News tracker
 
|
Bruce Schneier - Bruce Schneier is an internationally renowned security technologist and author.
|
Tuesday - September 7th | | 15:00 | | Consumerization and Corporate IT Security
| | 0 hits |
| If you're a typical wired American, you've got a bunch of tech tools you like and a bunch more you covet. You have a cell phone that can easily text. You've got a laptop configured just the way you want it. Maybe you have a Kindle for reading, or an iPad. And when the next new thing comes along, some... |
Monday - September 6th | | 15:00 | | Terrorism Entrapment
| | 1 hit |
| Back in 2007, I wrote an essay, 'Portrait of the Modern Terrorist as an Idiot,' where I said: The JFK Airport plotters seem to have been egged on by an informant, a twice-convicted drug dealer. An FBI informant almost certainly pushed the Fort Dix plotters to do things they wouldn't have ordinarily done. The Miami gang's Sears Tower plot was... |
Saturday - September 4th | | 0:30 | | Friday Squid Blogging: Squid Car
| | 1 hit |
| Squid car.... |
Friday - September 3rd | | 14:03 | | UAE Man-in-the-Middle Attack Against SSL
| | 1 hit |
| Interesting: Who are these certificate authorities? At the beginning of Web history, there were only a handful of companies, like Verisign, Equifax, and Thawte, that made near-monopoly profits from being the only providers trusted by Internet Explorer or Netscape Navigator. But over time, browsers have trusted more and more organizations to verify Web sites. Safari and Firefox now trust more... |
Thursday - September 2nd | | 21:00 | | Successful Attack Against a Quantum Cryptography System
| | 0 hits |
| Clever: Quantum cryptography is often touted as being perfectly secure. It is based on the principle that you cannot make measurements of a quantum system without disturbing it. So, in theory, it is impossible for an eavesdropper to intercept a quantum encryption key without disrupting it in a noticeable way, triggering alarm bells. Vadim Makarov at the Norwegian University of... |
| 15:00 | | Cyber-Offence is the New Cyber-Defense
| | 1 hit |
| This is beyond stupid: The Pentagon is contemplating an aggressive approach to defending its computer systems that includes preemptive actions such as knocking out parts of an adversary's computer network overseas—but it is still wrestling with how to pursue the strategy legally. The department is developing a range of weapons capabilities, including tools that would allow 'attack and exploitation of... |
Wednesday - September 1st | | 20:30 | | Wanted: Skein Hardware Help
| | 2 hits |
| As part of NIST's SHA-3 selection process, people have been implementing the candidate hash functions on a variety of hardware and software platforms. Our team has implemented Skein in Intel's 32 nm ASIC process, and got some impressive performance results (presentation and paper). Several other groups have implemented Skein in FPGA and ASIC, and have seen significantly poorer performance. We... |
| 13:30 | | More Skein News
| | 2 hits |
| Skein is my new hash function. Well, 'my' is an overstatement; I'm one of the eight designers. It was submitted to NIST for their SHA-3 competition, and one of the 14 algorithms selected to advance to the second round. Here's the Skein paper; source code is here. The Skein website is here. Last week was the Second SHA-3 Candidate Conference.... |
Tuesday - August 31st | | 20:00 | | Eavesdropping on Smart Homes with Distributed Wireless Senso..
| | 1 hit |
| 'Protecting your daily in-home activity information from a wireless snooping attack,' by Vijay Srinivasan, John Stankovic, and Kamin Whitehouse: Abstract: In this paper, we first present a new privacy leak in residential wireless ubiquitous computing systems, and then we propose guidelines for designing future systems to prevent this problem. We show that we can observe private activities in the home... |
| 14:00 | | High School Teacher Assigns Movie-Plot Threat Contest Proble..
| | 2 hits |
| In Australia: A high school teacher who assigned her class to plan a terrorist attack that would kill as many innocent people as possible had no intent to promote terrorism, the school principal said yesterday. The Year-10 students at Kalgoorlie-Boulder Community High School were asked to pretend they were terrorists making a political statement by releasing a chemical or biological... |
Monday - August 30th | | 19:30 | | Misidentification and the Court System
| | 0 hits |
| Chilling: How do most wrongful convictions come about? The primary cause is mistaken identification. Actually, I wouldn't call it mistaken identification; I'd call it misidentification, because you often find that there was some sort of misconduct by the police. In a lot of cases, the victim initially wasn't so sure. And then the police say, 'Oh, no, you got the... |
| 13:00 | | Security Theater on the Boston T
| | 1 hit |
| Since a fatal crash a few years ago, Boston T (their subway) operators have been forbidden from using -- or even having -- cell phones while on the job. Passengers are encouraged to report violators. But sometimes T operators need to use their official radios on the job, and passengers can't tell the difference. The solution: orange tape: The solution?... |
Saturday - August 28th | | 0:00 | | Friday Squid Blogging: Jewel of the Sea
| | 3 hits |
| Pretty.... |
Friday - August 27th | | 20:00 | | Me at the EastWest Institute
| | 2 hits |
| Back in May, I attended the EastWest Institute's First Worldwide Cybersecurity Summit in Dallas. I only had eight minutes to speak, and tried to turn the dialog to security, privacy, and the individual.... |
| 15:30 | | Is the Whole Country an Airport Security Zone?
