http://www.schneier.com/blog/ A blog covering security and security technology. Copyright 2012 Bruce Schneier Wed, 16 May 2012 06:15:10 -0500 http://www.movabletype.org/?v=4.38 http://blogs.law.harvard.edu/tech/rss According to a report from the DHS Office of Inspector General: Federal investigators "identified vulnerabilities in the screening process" at domestic airports using so-called "full body scanners," according to a classified internal Department of Homeland Security report. EPIC obtained an unclassified version of the report in a FOIA response. Here's the summary.... http://www.schneier.com/blog/archives/2012/05/security_vulner_1.html http://www.schneier.com/blog/archives/2012/05/security_vulner_1.html Wed, 16 May 2012 06:15:10 -0500 To New Zealand: United States Secretary of Homeland Security Janet Napolitano has warned the New Zealand Government about the latest terrorist threat known as "body bombers." [...] "Do we have specific credible evidence of a [body bomb] threat today? I would not say that we do, however, the importance is that we all lean forward." Why the headline of this... http://www.schneier.com/blog/archives/2012/05/us_exports_terr.html http://www.schneier.com/blog/archives/2012/05/us_exports_terr.html Tue, 15 May 2012 06:17:04 -0500 Why do otherwise rational people think it's a good idea to profile people at airports? Recently, neuroscientist and best-selling author Sam Harris related a story of an elderly couple being given the twice-over by the TSA, pointed out how these two were obviously not a threat, and recommended that the TSA focus on the actual threat: "Muslims, or anyone who... http://www.schneier.com/blog/archives/2012/05/the_trouble_wit.html http://www.schneier.com/blog/archives/2012/05/the_trouble_wit.html Mon, 14 May 2012 06:19:44 -0500 Kraken: The Curious, Exciting, and Slightly Disturbing Science of Squid. And a review. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.... http://www.schneier.com/blog/archives/2012/05/friday_squid_bl_325.html http://www.schneier.com/blog/archives/2012/05/friday_squid_bl_325.html Fri, 11 May 2012 16:58:04 -0500 MobileScope looks like a great tool for monitoring and controlling what information third parties get from your smart phone apps: We built MobileScope as a proof-of-concept tool that automates much of what we were doing manually; monitoring mobile devices for surprising traffic and highlighting potentially privacy-revealing flows [...] Unlike PCs, we have little control over the underlying privacy and security... http://www.schneier.com/blog/archives/2012/05/smart_phone_pri.html http://www.schneier.com/blog/archives/2012/05/smart_phone_pri.html Fri, 11 May 2012 06:42:22 -0500 Funny.... http://www.schneier.com/blog/archives/2012/05/security_fail.html http://www.schneier.com/blog/archives/2012/05/security_fail.html Thu, 10 May 2012 05:46:52 -0500 All RuggedCom equipment comes with a built-in backdoor: The backdoor, which cannot be disabled, is found in all versions of the Rugged Operating System made by RuggedCom, according to independent researcher Justin W. Clarke, who works in the energy sector. The login credentials for the backdoor include a static username, "factory," that was assigned by the vendor and can't be... http://www.schneier.com/blog/archives/2012/05/ruggedcom_inser.html http://www.schneier.com/blog/archives/2012/05/ruggedcom_inser.html Wed, 09 May 2012 06:24:17 -0500 We don't know much, but here are my predictions: There's a lot more hyperbole to this story than reality. The explosive would have either 1) been caught by pre-9/11 security, or 2) not been caught by post-9/11 security. Nonetheless, it will be used to justify more invasive airport security.... http://www.schneier.com/blog/archives/2012/05/a_foiled_terror.html http://www.schneier.com/blog/archives/2012/05/a_foiled_terror.html Tue, 08 May 2012 13:14:17 -0500 This is a ridiculous overreaction: The police bomb squad was called to 2 World Financial Center in lower Manhattan at midday when a security guard reported a package that seemed suspicious. Brookfield Properties, which runs the property, ordered an evacuation as a precaution. That's the entire building, a 44-story, 2.5-million-square-foot office building. And why? The bomb squad determined the package... http://www.schneier.com/blog/archives/2012/05/overreacting_to.html http://www.schneier.com/blog/archives/2012/05/overreacting_to.html Tue, 08 May 2012 07:03:52 -0500 With all the talk about airborne drones like the Predator, it's easy to forget that drones can be in the water as well. Meet the Common Unmanned Surface Vessel (CUSV): The boat -- painted in Navy gray and with a striking resemblance to a PT boat -- is 39 feet long and can reach a top speed of 28 knots.... http://www.schneier.com/blog/archives/2012/05/naval_drones.html http://www.schneier.com/blog/archives/2012/05/naval_drones.html Mon, 07 May 2012 06:52:51 -0500 Neat. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.... http://www.schneier.com/blog/archives/2012/05/friday_squid_bl_326.html http://www.schneier.com/blog/archives/2012/05/friday_squid_bl_326.html Fri, 04 May 2012 16:01:04 -0500 This vendor is selling a tampon-shaped USB drive. Although it's less secure now that there are blog posts about it.... http://www.schneier.com/blog/archives/2012/05/tampon-shaped_u.html http://www.schneier.com/blog/archives/2012/05/tampon-shaped_u.html Fri, 04 May 2012 13:31:57 -0500