Wednesday, June 24, 2009

Podcast: Crypto-Gram 15 Sept 2005 Athletes have to evade any tests that exist today, but they have to at least think about how they could evade any t

Crypto-Gram 15 Sept 2005
from the September 15, 2005 Crypto-Gram Newsletter
by Bruce Schneier

* Movie-Plot Threats

Security is most effective when it doesn't make arbitrary assumptions about the next terrorist act. We need to spend more money on intelligence and investigation: identifying the terrorists themselves, cutting off their funding, and stopping them regardless of what their plans are. We need to spend more money on emergency response: lessening the impact of a terrorist attack

The problem is that we all got caught up in "movie-plot threats" specific attack scenarios that capture the imagination and then the dollars.

* Katrina and Security

Large-scale terrorist attacks and natural disasters differ in cause, but they're very similar in aftermath.

Money spent on intelligence-gathering makes us safer, regardless of what the next disaster is. Against terrorism, that includes the NSA and the CIA. Against natural disasters, that includes the National Weather Service and the National Earthquake Information Center.

* The Keys to the Sydney Subway

Global secrets are poor security. 2 problems:
1. cannot apply any granularity
2. fail badly; if the secret gets out, then the bad guys have a pretty powerful secret.

* New Cryptanalytic Results Against SHA-1

The time complexity of the new attack is 2^63, Previous result was 2^69; brute force is 2^80.

* Zotob

Microsoft plug-and-play vulnerability

* Airline Security, Trade-offs, and Agenda

All security decisions are trade-offs, and smart security trade-offs are ones where the security you get is worth what you have to give up.
There are differences between perceived risk and actual risk, differences between perceived security and actual security, and differences between perceived cost and actual cost.

* Cameras in the New York City Subways

New York City is spending $212 million on surveillance technology: 1,000 video cameras and 3,000 motion sensors for the city's subways, bridges, and tunnels.

* Lance Armstrong Accused of Doping

Ability of a security mechanism to go back in time is interesting, and similar to police exhuming dead bodies for new forensic analysis, or a new cryptographic technique permitting decades-old encrypted messages to be read.

It also has some serious ramifications for athletes considering using banned substances. Not only do they have to evade any tests that exist today, but they have to at least think about how they could evade any tests that might be invented in the future.

* Peggy Noonan and Movie-Plot Terrorist Threats

This game of "let's imagine" really does stir up emotions, but it's not the way to plan national security policy.

* Trusted Computing Best Practices

The basic idea is that you build a computer from the ground up securely, with a core hardware "root of trust" called a Trusted Platform Module (TPM). Applications can run securely on the computer, can communicate with other applications and their owners securely, and can be sure that no untrusted applications have access to their data or code.

time: 25:54
PS: this is my cheat sheet of Bruce Schneier's Podcast:

Labels: ,


Post a Comment

Subscribe to Post Comments [Atom]

<< Home