| | 3 hits |
| Full-body scanners in roving vans: American Science & Engineering, a company based in Billerica, Massachusetts, has sold U.S. and foreign government agencies more than 500 backscatter x-ray scanners mounted in vans that can be driven past neighboring vehicles to see their contents, Joe Reiss, a vice president of marketing at the company told me in an interview. This should be... |
Thursday - August 26th | | 14:00 | | Detecting Deception in Conference Calls
| | 3 hits |
| Research paper: Detecting Deceptive Discussions in Conference Calls, by David F. Larcker and Anastasia A. Zakolyukina. Abstract: We estimate classification models of deceptive discussions during quarterly earnings conference calls. Using data on subsequent financial restatements (and a set of criteria to identify especially serious accounting problems), we label the Question and Answer section of each call as 'truthful' or 'deceptive'.... |
Wednesday - August 25th | | 13:30 | | Social Steganography
| | 4 hits |
| From danah boyd: Carmen is engaging in social steganography. She's hiding information in plain sight, creating a message that can be read in one way by those who aren't in the know and read differently by those who are. She's communicating to different audiences simultaneously, relying on specific cultural awareness to provide the right interpretive lens. While she's focused primarily... |
Tuesday - August 24th | | 14:00 | | Skeletal Identification
| | 3 hits |
| And you thought fingerprints were intrusive. The Wright State Research Institute is developing a ground-breaking system that would scan the skeletal structures of people at airports, sports stadiums, theme parks and other public places that could be vulnerable to terrorist attacks, child abductions or other crimes. The images would then quickly be matched with potential suspects using a database of... |
Monday - August 23rd | | 13:30 | | Malware Contributory Cause of Air Crash
| | 4 hits |
| This is a first, I think: The airline's central computer which registered technical problems on planes was infected by Trojans at the time of the fatal crash and this resulted in a failure to raise an alarm over multiple problems with the plane, according to Spanish daily El Pais (report here). The plane took off with flaps and slats retracted,... |
Friday - August 20th | | 23:30 | | Friday Squid Blogging: Flying Squid
| | 2 hits |
| Who knew? 'Hulse was shooting with burst mode on his camera, so I know exactly what the interval is between the frames and I can calculate velocity of squid flying though the air,' O'Dor says. 'We now think there are dozens of species that do it. Squid are used to gliding in the water, so the same physiology probably allows... |
Thursday - August 19th | | 18:01 | | Intel Buys McAfee
| | 4 hits |
| Intel McAfee. It's another example of a large non-security company buying a security company. I've been talking about this sort of thing for two and a half years: It's not consolidation as we're used to. In the security industry, there are waves of consolidation, you know, big companies scoop up little companies and then there's lots of consolidation. You've got... |
Wednesday - August 18th | | 23:01 | | "The Fear Tax"
| | 3 hits |
| Good essay by Seth Godin: We pay the fear tax every time we spend time or money seeking reassurance. We pay it twice when the act of seeking that reassurance actually makes us more anxious, not less. We pay the tax when we cover our butt instead of doing the right thing, and we pay the tax when we take... |
Tuesday - August 17th | | 20:00 | | Crypto 2010 Proceedings
| | 6 hits |
| The Crypto 2010 Conference is going on right now at the University of California, Santa Barbara. Springer-Verlag publishes the proceedings, but they're available as a free download for the next few days.... |
| 14:00 | | Hacking Cars Through Wireless Tire-Pressure Sensors
| | 5 hits |
| Still minor, but this kind of thing is only going to get worse: The new research shows that other systems in the vehicle are similarly insecure. The tire pressure monitors are notable because they're wireless, allowing attacks to be made from adjacent vehicles. The researchers used equipment costing $1,500, including radio sensors and special software, to eavesdrop on, and interfere... |
Monday - August 16th | | 14:33 | | Breaking into a Garage
| | 3 hits |
| In seconds. Garage doors with automatic openers have always seemed like a lot of security theater to me.... |
Saturday - August 14th | | 13:04 | | Friday Squid Blogging: Squid Computer Virus
| | 4 hits |
| It wasn't me: A hardened computer hacker has been arrested on suspicion of writing a computer virus that systematically destroys all the files on victims' PCs and replaces them with homemade manga images of squid, octopuses and sea urchins.... |
