RSSmeme | Stories Published by schneier

Contest: Cory Doctorow's Cipher Wheel Rings (6) share digg
by schneier (233) on Schneier on Security (267) 1 day, 11 hours ago permalink
Cory Doctorow wanted a secret decoder wedding ring, and he asked me to help design it. I wanted something more than the standard secret decoder ring, so this is what I asked for: "I want each wheel to be the alphabet, with each letter having either a dot above, a dot below, or no dot at all. The first wheel should have alternating above, none, below. The second wheel should be the repeating sequence of ...

Shared by Andrew Becherer (13) gabopagan (59) gyakusetsu (13) J. James B (41) Nishant (6) Noah (36)
- gyakusetsu said: Cool!
Contribute comment
Using Shredded Checks as Packaging Material (2) share digg
by schneier (233) on Schneier on Security (267) 1 day, 18 hours ago permalink
This seems like a really dumb idea.

Shared by Drew (20) Nathaniel Dean (21)

Contribute comment
Privacy Policies: Perception vs. Reality (5) share digg
by schneier (233) on Schneier on Security (267) 2 days, 11 hours ago permalink
New paper: "What Californians Understand About Privacy Online," by Chris Jay Hoofnagle and Jennifer King. From the abstract: A gulf exists between California consumers' understanding of online rules and common business practices. For instance, Californians who shop online believe that privacy policies prohibit third-party information sharing. A majority of Californians believes that privacy policies create the right to require a website to delete personal information upon request, a general right to sue for damages, a ...

Shared by Ben (19) e.p.c. (21) Jon (7) Logical Extremes (13) Raffi Krikorian (5)

Contribute comment
Diaries Written in Code (4) share digg
by schneier (233) on Schneier on Security (267) 3 days, 11 hours ago permalink
Many throughout history....

Shared by AndrewK (5) FVT or FVTer (21) Svitlana (22) tabo (31)

Contribute comment
Sucking Data off of Cell Phones (6) share digg
by schneier (233) on Schneier on Security (267) 3 days, 19 hours ago permalink
Don't give someone your phone unless you trust them: There is a new electronic capture device that has been developed primarily for law enforcement, surveillance, and intelligence operations that is also available to the public. It is called the Cellular Seizure Investigation Stick, or CSI Stick as a clever acronym. It is manufactured by a company called Paraben, and is a self-contained module about the size of a BIC lighter. It plugs directly into most ...

Shared by Bill (11) Chris Hitchcock (30) David Arcos (29) GerardM (25) Iceman (7) Ricardo M. (25)

Contribute comment
Security ROI (14) share digg
by schneier (233) on Schneier on Security (267) 4 days, 18 hours ago permalink
An interesting look at security from a business/actuarial perspective, not something most techies are accustomed to, but very important to those they work for.

Shared by Berbs (23) Chris Hitchcock (30) CJ (81) Daniel (54) Drew (20) Fred Medlin (1) GerardM (25) Ishai (19) Jon (7) kamikyo (8) Nuno (15) tabo (31) TJ (47) trygve (11)
- Ishai said: About the wrong mith of ROSI. Well put.
- tabo said: this man speaks the truth
Contribute comment
Schneier on Security: My LA Times Op Ed on Photo ID Checks at Airport (33) share digg
by schneier (233) on Schneier on Security (267) 5 days, 19 hours ago permalink
Opinion The TSA's useless photo ID rules No-fly lists and photo IDs are supposed to help protect the flying public from terrorists. Except that they don't work. By Bruce Schneier August 28, 2008 The TSA is tightening its photo ID rules at airport security. Previously, people with expired IDs or who claimed to have lost their IDs were subjected to secondary screening. Then the Transportation Security Administration realized that meant someone on the government's no-fly ...

