CRYPTO-GRAM, June 15, 2007
Bruce Schneier
schneier at SCHNEIER.COM
Fri Jun 15 01:11:02 PDT 2007
CRYPTO-GRAM
June 15, 2007
by Bruce Schneier
Founder and CTO
BT Counterpane
schneier at schneier.com
http://www.schneier.com
http://www.counterpane.com
A free monthly newsletter providing summaries, analyses, insights, and
commentaries on security: computer and otherwise.
For back issues, or to subscribe, visit
<http://www.schneier.com/crypto-gram.html>.
You can read this issue on the web at
<http://www.schneier.com/crypto-gram-0706.html>. These same essays
appear in the "Schneier on Security" blog:
<http://www.schneier.com/blog>. An RSS feed is available.
** *** ***** ******* *********** *************
In this issue:
Rare Risk and Overreactions
Tactics, Targets, and Objectives
News
Portrait of the Modern Terrorist as an Idiot
Teaching Viruses
Bush's Watch Stolen?
Schneier/BT Counterpane News
Second Movie-Plot Threat Contest Winner
Perpetual Doghouse: Meganet
Non-Security Considerations in Security Decisions
Comments from Readers
** *** ***** ******* *********** *************
Rare Risk and Overreactions
Everyone had a reaction to the horrific events of the Virginia Tech
shootings. Some of those reactions were rational. Others were not.
A high school student was suspended for customizing a first-person
shooter game with a map of his school. A contractor was fired from his
government job for talking about a gun, and then visited by the police
when he created a comic about the incident. A dean at Yale banned
realistic stage weapons from the university theaters -- a policy that
was reversed within a day. And some teachers terrorized a sixth-grade
class by staging a fake gunman attack, without telling them that it was
a drill.
These things all happened, even though shootings like this are
incredibly rare; even though -- for all the press -- less than one
percent of homicides and suicides of children ages 5 to 19 occur in
schools. In fact, these overreactions occurred, not despite these facts,
but *because* of them.
The Virginia Tech massacre is precisely the sort of event we humans tend
to overreact to. Our brains aren't very good at probability and risk
analysis, especially when it comes to rare occurrences. We tend to
exaggerate spectacular, strange and rare events, and downplay ordinary,
familiar and common ones. There's a lot of research in the
psychological community about how the brain responds to risk -- some of
it I have already written about -- but the gist is this: Our brains are
much better at processing the simple risks we've had to deal with
throughout most of our species' existence, and much poorer at evaluating
the complex risks society forces us to face today.
Novelty plus dread equals overreaction.
We can see the effects of this all the time. We fear being murdered,
kidnapped, raped and assaulted by strangers, when it's far more likely
that the perpetrator of such offenses is a relative or a friend. We
worry about airplane crashes and rampaging shooters instead of
automobile crashes and domestic violence -- both far more common.
In the United States, dogs, snakes, bees and pigs each kill more people
per year than sharks. In fact, dogs kill more humans than any animal
except for other humans. Sharks are more dangerous than dogs, yes, but
we're far more likely to encounter dogs than sharks.
Our greatest recent overreaction to a rare event was our response to the
terrorist attacks of 9/11. I remember then-Attorney General John
Ashcroft giving a speech in Minnesota -- where I live -- in 2003, and
claiming that the fact there were no new terrorist attacks since 9/11
was proof that his policies were working. I thought: "There were no
terrorist attacks in the two years preceding 9/11, and you didn't have
any policies. What does that prove?"
What it proves is that terrorist attacks are very rare, and maybe our
reaction wasn't worth the enormous expense, loss of liberty, attacks on
our Constitution and damage to our credibility on the world stage.
Still, overreacting was the natural thing for us to do. Yes, it's
security theater, but it makes us feel safer.
People tend to base risk analysis more on personal story than on data,
despite the old joke that "the plural of anecdote is not data." If a
friend gets mugged in a foreign country, that story is more likely to
affect how safe you feel traveling to that country than abstract crime
statistics.
We give storytellers we have a relationship with more credibility than
strangers, and stories that are close to us more weight than stories
from foreign lands. In other words, proximity of relationship affects
our risk assessment. And who is everyone's major storyteller these
days? Television. (Nassim Nicholas Taleb's great book, "The Black
Swan: The Impact of the Highly Improbable," discusses this.)
Consider the reaction to another event from last month: professional
baseball player Josh Hancock got drunk and died in a car crash. As a
result, several baseball teams are banning alcohol in their clubhouses
after games. Aside from this being a ridiculous reaction to an
incredibly rare event (2,430 baseball games per season, 35 people per
clubhouse, two clubhouses per game. And how often has this happened?),
it makes no sense as a solution. Hancock didn't get drunk in the
clubhouse; he got drunk at a bar. But Major League Baseball needs to be
seen as doing *something*, even if that something doesn't make sense --
even if that something actually increases risk by forcing players to
drink at bars instead of at the clubhouse, where there's more control
over the practice.
I tell people that if it's in the news, don't worry about it. The very
definition of "news" is "something that hardly ever happens." It's when
something isn't in the news, when it's so common that it's no longer
news -- car crashes, domestic violence -- that you should start worrying.
But that's not the way we think. Psychologist Scott Plous said it well
in "The Psychology of Judgment and Decision Making": "In very general
terms: (1) The more *available* an event is, the more frequent or
probable it will seem; (2) the more *vivid* a piece of information is,
the more easily recalled and convincing it will be; and (3) the more
*salient* something is, the more likely it will be to appear causal."
So, when faced with a very available and highly vivid event like 9/11 or
the Virginia Tech shootings, we overreact. And when faced with all the
salient related events, we assume causality. We pass the Patriot Act.
We think if we give guns out to students, or maybe make it harder for
students to get guns, we'll have solved the problem. We don't let our
children go to playgrounds unsupervised. We stay out of the ocean
because we read about a shark attack somewhere.
It's our brains again. We need to "do something," even if that
something doesn't make sense; even if it is ineffective. And we need to
do something directly related to the details of the actual event. So
instead of implementing effective, but more general, security measures
to reduce the risk of terrorism, we ban box cutters on airplanes. And
we look back on the Virginia Tech massacre with 20-20 hindsight and
recriminate ourselves about the things we *should have done.
Lastly, our brains need to find someone or something to blame. (Jon
Stewart has an excellent bit on the Virginia Tech scapegoat search, and
media coverage in general.) But sometimes there is no scapegoat to be
found; sometimes we did everything right, but just got unlucky. We
simply can't prevent a lone nutcase from shooting people at random;
there's no security measure that would work.
As circular as it sounds, rare events are rare primarily because they
don't occur very often, and not because of any preventive security
measures. And implementing security measures to make these rare events
even rarer is like the joke about the guy who stomps around his house to
keep the elephants away.
"Elephants? There are no elephants in this neighborhood," says a neighbor.
"See how well it works!"