| 13:04 | | Cloning Retail Gift Cards
| | 5 hits |
| Clever attack. After researching how gift cards work, Zepeda purchased a magnetic card reader online, began stealing blank gift cards, on display for purchase, from Fred Meyer and scanning them with his reader. He would then return some of the scanned cards to the store and wait for a computer program to alert him when the cards were activated and... |
Thursday - August 12th | | 15:30 | | Security Analysis of Smudges on Smart Phone Touch Screens
| | 5 hits |
| 'Smudge Attacks on Smartphone Touch Screens': Abstract: Touch screens are an increasingly common feature on personal computing devices, especially smartphones, where size and user interface advantages accrue from consolidating multiple hardware components (keyboard, number pad, etc.) into a single software definable user interface. Oily residues, or smudges, on the touch screen surface, are one side effect of touches from which... |
Wednesday - August 11th | | 13:30 | | Late Teens and Facebook Privacy
| | 4 hits |
| Facebook Privacy Settings: Who Cares?' by danah boyd and Eszter Hargittai. Abstract: With over 500 million users, the decisions that Facebook makes about its privacy settings have the potential to influence many people. While its changes in this domain have often prompted privacy advocates and news media to critique the company, Facebook has continued to attract more users to its... |
Tuesday - August 10th | | 19:30 | | Apple JailBreakMe Vulnerability
| | 5 hits |
| Good information from Mikko Hyppönen. It doesn't look good. Q: What is this all about? A: It's about a site called jailbreakme.com that enables you to Jailbreak your iPhones and iPads just by visiting the site. Q: So what's the problem? A: The problem is that the site uses a zero-day vulnerability to execute code on the device. Q: How... |
| 14:30 | | A Revised Taxonomy of Social Networking Data
| | 5 hits |
| Lately I've been reading about user security and privacy -- control, really -- on social networking sites. The issues are hard and the solutions harder, but I'm seeing a lot of confusion in even forming the questions. Social networking sites deal with several different types of user data, and it's essential to separate them. Below is my taxonomy of social... |
Monday - August 9th | | 22:00 | | P ≠ NP?
| | 4 hits |
| There's a new paper circulating that claims to prove that P ≠ NP. The paper has not been refereed, and I haven't seen any independent verifications or refutations. Despite the fact that the paper is by a respected researcher -- HP Lab's Vinay Deolalikar -- and not a crank, my bet is that the proof is flawed.... |
| 15:00 | | Ant Warfare
| | 4 hits |
| Interesting: According to Moffett, we might actually learn a thing or two from how ants wage war. For one, ant armies operate with precise organization despite a lack of central command. 'We’re accustomed to being told what to do,” Moffett says. “I think there’s something to be said for fewer layers of control and oversight.' Which, according to Moffett, is... |
Friday - August 6th | | 23:30 | | Friday Squid Blogging: Canadian Squid Stamp
| | 4 hits |
| It's a giant fiberglass squid from Newfoundland.... |
| 18:30 | | Yet Another Way to Sneak Liquids onto an Airplane
| | 4 hits |
| Coffee cup disguised as a camera lens.... |
| 13:00 | | More Brain Scans to Detect Future Terrorists
| | 6 hits |
| Worked well in a test: For the first time, the Northwestern researchers used the P300 testing in a mock terrorism scenario in which the subjects are planning, rather than perpetrating, a crime. The P300 brain waves were measured by electrodes attached to the scalp of the make-believe 'persons of interest' in the lab. The most intriguing part of the study... |
Thursday - August 5th | | 14:00 | | NSA and the National Cryptologic Museum
| | 5 hits |
| Most people might not be aware of it, but there's a National Cryptologic Museum at Ft. Meade, at NSA Headquarters. It's hard to know its exact relationship with the NSA. Is it part of the NSA, or is it a separate organization? Can the NSA reclassify things in its archives? David Kahn has given his papers to the museum; is... |
Wednesday - August 4th | | 15:30 | | WikiLeaks Insurance File
| | 6 hits |
| Now this is an interesting development: In the wake of strong U.S. government statements condemning WikiLeaks' recent publishing of 77,000 Afghan War documents, the secret-spilling site has posted a mysterious encrypted file labeled 'insurance.' The huge file, posted on the Afghan War page at the WikiLeaks site, is 1.4 GB and is encrypted with AES256. The file's size dwarfs the... |
