Back in 2007, I wrote an essay, “Portrait of the Modern Terrorist as an Idiot,” where I said: The JFK Airport plotters seem to have been egged on by an informant, a twice-convicted drug dealer. An FBI informant almost certainly pushed the Fort Dix plotters to do things they wouldn’t have ordinarily done. The Miami gang’s Sears Tower plot was…

I thought this brief question-and-answer session, Richard Clarke: Preparing For A Future Cyberwar by Kim S. Nash extracted the essence of advanced persistent threat problems and how to address them. I’d like to publish the whole article, but instead I’ll highlight my favorite sections: Nash: How can the federal government protect companies? Clarke: Do more. As a matter of law and policy, the federal government should actively counter industrial espionage. Most U.S. government counterintelligence operations are focused on intelligence against the government, not companies, and most of…

Squid car….

Interesting: Who are these certificate authorities? At the beginning of Web history, there were only a handful of companies, like Verisign, Equifax, and Thawte, that made near-monopoly profits from being the only providers trusted by Internet Explorer or Netscape Navigator. But over time, browsers have trusted more and more organizations to verify Web sites. Safari and Firefox now trust more…

I wanted to help put some of you in the mindset of a DoD person when reading recent news, namely Defense official discloses cyberattack and Pentagon considers preemptive strikes as part of cyber-defense strategy , both by Washington Post reporter Ellen Nakashima. I’ll assume you read both articles and the references. Deputy Defense Secretary Lynn’s article (covered by the first Post story) is significant, perhaps for reasons that aren’t obvious. First, when I wore the uniform, the fact that a classified system suffered a compromise was itself classified. To this day I cannot say if a classified system I used ever suffered a compromise of any kind. Readers might be kind enough to say if this policy is still in effect today. So, to publicly admit such …

A creepy caricature of Google CEO Eric Schmidt drives an ice cream truck in this video produced by a consumer group targeting the search giant for its data collection practices. The video is part of a lobbying effort by Consumer Watchdog to get the government to create a so-called “Do Not Track Me” list “to prevent online companies from gathering our personal information , just as Congress had the Federal Trade Commission create a Do Not Call list to prevent intrusive telemarketers.” The group says they’ve paid to have …

A phone-hacking scheme involving British royals and reporters working for one of Rupert Murdoch’s tabloid newspapers went far beyond what was previously disclosed and prosecuted, according to The New York Times . Andy Coulson, currently media advisor to British Prime Minister David Cameron, is accused of having encouraged the hacking during his tenure as editor of Murdoch’s News of the World paper. According to the N.Y. Times , reporters working under Coulson targeted hundreds of victims — from Princes Harry and William to government and police officials and numerous celebrities, including soccer star David Beckham and his wife. Most of the victims are only now learning that …

Amazon.com just posted my five star review of Hacking Exposed: Wireless, 2nd Ed by Johnny Cache, Joshua Wright and Vincent Liu. From the review : I reviewed the first edition of Hacking Exposed: Wireless (HEW) in May 2007, and offered four stars. Three years later I can confidently say that Hacking Exposed: Wireless, 2nd Ed (HEW2) is a solid five star…

Clever: Quantum cryptography is often touted as being perfectly secure. It is based on the principle that you cannot make measurements of a quantum system without disturbing it. So, in theory, it is impossible for an eavesdropper to intercept a quantum encryption key without disrupting it in a noticeable way, triggering alarm bells. Vadim Makarov at the Norwegian University of…

This is beyond stupid: The Pentagon is contemplating an aggressive approach to defending its computer systems that includes preemptive actions such as knocking out parts of an adversary’s computer network overseas—but it is still wrestling with how to pursue the strategy legally. The department is developing a range of weapons capabilities, including tools that would allow “attack and exploitation of…