If you want to do something that makes security sense, figure out what's
common among a bunch of rare events, and concentrate your
countermeasures there. Focus on the general risk of terrorism, and not
the specific threat of airplane bombings using liquid explosives. Focus
on the general risk of troubled young adults, and not the specific
threat of a lone gunman wandering around a college campus. Ignore the
movie-plot threats, and concentrate on the real risks.
Irrational reactions:
http://arstechnica.com/news.ars/post/20070502-student-creates-counter-strike-map-gets-kicked-out-of-school.html
or http://tinyurl.com/2dbl67
http://www.boingboing.net/2007/05/03/webcomic_artist_fire.html
http://www.yaledailynews.com/articles/view/20843
http://yaledailynews.com/articles/view/20913
http://www.msnbc.msn.com/id/18645623/
Risks of school shootings (from 2000):
http://www.cdc.gov/HealthyYouth/injury/pdf/violenceactivities.pdf
Crime statistics -- strangers vs. acquaintances:
http://www.fbi.gov/ucr/05cius/offenses/expanded_information/data/shrtable_09.html
or http://tinyurl.com/2qbtae
Me on the psychology of risk and security:
http://www.schneier.com/essay-155.html
Risk of shark attacks:
http://www.oceanconservancy.org/site/DocServer/fsSharks.pdf
Ashcroft speech:
http://www.highbeam.com/doc/1G1-107985887.html
Me on security theater:
http://www.schneier.com/essay-154.html
Baseball beer ban:
http://blogs.csoonline.com/baseballs_big_beer_ban
Nicholas Taub essay:
http://www.fooledbyrandomness.com/nyt2.htm
http://www.telegraph.co.uk/opinion/main.jhtml?xml=/opinion/2007/04/22/do2201.xml
or http://tinyurl.com/3bewfy
VA Tech and gun control:
http://abcnews.go.com/International/wireStory?id=3050071&CMP=OTC-RSSFeeds0312
or http://tinyurl.com/25js4o
http://www.cnn.com/2007/US/04/19/commentary.nugent/index.html
VA Tech hindsight:
http://news.independent.co.uk/world/americas/article2465962.ece
http://www.mercurynews.com/charliemccollum/ci_5701552
Jon Stewart video:
http://www.comedycentral.com/motherload/player.jhtml?ml_video=85992
Me on movie-plot threats:
http://www.schneier.com/essay-087.html
Another opinion:
http://www.socialaffairsunit.org.uk/blog/archives/000512.php
This essay originally appeared on Wired.com, my 42nd essay on that site.
http://www.wired.com/politics/security/commentary/securitymatters/2007/05/securitymatters_0517
or http://tinyurl.com/26cxcs
French translation:
http://archiloque.net/spip.php?rubriques2&periode=2007-06#
** *** ***** ******* *********** *************
Tactics, Targets, and Objectives
If you encounter an aggressive lion, stare him down. But not a leopard;
avoid his gaze at all costs. In both cases, back away slowly; don't run.
If you stumble on a pack of hyenas, run and climb a tree; hyenas can't
climb trees. But don't do that if you're being chased by an elephant;
he'll just knock the tree down. Stand still until he forgets about you.
I spent the last few days on safari in a South African game park, and
this was just some of the security advice we were all given. What's
interesting about this advice is how well-defined it is. The defenses
might not be terribly effective -- you still might get eaten, gored or
trampled -- but they're your best hope. Doing something else isn't
advised, because animals do the same things over and over again. These
are security countermeasures against specific tactics.
Lions and leopards learn tactics that work for them, and I was taught
tactics to defend myself. Humans are intelligent, and that means we are
more adaptable than animals. But we're also, generally speaking, lazy
and stupid; and, like a lion or hyena, we will repeat tactics that work.
Pickpockets use the same tricks over and over again. So do phishers, and
school shooters. If improvised explosive devices didn't work often
enough, Iraqi insurgents would do something else.
So security against people generally focuses on tactics as well.
A friend of mine recently asked me where she should hide her jewelry in
her apartment, so that burglars wouldn't find it. Burglars tend to look
in the same places all the time -- dresser tops, night tables, dresser
drawers, bathroom counters -- so hiding valuables somewhere else is more
likely to be effective, especially against a burglar who is pressed for
time. Leave decoy cash and jewelry in an obvious place so a burglar will
think he's found your stash and then leave. Again, there's no guarantee
of success, but it's your best hope.
The key to these countermeasures is to find the pattern: the common
attack tactic that is worth defending against. That takes data. A single
instance of an attack that didn't work -- liquid bombs, shoe bombs -- or
one instance that did -- 9/11 -- is not a pattern. Implementing
defensive tactics against them is the same as my safari guide saying:
"We've only ever heard of one tourist encountering a lion. He stared it
down and survived. Another tourist tried the same thing with a leopard,
and he got eaten. So when you see a lion...." The advice I was given was
based on thousands of years of collective wisdom from people
encountering African animals again and again.
Compare this with the Transportation Security Administration's approach.
With every unique threat, TSA implements a countermeasure with no basis
to say that it helps, or that the threat will ever recur.
Furthermore, human attackers can adapt more quickly than lions. A lion
won't learn that he should ignore people who stare him down, and eat
them anyway. But people will learn. Burglars now know the common
"secret" places people hide their valuables -- the toilet, cereal boxes,
the refrigerator and freezer, the medicine cabinet, under the bed -- and
look there. I told my friend to find a different secret place, and to
put decoy valuables in a more obvious place.
This is the arms race of security. Common attack tactics result in
common countermeasures. Eventually, those countermeasures will be evaded
and new attack tactics developed. These, in turn, require new
countermeasures. You can easily see this in the constant arms race that
is credit card fraud, ATM fraud or automobile theft.
The result of these tactic-specific security countermeasures is to make
the attacker go elsewhere. For the most part, the attacker doesn't
particularly care about the target. Lions don't care who or what they
eat; to a lion, you're just a conveniently packaged bag of protein.
Burglars don't care which house they rob, and terrorists don't care who
they kill. If your countermeasure makes the lion attack an impala
instead of you, or if your burglar alarm makes the burglar rob the house
next door instead of yours, that's a win for you.
Tactics matter less if the attacker is after you personally. If, for
example, you have a priceless painting hanging in your living room and
the burglar knows it, he's not going to rob the house next door instead
-- even if you have a burglar alarm. He's going to figure out how to
defeat your system. Or he'll stop you at gunpoint and force you to open
the door. Or he'll pose as an air-conditioner repairman. What matters is
the target, and a good attacker will consider a variety of tactics to
reach his target.
This approach requires a different kind of countermeasure, but it's
still well-understood in the security world. For people, it's what alarm
companies, insurance companies and bodyguards specialize in. President
Bush needs a different level of protection against targeted attacks than
Bill Gates does, and I need a different level of protection than either
of them. It would be foolish of me to hire bodyguards in case someone
was targeting me for robbery or kidnapping. Yes, I would be more secure,
but it's not a good security trade-off.
