BrainWave Technology Tidbits

USB Combination Lock

Schneier on Security — Mon, 15 Mar 2010 18:59:46 GMT

Here's a promotional security product designed by someone who knows nothing about security. The USB drive is "protected" by a combination lock. There are only two dials, so there are only 100 possible combinations. And when the drive is "locked" and the connector is retracted, the contact are still accessible. Maybe it should be given away by companies that sell... Share Post: Read More......(read more)

Typosquatting

Schneier on Security — Mon, 15 Mar 2010 11:13:37 GMT

"Measuring the Perpetrators and Funders of Typosquatting," by Tyler Moore and Benjamin Edelman: Abstract. We describe a method for identifying "typosquatting", the intentional registration of misspellings of popular website addresses. We estimate that at least 938 000 typosquatting domains target the top 3 264 .com sites, and we crawl more than 285 000 of these domains to analyze their revenue... Share...(read more)

Friday Squid Blogging: Cipherlopods

Schneier on Security — Fri, 12 Mar 2010 22:21:58 GMT

This makes no sense to me, even though -- I suppose -- it's a squid cryptography joke.... Share Post: Read More......(read more)

Why DRM Doesn't Work

Schneier on Security — Fri, 12 Mar 2010 17:31:20 GMT

Funny comic.... Share Post: Read More......(read more)

More Hollow Coins

Schneier on Security — Fri, 12 Mar 2010 12:58:19 GMT

A hollowed-out U.S. nickel can hold a microSD card. Pound and euro coins are also available. I blogged about this about a year ago as well.... Share Post: Read More......(read more)

Wikibooks Cryptography Textbook

Schneier on Security — Thu, 11 Mar 2010 18:26:36 GMT

Over at Wikibooks, they're trying to write an open source cryptography textbook.... Share Post: Read More......(read more)

Wanted: Trust Detector

Schneier on Security — Thu, 11 Mar 2010 12:17:12 GMT

It's good to dream: IARPA's five-year plan aims to design experiments that can measure trust with high certainty -- a tricky proposition for a psychological study. Developing such experimental protocols could prove very useful for assessing levels of trust within one-on-one talks, or even during group interactions. A second part of the IARPA proposal might involve using new types of... Share Post:...(read more)

Nose Biometrics

Schneier on Security — Wed, 10 Mar 2010 19:47:12 GMT

Really: Since they are hard to conceal, the study says, noses would work well for identification in covert surveillance. The researchers say noses have been overlooked in the growing field of biometrics, studies into ways of identifying distinguishing traits in people. "Noses are prominent facial features and yet their use as a biometric has been largely unexplored," said the University... Share Post...(read more)

The Limits of Identity Cards

Schneier on Security — Wed, 10 Mar 2010 13:09:08 GMT

Good legal paper on the limits of identity cards: Stephen Mason and Nick Bohm, "Identity and its Verification," in Computer Law & Security Review, Volume 26, Number 1, Jan 2010. Those faced with the problem of how to verify a person's identity would be well advised to ask themselves the question, 'Identity with what?' An enquirer equipped with the answer... Share Post: Read More......(read more)

Marc Rotenberg on Google's Italian Privacy Case

Schneier on Security — Tue, 09 Mar 2010 18:36:00 GMT

Interesting commentary: I don't think this is really a case about ISP liability at all. It is a case about the use of a person's image, without their consent, that generates commercial value for someone else. That is the essence of the Italian law at issue in this case. It is also how the right of privacy was first established... Share Post: Read More......(read more)

Guide to Microsoft Police Forensic Services

Schneier on Security — Tue, 09 Mar 2010 12:59:01 GMT

The "Microsoft Online Services Global Criminal Compliance Handbook (U.S. Domestic Version)" (also can be found here, here, and here) outlines exactly what Microsoft will do upon police request. Here's a good summary of what's in it: The Global Criminal Compliance Handbook is a quasi-comprehensive explanatory document meant for law enforcement officials seeking access to Microsoft's stored user information....(read more)

Google in The Onion

Schneier on Security — Mon, 08 Mar 2010 20:24:03 GMT

Funny: MOUNTAIN VIEW, CA—Responding to recent public outcries over its handling of private data, search giant Google offered a wide-ranging and eerily well-informed apology to its millions of users Monday. "We would like to extend our deepest apologies to each and every one of you," announced CEO Eric Schmidt, speaking from the company's Googleplex headquarters. "Clearly there have been some... Share...(read more)

Eating a Flash Drive

Schneier on Security — Mon, 08 Mar 2010 17:00:50 GMT

How not to destroy evidence: In a bold and bizarre attempt to destroy evidence seized during a federal raid, a New York City man grabbed a flash drive and swallowed the data storage device while in the custody of Secret Service agents, records show. The article wasn't explicit about this -- odd, as it's the main question any reader would... Share Post: Read More......(read more)

De-Anonymizing Social Network Users

Schneier on Security — Mon, 08 Mar 2010 12:13:56 GMT

Interesting paper: "A Practical Attack to De-Anonymize Social Network Users." Abstract. Social networking sites such as Facebook, LinkedIn, and Xing have been reporting exponential growth rates. These sites have millions of registered users, and they are interesting from a security and privacy point of view because they store large amounts of sensitive personal user data. In this paper, we introduce......(read more)

Friday Squid Blogging: Squid Teapot

Schneier on Security — Fri, 05 Mar 2010 22:32:06 GMT

Squid teapot. Could be squiddier.... Share Post: Read More......(read more)