Schneier on Security

It's called Squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Funny. Fake, but funny. Edited to add (2/3): The rest of the story....

Reuters discovered the information: The VeriSign attacks were revealed in a quarterly U.S. Securities and Exchange Commission filing in October that followed new guidelines on reporting security breaches to investors. It was the most striking disclosure to emerge in a review by Reuters of more than 2,000 documents mentioning breach risks since the SEC guidance was published. The company, unsurprisingly,...

Really good article on the huge incarceration rate in the U.S., its causes, its effects, and its value: Over all, there are now more people under "correctional supervision" in America -- more than six million -- than were in the Gulag Archipelago under Stalin at its height. That city of the confined and the controlled, Lockuptown, is now the second...

Brian C. Kalt (2005), "The Perfect Crime," Georgetown Law Journal, Vol. 93, No. 2. Abstract: This article argues that there is a 50-square-mile swath of Idaho in which one can commit felonies with impunity. This is because of the intersection of a poorly drafted statute with a clear but neglected constitutional provision: the Sixth Amendment's Vicinage Clause. Although lesser criminal...

The storyline: TSA screener finds two pipes in passenger's bags. Screener determines that they're not a threat. Screener confiscates them anyway, because of their "material and appearance." Because they're not actually a threat, screener leaves them at the checkpoint. Everyone forgets about them. Six hours later, the next shift of TSA screeners notices the pipes and -- not being able...

Some errors in forensic science may be the result of the biases of the examiners: Though they cannot prove it, Dr Dror and Dr Hampikian suspect the difference in contextual information given to the examiners was the cause of the different results. The original pair may have subliminally interpreted ambiguous information in a way helpful to the prosecution, even though...

According to my publisher, the book was printed last week and the warehouse is shipping orders to booksellers today. Amazon is likely to start shipping books on Thursday. (Yes, Amazon's webpage claims that the book will be published on February 21, 2012, but they'll ship copies as soon as they get them -- this ain't Harry Potter.) The Kindle edition...

Does this story make sense to anyone? The Department of Homeland Security flagged him as a potential threat when he posted an excited tweet to his pals about his forthcoming trip to Hollywood which read: 'Free this week, for quick gossip/prep before I go and destroy America'. After making their way through passport control at Los Angeles International Airport (LAX)...

This was pretty good, I thought: However, it may be difficult to write military doctrine for many aspects of cyberconflict that are truly revolutionary. Here are no fewer than 10 to consider: The Internet is an artificial environment that can be shaped in part according to national security requirements. The blinding proliferation of technology and hacker tools makes it impossible...

Interesting article from the New York Times on password sharing as a show of affection. "It's a sign of trust," Tiffany Carandang, a high school senior in San Francisco, said of the decision she and her boyfriend made several months ago to share passwords for e-mail and Facebook. "I have nothing to hide from him, and he has nothing to...

Readers of this blog will know that I like the works of Max Abrams, and regularly blog them. He has a new paper (full paper behind paywall) in Defence and Peace Economics, 22:6 (2011), 583–94, "Does Terrorism Really Work? Evolution in the Conventional Wisdom since 9/11, Defence and Peace Economics": The basic narrative of bargaining theory predicts that, all else...

A U.S. federal judge has ordered a defendent to decrypt her laptop....

The U.S Supreme Court has ruled that the police cannot attach a GPS tracking device to a car without a warrant. EDITED TO ADD (1/26): It seems I was wrong when I said that the ruling forces the police to get a warrant before placing a GPS tracking device on a car. The ruling is much more complicated and nuanced....

The NSF is funding research on giving organizations information-security risk ratings, similar to credit ratings for individuals: Existing risk management techniques are based on annual audits and only provide a snapshot of a partner's security posture. However, new vulnerabilities are discovered everyday and the industry needs a solution that enables a business to continuously monitor changing risk posture of all...

The state of Texas gets an armed patrol boat. I guess armed drones weren't enough for them....

Funny news video on Facebook and the CIA....

I wrote about this technique in Beyond Fear: Beginning Sunday evening, the robbers intentionally set off the gallery's alarm system several times without entering the building, according to police. The security staffers on duty, who investigated and found no disturbances, subsequently disabled at least one alarm. The burglars then entered through a balcony door....

Tomorrow, from 8 am to 8 pm EST, this site, Schneier on Security, is going on strike to protest SOPA and PIPA. In doing so, I'll be joining Wikipedia (in English), BoingBoing, WordPress, and many others. A list of participants, and HTML and JavaScript code for anyone who wants to participate, can be found here....

Good operational security guide to Tor....