Al-Qaeda terrorism is different yet again. The goal is to terrorize. It
doesn't care about the target, but it doesn't have any pattern of
tactic, either. Given that, the best way to spend our counterterrorism
dollar is on intelligence, investigation and emergency response. And to
refuse to be terrorized.
These measures are effective because they don't assume any particular
tactic, and they don't assume any particular target. We should only
apply specific countermeasures when the cost-benefit ratio makes sense
(reinforcing airplane cockpit doors) or when a specific tactic is
repeatedly observed (lions attacking people who don't stare them down).
Otherwise, general countermeasures are far more effective a defense.
Safari security advice:
http://www.cybertracker.co.za/DangerousAnimals.html
School shooter security advice:
http://www.ucpd.ucla.edu/ucpd/zippdf/2007/Active%20Shooter%20Safety%20Tips.pdf
or http://tinyurl.com/2qvgyg
Burglar security advice:
http://www.pfadvice.com/2007/02/05/the-best-place-to-hide-money-conversation-with-a-burglar/
or http://tinyurl.com/ywdoy9
http://www.pfadvice.com/2007/03/06/dont-hide-money-in-the-toilet-more-conversation-with-a-burglar/
or http://tinyurl.com/236wbs
Me on terrorism:
http://www.schneier.com/essay-096.html
http://www.schneier.com/blog/archives/2006/08/terrorism_secur.html
http://www.schneier.com/blog/archives/2005/09/katrina_and_sec.html
http://www.schneier.com/blog/archives/2006/08/what_the_terror.html
Learning behavior in tigers:
http://www.cptigers.org/animals/species.asp?speciesID=9
This essay originally appeared on Wired.com.
http://www.wired.com/print/politics/security/commentary/securitymatters/2007/05/securitymatters_0531
or http://tinyurl.com/2zdghw
** *** ***** ******* *********** *************
News
In an effort to prevent terrorism, parts of the mobile phone network
will be disabled when President Bush visits Australia. I've written
about this kind of thing before; it's a perfect example of security
theater: a countermeasure that works if you happen to guess the specific
details of the plot correctly, and completely useless otherwise. On the
plus side, it's only a small area that's blocked.
http://www.smh.com.au/news/NATIONAL/Mobiles-to-drop-out-during-Bush-visit/2007/05/16/1178995171116.html
or http://tinyurl.com/2e8nbo
http://www.schneier.com/blog/archives/2007/04/triggering_bomb.html
http://it.slashdot.org/it/07/05/17/1221255.shtml
http://www.theregister.co.uk/2007/05/18/black_helicopter_george_bush_down_under/
or http://tinyurl.com/2p266j
Dan Geer writes about security trade-offs, monoculture, and genetic
diversity in honeybees:
http://geer.tinho.net/acm.geer.0704.pdf
The e-mail EPIC Alert comes out twice a week from the Electronic Privacy
Information Center. It's a great resource for information on privacy
and policy, both in the U.S. and abroad.
http://www.epic.org/alert/
WEP attack researchers explain how their attack on the 802.11 wireless
security protocol works.
http://www.theregister.co.uk/2007/05/15/wep_crack_interview/
http://www.schneier.com/blog/archives/2007/05/interview_with_5.html
Airline security cartoon -- literal CYA security:
http://www.clarionledger.com/misc/blogs/mramsey/uploaded_images/bilde-2-780665.jpg
or http://tinyurl.com/2as767
Funny "Saturday Night Live" TSA skit:
http://www.youtube.com/watch?v=ykzqFz_nHZE
Here's a joke that'll get you arrested:
http://www.schneier.com/blog/archives/2007/05/joke_thatll_get_1.html
London is running a dirty-bomb drill. Mostly a movie-plot threat, but
these sorts of drills are useful, regardless of the scenario. Honestly,
though, plain old explosives are much more of a risk than these exotic
bombs. Although with a dirty bomb, the media-inspired panic would
certainly be a huge factor.
http://www.theregister.co.uk/2007/05/18/dirty_bomb_test_in_marylebone/
We have a new factoring record: 307 digits (1023 bits). It's a special
number -- 2^1039 - 1 -- but the techniques can be generalized. Expect
regular 1024-bit numbers to be factored soon. I hope RSA application
users would have moved away from 1024-bit security years ago, but for
those who haven't yet: wake up.
http://www.physorg.com/news98962171.html
On the futility of fighting online pirates:
http://www.forbes.com/2007/05/04/youtube-piratesbay-piracy-tech-cx_ag_0507pirates.htmlhttp://yro.slashdot.org/yro/07/05/17/1749259.shtml
or http://tinyurl.com/28rwnm
Good article on image spam:
http://csoonline.com/read/040107/fea_spam.html
Definitely look at the interactive graphics page.
http://csoonline.com/read/040107/fea_spam_by_the_numbers.html
>From the U.S. GAO: "Aviation Security: Efforts to Strengthen
International Prescreening are Under Way, but Planning and
Implementations Remain," May 2007. Worth reading the summary, at least.
http://www.gao.gov/new.items/d07346.pdf
The TSA airport security screeners caught a guy in a fake uniform. It
reads like a joke. We spend billions on airport security, and we have
so little to show for it that the TSA has to make a big deal about the
crime of impersonating a member of the military?
http://www.tsa.gov/press/happenings/florida_uniform.shtm
UK police using military drones: yet another step in the militarization
of the police.
http://news.bbc.co.uk/1/hi/england/merseyside/6676809.stm
Criminals hijack large web hosting firm. "The company claims to have
more than 700,000 customers. If we assume for the moment the small
segment of IPOWER servers Security Fix analyzed is fairly representative
of a larger trend, IPOWER may well be home to nearly a quarter-million
malicious Web sites."
http://blog.washingtonpost.com/securityfix/2007/05/cyber_crooks_hijack_activities_1.html
or http://tinyurl.com/ysbalr
The FBI has lousy security against insider attacks, according to a GAO
report.
http://www.pcworld.com/article/id,132250-c,privacysecurity/article.html
or http://tinyurl.com/yt86mg
Interesting spoofing attack:
http://www.theregister.co.uk/2007/05/25/strange_spoofing_technique/
I thought terrorism is why we have a DHS, but they've been preoccupied
with other things: "Of the 814,073 people charged by DHS in immigration
courts during the past three years, 12 faced charges of terrorism, TRAC
said." TRAC is a great group, and I recommend wandering around their
site if you're interested in what the U.S. government is actually doing.
http://www.cnn.com/2007/POLITICS/05/27/homeland.security.record/index.html
or http://tinyurl.com/3xre8e
http://trac.syr.edu/
Last November, the Data Privacy and Integrity Advisory Committee of the
Department of Homeland Security recommended against putting RFID chips
in identity cards. DHS ignored them, and went ahead with the project
anyway. Now, the Smart Card Alliance is criticizing the DHS's RFID
program for cross-border identification -- the People Access Security
Services (PASS) cards -- basically saying that it is making the very
mistakes the Data Privacy and Integrity Advisory Committee warned about.
http://www.gcn.com/online/vol1_no1/44338-1.html
http://www.schneier.com/blog/archives/2006/11/dhs_privacy_com.html
http://www.schneier.com/blog/archives/2007/05/rfid_in_people.html
This is a surreal story from 2005 of someone who was chained up for
hours for trying to spend $2 bills. Clerks at Best Buy thought the
bills were counterfeit, and had him arrested. The most surreal quote of
the article is the last sentence: "Commenting on the incident,
Baltimore County police spokesman Bill Toohey told the Sun: 'It's a sign
that we're all a little nervous in the post-9/11 world.'" What in the
world do the terrorist attacks of 9/11 have to do with counterfeiting?
