security-technology

News

Friday Squid Blogging: Squid Scalp Massager
Cheap! As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
Schneier on Security | 18-May-2012 23:26

Kip Hawley Reviews Liars and Outliers
In his blog: I think the most important security issues going forward center around identity and trust. Before knowing I would soon encounter Bruce again in the media, I bought and read his new book Liars & Outliers and it is a must-read book for people looking forward into our security future and thinking about where this all leads. For...
Schneier on Security | 18-May-2012 13:06

Cybersecurity at the Doctor's Office
I like this essay because it nicely illustrates the security mindset....
Schneier on Security | 17-May-2012 19:28

Rules for Radicals
It was written in 1971, but this still seems like a cool book: For an elementary illustration of tactics, take parts of your face as the point of reference; your eyes, your ears, and your nose. First the eyes: if you have organized a vast, mass-based people's organization, you can parade it visibly before the enemy and openly show your...
Schneier on Security | 17-May-2012 14:20

USB Drives and Wax Seals
Need some pre-industrial security for your USB drive? How about a wax seal? Neat, but I recommend combining it with encryption for even more security!...
Schneier on Security | 16-May-2012 20:50

Security Vulnerabilities in Airport Full-Body Scanners
According to a report from the DHS Office of Inspector General: Federal investigators "identified vulnerabilities in the screening process" at domestic airports using so-called "full body scanners," according to a classified internal Department of Homeland Security report. EPIC obtained an unclassified version of the report in a FOIA response. Here's the summary....
Schneier on Security | 16-May-2012 13:15

U.S. Exports Terrorism Fears
To New Zealand: United States Secretary of Homeland Security Janet Napolitano has warned the New Zealand Government about the latest terrorist threat known as "body bombers." [...] "Do we have specific credible evidence of a [body bomb] threat today? I would not say that we do, however, the importance is that we all lean forward." Why the headline of this...
Schneier on Security | 15-May-2012 13:17

The Trouble with Airport Profiling
Why do otherwise rational people think it's a good idea to profile people at airports? Recently, neuroscientist and best-selling author Sam Harris related a story of an elderly couple being given the twice-over by the TSA, pointed out how these two were obviously not a threat, and recommended that the TSA focus on the actual threat: "Muslims, or anyone who...
Schneier on Security | 14-May-2012 13:19

Friday Squid Blogging: New Book on Squid
Kraken: The Curious, Exciting, and Slightly Disturbing Science of Squid. And a review. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
Schneier on Security | 11-May-2012 23:58

Smart Phone Privacy App
MobileScope looks like a great tool for monitoring and controlling what information third parties get from your smart phone apps: We built MobileScope as a proof-of-concept tool that automates much of what we were doing manually; monitoring mobile devices for surprising traffic and highlighting potentially privacy-revealing flows [...] Unlike PCs, we have little control over the underlying privacy and security...
Schneier on Security | 11-May-2012 13:42

Security Fail
Funny....
Schneier on Security | 10-May-2012 12:46

RuggedCom Inserts Backdoor into Its Products
All RuggedCom equipment comes with a built-in backdoor: The backdoor, which cannot be disabled, is found in all versions of the Rugged Operating System made by RuggedCom, according to independent researcher Justin W. Clarke, who works in the energy sector. The login credentials for the backdoor include a static username, "factory," that was assigned by the vendor and can't be...
Schneier on Security | 09-May-2012 13:24

A Foiled Terrorist Plot
We don't know much, but here are my predictions: There's a lot more hyperbole to this story than reality. The explosive would have either 1) been caught by pre-9/11 security, or 2) not been caught by post-9/11 security. Nonetheless, it will be used to justify more invasive airport security....
Schneier on Security | 08-May-2012 20:14

Overreacting to Potential Bombs
This is a ridiculous overreaction: The police bomb squad was called to 2 World Financial Center in lower Manhattan at midday when a security guard reported a package that seemed suspicious. Brookfield Properties, which runs the property, ordered an evacuation as a precaution. That's the entire building, a 44-story, 2.5-million-square-foot office building. And why? The bomb squad determined the package...
Schneier on Security | 08-May-2012 14:03

Naval Drones
With all the talk about airborne drones like the Predator, it's easy to forget that drones can be in the water as well. Meet the Common Unmanned Surface Vessel (CUSV): The boat -- painted in Navy gray and with a striking resemblance to a PT boat -- is 39 feet long and can reach a top speed of 28 knots....
Schneier on Security | 07-May-2012 13:52

Friday Squid Blogging: Squid Bicycle Parking Sculpture
Neat. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
Schneier on Security | 04-May-2012 23:01

Tampon-Shaped USB Drive
This vendor is selling a tampon-shaped USB drive. Although it's less secure now that there are blog posts about it....
Schneier on Security | 04-May-2012 20:31

Facial Recognition of Avatars
I suppose this sort of thing might be useful someday. In Second Life, avatars are easily identified by their username, meaning police can just ask San Francisco-based Linden Labs, which runs the virtual world, to look up a particular user. But what happens when virtual worlds start running on peer-to-peer networks, leaving no central authority to appeal to? Then there...
Schneier on Security | 04-May-2012 13:31