Shared by [Curtis W] (25) Bojan (7) Brettsky (10) cgsheldon (151) Chris Hitchcock (30) cjh (7) Clay (41) Cory (13) dale.brayden@gmail.com (27) Dan (2) David (10) David Arcos (29) Drew (20) gautamg (12) Jon (7) Leximo (508) Logical Extremes (13) mattpovey (3) Nishant (6) Noah (36) norvasc (7) Phillie Casablanca (11) Pito Salas (2) Ramanan (11) ResearchTalk (14) Robert Accettura (15) Ryan (7) Scott (22) Simon Phipps (6) Thomas (6) Thomas Amberg (34) trygve (11) Zac (5)
- David Arcos said: Artículo "for dummies" de por qué los controles aéreos son inútiles
Contribute comment
Another Voting Machine Cartoon (2) share digg
by schneier (233) on Schneier on Security (267) 1 week, 1 day ago permalink
You know your industry has problems when mainstream comic strips make fun of you.

Shared by Alan Dean (55) David Arcos (29)

Contribute comment
A British Bank Bans a Man's Password (11) share digg
by schneier (233) on Schneier on Security (267) 1 week, 1 day ago permalink
Weird story. Mr Jetley said he first realised his security password had been changed when a call centre staff member told him his code word did not match with the one on the computer. "I thought it was actually quite a funny response," he said. "But what really incensed me was when I was told I could not change it back to 'Lloyds is pants' because they said it was not appropriate. [...] "The rules ...

Shared by Adam (15) Chris Hitchcock (30) David Arcos (29) Emanuele Guicciardi (9) Jeff Daly (42) Josh Bancroft (25) Raoul (29) Robert Konigsberg (1) Scott (22) Spiegel (20) Zhasper (45)

Contribute comment
Border Gateway Protocol (BGP) Attacks (9) share digg
by schneier (233) on Schneier on Security (267) 1 week, 1 day ago permalink
This is serious stuff. (Kim Zetter's posts on the topic are excellent; read them.) It's a man-in-the-middle attack. "The Internet's Biggest Security Hole" (the title of that first link) has been that interior relays have always been trusted even though they are not trustworthy.

Shared by arturo.servin (10) Despil (0) Emanuele Guicciardi (9) Jeff Daly (42) kiOwA (5) MikeD (20) Steve (0) Sunil Garg (2) Zhasper (45)

Contribute comment
The TSA Told You That Liquids Are Dangerous (9) share digg
by schneier (233) on Schneier on Security (267) 1 week, 2 days ago permalink
So weird: A plane was forced to land when a passenger had an extreme allergic reaction to a leaking jar of mushroom soup, it was revealed today. The soup fell on the man from an overhead locker on a Ryanair flight to Dublin from Budapest. He reportedly suffered allergic swelling in his neck and struggled to breathe, forcing staff to seek emergency medical treatment.

Shared by Andrew Gwozdziewycz (11) Chris Hitchcock (30) HacKnight (8) Helvick (4) Jeff (43) Mehmet (5) Scott (22) Zac (5) Zaki (58)
- HacKnight said: The soup was probably brought on the plane in several 3oz shampoo containers and then reassembled mid-flight. We must learn to defend ourselves!
Contribute comment
Diebold Finally Admits its Voting Machines Drop Votes (40) share digg
by schneier (233) on Schneier on Security (267) 1 week, 2 days ago permalink
Premier Election Solutions, formerly called Diebold Election Systems, has finally admitted that a ten-year-old error has caused votes to be dropped. It's unclear if this error is random or systemic. If it's random -- a small percentage of all votes are dropped -- then it is highly unlikely that this affected the outcome of any election. If it's systemic --...

