Schneier on Security

Friday Squid Blogging: Squid Car

Fri, 03 Sep 2010 16:58:03 -0500

Squid car....

UAE Man-in-the-Middle Attack Against SSL

Fri, 03 Sep 2010 06:27:05 -0500

Interesting: Who are these certificate authorities? At the beginning of Web history, there were only a handful of companies, like Verisign, Equifax, and Thawte, that made near-monopoly profits from being the only providers trusted by Internet Explorer or Netscape Navigator. But over time, browsers have trusted more and more organizations to verify Web sites. Safari and Firefox now trust more...

Successful Attack Against a Quantum Cryptography System

Thu, 02 Sep 2010 13:46:00 -0500

Clever: Quantum cryptography is often touted as being perfectly secure. It is based on the principle that you cannot make measurements of a quantum system without disturbing it. So, in theory, it is impossible for an eavesdropper to intercept a quantum encryption key without disrupting it in a noticeable way, triggering alarm bells. Vadim Makarov at the Norwegian University of...

Cyber-Offence is the New Cyber-Defense

Thu, 02 Sep 2010 07:33:08 -0500

This is beyond stupid: The Pentagon is contemplating an aggressive approach to defending its computer systems that includes preemptive actions such as knocking out parts of an adversary's computer network overseas—but it is still wrestling with how to pursue the strategy legally. The department is developing a range of weapons capabilities, including tools that would allow "attack and exploitation of...

Wanted: Skein Hardware Help

Wed, 01 Sep 2010 13:17:40 -0500

As part of NIST's SHA-3 selection process, people have been implementing the candidate hash functions on a variety of hardware and software platforms. Our team has implemented Skein in Intel's 32 nm ASIC process, and got some impressive performance results (presentation and paper). Several other groups have implemented Skein in FPGA and ASIC, and have seen significantly poorer performance. We...

More Skein News

Wed, 01 Sep 2010 06:01:50 -0500

Skein is my new hash function. Well, "my" is an overstatement; I'm one of the eight designers. It was submitted to NIST for their SHA-3 competition, and one of the 14 algorithms selected to advance to the second round. Here's the Skein paper; source code is here. The Skein website is here. Last week was the Second SHA-3 Candidate Conference....

Eavesdropping on Smart Homes with Distributed Wireless Sensors

Tue, 31 Aug 2010 12:39:14 -0500

"Protecting your daily in-home activity information from a wireless snooping attack," by Vijay Srinivasan, John Stankovic, and Kamin Whitehouse: Abstract: In this paper, we first present a new privacy leak in residential wireless ubiquitous computing systems, and then we propose guidelines for designing future systems to prevent this problem. We show that we can observe private activities in the home...

High School Teacher Assigns Movie-Plot Threat Contest Problem

Tue, 31 Aug 2010 06:42:54 -0500

In Australia: A high school teacher who assigned her class to plan a terrorist attack that would kill as many innocent people as possible had no intent to promote terrorism, the school principal said yesterday. The Year-10 students at Kalgoorlie-Boulder Community High School were asked to pretend they were terrorists making a political statement by releasing a chemical or biological...

Misidentification and the Court System

Mon, 30 Aug 2010 12:05:09 -0500

Chilling: How do most wrongful convictions come about? The primary cause is mistaken identification. Actually, I wouldn't call it mistaken identification; I'd call it misidentification, because you often find that there was some sort of misconduct by the police. In a lot of cases, the victim initially wasn't so sure. And then the police say, "Oh, no, you got the...

Security Theater on the Boston T

Mon, 30 Aug 2010 05:31:35 -0500

Since a fatal crash a few years ago, Boston T (their subway) operators have been forbidden from using -- or even having -- cell phones while on the job. Passengers are encouraged to report violators. But sometimes T operators need to use their official radios on the job, and passengers can't tell the difference. The solution: orange tape: The solution?...

Friday Squid Blogging: Jewel of the Sea

Fri, 27 Aug 2010 16:28:37 -0500

Pretty....

Me at the EastWest Institute

Fri, 27 Aug 2010 12:47:25 -0500

Back in May, I attended the EastWest Institute's First Worldwide Cybersecurity Summit in Dallas. I only had eight minutes to speak, and tried to turn the dialog to security, privacy, and the individual. EDITED TO ADD (9/1): Commentary....