Criminal Intent Prescreening and the Base Rate Fallacy
I've often written about the base rate fallacy and how it makes tests for rare events -- like airplane terrorists -- useless because the false positives vastly outnumber the real positives. This essay uses that argument to demonstrate why the TSA's FAST program is useless: First, predictive software of this kind is undermined by a simple statistical problem known as...
Schneier on Security | 03-May-2012 13:22

Al Qaeda Steganography
The reports are still early, but it seems that a bunch of terrorist planning documents were found embedded in a digital file of a porn movie. Several weeks later, after laborious efforts to crack a password and software to make the file almost invisible, German investigators discovered encoded inside the actual video a treasure trove of intelligence -- more than...
Schneier on Security | 02-May-2012 19:41

Cybercrime as a Tragedy of the Commons
Two very interesting points in this essay on cybercrime. The first is that cybercrime isn't as big a problem as conventional wisdom makes it out to be. We have examined cybercrime from an economics standpoint and found a story at odds with the conventional wisdom. A few criminals do well, but cybercrime is a relentless, low-profit struggle for the majority....
Schneier on Security | 02-May-2012 14:10

When Investigation Fails to Prevent Terrorism
I've long advocated investigation, intelligence, and emergency response as the places where we can most usefully spend our counterterrorism dollars. Here's an example where that didn't work: Starting in April 1991, three FBI agents posed as members of an invented racist militia group called the Veterans Aryan Movement. According to their cover story, VAM members robbed armored cars, using the...
Schneier on Security | 01-May-2012 14:31

JCS Chairman Sows Cyberwar Fears
Army General Martin E. Dempsey, the chairman of the Joint Chiefs of Staff, said: A cyber attack could stop our society in its tracks. Gadzooks. A scared populace is much more willing to pour money into the cyberwar arms race....
Schneier on Security | 30-Apr-2012 13:52

Vote for Liars and Outliers
Actionable Books is having a vote to determine which of four books to summarize on their site. If you are willing, please go there and vote for Liars and Outliers. (Voting requires a Facebook ID.) Voting closes Monday at noon EST, although I presume they mean EDT....
Schneier on Security | 28-Apr-2012 02:57

Friday Squid Blogging: Chesapeake Bay Squid
Great pictures. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
Schneier on Security | 27-Apr-2012 18:32

Attack Mitigation
At the RSA Conference this year, I noticed a trend of companies that have products and services designed to help victims recover from attacks. Kelly Jackson Higgins noticed the same thing: "Damage Mitigation as the New Defense." That new reality, which has been building for several years starting in the military sector, has shifted the focus from trying to stop...
Schneier on Security | 27-Apr-2012 13:53

Biometric Passports Make it Harder for Undercover CIA Officers
Last year, I wrote about how social media sites are making it harder than ever for undercover police officers. This story talks about how biometric passports are making it harder than ever for undercover CIA agents. Busy spy crossroads such as Dubai, Jordan, India and many E.U. points of entry are employing iris scanners to link eyeballs irrevocably to a...
Schneier on Security | 26-Apr-2012 13:57

Fear and the Attention Economy
danah boyd is thinking about -- in a draft essay, and as a recording of a presentation -- fear and the attention economy. Basically, she is making the argument that the attention economy magnifies the culture of fear because fear is a good way to get attention, and that this is being made worse by the rise of social media....
Schneier on Security | 25-Apr-2012 13:51

Amazing Round of "Split or Steal"
In Liars and Outliers, I use the metaphor of the Prisoner's Dilemma to exemplify the conflict between group interest and self-interest. There are a gazillion academic papers on the Prisoner's Dilemma from a good dozen different academic disciplines, but the weirdest dataset on real people playing the game is from a British game show called Golden Balls. In the final...
Schneier on Security | 24-Apr-2012 13:43

Alan Turing Cryptanalysis Papers
GCHQ, the UK government's communications headquarters, has released two new -- well, 70 years old, but new to us -- cryptanalysis documents by Alan Turing. The papers, one entitled The Applications of Probability to Crypt, and the other entitled Paper on the Statistics of Repetitions, discuss mathematical approaches to code breaking. [...] According to the GCHQ mathematician, who identified himself...
Schneier on Security | 23-Apr-2012 13:18

Friday Squid Blogging: Extracting Squid Ink
How to extract squid ink. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
Schneier on Security | 20-Apr-2012 23:49

Liars & Outliers Update
Liars & Outliers has been available for about two months, and is selling well both in hardcover and e-book formats. More importantly, I'm very pleased with the book's reception. The reviews I've gotten have been great, and I read a lot of tweets from people who have enjoyed the book. My goal was to give people new ways to think...
Schneier on Security | 20-Apr-2012 19:48

