Ramblings & ephemera
From Bruce Schneier’s “Gathering ‘Storm’ Superworm Poses Grave Threat to PC Nets” (Wired: 4 October 2007):
Storm represents the future of malware. Let’s look at its behavior:
1. Storm is patient. A worm that attacks all the time is much easier to detect; a worm that attacks and then shuts off for a while [...]
Posted on November 22nd, 2008 by Scott Granneman
Filed under: Wash U: tech in changing society, Webster U: infosec management, business, security | No Comments »
From Bruce Schneier’s “Getting Free Food at a Fast-Food Drive-In” (Crypto-Gram: 15 September 2007):
It’s easy. Find a fast-food restaurant with two drive-through windows: one where you order and pay, and the other where you receive your food. This won’t work at the more-common U.S. configuration: a microphone where you order, and a single window where [...]
Posted on November 21st, 2008 by Scott Granneman
Filed under: Webster U: infosec management, security | No Comments »
From Bruce Schneier’s “News” (Crypto-Gram: 15 September 2007):
Taser — yep, that’s the company’s name as well as the product’s name — is now selling a personal-use version of their product. It’s called the Taser C2, and it has an interesting embedded identification technology. Whenever the weapon is fired, it also sprays some serial-number bar-coded confetti, [...]
Posted on November 21st, 2008 by Scott Granneman
Filed under: Wash U: tech in changing society, Webster U: infosec management, business, security | No Comments »
From Bruce Schneier’s “Basketball Referees and Single Points of Failure” (Crypto-Gram: 15 September 2007):
What sorts of systems — IT, financial, NBA games, or whatever — are most at risk of being manipulated? The ones where the smallest change can have the greatest impact, and the ones where trusted insiders can make that change.
…
It’s not [...]
Posted on November 21st, 2008 by Scott Granneman
Filed under: Wash U: tech in changing society, Webster U: infosec management, security | No Comments »
From Bruce Schneier’s “First Responders” (Crypto-Gram: 15 September 2007):
In 2004, the U.S. Conference of Mayors issued a report on communications interoperability. In 25% of the 192 cities surveyed, the police couldn’t communicate with the fire department. In 80% of cities, municipal authorities couldn’t communicate with the FBI, FEMA, and other federal agencies.
The source of the [...]
Posted on November 21st, 2008 by Scott Granneman
Filed under: Wash U: tech in changing society, Webster U: infosec management, politics, security | No Comments »
From Bruce Schneier’s “My Open Wireless Network” (Crypto-Gram: 15 January 2008):
A company called Fon has an interesting approach to this problem. Fon wireless access points have two wireless networks: a secure one for you, and an open one for everyone else. You can configure your open network in either “Bill” or “Linus” mode: In the [...]
Posted on November 21st, 2008 by Scott Granneman
Filed under: Webster U: infosec management, business, technology | No Comments »
From Bruce Schneier’s “Anonymity and the Netflix Dataset” (Crypto-Gram: 15 January 2008):
The point of the research was to demonstrate how little information is required to de-anonymize information in the Netflix dataset.
…
What the University of Texas researchers demonstrate is that this process isn’t hard, and doesn’t require a lot of data. It turns out that [...]
Posted on November 21st, 2008 by Scott Granneman
Filed under: Wash U: tech in changing society, Webster U: infosec management, business, security | No Comments »
From Victor Bogado da Silva Lins’ letter in Bruce Schneier’s Crypto-Gram (15 May 2004):
You mentioned in your last crypto-gram newsletter about a cover that makes a license plate impossible to read from certain angles. Brazilian people have thought in another low-tech solution for the same “problem”, they simply tie some ribbons to the plate or [...]
Posted on April 20th, 2008 by Scott Granneman
Filed under: Webster U: infosec management, security | No Comments »
From Les Jones’s email in Bruce Schneier’s “Crypto-Gram” (15 August 2005):
Avoiding rescuers is a common reaction in people who have been lost in the woods. See Dwight McCarter’s book, “Lost,” an account of search and rescue operations in the Great Smoky Mountains National Park. In one chapter McCarter tells the story of two backpackers in [...]
Posted on April 15th, 2008 by Scott Granneman
Filed under: commonplace book, weird | No Comments »
From Bruce Schneier’s “Crypto-Gram” (15 August 2005):
At DefCon earlier this month, a group was able to set up an unamplified 802.11 network at a distance of 124.9 miles.
http://www.enterpriseitplanet.com/networking/news/…
http://pasadena.net/shootout05/
Even more important, the world record for communicating with a passive RFID device was set at 69 feet. Remember that the next time someone tells you that it’s [...]