Tuesday - August 3rd | | 20:00 | | UAE to Ban BlackBerrys
| | 8 hits |
| The United Arab Emirates -- Dubai, etc. -- is threatening to ban BlackBerrys because they can't eavesdrop on them. At the heart of the battle is access to the data transmitted by BlackBerrys. RIM processes the information through a handful of secure Network Operations Centers around the world, meaning that most governments can't access the data easily on their own.... |
| 13:30 | | Location-Based Quantum Encryption
| | 6 hits |
| Location-based encryption -- a system by which only a recipient in a specific location can decrypt the message -- fails because location can be spoofed. Now a group of researchers has solved the problem in a quantum cryptography setting: The research group has recently shown that if one sends quantum bits -- the quantum equivalent of a bit -- instead... |
| 5:00 | | Eavesdropping Smartphone Apps
| | 6 hits |
| Seems there are a lot of them. They do it for marketing purposes. Really, they seem to do it because the code base they use does it automatically or just because they can. (Initial reports that an Android wallpaper app was malicious seems to have been an overstatement; they're just incompetent: inadvertently collecting more data than necessary.) Meanwhile, there's now... |
Monday - August 2nd | | 14:01 | | Book Review: How Risky Is It, Really?
| | 5 hits |
| David Ropeik is a writer and consultant who specializes in risk perception and communication. His book, How Risky Is It, Really?: Why Our Fears Don't Always Match the Facts, is a solid introduction to the biology, psychology, and sociology of risk. If you're well-read on the topic already, you won't find much you didn't already know. But if this is... |
Friday - July 30th | | 23:30 | | Friday Squid Blogging: Squid Launcher from "Despicable Me"
| | 8 hits |
| Don't squid me, bro.... |
| 20:00 | | Doomsday Shelters
| | 6 hits |
| Selling fear: The Vivos network, which offers partial ownerships similar to a timeshare in underground shelter communities, is one of several ventures touting escape from a surface-level calamity. Radius Engineering in Terrell, Texas, has built underground shelters for more than three decades, and business has never been better, says Walton McCarthy, company president. The company sells fiberglass shelters that can... |
| 16:30 | | Hacking ATMs
| | 8 hits |
| Hacking ATMs to spit out money, demonstrated at the Black Hat conference: The two systems he hacked on stage were made by Triton and Tranax. The Tranax hack was conducted using an authentication bypass vulnerability that Jack found in the system's remote monitoring feature, which can be accessed over the Internet or dial-up, depending on how the owner configured the... |
Thursday - July 29th | | 13:30 | | Security Vulnerabilities of Smart Electricity Meters
| | 9 hits |
| 'Who controls the off switch?' by Ross Anderson and Shailendra Fuloria. Abstract: We're about to acquire a significant new cybervulnerability. The world's energy utilities are starting to install hundreds of millions of 'smart meters' which contain a remote off switch. Its main purpose is to ensure that customers who default on their payments can be switched remotely to a prepay... |
Wednesday - July 28th | | 18:30 | | DNSSEC Root Key Split Among Seven People
| | 8 hits |
| The DNSSEC root key has been divided among seven people: Part of ICANN's security scheme is the Domain Name System Security, a security protocol that ensures Web sites are registered and 'signed' (this is the security measure built into the Web that ensures when you go to a URL you arrive at a real site and not an identical pirate... |
Tuesday - July 27th | | 20:00 | | Pork-Filled Counter-Islamic Bomb Device
| | 9 hits |
| Okay, this is just weird: Mark S. Price, a specialist in public security, and his privately held company, Paradise Lost Antiterrorism Network of America (www.plan-a.us), have recently applied to the United States Patent and Trademark Office for a Utility Patent on their Suicide Bomb Deterrent, a security device designed, manufactured and distributed by PLAN-A. This device has been designed to... |
| 14:00 | | WPA Cracking in the Cloud
| | 8 hits |
| It's a service: The mechanism used involves captured network traffic, which is uploaded to the WPA Cracker service and subjected to an intensive brute force cracking effort. As advertised on the site, what would be a five-day task on a dual-core PC is reduced to a job of about twenty minutes on average. For the more “premium” price of $35,... |
Monday - July 26th | | 20:00 | | 1921 Book on Profiling
| | 8 hits |
| Here's a book from 1921 on how to profile people.... |
