BrainWave Technology Tidbits

The Insecurity of Secrecy

Schneier on Security — Fri, 03 Jul 2009 12:18:49 GMT

Good essay -- "The Staggering Cost of Playing it 'Safe'" -- about the political motivations for terrorist security policy. Senator Barbara Boxer has led an effort to at least put together a public database of ash storage sites so that people can judge the risk to the areas where they live. However, even this effort has been blocked not by... Share Post: Read More......(read more)

Information Leakage from Keypads

Schneier on Security — Thu, 02 Jul 2009 17:09:30 GMT

Can anyone guess the entry codes for these door locks? There are 10,000 possible four-digit codes, but you only have to try 24 on these keypads. The second is almost certainly guessable in one.... Share Post: Read More......(read more)

More Security Countermeasures from the Natural World

Schneier on Security — Thu, 02 Jul 2009 11:11:41 GMT

The plant caladium steudneriifolium pretends to be ill so mining moths won't eat it. She believes that the plant essentially fakes being ill, producing variegated leaves that mimic those that have already been damaged by mining moth larvae. That deters the moths from laying any further larvae on the leaves, as the insects assume the previous caterpillars have already eaten... Share Post: Read More.....(read more)

MD6 Withdrawn from SHA-3 Competition

Schneier on Security — Wed, 01 Jul 2009 19:27:35 GMT

In other SHA-3 news, Ron Rivest seems to have withdrawn MD6 from the SHA-3 competition. From an e-mail to a NIST mailing list: We suggest that MD6 is not yet ready for the next SHA-3 round, and we also provide some suggestions for NIST as the contest moves forward. Basically, the issue is that in order for MD6 to be... Share Post: Read More......(read more)

New Attack on AES

Schneier on Security — Wed, 01 Jul 2009 16:49:18 GMT

There's a new cryptanalytic attack on AES that is better than brute force: Abstract. In this paper we present two related-key attacks on the full AES. For AES-256 we show the first key recovery attack that works for all the keys and has complexity 2119, while the recent attack by Biryukov-Khovratovich-Nikolic works for a weak key class and has higher... Share Post: Read More......(read more)

Security, Group Size, and the Human Brain

Schneier on Security — Wed, 01 Jul 2009 11:51:56 GMT

If the size of your company grows past 150 people, it's time to get name badges. It's not that larger groups are somehow less secure, it's just that 150 is the cognitive limit to the number of people a human brain can maintain a coherent social relationship with. Primatologist Robin Dunbar derived this number by comparing neocortex -- the "thinking"... Share Post: Read More......(read more)

Cryptography Spam

Schneier on Security — Tue, 30 Jun 2009 18:36:42 GMT

I think this is a first. Information security, and protection of your e-money. Electronic payments and calculations, on means of a network the Internet or by means of bank credit cards, continue to win the world market. Electronic payments, it quickly, conveniently, but is not safely. Now there is a real war, between users and hackers. Your credit card can... Share Post: Read More......(read more)

Growth of the CSE

Schneier on Security — Tue, 30 Jun 2009 11:32:53 GMT

The Communication Security Establishment (CSE, basically Canada's NSA) is growing so fast they're running out of room and building new office buildings.... Share Post: Read More......(read more)

Anti-Stab Knife

Schneier on Security — Mon, 29 Jun 2009 19:18:22 GMT

I've already written about the risks of pointy knives. This no-stabbing knife is the solution, and seems not to be a joke.... Share Post: Read More......(read more)

Protecting Against the Snatched Laptop Data Theft

Schneier on Security — Mon, 29 Jun 2009 11:51:02 GMT

Almost two years ago, I wrote about my strategy for encrypting my laptop. One of the things I said was: There are still two scenarios you aren't secure against, though. You're not secure against someone snatching your laptop out of your hands as you're typing away at the local coffee shop. And you're not secure against the authorities telling you... Share Post: Read More......(read more)

Friday Squid Blogging: 8 Gig USB Squid Flash Drive

Schneier on Security — Fri, 26 Jun 2009 21:52:39 GMT

Cute.... Share Post: Read More......(read more)

Fake Receipts

Schneier on Security — Fri, 26 Jun 2009 18:16:12 GMT

For all of you who want to scam your company's expense reimbursement system. I've heard of sites where you give them a range of dates and a city, and they give you a full set of receipts for a trip to that city: airfare, hotel, meals, everything -- but I can't find a website.... Share Post: Read More......(read more)

The Problem with Password Masking

Schneier on Security — Fri, 26 Jun 2009 11:17:52 GMT

I agree with this: It's time to show most passwords in clear text as users type them. Providing feedback and visualizing the system's status have always been among the most basic usability principles. Showing undifferentiated bullets while users enter complex codes definitely fails to comply. Most websites (and many other applications) mask passwords as users type them, and thereby theoretically......(read more)

Clear Shuts Down Operation

Schneier on Security — Thu, 25 Jun 2009 17:36:40 GMT

Clear, the company that sped people through airport security, has ceased operations. My first question: what happened to all that personal information it collected on its members? An answer appeared on its website: Applicant and Member data is currently secured in accordance with the Transportation Security Administration's Security, Privacy and Compliance Standards. Verified Identity Pass, Inc. will...(read more)

Authenticating Paperwork

Schneier on Security — Thu, 25 Jun 2009 11:11:32 GMT

It's a sad, horrific story. Homeowner returns to find his house demolished. The demolition company was hired legitimately but there was a mistake and it demolished the wrong house. The demolition company relied on GPS co-ordinates, but requiring street addresses isn't a solution. A typo in the address is just as likely, and it would have demolished the house just... Share Post: Read More......(read more)