|
|
Technology Industry News & Career Management information, brought to you by BrainWave Consulting Company.
June 2009 - Posts
-
I think this is a first. Information security, and protection of your e-money. Electronic payments and calculations, on means of a network the Internet or by means of bank credit cards, continue to win the world market. Electronic payments, it quickly, conveniently, but is not safely. Now there is a real war, between users and hackers. Your credit card can... Share Post: Read More...
|
-
The Communication Security Establishment (CSE, basically Canada's NSA) is growing so fast they're running out of room and building new office buildings.... Share Post: Read More...
|
-
I've already written about the risks of pointy knives. This no-stabbing knife is the solution, and seems not to be a joke.... Share Post: Read More...
|
-
Almost two years ago, I wrote about my strategy for encrypting my laptop. One of the things I said was: There are still two scenarios you aren't secure against, though. You're not secure against someone snatching your laptop out of your hands as you're typing away at the local coffee shop. And you're not secure against the authorities telling you... Share Post: Read More...
|
-
-
For all of you who want to scam your company's expense reimbursement system. I've heard of sites where you give them a range of dates and a city, and they give you a full set of receipts for a trip to that city: airfare, hotel, meals, everything -- but I can't find a website.... Share Post: Read More...
|
-
I agree with this: It's time to show most passwords in clear text as users type them. Providing feedback and visualizing the system's status have always been among the most basic usability principles. Showing undifferentiated bullets while users enter complex codes definitely fails to comply. Most websites (and many other applications) mask passwords as users type them, and thereby theoretically... Read More...
|
-
Clear, the company that sped people through airport security, has ceased operations. My first question: what happened to all that personal information it collected on its members? An answer appeared on its website: Applicant and Member data is currently secured in accordance with the Transportation Security Administration's Security, Privacy and Compliance Standards. Verified Identity Pass, Inc. will Read More...
|
-
It's a sad, horrific story. Homeowner returns to find his house demolished. The demolition company was hired legitimately but there was a mistake and it demolished the wrong house. The demolition company relied on GPS co-ordinates, but requiring street addresses isn't a solution. A typo in the address is just as likely, and it would have demolished the house just... Share Post: Read More...
|
-
I'm at the 8th Workshop on Economics and Information Security at University College London (field trip to see Jeremy Bentham). Ross Anderson liveblogged the event. I wrote about WEIS 2006 back in 2006.... Share Post: Read More...
|
-
It's been months since the Transportation Security Administration has had a permanent director. If, during the job interview (no, I didn't get one), President Obama asked me how I'd fix airport security in one sentence, I would reply: "Get rid of the photo ID check, and return passenger screening to pre-9/11 levels." Okay, that's a joke. While showing ID, taking... Share Post: Read More...
|
-
The May/June 2009 issue of IEEE Security and Privacy contains five articles about the security of online games. Unfortunately, the articles are all behind paywalls.... Share Post: Read More...
|
-
Ph.D. thesis from 2001: An Analysis of the Systemic Security Weaknesses of the U.S. Navy Fleet Broadcasting System, 1967-1974, as exploited by CWO John Walker, by MAJ Laura J. Heath Abstract: CWO John Walker led one of the most devastating spy rings ever unmasked in the US. Along with his brother, son, and friend, he compromised US Navy cryptographic systems... Share Post: Read More...
|
-
Two blog posts on Iran's attempts to censor the Internet... Share Post: Read More...
|
-
Interesting research. First, we develop a novel feature design that borrows from commonly used techniques for feature extraction in speech recognition and music processing. These techniques are geared towards the human ear, which is limited to approx. 20 kHz and whose sensitivity is logarithmic in the frequency; for printers, our experiments show that most interesting features occur above 20 kHz,... Read More...
|
-
The New York Times website has a blog called "Room for Debate," where a bunch of people -- experts in their areas -- write short essays commenting on a news item. (I participated a few weeks ago.) Earlier this month, there was a post on nuclear disarmament, following President Obama's speech in Cairo that mentioned the subject. One of the... Share Post: Read More...
