http://www.schneier.com/blog/ A blog covering security and security technology. Copyright 2012 Bruce Schneier Fri, 10 Feb 2012 06:21:14 -0600 http://www.movabletype.org/?v=4.37 http://blogs.law.harvard.edu/tech/rss Interesting blog post about locking down an iPad so students can take exams on them.... http://www.schneier.com/blog/archives/2012/02/securing_ipads.html http://www.schneier.com/blog/archives/2012/02/securing_ipads.html Fri, 10 Feb 2012 06:21:14 -0600 Interesting paper: Paul J. Freitas (2012), "Passenger aviation security, risk management, and simple physics," Journal of Transportation Security. Abstract: Since the September 11, 2001 suicide hijacking attacks on the United States, preventing similar attacks from recurring has been perhaps the most important goal of aviation security. In addition to other measures, the US government has increased passenger screening requirements to... http://www.schneier.com/blog/archives/2012/02/security_implic.html http://www.schneier.com/blog/archives/2012/02/security_implic.html Thu, 09 Feb 2012 06:10:35 -0600 This essay is definitely thinking along the correct directions.... http://www.schneier.com/blog/archives/2012/02/solving_the_und.html http://www.schneier.com/blog/archives/2012/02/solving_the_und.html Wed, 08 Feb 2012 06:46:04 -0600 The error rate for hand-counted ballots is about two percent. All voting systems have nonzero error rates. This doesn't surprise technologists, but does surprise the general public. There's a myth out there that elections are perfectly accurate, down to the single vote. They're not. If the vote is within a few percentage points, they're likely a statistical tie. (The problem,... http://www.schneier.com/blog/archives/2012/02/error_rates_of.html http://www.schneier.com/blog/archives/2012/02/error_rates_of.html Tue, 07 Feb 2012 05:53:41 -0600 In 2005, I wrote an essay called "The Failure of Two-Factor Authentication," where I predicted that attackers would get around multi-factor authentication systems with tools that attack the transactions in real time: man-in-the-middle attacks and Trojan attacks against the client endpoint. This BBC article describes exactly that: After logging in to the bank's real site, account holders are being tricked... http://www.schneier.com/blog/archives/2012/02/the_failure_of_2.html http://www.schneier.com/blog/archives/2012/02/the_failure_of_2.html Mon, 06 Feb 2012 13:23:27 -0600 It's called Squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.... http://www.schneier.com/blog/archives/2012/02/friday_squid_bl_312.html http://www.schneier.com/blog/archives/2012/02/friday_squid_bl_312.html Fri, 03 Feb 2012 16:18:41 -0600 Funny. Fake, but funny. Edited to add (2/3): The rest of the story.... http://www.schneier.com/blog/archives/2012/02/the_problems_of_1.html http://www.schneier.com/blog/archives/2012/02/the_problems_of_1.html Fri, 03 Feb 2012 14:49:54 -0600 Reuters discovered the information: The VeriSign attacks were revealed in a quarterly U.S. Securities and Exchange Commission filing in October that followed new guidelines on reporting security breaches to investors. It was the most striking disclosure to emerge in a review by Reuters of more than 2,000 documents mentioning breach risks since the SEC guidance was published. The company, unsurprisingly,... http://www.schneier.com/blog/archives/2012/02/verisign_hacked.html http://www.schneier.com/blog/archives/2012/02/verisign_hacked.html Fri, 03 Feb 2012 10:49:08 -0600 Really good article on the huge incarceration rate in the U.S., its causes, its effects, and its value: Over all, there are now more people under "correctional supervision" in America -- more than six million -- than were in the Gulag Archipelago under Stalin at its height. That city of the confined and the controlled, Lockuptown, is now the second... http://www.schneier.com/blog/archives/2012/02/prisons_in_the.html http://www.schneier.com/blog/archives/2012/02/prisons_in_the.html Thu, 02 Feb 2012 09:04:12 -0600 Brian C. Kalt (2005), "The Perfect Crime," Georgetown Law Journal, Vol. 93, No. 2. Abstract: This article argues that there is a 50-square-mile swath of Idaho in which one can commit felonies with impunity. This is because of the intersection of a poorly drafted statute with a clear but neglected constitutional provision: the Sixth Amendment's Vicinage Clause. Although lesser criminal... http://www.schneier.com/blog/archives/2012/02/the_idaho_looph.html http://www.schneier.com/blog/archives/2012/02/the_idaho_looph.html Wed, 01 Feb 2012 06:05:59 -0600 The storyline: TSA screener finds two pipes in passenger's bags. Screener determines that they're not a threat. Screener confiscates them anyway, because of their "material and appearance." Because they're not actually a threat, screener leaves them at the checkpoint. Everyone forgets about them. Six hours later, the next shift of TSA screeners notices the pipes and -- not being able... http://www.schneier.com/blog/archives/2012/01/possibly_the_mo.html http://www.schneier.com/blog/archives/2012/01/possibly_the_mo.html Tue, 31 Jan 2012 17:03:31 -0600 Some errors in forensic science may be the result of the biases of the examiners: Though they cannot prove it, Dr Dror and Dr Hampikian suspect the difference in contextual information given to the examiners was the cause of the different results. The original pair may have subliminally interpreted ambiguous information in a way helpful to the prosecution, even though... http://www.schneier.com/blog/archives/2012/01/biases_in_foren.html http://www.schneier.com/blog/archives/2012/01/biases_in_foren.html Tue, 31 Jan 2012 11:13:27 -0600