TSA Behavioral Detection Statistics
Interesting data from the U.S. Government Accountability Office: But congressional auditors have questions about other efficiencies as well, like having 3,000 "behavior detection" officers assigned to question passengers. The officers sidetracked 50,000 passengers in 2010, resulting in the arrests of 300 passengers, the GAO found. None turned out to be terrorists. Yet in the same year, behavior detection teams apparently...
Schneier on Security | 20-Apr-2012 13:19

Dance Moves As an Identifier
A burglar was identified by his dance moves, captured on security cameras: "The 16-year-old juvenile suspect is known for his 'swag,' or signature dance move," Heyse said, "and [he] does it in the hallways at school." Presumably, although the report doesn't make it clear, a classmate or teacher saw the video, recognized the distinctive swag and notified authorities. But is...
Schneier on Security | 19-Apr-2012 20:03

Smart Meter Hacks
Brian Krebs writes about smart meter hacks: But it appears that some of these meters are smarter than others in their ability to deter hackers and block unauthorized modifications. The FBI warns that insiders and individuals with only a moderate level of computer knowledge are likely able to compromise meters with low-cost tools and software readily available on the Internet....
Schneier on Security | 19-Apr-2012 12:52

Password Security at Linode
Here's something good: We have implemented sophisticated brute force protection for Linode Manager user accounts that combines a time delay on failed attempts, forced single threading of log in attempts from a given remote address, and automatic tarpitting of requests from attackers. And this: Some of you may have noticed a few changes to the Linode Manger over the past...
Schneier on Security | 18-Apr-2012 20:30

Stolen Phone Database
This article talks about a database of stolen cell phone IDs that will be used to deny service. While I think this is a good idea, I don't know how much it would deter cell phone theft. As long as there are countries that don't implement blocking based on the IDs in the databases -- and surely there will always...
Schneier on Security | 18-Apr-2012 13:49

Forever-Day Bugs
That's a nice turn of phrase: Forever day is a play on "zero day," a phrase used to classify vulnerabilities that come under attack before the responsible manufacturer has issued a patch. Also called iDays, or "infinite days" by some researchers, forever days refer to bugs that never get fixed­--even when they're acknowledged by the company that developed the software....
Schneier on Security | 17-Apr-2012 20:22

Outliers in Intelligence Analysis
From the CIA journal Studies in Intelligence: "Capturing the Potential of Outlier Ideas in the Intelligence Community." In war you will generally find that the enemy has at any time three courses of action open to him. Of those three, he will invariably choose the fourth. —Helmuth Von Moltke With that quip, Von Moltke may have launched a spirited debate...
Schneier on Security | 17-Apr-2012 13:15

Hawley Channels His Inner Schneier
Kip Hawley wrote an essay for the Wall Street Journal on airport security. In it, he says so many sensible things that people have been forwarding it to me with comments like "did you ghostwrite this?" and "it looks like you won an argument" and "how did you convince him?" (Sadly, the essay was published in the Journal, which means...
Schneier on Security | 16-Apr-2012 19:29

How Information Warfare Changes Warfare
Really interesting paper on the moral and ethical implications of cyberwar, and the use of information technology in war (drones, for example): "Information Warfare: A Philosophical Perspective," by Mariarosaria Taddeo, Philosophy and Technology, 2012. Abstract: This paper focuses on Information Warfare -- the warfare characterised by the use of information and communication technologies. This is a fast growing phenomenon, which...
Schneier on Security | 16-Apr-2012 12:55

Friday Squid Blogging: Squid Fiction
Great short story in Nature. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
Schneier on Security | 13-Apr-2012 23:48

Me at RSA 2012
This is not a video of my talk at the RSA Conference earlier this year. This is a 16-minute version of that talk -- TED-like -- that the conference filmed the day after for the purpose of putting it on the Internet. Today's Internet threats are not technical; they're social and political. They aren't criminals, hackers, or terrorists. They're the...
Schneier on Security | 13-Apr-2012 21:11

Disguising Tor Traffic as Skype Video Calls
One of the problems with Tor traffic is that it can de detected and blocked. Here's SkypeMorph, a clever system that disguises Tor traffic as Skype video traffic. To prevent the Tor traffic from being recognized by anyone analyzing the network flow, SkypeMorph uses what's known as traffic shaping to convert Tor packets into User Datagram Protocol packets, as used...
Schneier on Security | 13-Apr-2012 14:08

Bomb Threats As a Denial-of-Service Attack
The University of Pittsburgh has been the recipient of 50 bomb threats in the past two months (over 30 during the last week). Each time, the university evacuates the threatened building, searches it top to bottom -- one of the threatened buildings is the 42-story Cathedral of Learning -- finds nothing, and eventually resumes classes. This seems to be nothing...
Schneier on Security | 12-Apr-2012 20:34

Brian Snow on Cybersecurity
Interesting video of Brian Snow speaking from last November. (Brian used to be the Technical Director of NSA's Information Assurance Directorate.) About a year and a half ago, I complained that his words were being used to sow cyber-fear. This talk -- about 30 minutes -- is a better reflection of what he really thinks....
Schneier on Security | 12-Apr-2012 13:38

RSS and Atom feeds and forum posts belong to their respective owners.