|
-
-
-
I had been wondering whether to post this, since it's not really a security threat -- there's no intelligence by the attacker: Crop scientists fear the Ug99 fungus could wipe out more than 80% of worldwide wheat crops as it spreads from eastern Africa. It has already jumped the Red Sea and traveled as far as Iran. Experts say it... Share Post: Read More...
|
-
I expected selling my computer on eBay to be easy. Attempt 1: I listed it. Within hours, someone bought it -- from a hacked account, as eBay notified me, cancelling the sale. Attempt 2: I listed it again. Within hours, someone bought it, and asked me to send it to her via FedEx overnight. The buyer sent payment via PayPal... Share Post: Read More...
|
-
A couple of years ago, the Department of Homeland Security hired a bunch of science fiction writers to come in for a day and think of ways terrorists could attack America. If our inability to prevent 9/11 marked a failure of imagination, as some said at the time, then who better than science fiction writers to inject a little imagination... Share Post: Read More...
|
-
Great article from Wired about the lockpicker Marc Tobias. Related: "Ten Things Everyone Should Know About Lockpicking & Physical Security."... Share Post: Read More...
|
-
From the press release: Unlike existing computer forensics solutions, EnCase Portable runs on a USB drive, rather than a laptop, and enables the user to easily and rapidly boot a target computer to the USB drive, and run a pre-configured data search and collection job. The ease-of-use and ultra-portability of EnCase Portable creates exciting new possibilities in data acquisition. Even... Share Post Read More...
|
-
Fascinating research on the psychology of con games. "The psychology of scams: Provoking and committing errors of judgement" was prepared for the UK Office of Fair Trading by the University of Exeter School of Psychology. From the executive summary, here's some stuff you may know: Appeals to trust and authority: people tend to obey authorities so scammers use, and victims... Share Post: Read More...
|
-
Not the best idea: The carrot bombs had been placed around the city at the request of a local art gallery, as part of an open-air arts festival. They had only been in place for an hour before police received their first call. "We received a call ... from a person who said they saw two real bombs placed outside... Share Post: Read More...
|
-
The SHA family (which, I suppose, should really be called the MD4 family) of cryptographic hash functions has been under attack for a long time. In 2005, we saw the first cryptanalysis of SHA-1 that was faster than brute force: collisions in 269 hash operations, later improved to 263 operations. A great result, but not devastating. But remember the great... Share Post: Read More...
|
-
The U.S. Department of Homeland Security has a blog. I don't know if it will be as interesting or entertaining as the TSA's blog.... Share Post: Read More...
|
-
Fun story, with a lot of echoes of our own security problems: It took just 10 minutes for a dozen prairie dogs to outwit the creators of the Maryland Zoo's new $500,000 habitat. Aircraft wire, poured concrete and slick plastic walls proved no match for the fast-footed rodents, the stars of a new exhibit that opens today. As officials were... Share Post: Read More...
|
-
No evidence one way or the other: Like a lot of people who use social media, Israel Hyman and his wife Noell went on Twitter to share real-time details of a recent trip. Their posts said they were "preparing to head out of town," that they had "another 10 hours of driving ahead," and that they "made it to Kansas... Share Post: Read More...
|
-
Forbes ran an article talking about the "hidden" cost of privacy. Basically, the point was that privacy regulations are expensive to comply with, and a lot of that expense gets eaten up by the mechanisms of compliance and doesn't go toward improving anyone's actual privacy. This is a valid point, and one that I make in talks about privacy all... Share Post: Read More...
|
-
Weird: The UW-Madison researchers have been intrigued by the light organ's "counterillumination" ability -- this capacity to give off light to make squids as bright as the ocean surface above them, so that predators below can't see them. "Until now, scientists thought that illuminating tissues in the light organ functioned exclusively for the control of the intensity and direction of... Share Post Read More...
|
-
The eighth, and final, session of the SHB09 was optimistically titled "How Do We Fix the World?" I moderated, which meant that my liveblogging was more spotty, especially in the discussion section. David Mandel, Defense Research and Development Canada (suggested reading: Applied Behavioral Science in Support of Intelligence Analysis, Radicalization: What does it mean?; The Role of Instigators in Radicalization... Read More...