Shared by Alf Kåre (2) Antoine (33) Ben V (7) Brettsky (10) C.K. (134) Casey (16) Dave (26) Doug (26) Drewcipher (4) Dustin (4) ecocentrik (1) Eebs (23) Erik S (3) Goldie Katsu (12) Graham Freeman (3) Ian (7) J. James B (41) Jeff Daly (42) JEP (12) johnmarkos (21) Justin Yost (81) Kris (27) krisnelson (3) Kuushal (7) Linkletter (5) Neil (7) Noah (36) OOP Demystified: A Self-Teaching Guide (0) Raoul (29) reechard (7) rveguilla (5) sarahintampa (98) Satyajit Grover (5) Shawn (18) smashcrab (4) Trevor (41) Tsudohnimh (18) yosh (24) Zhasper (45) zuzur (9)
- Eebs said: *shudder* I don't even want to think about the implications here.
- Drewcipher said: All your vote are belong to us. Ehhhhhh.
- Erik S said: Diebold should receive a death sentence. Current and past execs should be criminally charged, some deserve life sentences. Their personal assets should be attacked with civil suits.The company should be stripped of all assets. Siezed personal and corporate assets should be auctioned and the proceeds used to refund the cost of voting equipment. Any remaining funds should be dispursed to the govt treasury.
Contribute comment
Virus Infects the Space Station (9) share digg
by schneier (233) on Schneier on Security (267) 1 week, 3 days ago permalink
Laptops aboard the International Space Station have been infected with the W32.Gammima.AG worm. And it's not the first time this sort of thing has happened.

Shared by Andrew (4) arturo.servin (10) Helvick (4) Jason (1) Jason Wojciechowski (11) Matt (9) Renton (3) tim (35) Zhasper (45)

Contribute comment
Doctoring Photographs without Photoshop (17) share digg
by schneier (233) on Schneier on Security (267) 1 week, 3 days ago permalink
It's all about the captions: ...doctored photographs are the least of our worries. If you want to trick someone with a photograph, there are lots of easy ways to do it. You don't need Photoshop. You don't need sophisticated digital photo-manipulation. You don't need a computer. All you need to do is change the caption. The photographs presented by Colin...

Shared by andronin (5) Antoine (33) BIGODE (23) Bill (11) Bryn (4) cgsheldon (151) CJ (81) David Worrell (16) Drew (20) J. James B (41) Noah (36) S Anand (5) Sam (56) Satyajit Grover (5) schauba (29) tante (10) Wolfger (10)
- Bryn said: This is a photo of Osama Bin Laden sun bathing in Nice. Really.
Contribute comment
Full Disclosure and the Boston Farecard Hack (21) share digg
by schneier (233) on Schneier on Security (267) 1 week, 4 days ago permalink
In eerily similar cases in the Netherlands and the United States, courts have recently grappled with the computer-security norm of "full disclosure," asking whether researchers should be permitted to disclose details of a fare-card vulnerability that allows people to ride the subway for free. The "Oyster card" used on the London Tube was at issue in the Dutch case, and a similar fare card used on the Boston "T" was the center of the U.S. ...

Shared by Alf Kåre (2) Antoine (33) Blaise (46) Cavorter (25) Denny (15) Drew (20) fmavituna (25) Gautam (16) godog (3) Goldie Katsu (12) Helvick (4) Jason (1) kamikyo (8) Nishant (6) pigpogm (12) Sol Young (7) teradome (11) Tim (0) trygve (11) Wilka (2) Zhasper (45)
- trygve said: Excellent essay on full & responsible disclosure of security vulnerabilities.
- fmavituna said: Awesome writeup,-Companies will only design security as good as what their customers know to ask for.This preference for secrecy comes from confusing a vulnerability with information about that vulnerability. Using secrecy as a security measure is fundamentally fragile. It assumes that the bad guys don't do their own security research. It assumes that no one else will find the same vulnerability. It assumes that information won't leak out even if the research results are suppressed. These assumptions are all incorrect.
Contribute comment
Red Light Cameras Don't Work (31) share digg
by schneier (233) on Schneier on Security (267) 1 week, 5 days ago permalink
Interesting: the solution to one problem causes another. "The rigorous studies clearly show red-light cameras don't work," said lead author Barbara Langland-Orban, professor and chair of health policy and management at the USF College of Public Health. "Instead, they increase crashes and injuries as drivers attempt to abruptly stop at camera intersections." Comprehensive studies from North Carolina, Virginia, and Ontario have all reported cameras are associated with increases in crashes. The study by the Virginia ...