How does being "a little nervous in the post-9/11 world" have anything
to do with this incident? Counterfeiting is not terrorism; it isn't
even a little bit like terrorism.
http://www.worldnetdaily.com/news/article.asp?ARTICLE_ID=43685
Port defense against swimming terrorists: cool science and engineering,
but definitely a movie-plot threat.
http://blog.wired.com/defense/2007/05/how_to_stop_a_s.html
DHS uses actual science-fiction writers to help develop movie-plot
threats. At least they're honest about it this time.
http://www.usatoday.com/tech/science/2007-05-29-deviant-thinkers-security_N.htm
or http://tinyurl.com/3cys5h
Head-mounted police cameras in the UK:
http://www.manchestereveningnews.co.uk/news/s/1007/1007600_super_wardens_go_on_patrol.html
or http://tinyurl.com/29tdzr
I haven't written anything about the cyberwar between Russia and Estonia
because, well, because I didn't think there was anything new to say. We
know that this kind of thing is possible. We don't have any definitive
proof that Russia was behind it. But it would be foolish to think that
the various world's militaries don't have capabilities like this. And
anyway, I wrote about cyberwar back in January 2005.
http://www.schneier.com/crypto-gram-0501.html#10
Information leakage in the Slingbox:
http://www.freedom-to-tinker.com/?p=1163
http://www.cs.washington.edu/research/security/usenix07devices.html
Outfitting moths with sensors:
http://government.zdnet.com/?p=3189
Teaching computers how to forget: an article on the huge amount of data
that now follows us through life, and whether we'd be better off it
computers "forgot" things after a set amount of time:
http://arstechnica.com/news.ars/post/20070509-escaping-the-data-panopticon-teaching-computers-to-forget.html
or http://tinyurl.com/272629
http://ksgnotes1.harvard.edu/Research/wpaper.nsf/rwp/RWP07-022/$File/rwp_07_022_mayer-schoenberger.pdf
or http://tinyurl.com/yq8llf
More about this issue:
http://www.concurringopinions.com/archives/2007/05/the_right_to_de.html
or http://tinyurl.com/2fhlgb
http://www.harvardlawreview.org/forum/issues/119/dec05/ohm.shtml
http://www.lcs.gov.bc.ca/privacyaccess/Conferences/Feb2007/ConfPresentations/Perlman-Radia-keynote.pdf
or http://tinyurl.com/345rte
http://www.washingtonpost.com/wp-dyn/content/article/2007/05/15/AR2007051501873.html
or http://tinyurl.com/2o9kw5
I've written about this, too:
http://www.schneier.com/essay-109.html
http://www.schneier.com/essay-129.html
There have been some interesting court cases in the U.S. about computer
searches and third-party consent:
http://www.law.com/jsp/article.jsp?id=1179092588804
http://www.wired.com/politics/law/commentary/circuitcourt/2007/05/circuitcourt_0523
or http://tinyurl.com/2gr7om
Interesting terrorism statistics: "The majority of terrorist attacks
result in no fatalities, with just 1 percent of such attacks causing the
deaths of 25 or more people.... The database identifies more than
30,000 bombings, 13,400 assassinations and 3,200 kidnappings. Also, it
details more than 1,200 terrorist attacks within the United States." A
lot of this depends on your definition of "terrorism," but it's
interesting stuff.
http://www.livescience.com/history/070524_terrorism_database.html
http://www.start.umd.edu/data/gtd/
The Department of Homeland Security is soliciting research proposals in
computer and network security. There are nine research areas: Botnets
and Other Malware: Detection and Mitigation, Composable and Scalable
Secure Systems, Cyber Security Metrics, Network Data Visualization for
Information Assurance, Internet Tomography/Topography, Routing Security
Management Tool, Process Control System Security, Data Anonymization
Tools and Techniques, and Insider Threat Detection and Mitigation.
http://www.hsarpabaa.com/Solicitations/BAA07-09_CyberSecurityRD_Posted_05162007.pdf
or http://tinyurl.com/yv85ne
Remote metal sensors used to detect poachers. I'm sure this technology
has more value on the battlefield.
http://www.technologyreview.com/Biotech/18722/
The Data Privacy and Integrity Advisory Committee of the Department of
Homeland Security has issued an excellent report on REAL ID:
http://www.dhs.gov/xlibrary/assets/privacy/privacy_advcom_05-2007_realid.pdf
or http://tinyurl.com/2bbyqv
Great article on perceived vs. actual risks to children, and how overly
protecting them can actually cause harm.
http://news.bbc.co.uk/1/hi/education/6720661.stm
Commentary:
http://www.timesonline.co.uk/tol/comment/columnists/alice_miles/article1890234.ece
or http://tinyurl.com/3bthca
Two shielding stories:
Special underwear protects wearers from infrared photographers.
http://inventorspot.com/new_shot_guard_underwear_infrared_protection_photographers
or http://tinyurl.com/2mjap4
And a window film that blocks electromagnetic radiation but lets in light.
http://www.stltoday.com/stltoday/business/stories.nsf/0/F1B4A7E978173C10862572E7000AA32B?OpenDocument
or http://tinyurl.com/2ax9gd
Somehow, I don't see either becoming a mass-market consumer item,
although I can certainly imagine military facilities installing the latter.
The DHS wants universities to inventory a long list of chemicals.
Interesting stuff about specific chemicals in the article.
http://www.theregister.co.uk/2007/06/02/dhs_dud_interesting_chemicals/
DNA-based watermarks. It's not cryptography -- despite the name -- but
it's interesting.
http://www.biomedcentral.com/1471-2105/8/176/abstract
New directions in malware: evasive malicious code. Just another step in
the never-ending arms race of network security.
http://news.zdnet.co.uk/security/0,1000000189,39287357,00.htm
More on Kish's encryption scheme:
http://www.arxiv.org/abs/physics/0612153
And a paper claiming this is totally insecure:
http://www.lightbluetouchpaper.org/2006/10/08/kishs-totally-secure-system-is-insecure/
or http://tinyurl.com/2y87wx
Again, I don't have the EE background to know who's right. But this is
exactly the sort of back-and-forth I want to see. My previous article
on the topic:
http://www.schneier.com/essay-099.html
The growing problem of license plate cloning:
http://news.bbc.co.uk/1/hi/uk/6707367.stm
Interesting paper: "Data Mining and the Security-Liberty Debate," by
Daniel J. Solove.
