Podcast: Crypto-Gram 15 December 2005: Better to combat terrorism through intelligence.
from the Dec 15, 2005 Crypto-Gram Newsletter
by Bruce Schneier
* Airplane Security
CAPPS will create two different access paths into the airport: high-security and low-security. The intent is to let only good guys take the low-security path and to force bad guys to take the high-security path, but it rarely works out that way. You have to assume that the bad guys will find a way to exploit the low-security path.
Better to combat terrorism through intelligence!
* Australian Minister's Sensible Comments on Airline Security Spark Outcry
Immigration Minister Amanda Vanstone:
"a lot of what we do is to make people feel better as opposed to actually achieve an outcome"
* Sky Marshal Shooting in Miami
1) any time you have an officer making split-second life and death decisions, you're going to have mistakes.
2) I'm not convinced the sky marshals' threat model matches reality.
* Sony's DRM Rootkit: The Real Story
On Oct. 31, Mark Russinovich broke the story in his blog: Sony BMG Music Entertainment distributed a copy-protection scheme with music CDs that secretly installed a rootkit on computers. This software tool is run without your knowledge or consent - if it's loaded on your computer with a CD, a hacker can gain and maintain access to your system and you wouldn't know it.
Sony offered a "fix" that didn't remove the rootkit, just the cloaking.
* CME in Practice
CME is "Common Malware Enumeration," and it's an initiative by US-CERT to give all worms, viruses, and such uniform names.
The problem is that different security vendors use different names for the same thing.
* OpenDocument Format and the Commonwealth of Massachusetts
OpenDocument format (ODF) is an alternative to the Microsoft document, spreadsheet, and etc. file formats.
Microsoft, with its proprietary Office document format, is spreading rumors that ODF is somehow less secure.
This, from the company that allows Office documents to embed arbitrary Visual Basic programs?
But at least ODF has a clean and open XML format, which allows layered security and the ability to remove scripts as needed. This is much more difficult in the binary Microsoft formats that effectively hide embedded programs.
* Surveillance and Oversight
September 2005, Rotterdam. The police had already identified some of the 250 suspects in a soccer riot from the previous April, but most were unidentified but captured on video. In an effort to help, they sent text messages to 17,000 phones known to be in the vicinity of the riots, asking that anyone with information contact the police. The result was more evidence, and more arrests.
* Truckers Watching the Highways
Features I like in security systems: it's dynamic, it's distributed, it relies on trained people paying attention, and it's not focused on a specific threat.
* Twofish Cryptanalysis Rumors
Twofish isn't even remotely broken.
* Totally Secure Classical Communications?
Securing a communications link, like a phone or computer line, with a pair of resistors. By adding electronic noise, or using the natural thermal noise of the resistors.
length: 48:23m
PS: this is my cheat sheet of Bruce Schneier's Podcast:
http://www.schneier.com/crypto-gram-0512.html
by Bruce Schneier
* Airplane Security
CAPPS will create two different access paths into the airport: high-security and low-security. The intent is to let only good guys take the low-security path and to force bad guys to take the high-security path, but it rarely works out that way. You have to assume that the bad guys will find a way to exploit the low-security path.
Better to combat terrorism through intelligence!
* Australian Minister's Sensible Comments on Airline Security Spark Outcry
Immigration Minister Amanda Vanstone:
"a lot of what we do is to make people feel better as opposed to actually achieve an outcome"
* Sky Marshal Shooting in Miami
1) any time you have an officer making split-second life and death decisions, you're going to have mistakes.
2) I'm not convinced the sky marshals' threat model matches reality.
* Sony's DRM Rootkit: The Real Story
On Oct. 31, Mark Russinovich broke the story in his blog: Sony BMG Music Entertainment distributed a copy-protection scheme with music CDs that secretly installed a rootkit on computers. This software tool is run without your knowledge or consent - if it's loaded on your computer with a CD, a hacker can gain and maintain access to your system and you wouldn't know it.
Sony offered a "fix" that didn't remove the rootkit, just the cloaking.
* CME in Practice
CME is "Common Malware Enumeration," and it's an initiative by US-CERT to give all worms, viruses, and such uniform names.
The problem is that different security vendors use different names for the same thing.
* OpenDocument Format and the Commonwealth of Massachusetts
OpenDocument format (ODF) is an alternative to the Microsoft document, spreadsheet, and etc. file formats.
Microsoft, with its proprietary Office document format, is spreading rumors that ODF is somehow less secure.
This, from the company that allows Office documents to embed arbitrary Visual Basic programs?
But at least ODF has a clean and open XML format, which allows layered security and the ability to remove scripts as needed. This is much more difficult in the binary Microsoft formats that effectively hide embedded programs.
* Surveillance and Oversight
September 2005, Rotterdam. The police had already identified some of the 250 suspects in a soccer riot from the previous April, but most were unidentified but captured on video. In an effort to help, they sent text messages to 17,000 phones known to be in the vicinity of the riots, asking that anyone with information contact the police. The result was more evidence, and more arrests.
* Truckers Watching the Highways
Features I like in security systems: it's dynamic, it's distributed, it relies on trained people paying attention, and it's not focused on a specific threat.
* Twofish Cryptanalysis Rumors
Twofish isn't even remotely broken.
* Totally Secure Classical Communications?
Securing a communications link, like a phone or computer line, with a pair of resistors. By adding electronic noise, or using the natural thermal noise of the resistors.
length: 48:23m
PS: this is my cheat sheet of Bruce Schneier's Podcast:
http://www.schneier.com/crypto-gram-0512.html
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home