Humza Zaman, a co-conspirator in the hack of TJX and other companies, was sentenced Thursday in Boston to 46 months in prison and fined $75,000 for his role in the conspiracy. The sentence matches what prosecutors were seeking. Zaman, a 33-year-old former programmer at Barclays Bank, was charged with laundering between $600,000 and $800,000 for hacker Albert Gonzalez, who is currently awaiting sentencing on charges that he and others hacked into TJX, Office Max, Heartland Payment Systems and numerous other companies to steal data on more than 100 million credit and debit card accounts. Zaman pleaded guilty in April to one count of conspiracy. His sentence includes three years of supervised release with the…

Over at Wikibooks, they’re trying to write an open source cryptography textbook….

Josh Gerstein over at Politico sent Threat Level his piece underscoring once again President Barack Obama is not the civil-liberties Knight In Shining Armor many were expecting. Gerstein posts a televised interview of Obama and John Walsh of America’s Most Wanted . The nation’s chief executive extols the virtues of mandatory DNA testing of Americans upon arrest, even absent charges or a conviction. Obama said, “It’s the right thing to do” to “tighten the grip around folks” who commit crime. When it comes to civil liberties, the Obama administration has come under fire for often mirroring his predecessor’s practices …

The site set up to locate long lost pals, Classmates.com, has been hit with a class action privacy lawsuit. It alleges the company violated the law when it decided to make user profiles public to compete with Facebook. The suit says Classmates.com duped its paying customers in late January when it sent them an e-mail telling members they’d have to opt out of new Facebook and iPhone apps to keep their data private. That’s a massive change to the…

Really: Since they are hard to conceal, the study says, noses would work well for identification in covert surveillance. The researchers say noses have been overlooked in the growing field of biometrics, studies into ways of identifying distinguishing traits in people. “Noses are prominent facial features and yet their use as a biometric has been largely unexplored,” said the University…

My appearance on OWASP Podcast 61 is available. The .mp3 is 36 MB. Thanks to Jim Manico for inviting me to participate. We recorded the podcast in late January. Jim asked me the following questions: Would you care to tell us how did you get into IT and what lead you into a career in information security? What keeps you busy these days? What’s the difference between focusing on threats vs focusing on vulnerabilities? What is your problem with the “protect the data” mindset? What do you mean by “building …

Good legal paper on the limits of identity cards: Stephen Mason and Nick Bohm, “Identity and its Verification,” in Computer Law & Security Review, Volume 26, Number 1, Jan 2010. Those faced with the problem of how to verify a person’s identity would be well advised to ask themselves the question, ‘Identity with what?’ An enquirer equipped with the answer…

Can you hear that? That’s the sound of air escaping as we all finally recover from the RSA conference. Rich and Martin are back, and Zach… never left (but did celebrate a birthday last week). We do a quick recap of RSA and then dig into the security news… much of which had nothing to do with the conference. Weird. Network Security Podcast, Episode 188, March 9, 2010 Time:

The U.S. Supreme Court is agreeing to decide how much personal information the federal bureaucracy may acquire on its workers. The justices, without comment, decided Monday to review a lower-court decision surrounding the concept of so-called “ informational privacy .” The 9th U.S. Circuit Court of Appeals in San Francisco struck down intrusive background checks last year on nearly three dozen National Aeronautics…

The CEO of Lifelock, Todd Davis, became famous for advertising his Social Security number on television ads and banners painted on trucks promising his $10 monthly service would protect consumers from identity theft. The company also offered a $1 million guarantee to compensate customers for losses incurred if they became a victim of identity theft after signing up for the service. But the Federal Trade Commission said Tuesday that the claims were bogus (.pdf) and accused Lifelock, based in Arizona, of operating a scam and con operation. The commission announced, along with 35 state attorneys general, that it had levied a fine of $12 million against the company for deceptive business practices and for failing to secure sensitive customer data. Of that amount, $11 million will go to refund customers who subscribed to the …