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=990030
Dorky real-life/Second-Life security awareness video:
http://www.youtube.com/watch?v=WMe3gbC-dXc
According to the Kennedy Space Center website, "stand alone GPS
equipment is not permitted on property." It's okay if they're embedded
in your phone or computer, though.
http://www.kennedyspacecenter.com/visitKSC/NASAtours/security.asp
** *** ***** ******* *********** *************
Portrait of the Modern Terrorist as an Idiot
The recently publicized terrorist plot to blow up John F. Kennedy
International Airport, like so many of the terrorist plots over the past
few years, is a study in alarmism and incompetence: on the part of the
terrorists, our government and the press.
Terrorism is a real threat, and one that needs to be addressed by
appropriate means. But allowing ourselves to be terrorized by wannabe
terrorists and unrealistic plots -- and worse, allowing our essential
freedoms to be lost by using them as an excuse -- is wrong.
The alleged plan, to blow up JFK's fuel tanks and a small segment of the
40-mile petroleum pipeline that supplies the airport, was ridiculous.
The fuel tanks are thick-walled, making them hard to damage. The airport
tanks are separated from the pipelines by cutoff valves, so even if a
fire broke out at the tanks, it would not back up into the pipelines.
And the pipeline couldn't blow up in any case, since there's no oxygen
to aid combustion. Not that the terrorists ever got to the stage -- or
demonstrated that they could get there -- where they actually obtained
explosives. Or even a current map of the airport's infrastructure.
But read what Russell Defreitas, the lead terrorist, had to say:
"Anytime you hit Kennedy, it is the most hurtful thing to the United
States. To hit John F. Kennedy, wow.... They love JFK -- he's like the
man. If you hit that, the whole country will be in mourning. It's like
you can kill the man twice."
If these are the terrorists we're fighting, we've got a pretty
incompetent enemy.
You couldn't tell that from the press reports, though. "The devastation
that would be caused had this plot succeeded is just unthinkable," U.S.
Attorney Roslynn R. Mauskopf said at a news conference, calling it "one
of the most chilling plots imaginable." Sen. Arlen Specter
(R-Pennsylvania) added, "It had the potential to be another 9/11."
These people are just as deluded as Defreitas.
The only voice of reason out there seemed to be New York's Mayor Michael
Bloomberg, who said: "There are lots of threats to you in the world.
There's the threat of a heart attack for genetic reasons. You can't sit
there and worry about everything. Get a life.... You have a much greater
danger of being hit by lightning than being struck by a terrorist."
And he was widely excoriated for it.
This isn't the first time a bunch of incompetent terrorists with an
infeasible plot have been painted by the media as poised to do all sorts
of damage to America. In May we learned about a six-man plan to stage an
attack on Fort Dix by getting in disguised as pizza deliverymen and
shooting as many soldiers and Humvees as they could, then retreating
without losses to fight again another day. Their plan, such as it was,
went awry when they took a videotape of themselves at weapons practice
to a store for duplication and transfer to DVD. The store clerk
contacted the police, who in turn contacted the FBI. (Thank you to the
video store clerk for not overreacting, and to the FBI agent for
infiltrating the group.)
The "Miami 7," caught last year for plotting -- among other things -- to
blow up the Sears Tower, were another incompetent group: no weapons, no
bombs, no expertise, no money and no operational skill. And don't forget
Iyman Faris, the Ohio trucker who was convicted in 2003 for the
laughable plot to take out the Brooklyn Bridge with a blowtorch. At
least he eventually decided that the plan was unlikely to succeed.
I don't think these nut jobs, with their movie-plot threats, even
deserve the moniker "terrorist." But in this country, while you have to
be competent to pull off a terrorist attack, you don't have to be
competent to cause terror. All you need to do is start plotting an
attack and -- regardless of whether or not you have a viable plan,
weapons or even the faintest clue -- the media will aid you in
terrorizing the entire population.
The most ridiculous JFK Airport-related story goes to the New York Daily
News, with its interview with a waitress who served Defreitas salmon;
the front-page headline blared, "Evil Ate at Table Eight."
Following one of these abortive terror misadventures, the administration
invariably jumps on the news to trumpet whatever ineffective "security"
measure they're trying to push, whether it be national ID cards,
wholesale National Security Agency eavesdropping or massive data mining.
Never mind that in all these cases, what caught the bad guys was
old-fashioned police work -- the kind of thing you'd see in decades-old
spy movies.
The administration repeatedly credited the apprehension of Faris to the
NSA's warrantless eavesdropping programs, even though it's just not
true. The 9/11 terrorists were no different; they succeeded partly
because the FBI and CIA didn't follow the leads before the attacks.
Even the London liquid bombers were caught through traditional
investigation and intelligence, but this doesn't stop Secretary of
Homeland Security Michael Chertoff from using them to justify access to
airline passenger data.
Of course, even incompetent terrorists can cause damage. This has been
repeatedly proven in Israel, and if shoe-bomber Richard Reid had been
just a little less stupid and ignited his shoes in the lavatory, he
might have taken out an airplane.
So these people should be locked up ... assuming they are actually
guilty, that is. Despite the initial press frenzies, the actual details
of the cases frequently turn out to be far less damning. Too often it's
unclear whether the defendants are actually guilty, or if the police
created a crime where none existed before.
The JFK Airport plotters seem to have been egged on by an informant, a
twice-convicted drug dealer. An FBI informant almost certainly pushed
the Fort Dix plotters to do things they wouldn't have ordinarily done.
The Miami gang's Sears Tower plot was suggested by an FBI undercover
agent who infiltrated the group. And in 2003, it took an elaborate sting
operation involving three countries to arrest an arms dealer for selling
a surface-to-air missile to an ostensible Muslim extremist. Entrapment
is a very real possibility in all of these cases.
The rest of them stink of exaggeration. Jose Padilla was not actually
prepared to detonate a dirty bomb in the United States, despite
histrionic administration claims to the contrary. Now that the trial is
proceeding, the best the government can charge him with is conspiracy to
murder, kidnap and maim, and it seems unlikely that the charges will
stick. An alleged ringleader of the U.K. liquid bombers, Rashid Rauf,
had charges of terrorism dropped for lack of evidence (of the 25
arrested, only 16 were charged). And now it seems like the JFK
mastermind was more talk than action, too.
Remember the "Lackawanna Six," those terrorists from upstate New York
who pleaded guilty in 2003 to "providing support or resources to a
foreign terrorist organization"? They entered their plea because they
were threatened with being removed from the legal system altogether. We
have no idea if they were actually guilty, or of what.
