http://www.schneier.com/blog/ A blog covering security and security technology. Copyright 2008 Bruce Schneier Fri, 10 Oct 2008 16:58:41 -0600 http://www.movabletype.org/?v=4.2-en http://blogs.law.harvard.edu/tech/rss Squid can communicate with each other without any other fish noticing: Squid and their relatives have eyes that are sensitive to polarised light and to them and are known to use it to signal to one another. Their predators on the other hand, like seals or whales, don't share this ability and cannot see the squids' signals. Most of all,...<div class="feedflare"> <a href="http://feeds.feedburner.com/~f/schneier/excerpts?a=l2gJM"><img src="http://feeds.feedburner.com/~f/schneier/excerpts?i=l2gJM" border="0"></img></a> </div> http://www.schneier.com/blog/archives/2008/10/friday_squid_bl_144.html http://www.schneier.com/blog/archives/2008/10/friday_squid_bl_144.html Fri, 10 Oct 2008 16:58:41 -0600 Guess the year: Murderous organizations have increased in size and scope; they are more daring, they are served by the most terrible weapons offered by modern science, and the world is nowadays threatened by new forces which, if recklessly unchained, may some day wreck universal destruction. The Orsini bombs were mere children's toys compared with the later developments of infernal...<div class="feedflare"> <a href="http://feeds.feedburner.com/~f/schneier/excerpts?a=0tU5M"><img src="http://feeds.feedburner.com/~f/schneier/excerpts?i=0tU5M" border="0"></img></a> </div> http://www.schneier.com/blog/archives/2008/10/the_more_things.html http://www.schneier.com/blog/archives/2008/10/the_more_things.html Fri, 10 Oct 2008 12:30:19 -0600 According to a massive report from the National Research Council, data mining for terrorists doesn't work. Here's a good summary: The report was written by a committee whose members include William Perry, a professor at Stanford University; Charles Vest, the former president of MIT; W. Earl Boebert, a retired senior scientist at Sandia National Laboratories; Cynthia Dwork of Microsoft Research;...<div class="feedflare"> <a href="http://feeds.feedburner.com/~f/schneier/excerpts?a=MsVCM"><img src="http://feeds.feedburner.com/~f/schneier/excerpts?i=MsVCM" border="0"></img></a> </div> http://www.schneier.com/blog/archives/2008/10/data_mining_for_1.html http://www.schneier.com/blog/archives/2008/10/data_mining_for_1.html Fri, 10 Oct 2008 06:35:43 -0600 Heard about this: The Maryland State Police classified 53 nonviolent activists as terrorists and entered their names and personal information into state and federal databases that track terrorism suspects, the state police chief acknowledged yesterday. Why did they do that? Both Hutchins and Sheridan said the activists' names were entered into the state police database as terrorists partly because the...<div class="feedflare"> <a href="http://feeds.feedburner.com/~f/schneier/excerpts?a=wewIM"><img src="http://feeds.feedburner.com/~f/schneier/excerpts?i=wewIM" border="0"></img></a> </div> http://www.schneier.com/blog/archives/2008/10/nonviolent_acti.html http://www.schneier.com/blog/archives/2008/10/nonviolent_acti.html Thu, 09 Oct 2008 13:07:17 -0600 In a blatant attempt to get some PR: In a new paper, Bernd Roellgen of Munich-based encryption outfit PMC Ciphers, explains how it is possible to compare an encrypted backup image file made with almost any commercial encryption program or algorithm to an original that has subsequently changed so that small but telling quantities of data 'leaks'. Here's the paper....<div class="feedflare"> <a href="http://feeds.feedburner.com/~f/schneier/excerpts?a=9IZNM"><img src="http://feeds.feedburner.com/~f/schneier/excerpts?i=9IZNM" border="0"></img></a> </div> http://www.schneier.com/blog/archives/2008/10/new_attack_agai.html http://www.schneier.com/blog/archives/2008/10/new_attack_agai.html Thu, 09 Oct 2008 06:44:14 -0600 This is the best article I've read on the story....