Site Overlay

Going Through the Security Motions

The Associated Press profiles security guru Bruce Schneier. Bruce writes clearly and well, and apparently got a mention in “The Da Vinci Code”. He’s also very critical of Post 9–11 overreaction: “Eventually we will all come to our senses about security,” he says. “I think it’s 10 to 20 years. A generation.” His argument: less showmanship, more cost-effectivenesss. Amen. To that I’d add consistency. Those implementing security need to apply the same level of alertness whether it’s 1 am or 1 pm. They also need to be involved in the decision making and planning process — at least enough to understand that looking under aContinue readingGoing Through the Security Motions

Getting Data Past Borders

Bruce Schneier uses reports that Sudan is searching all laptops being brought into the country to sound a warning: “Your privacy rights when trying to enter a country are minimal, and this kind of thing could happen anywhere… If you’re bringing a laptop across an international border, you should clean off all unnecessary files and encrypt the rest.” Some commenters take the discussion a bit further, pointing out this may not be enough. Officials may demand you decrypt your files, so a better way would be to encrypt your data in an unpartitioned portion of your hard drive using something called TrueCrypt, which creates aContinue readingGetting Data Past Borders

Let Your Fingers Do the Remembering

Maybe I’ve missed something, but why isn’t more work dedicated to understanding the link between passwords and memory? Given that we’re supposed to remember our passwords (as opposed to writing them down on Post-it notes and sticking them somewhere prominent) why don’t we look more closely at the process whereby we remember stuff — and forget it? Danah of apophenia wrote recently about the somewhat lame password recovery system some websites use whereby “you have to choose three questions and answer them. The problem is that they are all “What is your favorite n” where n is restaurant, band, movie, song, actor, book, drink, food,Continue readingLet Your Fingers Do the Remembering

Hang On, I’m Just Calling My Getaway Car

A bank in Chicago has banned use of cellphones in five of its branches, hoping to prevent the bad guys from communicating with each other during a robbery, according to UPI: “We ban cell phone use in the lobby because you don’t know what people are doing,” Ralph Oster, a senior vice president [of the First National Bank], told the Chicago Tribune. Cell phone cameras are also a worry. Oster said there have been holdups in which bandits were on the phone with lookouts outside while committing bank robberies. As the piece points out, this isn’t the first such ban: West Suburban Bank, based inContinue readingHang On, I’m Just Calling My Getaway Car

The Smell of Sterile Burning

There’s a growing noise about Sony’s apparent attempt to install digital rights management software usually associated with bad guys trying to maintain control of a compromised computer: Mark’s Sysinternals Blog: Sony, Rootkits and Digital Rights Management Gone Too Far: The entire experience was frustrating and irritating. Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files.Continue readingThe Smell of Sterile Burning

Bruce on Phishing: It’s the Banks, Stupid

Bruce Schneier again talks sense, this time about phishing: Schneier on Security: Phishing Financial companies have until now avoided taking on phishers in a serious way, because it’s cheaper and simpler to pay the costs of fraud. That’s unacceptable, however, because consumers who fall prey to these scams pay a price that goes beyond financial losses, in inconvenience, stress and, in some cases, blots on their credit reports that are hard to eradicate. As a result, lawmakers need to do more than create new punishments for wrongdoers — they need to create tough new incentives that will effectively force financial companies to change the statusContinue readingBruce on Phishing: It’s the Banks, Stupid

OK, That’s Enough Bluetooth Monday Jokes

One of my favourite bands from the early 1980s, New Order, are promoting their upcoming album, Waiting for the Sirens Call, (due to be launched this coming week) via Bluetooth. They are displaying, in the words of Engadget: digital interactive posters offering song clips, ringtones and photos that can be beamed directly to fans’ cellphones. The posters use both infrared and Bluetooth to send the data directly to phones, bypassing network charges to fans or to the band’s label, and making New Order to first group to hand out free music clips direct to cellphones. The service is, I believe, provided by a company calledContinue readingOK, That’s Enough Bluetooth Monday Jokes

Do Passports Plus RFID Tags Make Us Walking Targets?

RFID tags? Sinister chip or harmless piece of plastic and wire? I’ve been on the side of the former for some time, but in the face of some objection from readers. A listener to a piece I did on the BBC World Service a few weeks back about the danger that RFID tags would give up too much information to anyone interested — shops, sleazeballs, governments, terrorists — wrote in to say: Your correspondent seemed in danger of propagating the fiction that RFID tags can be read from a distance. A RFID tag contains no power source. The read head, the device that interrogates theContinue readingDo Passports Plus RFID Tags Make Us Walking Targets?

Behind the Akamai DDoS Attack

A bit late (my apologies) but it’s interesting to look at the recent Distributed Denial of Service attack on Akamai, an Internet infrastructure provider. The attack blocked nearly all access to Apple Computer, Google, Microsoft and Yahoo’s Web sites for two hours on Tuesday by bringing down Akamai’s domain name system, or DNS, servers. These servers translate domain names — www.microsoft.com — into numerical addresses. The attack was made possible by harnessing a bot net — thousands of compromised Internet-connected computers, or zombies, which are instructed to flood the DNS servers with data at the same time. This is called Distributed Denial of Service, ofContinue readingBehind the Akamai DDoS Attack

The Price Of Democracy

An interesting essay by security guru Bruce Schneier (via the brianstorms weblog) on the economics of fixing an election. Put simply: How much is it worth a party to fix an election, and so how much would they be willing to spend on doing it? Put another way, how much should the folk designing an electronic voting system assume will be spent on trying to get past the security software? Bruce does the math and concludes ”that affecting the balance of power in the House of Representatives is worth at least $100M to the party who would otherwise be losing. So when designing the security behind theContinue readingThe Price Of Democracy

Copyright © 2020 loose wire blog. All Rights Reserved. | Catch Sketch by Catch Themes