Even under the best of circumstances, these are difficult prosecutions.
Arresting people before they've carried out their plans means trying to
prove intent, which rapidly slips into the province of thought crime.
Regularly the prosecution uses obtuse religious literature in the
defendants' homes to prove what they believe, and this can result in
courtroom debates on Islamic theology. And then there's the issue of
demonstrating a connection between a book on a shelf and an idea in the
defendant's head, as if your reading of this article -- or purchasing of
my book -- proves that you agree with everything I say. (The Atlantic
recently published a fascinating article on this.)
I'll be the first to admit that I don't have all the facts in any of
these cases. None of us do. So let's have some healthy skepticism.
Skepticism when we read about these terrorist masterminds who were
poised to kill thousands of people and do incalculable damage.
Skepticism when we're told that their arrest proves that we need to give
away our own freedoms and liberties. And skepticism that those arrested
are even guilty in the first place.
There is a real threat of terrorism. And while I'm all in favor of the
terrorists' continuing incompetence, I know that some will prove more
capable. We need real security that doesn't require us to guess the
tactic or the target: intelligence and investigation -- the very things
that caught all these terrorist wannabes -- and emergency response. But
the "war on terror" rhetoric is more politics than rationality. We
shouldn't let the politics of fear make us less safe.
There a zillion links associated with this essay. You can find them on
the online version:
http://www.schneier.com/blog/archives/2007/06/portrait_of_the.html
This essay originally appeared on Wired.com:
http://www.wired.com/politics/security/commentary/securitymatters/2007/06/securitymatters_0614
or http://tinyurl.com/29mxc5
** *** ***** ******* *********** *************
Teaching Viruses
Over two years ago, George Ledin wrote an essay in "Communications of
the ACM," where he advocated teaching worms and viruses to computer
science majors: "Computer science students should learn to recognize,
analyze, disable, and remove malware. To do so, they must study
currently circulating viruses and worms, and program their own.
Programming is to computer science what field training is to police work
and clinical experience is to surgery. Reading a book is not enough. Why
does industry hire convicted hackers as security consultants? Because we
have failed to educate our majors."
This spring semester, he taught the course at Sonoma State University.
It got a lot of press coverage. No one wrote a virus for a class
project. No new malware got into the wild. No new breed of
supervillain graduated.
Teaching this stuff is just plain smart.
Essay:
http://www.csl.sri.com/neumann/insiderisks05.html#175
http://www.sonoma.edu/pubs/newsrelease/archives/001090.html
http://www1.pressdemocrat.com/apps/pbcs.dll/article?AID=/20070522/NEWS/705220312/1033/NEWS01
or http://tinyurl.com/ytrbzs
http://blogs.pcworld.com/staffblog/archives/004452.html
http://www1.pressdemocrat.com/apps/pbcs.dll/article?AID=/20070526/NEWS/705260309/1043/OPINION01
or http://tinyurl.com/2e2anv
http://www.hardocp.com/news.html?news=MjU5NzgsLCxoZW50aHVzaWFzdCwsLDE
http://technews.acm.org/archives.cfm?fo=2007-05-may/may-25-2007.html#313412
or http://tinyurl.com/yuur5l
http://www.calstate.edu/pa/clips2007/may/22may/virus.shtml
** *** ***** ******* *********** *************
Bush's Watch Stolen?
Watch the video very carefully; it's President Bush working the crowds
in Albania. 0.50 seconds into the clip, Bush has a watch. 1.04 seconds
into the clip, he had a watch.
The U.S. is denying that his watch was stolen: "Photographs showed
Bush, surrounded by five bodyguards, putting his hands behind his back
so one of the bodyguards could remove his watch."
I simply don't see that in the video. Bush's arm is out in front of him
during the entire nine seconds between those stills.
Another denial: "An Albanian bodyguard who accompanied Bush in the town
told The Associated Press he had seen one of his U.S. colleagues close
to Bush bend down and pick up the watch."
That's certainly possible; it may have fallen off.
But possibly the pickpocket of the century. (Although would anyone
actually be stupid enough to try? There must be a zillion
easier-to-steal watches in that crowd, many of them nicer than Bush's.)
Video clip:
http://www.youtube.com/watch?v=PKDdF6vfjoo
Denials:
http://uk.reuters.com/article/oddlyEnoughNews/idUKL1285325620070612
http://www.guardian.co.uk/worldlatest/story/0,,-6703190,00.html
** *** ***** ******* *********** *************
Schneier/BT Counterpane News
Interview with me from "Infosecurity Magazine":
http://www.infosecurity-magazine.com/features/mayjune07/interview_schneier.html
or http://tinyurl.com/2cvs45
Interview with me from IT Security:
http://www.itsecurity.com/interviews/interview-bruice-schneier-051607/
At the kickoff reception for the IT Security Summit in Johannesburg,
there was a bit of industrial theater about identity theft. Someone
tried to pretend he was me; it was pretty funny, really. Someone
captured my discussion after on video.
http://blogs.zdnet.com/threatchaos/?p=458
Two interviews with me in Norwegian:
http://www.dagensit.no/bedrifts-it/article1104925.ece
http://www.digi.no/php/art.php?id=384118
Schneier is speaking at the I-4 Conference on June 25th in Milan.
https://i4online.com/
Schneier is speaking at Secure 2007 on June 26th in Bad Homburg, Germany.
http://www.secure2007.de/
** *** ***** ******* *********** *************
Second Movie-Plot Threat Contest Winner
On April 1, I announced the Second Annual Movie-Plot Threat Contest:
"Your goal: invent a terrorist plot to hijack or blow up an airplane
with a commonly carried item as a key component. The component should be
so critical to the plot that the TSA will have no choice but to ban the
item once the plot is uncovered. I want to see a plot horrific and
ridiculous, but just plausible enough to take seriously.
"Make the TSA ban wristwatches. Or laptop computers. Or polyester. Or
zippers over three inches long. You get the idea.
"Your entry will be judged on the common item that the TSA has no choice
but to ban, as well as the cleverness of the plot. It has to be
realistic; no science fiction, please. And the write-up is critical;
last year the best entries were the most entertaining to read."
On June 5, I posted three semi-finalists out of the 334 comments:
* Butterflies and beverages; water must be banned.
* Dimethylmercury; security checkpoints must be banned, but of course
they can't be. Oh, what to do!
* Oxy-hydrogen bomb; wires -- earphones, power cables, etc. -- must be
banned.
Well, we have a winner. I can't divulge the exact formula -- because
you'll all hack the system next year -- but it was a combination of my
opinion, popular acclaim in blog comments, and the opinion of Tom Grant
(the previous year's winner -- not his real name).
The winner is: "Butterflies and Beverages," posted by Ron. (Ron gets
signed copies of my books, a $50 Amazon gift certificate contributed by
a reader, and -- if I can find one -- an interview with a real-live
movie director. (Does anyone know one?) We hope that one of his prizes
isn't a visit by the FBI.)