Posted on April 15th, 2008 by Scott Granneman
Filed under: Webster U: infosec management, security, technology | No Comments »
From Bruce Schneier’s “The Strange Story of Dual_EC_DRBG” (Crypto-Gram: 15 November 2007):
This year, the U.S. government released a new official standard for random number generators, which will likely be followed by software and hardware developers around the world. Called NIST Special Publication 800-90, the 130-page document contains four different approved techniques, called DRBGs, or “Deterministic [...]
Posted on April 12th, 2008 by Scott Granneman
Filed under: security | No Comments »
From Bruce Schneier’s “Hacking Computers Over USB” (Crypto-Gram: 15 June 2005):
From CSO Magazine:
“Plug an iPod or USB stick into a PC running Windows and the device can literally take over the machine and search for confidential documents, copy them back to the iPod or USB’s internal storage, and hide them as “deleted” files. Alternatively, the [...]
Posted on December 10th, 2006 by Scott Granneman
Filed under: Wash U: tech in changing society, Webster U: infosec management, business, security, technology | Comments Off
From Bruce Schneier’s “Mitigating Identity Theft” (Crypto-Gram: 15 April 2005):
The very term “identity theft” is an oxymoron. Identity is not a possession that can be acquired or lost; it’s not a thing at all. …
The real crime here is fraud; more specifically, impersonation leading to fraud. Impersonation is an ancient crime, but the rise of [...]
Posted on August 2nd, 2006 by Scott Granneman
Filed under: Wash U: tech in changing society, Webster U: infosec management, business, law, security, technology | Comments Off
From Bruce Schneier’s “More on Two-Factor Authentication” (Crypto-Gram: 15 April 2005):
Passwords just don’t work anymore. As computers have gotten faster, password guessing has gotten easier. Ever-more-complicated passwords are required to evade password-guessing software. At the same time, there’s an upper limit to how complex a password users can be expected to remember. About five years [...]
Posted on August 2nd, 2006 by Scott Granneman
Filed under: Webster U: infosec management, security | Comments Off
From Bruce Schneier’s “Hollywood Sign Security” (Crypto-Gram: 15 January 2005):
In Los Angeles, the “HOLLYWOOD” sign is protected by a fence and a locked gate. Because several different agencies need access to the sign for various purposes, the chain locking the gate is formed by several locks linked together. Each of the agencies has the key [...]
Posted on August 2nd, 2006 by Scott Granneman
Filed under: Webster U: infosec management, business, security | Comments Off
From Bruce Schneier’s “Burglars and “Feeling Secure” (Crypto-Gram: 15 January 2005):
This quote is from “Confessions of a Master Jewel Thief,” by Bill Mason (Villard, 2003): “Nothing works more in a thief’s favor than people feeling secure. That’s why places that are heavily alarmed and guarded can sometimes be the easiest targets. The single most important [...]
Posted on August 2nd, 2006 by Scott Granneman
Filed under: Webster U: infosec management, business, security, technology | Comments Off
From Bruce Schneier’s “Color-Coded Terrorist Threat Levels” (Crypto-Gram Newsletter: 15 January 2004):
The color-coded threat alerts issued by the Department of Homeland Security are useless today, but may become useful in the future. The U.S. military has a similar system; DEFCON 1-5 corresponds to the five threat alerts levels: Green, Blue, Yellow, Orange, and Red. The [...]
Posted on July 13th, 2006 by Scott Granneman
Filed under: Wash U: tech in changing society, Webster U: infosec management, politics, security | Comments Off
From Bruce Schneier’s “News” (Crypto-Gram Newsletter: 15 April 2006):
Undercover investigators were able to smuggle radioactive materials into the U.S. It set off alarms at border checkpoints, but the smugglers had forged import licenses from the Nuclear Regulatory Commission, based on an image of the real document they found on the Internet. Unfortunately, the border agents [...]
Posted on July 13th, 2006 by Scott Granneman
Filed under: Wash U: tech in changing society, Webster U: infosec management, security | Comments Off
From Bruce Schneier’s “Movie Plot Threat Contest: Status Report” (Crypto-Gram Newsletter: 15 May 2006):
In my book, Beyond Fear, I discussed five different tendencies people have to exaggerate risks: to believe that something is more risky than it actually is.
1. People exaggerate spectacular but rare risks and downplay common risks.
2. People have trouble estimating risks for [...]
Posted on June 19th, 2006 by Scott Granneman
Filed under: Wash U: tech in changing society, Webster U: infosec management, commonplace book, science, security, technology | Comments Off
From Bruce Schneier’s “Movie Plot Threat Contest: Status Report” (Crypto-Gram Newsletter: 15 May 2006):
… you have to wonder why there have been no terrorist attacks in the U.S. since 9/11. I don’t believe the “flypaper theory” that the terrorists are all in Iraq instead of in the U.S. And despite all the ineffectual security we’ve [...]
Posted on June 19th, 2006 by Scott Granneman
Filed under: Wash U: tech in changing society, Webster U: infosec management, history, politics, security, technology | Comments Off