Schneier on Security

Cybercrime Paper

Mon, 20 Jul 2009 06:43:16 -0600

"Distributed Security: A New Model of Law Enforcement," Susan W. Brenner and Leo L. Clarke. Abstract: Cybercrime, which is rapidly increasing in frequency and in severity, requires us to rethink how we should enforce our criminal laws. The current model of reactive, police-based enforcement, with its origins in real-world urbanization, does not and cannot protect society from criminals using computer...

Friday Squid Blogging: Bottled Water Plus Squid

Fri, 17 Jul 2009 16:09:18 -0600

Only in Japan: Bandai toy company from Japan has finally realized that bottles of water just aren't cute. As Japan is the cute capital of the world, this just wouldn't do. To fix the problem, they developed these adorable floating squids that can be added to any bottle of water. Thank god for Japanese innovation. Of course, they're only available...

Pepper Spray–Equipped ATMs

Fri, 17 Jul 2009 13:04:04 -0600

South Africa takes its security seriously. Here's an ATM that automatically squirts pepper spray into the face of "people tampering with the card slots." Sounds cool, but these kinds of things are all about false positives: But the mechanism backfired in one incident last week when pepper spray was inadvertently inhaled by three technicians who required treatment from paramedics. Patrick...

Privacy Salience and Social Networking Sites

Thu, 16 Jul 2009 06:05:11 -0600

Reassuring people about privacy makes them more, not less, concerned. It's called "privacy salience," and Leslie John, Alessandro Acquisti, and George Loewenstein -- all at Carnegie Mellon University -- demonstrated this in a series of clever experiments. In one, subjects completed an online survey consisting of a series of questions about their academic behavior -- "Have you ever cheated on...

Laptop Security while Crossing Borders

Wed, 15 Jul 2009 12:10:47 -0600

Last year, I wrote about the increasing propensity for governments, including the U.S. and Great Britain, to search the contents of people's laptops at customs. What we know is still based on anecdote, as no country has clarified the rules about what their customs officers are and are not allowed to do, and what rights people have. Companies and individuals...

Data Leakage Through Power Lines

Wed, 15 Jul 2009 06:17:58 -0600

The NSA has known about this for decades: Security researchers found that poor shielding on some keyboard cables means useful data can be leaked about each character typed. By analysing the information leaking onto power circuits, the researchers could see what a target was typing. The attack has been demonstrated to work at a distance of up to 15m, but...

Poor Man's Steganography

Tue, 14 Jul 2009 13:48:08 -0600

Hide files inside pdf documents: "embed a file in a PDF document and corrupt the reference, thereby effectively making the embedded file invisible to the PDF reader."...

Gaze Tracking Software Protecting Privacy

Tue, 14 Jul 2009 06:20:37 -0600

Interesting use of gaze tracking software to protect privacy: Chameleon uses gaze-tracking software and camera equipment to track an authorized reader's eyes to show only that one person the correct text. After a 15-second calibration period in which the software essentially "learns" the viewer's gaze patterns, anyone looking over that user's shoulder sees dummy text that randomly and constantly changes....

North Korean Cyberattacks

Mon, 13 Jul 2009 11:45:53 -0600

To hear the media tell it, the United States suffered a major cyberattack last week. Stories were everywhere. "Cyber Blitz hits U.S., Korea" was the headline in Thursday's Wall Street Journal. North Korea was blamed. Where were you when North Korea attacked America? Did you feel the fury of North Korea's armies? Were you fearful for your country? Or did...

Strong Web Passwords

Mon, 13 Jul 2009 05:38:31 -0600

Interesting paper from HotSec '07: "Do Strong Web Passwords Accomplish Anything?" by Dinei Florêncio, Cormac Herley, and Baris Coskun. ABSTRACT: We find that traditional password advice given to users is somewhat dated. Strong passwords do nothing to protect online users from password stealing attacks such as phishing and keylogging, and yet they place considerable burden on users. Passwords that are...

Friday Squid Blogging: Humboldt Squid Caught Off Seattle

Fri, 10 Jul 2009 16:45:42 -0600

A hundred-pounder. They're still moving North....

Lost Suitcases in Airport Restrooms

Fri, 10 Jul 2009 12:45:03 -0600

Want to cause chaos at an airport? Leave a suitcase in the restroom: Three incoming flights from London were cancelled and about 150 others were delayed for up to three hours, while the army's bomb squad carried out its investigation, before giving the all-clear at about 5pm. Passengers were told to leave the arrivals hall, main check-in area at the...