Shared by [Curtis W] (25) Andrew Boardman (69) Bill (11) Blaise (46) Brettsky (10) cerement (2) Chris (67) Chuqui (7) Damon (16) dan (0) Dan MacTough (4) Dave (26) David (1) Dennis Hostetler (22) Denny (15) Drew (20) Gene (4) Hamish.MacEwan (18) Jim (22) Ken Kennedy (11) Nathaniel Dean (21) pigpogm (12) Robby R (25) Robert Accettura (15) Ross (16) Ryan (10) Shannon Prickett (34) Tim (32) usrbingeek (6) Victor M.J. (12) Wolfger (10)
- Wolfger said: Gotta love capitalism, eh? Screw public safety! Let's make us some money!
Contribute comment
Monitoring P2P Networks (6) share digg
by schneier (233) on Schneier on Security (267) 2 weeks, 1 day ago permalink
Interesting paper: "Challenges and Directions for Monitoring P2P File Sharing Networks or Why My Printer Received a DMCA Takedown Notice": Abstract -- We reverse engineer copyright enforcement in the popular BitTorrent file sharing network and find that a common approach for identifying infringing users is not conclusive. We describe simple techniques for implicating arbitrary network endpoints in illegal content sharing...

Shared by Chris H (4) Despil (0) Emanuele Guicciardi (9) FVT or FVTer (21) gabor (14) Jackson (0)
- Jackson said: Interesting paper ... especially if you've ever received a notice from a copyright holder.
Contribute comment
MI5 on Terrorist Profiling (25) share digg
by schneier (233) on Schneier on Security (267) 2 weeks, 1 day ago permalink
There's no profile: MI5 has concluded that there is no easy way to identify those who become involved in terrorism in Britain, according to a classified internal research document on radicalisation seen by the Guardian. [...] The main findings include: • The majority are British nationals and the remainder, with a few exceptions, are here legally. Around half were born in the UK, with others migrating here later in life. Some of these fled traumatic ...

Shared by [Curtis W] (25) Alf Kåre (2) Chris Hitchcock (30) dan (0) David Arcos (29) ema (3) eugene (17) g b (39) gyakusetsu (13) Jim (14) lnxcwby (6) Matthew (16) mattpovey (3) MidgetWombat (6) MissM (8) Noah (36) Phillie Casablanca (11) pigpogm (12) Sam (56) Sean Blakey (13) shahryarrakeen (6) slmnhq (8) Thomas (13) trygve (11) Zhasper (45)

Explore read four notes
- Noah said: Profiling for the lose.
- gyakusetsu said: Check your premises...
- mattpovey said: Interesting stuff:"MI5 says there is evidence that a well-established religious identity actually protects against violent radicalisation."
- Sam said: While this proves that we can't label one group of people as "highly probable to be terrorists," it's unfortunate because it seems like the British government is using that knowledge to make everyone in their country a possible terrorist and thus allows random invasive checks and other rude procedures to occur.
Contribute comment
TSA Follies (23) share digg
by schneier (233) on Schneier on Security (267) 2 weeks, 2 days ago permalink
They break planes: Citing sources within the aviation industry, ABC News reports an overzealous TSA employee attempted to gain access to the parked aircraft by climbing up the fuselage... reportedly using the Total Air Temperature (TAT) probes mounted to the planes' noses as handholds. "The brilliant employees used an instrument located just below the cockpit window that is critical to the operation of the onboard computers," one pilot wrote on an American Eagle internet forum. ...

Shared by [Curtis W] (25) Alan Dean (55) Andrew Boardman (69) Ben V (7) Bill (11) cerement (2) Chris Hitchcock (30) CJ (81) dan (0) Drewcipher (4) Dustin (4) eugene (17) Jim (22) johnmarkos (21) JohnMu (12) Justin Yost (81) lnxcwby (6) ocular avulsionist (7) pigpogm (12) Scott (22) Svitlana (22) trygve (11) Zhasper (45)
- Drewcipher said: My hope is that Obama will win the election and then stomp the guts out of this idiotic group of losers.
Contribute comment
Nice Article on Personal Surveillance (2) share digg
by schneier (233) on Schneier on Security (267) 2 weeks, 3 days ago permalink
Nice article on personal surveillance from the London Review of Books.

Shared by cerement (2) Surferbill (5)

Contribute comment