|
"Simplicity seems to work best. One common method of communicating over the Internet is essentially an e-mail version of the classic dead drop.
Members of a cell are all given the same prearranged username and password for an e-mail account on an Internet service provider, or ISP, such as Hotmail or Yahoo, according to the recent joint report by the Treasury and Justice departments.
One member writes a message, but instead of sending it, he puts it in the 'draft' file and then logs off. Someone else can then sign onto the account using the same username and password, read the draft and then delete it.
'Because the draft was never sent, the ISP does not retain a copy of it and there is no record of it traversing the Internet -- it never went anywhere, its recipients came to it,' the report said." [L.A. Times: "Cyberspace Gives Al Qaeda Refuge"]
"Richard M. Smith, a security consultant in Cambridge, Mass., said customers could also use certain techniques to foil keystroke loggers. When typing in sensitive information, for instance, he suggests cutting and pasting individual characters from elsewhere to form the password.
No keys depressed, no characters logged." [The News & Observer]
"Yet nearly everything we do to combat crime or enhance safety comes at the expense of reduced efficiency. So we build airports to make possible efficient air transportation, then set up metal detectors to slow down the flow of passengers. We build highways to make car travel faster, then set speed limits to make it slower." [Robert X. Cringely: "I'm With Stupid"]
"Mailinator is ad hoc e-mail for those times when just maybe you don't want to use your regular e-mail address. Say you are snitching on the boss, buying inflatable people, or want 32 different PayPal accounts. Just tell someone -- anyone -- that your e-mail address is fatman@mailinator.com or skinnykid@mailinator.com, or clueless@mailinator.com or any other address you like at mailinator.com. But this is no dead-end. When people write to you at that address the message will go through. That's because Mailinator accepts any message going to that domain and automatically assigns an e-mail account to it. But what about passwords? There are none. Anyone can go to Mailinator and check the mail for clueless or any other name. But with so many names and the idea that Mailinator is only for occasional use, who cares?" [Robert X. Cringely: "Stream On"]
"... innovative industrial spies, who have several neat new tricks. These days, a boardroom Mata Hari can purchase a specially designed cell phone that will answer incoming calls while appearing to be switched off. In a business meeting, she could casually leave her phone on the table while excusing herself to go to the bathroom. Once she's gone, she can call the phone she left behind and eavesdrop on what the other side is saying in her absence." [David S. Bennahum: "Hope You Like Jamming, Too" in Slate]
"Popular cell-phone models made by Nokia, Motorola and other market leaders, can transform into sophisticated, easily operated bugging devices through a small modification. By a simple press of a button, a seemingly standard cell-phone device switches into a mode in which it seems to be turned-off. However, in this deceitful mode the phone will automatically answer incoming calls, without any visual or audio indications whatsoever. In most cases, such 'spy' phones are concealed within the targeted area, for instance - inside a houseplant. A well placed bug-phone can be activated on?demand from any remote location (even out of another country)." [The New C-Guard EXP]
Bruce Schneier: "Computer security folks are always trying to solve problems with technology, which explains why so many computer solutions fail so miserably." [the Evolution of a Cryptographer]
Bruce Schneier: "Why are people so lousy at estimating, evaluating and accepting risk? That's a complicated question, and I spend most of Chapter 2 of Beyond Fear trying to answer it. Evaluating risk is one of the most basic functions of a brain and something hard-wired into every species possessing one. Our own notions of risk are based on experience, but also on emotion and intuition. The problem is that the risk analysis ability that has served our species so well over the millennia is being overtaxed by modern society. Modern science and technology create things that cannot be explained to the average person; hence, the average person cannot evaluate the risks associated with them. Modern mass communication perturbs the natural experiential process, magnifying spectacular but rare risks and minimizing common but uninteresting risks. This kind of thing isn't new˜government agencies like the FDA were established precisely because the average person cannot intelligently evaluate the risks of food additives and drugs˜but it does have profound effects on people's security decisions. They make bad ones." [The Evolution of a Cryptographer]
|