<div class="feedflare"> <a href="http://feeds.feedburner.com/~f/schneier/excerpts?a=oZ0nM"><img src="http://feeds.feedburner.com/~f/schneier/excerpts?i=oZ0nM" border="0"></img></a> </div> http://www.schneier.com/blog/archives/2008/10/chinese_monitor.html http://www.schneier.com/blog/archives/2008/10/chinese_monitor.html Wed, 08 Oct 2008 06:55:52 -0600 Turns out you can add anyone's number -- or remove anyone's number -- to/from the Canadian do-not-call list. You can also add (but not remove) numbers to the U.S. do-not-call list, though only up to three at a time, and you have to provide a valid e-mail address to confirm the addition. Here's my idea. If you're a company, add...<div class="feedflare"> <a href="http://feeds.feedburner.com/~f/schneier/excerpts?a=s6t7M"><img src="http://feeds.feedburner.com/~f/schneier/excerpts?i=s6t7M" border="0"></img></a> </div> http://www.schneier.com/blog/archives/2008/10/the_canadian_do.html http://www.schneier.com/blog/archives/2008/10/the_canadian_do.html Tue, 07 Oct 2008 15:51:16 -0600 Most counterterrorism policies fail, not because of tactical problems, but because of a fundamental misunderstanding of what motivates terrorists in the first place. If we're ever going to defeat terrorism, we need to understand what drives people to become terrorists in the first place. Conventional wisdom holds that terrorism is inherently political, and that people become terrorists for political reasons....<div class="feedflare"> <a href="http://feeds.feedburner.com/~f/schneier/excerpts?a=rIniM"><img src="http://feeds.feedburner.com/~f/schneier/excerpts?i=rIniM" border="0"></img></a> </div> http://www.schneier.com/blog/archives/2008/10/the_seven_habit.html http://www.schneier.com/blog/archives/2008/10/the_seven_habit.html Tue, 07 Oct 2008 05:48:53 -0600 Good Q&A on clickjacking: In plain English, clickjacking lets hackers and scammers hide malicious stuff under the cover of the content on a legitimate site. You know what happens when a carjacker takes a car? Well, clickjacking is like that, except that the click is the car. "Clickjacking" is a stunningly sexy name, but the vulnerability is really just a...<div class="feedflare"> <a href="http://feeds.feedburner.com/~f/schneier/excerpts?a=i0NoM"><img src="http://feeds.feedburner.com/~f/schneier/excerpts?i=i0NoM" border="0"></img></a> </div> http://www.schneier.com/blog/archives/2008/10/clickjacking.html http://www.schneier.com/blog/archives/2008/10/clickjacking.html Mon, 06 Oct 2008 13:45:02 -0600 Interesting: CSRF vulnerabilities occur when a website allows an authenticated user to perform a sensitive action but does not verify that the user herself is invoking that action. The key to understanding CSRF attacks is to recognize that websites typically don't verify that a request came from an authorized user. Instead they verify only that the request came from the...<div class="feedflare"> <a href="http://feeds.feedburner.com/~f/schneier/excerpts?a=UaceM"><img src="http://feeds.feedburner.com/~f/schneier/excerpts?i=UaceM" border="0"></img></a> </div> http://www.schneier.com/blog/archives/2008/10/new_cross-site.html http://www.schneier.com/blog/archives/2008/10/new_cross-site.html Mon, 06 Oct 2008 05:42:04 -0600 Wow....<div class="feedflare"> <a href="http://feeds.feedburner.com/~f/schneier/excerpts?a=7w4OM"><img src="http://feeds.feedburner.com/~f/schneier/excerpts?i=7w4OM" border="0"></img></a> </div> http://www.schneier.com/blog/archives/2008/10/friday_squid_bl_143.html http://www.schneier.com/blog/archives/2008/10/friday_squid_bl_143.html Fri, 03 Oct 2008 16:25:00 -0600 On Wednesday I was interviewed by the Irish Times....<div class="feedflare"> <a href="http://feeds.feedburner.com/~f/schneier/excerpts?a=5U6GM"><img src="http://feeds.feedburner.com/~f/schneier/excerpts?i=5U6GM" border="0"></img></a> </div> http://www.schneier.com/blog/archives/2008/10/article_in_the.html http://www.schneier.com/blog/archives/2008/10/article_in_the.html Fri, 03 Oct 2008 13:43:49 -0600