Here is the winning entry:
It must have been a pretty meadow, Wilkes thought, just a day before. He
tried to picture how it looked then: without the long, wide wound in the
earth, without the charred and broken fuselage of the jet that gouged it
out, before the rolling ground was strewn with papers and cushions and
random bits of plastic and fabric and all the things inside the plane
that lay like the confetti from a brief, fiery parade.
Yes, a nice little spot, just far enough from the airport's runways to
be not too noisy, but close enough to watch the planes going in and out,
fortunately just a bit too close to have been developed. When the plane
rolled over and angled downward, not even a mile past the end of the
runway, at least the only people at risk were the ones on the plane. For
them, it was mercifully quick, the impact breaking their necks before
the breaking wing tanks ignited in sheets of flame, the charred bodies
still in their seats.
He spotted the NTSB guy, standing by the forward half of the fuselage,
easy to spot among the FAA and local airport people -- they were always
the only suits in the crowd. Heading over, Wilkes saw this one wasn't
going to be too hard: when planes came down intact like this, breaking
in to just a few pieces on impact, the cause was always easier to find.
This one looked to be no exception.
He muttered to the suit, "Wilkes," gesturing at the badge clipped to his
shirt. No need to get too friendly, they'd file separate reports anyway.
As long as they were remotely on the same page, there wasn't much need
to actually talk to the guy. "What's this little gem?" he wondered
aloud, looking at the hole in the side of the downed jet.
"Explosion," drawled the NTSB guy; he had that Chuck Yeager slow-play
sound, Wilkes thought, like someone who could sound calm describing
Armageddon. "Looks like it was from the inside, something just big
enough to rip a few square feet out of the side. Enough to throw it on
its side"
"And if the plane is low enough, still taking off, with the engines near
full thrust, it rolls over and down too fastb&" he trailed off, picturing
the result.
"Yep, all in a couple of seconds. Too quick for the flight crew to have
time to get it back." The NTSB guy shook his head, the id clipped to his
suit jacket swaying back and forth with the motion. "Always the best
time if you're going to take a bird down: takeoff or landing, guess
whoever did this one wanted to get it over with sooner rather than
later." He snorted in derision, "Somebody snuck in an explosive, must
have been a screener havin' an off day."
"Maybe," said Wilkes, not ready to write it off as just a screener's
error. The NTSB guys were always quick to find a bad decision, one human
error, and explain the whole thing away. But Wilkes' job was to find the
flaws in the systems, the procedures, the way to come up with
prophylactic precautions. Maybe there was nothing more than a screener
who didn't spot a grenade or a stick of dynamite, something so obvious
that there was nothing to do but chalk up a hundred and eighty three
dead lives to one madman and one very bad TSA employee.
But maybe not. That's when Wilkes spotted the first two of the
butterflies. Bright yellow against the charred black of the burned
wreckage, they seemed like the most incongruous things -- and as he
thought this, another appeared.
As they took photos and made measurements, more showed up -- by ones and
twos, a few flying away, but gradually building up to dozens over the
course of the morning. Odd, the NTSB rep agreed, but nothing that tells
us anything about the terrorist who brought down that plane.
Wilkes wasn't so sure. Nature was handing out a big fat clue here, he
was sure of that. What he wasn't sure of was what in the hell it could
possibly mean.
He leaned in close with the camera on his phone, getting some good close
images of the colorful insects, emailing back to the office with a
request to reach out to an expert. He needed a phone consult, someone
who knew the behavior of this particular butterfly, someone who could
put him on the right track.
Within minutes, his phone was buzzing, with a conference call already
set up with a professor of entomology, and even better one local to the
area; a local might know this bug better than an academic from a more
prestigious, but distant university.
He was half-listening during the introductions, Wilkes wasn't interested
in this guy's particulars, the regional team would have that all
available if he needed it later. He just wanted answers.
"Pieridae," the professor offered, "and all males, I'd bet."
"Okay," Wilkes answered, wondering if he this really would tell him
anything. "Why are they all over my bomb hole?"
"I can't be sure, but it must be something attracting them. These are
commonly called 'sulfur butterflies', could there be sulfur on your
wreckage?"
Yeah, Wilkes thought, this is looking like a wild goose chase. "No
sulfur, we already did a quick chem test for it. Anything else these
little fellas like?"
"Sure, but not something you'd be likely to find in a bomb -- just
sodium. They package it up with their sperm and deliver it to the female
as an extra little bonus -- sort of the flowers and candy of the
butterfly world."
"Okay, that'sb&wow, the things I learn in this job. Sorry to bother you,
sir, I guess it's justb&yeah, thanks."
Butterfly sperm -- now this might set a new record for useless trivia
learned in a crash investigation. Unbelievable.
The NTSB guy wandered over, seeing Wilkes was off the phone. "Get
anything from your expert?" he queried, trying and failing to suppress a
grin. Wilkes suspected there would soon be a story going around the NTSB
office about the FAA "butterfly guy"; ah well, better to be infamous
than anonymous.
"Nah, not much. The little guys like sulfur," Wilkes offered, seeing his
counterpart give a cynical chuckle at that, "and sodium. Unless there
was a whole lot of salt packed around the perp's explosive, our little
yellow friends are just a mystery."
The NTSB rep got a funny look on his face, a faraway look. "Sodium. An
explosive that leaves behind sodium. Well, that could beb&"
They looked at each other, both heading to the same conclusion, both
reluctant to get there. Wilkes said it first: "Sodium metal. Cheap, easy
to get, it would have to be: sodium metal."
"And easy," the NTSB rep drawled, "to sneak on the plane. The stuff is
soft, but you could fashion it in to any simple things: eyeglass frames,
belt buckles, buttons, simple things the screeners would never be
lookin' at."
"Wouldn't take much," Wilkes offered, an old college chemistry-class
prank coming to mind. "An couple of ounces, that would be enough to blow
out the side of a plane, enough for what we're seeing here."
"With the easiest trigger in the world," the NTSB man added, putting
words to the picture forming in Wilkes mind. A cup of water would be
enough, just drop the sodium metal in to it and the chemical reaction
would quickly release hydrogen gas, with enough heat generated as a
byproduct of the reaction to ignite the gas. In just a second or two,
you'd have an explosion strong enough to knock the side out of a plane.
"Sounds like a problem for you FAA boys," his counterpart teased. "What
ya gonna do, ban passengers from carrying more than a few grams of
anything made of metal? "
"No," Wilkes shot back, "we can't ban everything that could be made of
sodium metal. Or all the other water-reactives," he mused aloud,
thinking of all the carbides, anhydrides, and alkali metals that would
cover. "Too many ways to hide them, too many types to test for them all.
No, it isn't the metals we'll have to ban."
"Naw, you don't mean," the NTSB man stared in disbelief, his eyes
growing wide. "You couldn't, I mean, it's the only other way but it's
ridiculous."
