McAfee threats report or the Microsoft SIR.

To date, I’ve found reports from Cisco, IBM/ISS, Kaspersky, McAfee, Microsoft, Sophos and Symantec. Are there others that cover malware? (I’m leaving off Verizon since it doesn’t cover what I need for this particular project.) Recent things like the Nocebo paper here are also interesting.

If you know of other reports that will help me gain insight into the state of the world, please leave a comment.

Elsewhere…

Things are busy and chaotic, but while I’m unable to blog, here’s some audio and video I’ve done recently that you might enjoy:

  • “Meeting of the Minds” with Andy Jaquith and myself in either text or audio.
  • Face-Off with Hugh Thompson “Has social networking changed data privacy forever?” Video

Saltzer, Schroeder, and Star Wars

When this blog was new, I did a series of posts on “The Security Principles of Saltzer and Schroeder,” illustrated with scenes from Star Wars.

When I migrated the blog, the archive page was re-ordered, and I’ve just taken a few minutes to clean that up. The easiest to read version is “Security Principles of Saltzer and Schroeder, illustrated with scenes from Star Wars.

So if you’re not familiar with Saltzer and Schroeder:

Let me start by explaining who Saltzer and Schroeder are, and why I keep referring to them. Back when I was a baby in diapers, Jerome Saltzer and Michael Schoeder wrote a paper “The Protection of Information in Computer Systems.” That paper has been referred to as one of the most cited, least read works in computer security history. And look! I’m citing it, never having read it.

If you want to read it, the PDF version (484k) may be a good choice for printing. The bit that everyone knows about is the eight principles of design that they put forth. And it is these that I’ll illustrate using Star Wars. Because lets face it, illustrating statements like “This kind of arrangement is accomplished by providing, at the higher level, a list-oriented guard whose only purpose is to hand out temporary tickets which the lower level (ticket-oriented) guards will honor” using Star Wars is a tricky proposition. (I’d use the escape from the Millennium Falcon with Storm Trooper uniforms as tickets as a starting point, but its a bit of a stretch.)

Security Blogger Awards

We’re honored to be nominated for “Most Entertaining Security Blog” at this years “2010 Social Security Blogger Awards.” Now, in a fair fight, we have no hope against Hoff’s BJJ, Mike Rothman’s incitefulness, Jack Daniel’s cynicism, or Erin’s sociability.

But, really, there’s no reason for this to be a fair fight.

So we’re asking our readers to help us cheat. For the next month, whenever you see any of the judges (Mike Fratton, Bill Brenner, Kelly Jackson-Higgins and Larry Walsh) buy them a drink, mention how entertaining our story of the day was, and send us the bill.

We thank you. And remember, as you drink to our success, you’re making America stronger, strengthening your community, reducing taxes and fighting terrorism. Future generations will thank you.