|
-
The penultimate session of the conference was "Privacy," moderated by Tyler Moore. Alessandro Acquisti, Carnegie Mellon University (suggested reading: What Can Behavioral Economics Teach Us About Privacy?; Privacy in Electronic Commerce and the Economics of Immediate Gratification), presented research on how people value their privacy. He started by listing a variety of cognitive biases that affect Read More...
|
-
Session Six -- Terror -- chaired by Stuart Schechter. Bill Burns, Decision Research (suggested reading: The Diffusion of Fear: Modeling Community Response to a Terrorist Strike), studies social reaction to risk. He discussed his theoretical model of how people react to fear events, and data from the 9/11 attacks, the 7/7 bombings in the UK, and the 2008 financial collapse.... Share Post: Read More...
|
-
The first session of the morning was "Foundations," which is kind of a catch-all for a variety of things that didn't really fit anywhere else. Rachel Greenstadt moderated. Terence Taylor, International Council for the Live Sciences (suggested video to watch: Darwinian Security; Natural Security), talked about the lessons evolution teaches about living with risk. Successful species didn't survive by Read More...
|
-
David Livingstone Smith moderated the fourth session, about (more or less) methodology. Angela Sasse, University College London (suggested reading: The Compliance Budget: Managing Security Behaviour in Organisations; Human Vulnerabilities in Security Systems), has been working on usable security for over a dozen years. As part of a project called "Trust Economics," she looked at whether people comply Read More...
|
-
Session three is titled "Usability." (For the record, the Stata Center is one ugly building.) Andrew Patrick, NRC Canada until he was laid off four days ago (suggested reading: Fingerprint Concerns: Performance, Usability, and Acceptance of Fingerprint Biometric Systems), talked about biometric systems and human behavior. Biometrics are used everywhere: for gym membership, at Disneyworld, at international Read More...
|
-
The second session was about fraud. (These session subjects are only general. We tried to stick related people together, but there was the occasional oddball -- and scheduling constraint -- to deal with.) Julie Downs, Carnegie Mellon University (suggested reading: Behavioral Response to Phishing Risk; Parents' vaccination comprehension and decisions; The Psychology of Food Consumption), is a psychologist Read More...
|
-
The first session was about deception. Frank Stajano, Cambridge University (suggested reading: Usability of Security Management: Defining the Permissions of Guests), presented research with someone who films actual scams for "The Real Hustle." His point is that we build security systems based on our "logic," but users don't always follow our logic. It's fraudsters who really understand what people Read More...
|
-
The first session was about deception. Frank Stajano, Cambridge University (suggested reading: Usability of Security Management: Defining the Permissions of Guests), presented research with someone who films actual scams for "The Real Hustle." His is point is that we build security systems based on our "logic," but users don't always follow our logic. It's fraudsters who really understand what people... Read More...
|
-
I'm at SHB09, the Second Interdisciplinary Workshop on Security and Human Behavior, at MIT. This is a two-day gathering of computer security researchers, psychologists, behavioral economists, sociologists, philosophers, and others -- all of whom are studying the human side of security, organized by Ross Anderson, Alessandro Acquisti, and myself. Here's the schedule. Last year's link will give you a Read More...
|
-
One of the risks of using a commercial OS for embedded systems like ATM machines: it's easier to write malware against it: The report does not detail how the ATMs are infected, but it seems likely that the malware is encoded on a card that can be inserted in an ATM card reader to mount a buffer overflow attack. The... Share Post: Read More...
|
-
I'm selling my laptop on eBay. It's basically new, although the box has been opened. I wanted to downgrade the OS, but learned that one of the key drivers -- it controls the camera and the hibernate function -- was only available for Vista. So it's up for sale, at a good price.... Share Post: Read More...
