http://www.schneier.com/blog/ A blog covering security and security technology. Copyright 2012 Bruce Schneier Tue, 22 May 2012 06:24:51 -0500 http://www.movabletype.org/?v=4.38 http://blogs.law.harvard.edu/tech/rss Details are in the article, but here's the general idea: Let's follow the flow of the users: Scammer buys user traffic from PornoXo.com and sends it to HQTubeVideos. HQTubeVideos loads, in invisible iframes, some parked domains with innocent-sounding names (relaxhealth.com, etc). In the parked domains, ad networks serve display and PPC ads. The click-fraud sites click on the ads that... http://www.schneier.com/blog/archives/2012/05/security_incent.html http://www.schneier.com/blog/archives/2012/05/security_incent.html Tue, 22 May 2012 06:24:51 -0500 Interesting article from Wired.... http://www.schneier.com/blog/archives/2012/05/portrait_of_a_c.html http://www.schneier.com/blog/archives/2012/05/portrait_of_a_c.html Mon, 21 May 2012 10:32:57 -0500 Cheap! As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.... http://www.schneier.com/blog/archives/2012/05/squid_scalp_mas.html http://www.schneier.com/blog/archives/2012/05/squid_scalp_mas.html Fri, 18 May 2012 16:26:57 -0500 In his blog: I think the most important security issues going forward center around identity and trust. Before knowing I would soon encounter Bruce again in the media, I bought and read his new book Liars & Outliers and it is a must-read book for people looking forward into our security future and thinking about where this all leads. For... http://www.schneier.com/blog/archives/2012/05/kip_hawley_revi.html http://www.schneier.com/blog/archives/2012/05/kip_hawley_revi.html Fri, 18 May 2012 06:06:51 -0500 I like this essay because it nicely illustrates the security mindset.... http://www.schneier.com/blog/archives/2012/05/cybersecurity_a.html http://www.schneier.com/blog/archives/2012/05/cybersecurity_a.html Thu, 17 May 2012 12:28:45 -0500 It was written in 1971, but this still seems like a cool book: For an elementary illustration of tactics, take parts of your face as the point of reference; your eyes, your ears, and your nose. First the eyes: if you have organized a vast, mass-based people's organization, you can parade it visibly before the enemy and openly show your... http://www.schneier.com/blog/archives/2012/05/rules_for_radic.html http://www.schneier.com/blog/archives/2012/05/rules_for_radic.html Thu, 17 May 2012 07:20:14 -0500 Need some pre-industrial security for your USB drive? How about a wax seal? Neat, but I recommend combining it with encryption for even more security!... http://www.schneier.com/blog/archives/2012/05/usb_drives_and.html http://www.schneier.com/blog/archives/2012/05/usb_drives_and.html Wed, 16 May 2012 13:50:05 -0500 According to a report from the DHS Office of Inspector General: Federal investigators "identified vulnerabilities in the screening process" at domestic airports using so-called "full body scanners," according to a classified internal Department of Homeland Security report. EPIC obtained an unclassified version of the report in a FOIA response. Here's the summary.... http://www.schneier.com/blog/archives/2012/05/security_vulner_1.html http://www.schneier.com/blog/archives/2012/05/security_vulner_1.html Wed, 16 May 2012 06:15:10 -0500 To New Zealand: United States Secretary of Homeland Security Janet Napolitano has warned the New Zealand Government about the latest terrorist threat known as "body bombers." [...] "Do we have specific credible evidence of a [body bomb] threat today? I would not say that we do, however, the importance is that we all lean forward." Why the headline of this... http://www.schneier.com/blog/archives/2012/05/us_exports_terr.html http://www.schneier.com/blog/archives/2012/05/us_exports_terr.html Tue, 15 May 2012 06:17:04 -0500 Why do otherwise rational people think it's a good idea to profile people at airports? Recently, neuroscientist and best-selling author Sam Harris related a story of an elderly couple being given the twice-over by the TSA, pointed out how these two were obviously not a threat, and recommended that the TSA focus on the actual threat: "Muslims, or anyone who... http://www.schneier.com/blog/archives/2012/05/the_trouble_wit.html http://www.schneier.com/blog/archives/2012/05/the_trouble_wit.html Mon, 14 May 2012 06:19:44 -0500 Kraken: The Curious, Exciting, and Slightly Disturbing Science of Squid. And a review. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.... http://www.schneier.com/blog/archives/2012/05/friday_squid_bl_325.html http://www.schneier.com/blog/archives/2012/05/friday_squid_bl_325.html Fri, 11 May 2012 16:58:04 -0500 MobileScope looks like a great tool for monitoring and controlling what information third parties get from your smart phone apps: We built MobileScope as a proof-of-concept tool that automates much of what we were doing manually; monitoring mobile devices for surprising traffic and highlighting potentially privacy-revealing flows [...] Unlike PCs, we have little control over the underlying privacy and security... http://www.schneier.com/blog/archives/2012/05/smart_phone_pri.html http://www.schneier.com/blog/archives/2012/05/smart_phone_pri.html Fri, 11 May 2012 06:42:22 -0500