"No, it's not so ridiculous, it's really the only way. We're going to
have to ban water, and anything containing a significant amount of
water, from all passenger flights. It's the only way, otherwise we could
have planes dropping out of the sky every time someone is served a
beverage."
Contest and entries:
http://www.schneier.com/blog/archives/2007/04/announcing_seco.html
Winning entry:
http://www.schneier.com/blog/archives/2007/04/announcing_seco.html#c161178
or http://tinyurl.com/2hravr
Other semi-finalists:
http://www.schneier.com/blog/archives/2007/04/announcing_seco.html#c162272
or http://tinyurl.com/2f5qao
http://www.schneier.com/blog/archives/2007/04/announcing_seco.html#c161682
or http://tinyurl.com/ywjhzr
Ron's home page:
http://www.ronaldphillips.com/
** *** ***** ******* *********** *************
Perpetual Doghouse: Meganet
I first wrote about Meganet in 1999, in a larger article on
cryptographic snake-oil, and formally put them in the doghouse in 2003:
"They build an alternate reality where every cryptographic algorithm has
been broken, and the only thing left is their own system. 'The weakening
of public crypto systems commenced in 1997. First it was the 40-bit key,
a few months later the 48-bit key, followed by the 56-bit key, and later
the 512 bit has been broken...' What are they talking about? Would you
trust a cryptographer who didn't know the difference between symmetric
and public-key cryptography? 'Our technology... is the only unbreakable
encryption commercially available.' The company's founder quoted in a
news article: 'All other encryption methods have been compromised in the
last five to six years.' Maybe in their alternate reality, but not in
the one we live in.
"Their solution is to not encrypt data at all. 'We believe there is one
very simple rule in encryption: if someone can encrypt data, someone
else will be able to decrypt it. The idea behind VME is that the data is
not being encrypted nor transferred. And if it's not encrypted and not
transferred, there is nothing to break. And if there's nothing to break,
it's unbreakable.' Ha ha; that's a joke. They really do encrypt data,
but they call it something else."
Read the whole thing; it's pretty funny.
They're still around, and they're still touting their snake-oil "virtual
matrix encryption." (The patent is finally public, and if someone can
reverse-engineer the combination of patentese and gobbledygook into an
algorithm, we can finally see how actually awful it really is.) The
tech on their website is better than it was in 2003, but it's still
pretty hokey.
Back in 2005, they got their product FIPS 140-1 certified. The
certification was for their AES implementation, but they're sneakily
implying that VME was certified. From their website: "The Strength of a
Megabit Encryption (VME). The Assurance of a 256 Bit Standard (AES).
Both Technologies Combined in One Certified Module! FIPS 140-2
CERTIFICATE # 505."
Just goes to show that with a bit of sleight-of-hand you can get
anything FIPS 140 certified.
http://www.meganet.com/
http://www.meganet.com/Technology/intro.asp
http://www.meganet.com/Technology/explain.asp
http://www.meganet.com/challenges/default.asp
My doghouse article:
http://www.schneier.com/crypto-gram-0302.html#4
My snake oil article:
http://www.schneier.com/crypto-gram-9902.html#snakeoil
Patent:
http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.htm&r=1&f=G&l=50&s1=6219421.PN.&OS=PN/6219421&RS=PN/6219421
or http://tinyurl.com/28stql
FIPS certification (#505 on this page):
http://csrc.nist.gov/cryptval/140-1/1401val2005.htm
** *** ***** ******* *********** *************
Non-Security Considerations in Security Decisions
(This essay has an accompanying diagram that's necessary to understand
what I'm saying. You can find it here:
http://www.schneier.com/blog/archives/2007/06/nonsecurity_con_1.html.)
Security decisions are generally made for nonsecurity reasons. For
security professionals and technologists, this can be a hard lesson. We
like to think that security is vitally important. But anyone who has
tried to convince the sales VP to give up her department's Blackberries
or the CFO to stop sharing his password with his secretary knows
security is often viewed as a minor consideration in a larger decision.
This issue's articles on managing organizational security make this
point clear.
Below is a diagram of a security decision. At its core are assets, which
a security system protects. Security can fail in two ways: either
attackers can successfully bypass it, or it can mistakenly block
legitimate users. There are, of course, more users than attackers, so
the second kind of failure is often more important. There's also a
feedback mechanism with respect to security countermeasures: both users
and attackers learn about the security and its failings. Sometimes they
learn how to bypass security, and sometimes they learn not to bother
with the asset at all.
Threats are complicated: attackers have certain goals, and they
implement specific attacks to achieve them. Attackers can be legitimate
users of assets, as well (imagine a terrorist who needs to travel by
air, but eventually wants to blow up a plane). And a perfectly
reasonable outcome of defense is attack diversion: the attacker goes
after someone else's asset instead.
Asset owners control the security system, but not directly. They
implement security through some sort of policy -- either formal or
informal -- that some combination of trusted people and trusted systems
carries out. Owners make their judgments based on risks ... but really,
only by perceived risks. They're also affected by a host of other
considerations, including those legitimate users mentioned previously,
and the trusted people needed to implement the security policy.
Looking over the diagram, it's obvious that the effectiveness of
security is only a minor consideration in an asset owner's security
decision. And that's how it should be.
This essay originally appeared in "IEEE Computers and Security."
** *** ***** ******* *********** *************
Comments from Readers
There are hundreds of comments -- many of them interesting -- on these
topics on my blog. Search for the story you want to comment on, and join
in.
http://www.schneier.com/blog
** *** ***** ******* *********** *************
CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses,
insights, and commentaries on security: computer and otherwise. You can
subscribe, unsubscribe, or change your address on the Web at
<http://www.schneier.com/crypto-gram.html>. Back issues are also
available at that URL.
Please feel free to forward CRYPTO-GRAM, in whole or in part, to
colleagues and friends who will find it valuable. Permission is also
granted to reprint CRYPTO-GRAM, as long as it is reprinted in its entirety.
CRYPTO-GRAM is written by Bruce Schneier. Schneier is the author of the
best sellers "Beyond Fear," "Secrets and Lies," and "Applied
Cryptography," and an inventor of the Blowfish and Twofish algorithms.
He is founder and CTO of BT Counterpane, and is a member of the Board of
Directors of the Electronic Privacy Information Center (EPIC). He is a
frequent writer and lecturer on security topics. See
<http://www.schneier.com>.
BT Counterpane is the world's leading protector of networked information
- the inventor of outsourced security monitoring and the foremost
authority on effective mitigation of emerging IT threats. BT
Counterpane protects networks for Fortune 1000 companies and governments
world-wide. See <http://www.counterpane.com>.
Crypto-Gram is a personal newsletter. Opinions expressed are not
necessarily those of BT or BT Counterpane.
Copyright (c) 2007 by Bruce Schneier.
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy
mailing list