|
-
Interhack has been working on a taxonomy of security breaches, and has an interesting conclusion: The Health Care and Social Assistance sector reported a larger than average proportion of lost and stolen computing hardware, but reported an unusually low proportion of compromised hosts. Educational Services reported a disproportionally large number of compromised hosts, while insider conduct and lost Read More...
|
-
You can't make this stuff up: More than 2,000 10 and 11-year-olds [in the UK] will see a short film, which urges them to tell the police, their parents or a teacher if they hear anyone expressing extremist views. [...] A lion explains that terrorists can look like anyone, while a cat tells pupils that should get help if they... Share Post: Read More...
|
-
On one hand, this is clever: We offer a wide array of corrupted Word files that are guaranteed not to open on a Mac or PC. A corrupted file is a file that contains scrambled and unrecoverable data due to hardware or software failure. Files may become corrupted when something goes wrong while a file is being saved e.g. the... Share Post: Read More...
|
-
If you think that under-20-year-olds don't care about privacy, this is an eloquent op-ed by two students about why CCTV cameras have no place in their UK school: Adults are often quick to define the youth of today as stereotypical troublemakers and violent offenders -- generalisations which are prompted by the media -- when in fact the majority of students... Share Post: Read More...
|
-
Time for some more fear about terrorists using maps and images on the Internet. But the more striking images come when Portzline clicks on the "bird's-eye" option offered by the map service. The overhead views, which come chiefly from satellites, are replaced with strikingly clear oblique-angle photos, chiefly shot from aircraft. By clicking another button, he can see the same... Share Post: Read More...
|
-
-
Earlier this year, I blogged about a self-defense pen that is likely to easily pass through airport security. On the other hand, this normal pen in the shape of a bullet will probably get you in trouble.... Share Post: Read More...
|
-
This combination door lock is very pretty. Of course, four digits is too short an entry code, but I like the overall design and the automatic rescrambling feature.... Share Post: Read More...
|
-
I'll be interviewed in Second Life on "Virtually Speaking" tonight at 9:00 PM ET.... Share Post: Read More...
|
-
Interesting: This part happens all the time: A construction crew putting up an office building in the heart of Tysons Corner a few years ago hit a fiber optic cable no one knew was there. This part doesn't: Within moments, three black sport-utility vehicles drove up, a half-dozen men in suits jumped out and one said, "You just hit our... Share Post: Read More...
|
-
This year's overhyped IT concept is cloud computing. Also called software as a service (Saas), cloud computing is when you run software over the internet and access it via a browser. The Salesforce.com customer management software is an example of this. So is Google Docs. If you believe the hype, cloud computing is the future. But, hype aside, cloud computing... Share Post: Read More...
|
-
I don't know how I missed this great series from Slate in February. It's eight essays exploring why there have been no follow-on terrorist attacks in the U.S. since 9/11 (not counting the anthrax mailings, I guess). Some excerpts: Al-Qaida's successful elimination of the Twin Towers, part of the Pentagon, four jetliners, and nearly 3,000 innocent lives makes the terror... Share Post: Read More...
|
-
Whose idea is this? The Boston Police Department is preparing a plan to arm as many as 200 patrol officers with semiautomatic assault rifles, a significant boost in firepower that department leaders believe is necessary to counter terrorist threats, according to law enforcement officials briefed on the plan. The initiative calls for equipping specialized units, such as the bomb squad... Share Post Read More...
|
-
In April, I blogged about the Boston police seizing a student's computer for, among other things, running Linux. (Anyone who runs Linux instead of Windows is obviously a scary bad hacker.) Last week, the Massachusets Supreme Court threw out the search warrant: Massachusetts Supreme Judicial Court Associate Justice Margot Botsford on Thursday said that Boston College and Massachusetts State Police... Read More...
|
-
This could be interesting: Emerging Threats and Security Planning: How Should We Decide What Hypothetical Threats to Worry About? Brian A. Jackson, David R. Frelinger Concerns about how terrorists might attack in the future are central to the design of security efforts to protect both individual targets and the nation overall. In thinking about emerging threats, security planners are confronted... Read More...
|
|
|
|