Slashdot Mirror

Shneier et al just released a paper about a PGP/GPG vulnerability. This vulnerabilty relies on the PGP user not being paranoid, and doing something that's not too smart.

So, once again, you're only as secure as the weakest link, which is often the user...

What Schneier actually advocates in the article is the use of at least two of these three layers for doing user authentication: something you know (e.g. a password), something you have (e.g. a smart card or other secure token), and something you are (biometrics falls into this rubric). Depending on only one is necessarily weak, but even two of the three taken together would be strong indeed. For instance, if you have a website that uses not only username/password pairs for authentication, but lives on SSL *and* requests client-side certificates from any browser that wishes to visit the protected page uses both something you know (your username and password) and something you have (the computer where the browser with the client-side certificate is installed, or better yet if the cert lives on a smart card). THAT would make Schneier's Parable of the Dirty Website fail utterly without extra work: without the client-side cert, the web page wouldn't even serve the username/password page to you. Fine, the password is compromised because the employee used the same password to surf for porn, but since access to the certificate is limited to the computer where it's installed, or the smart card possessed by the employee no dice unless you can also steal the smart card and/or computer. Even better would be to provide biometric authentication for the secured computer, so you'd then have to steal the fingerprint or retinal scan or whatnot as well to break the system.

It can be done of course, but it would require contortions worthy of Sneakers .

The whole article actually feels like a distillation of the last six months of the Crypto-Gram newsletter.

I don't mean to discourage you, so if you are serious about implementing a secure portal, or just learning more about secure systems development, here are some of my favorites:

By Schneier:

Secrets and Lies -- on why crypto and technology arent enough.

Applied Cryptography -- Howto make good crypto

By Viega and McGraw: Building Secure Software -- The whole process of secure system development.

Good luck and good reading!

I don't mean to discourage you, so if you are serious about implementing a secure portal, or just learning more about secure systems development, here are some of my favorites:

By Schneier:

Secrets and Lies -- on why crypto and technology arent enough.

Applied Cryptography -- Howto make good crypto

By Viega and McGraw: Building Secure Software -- The whole process of secure system development.

Good luck and good reading!

"I think this was slightly overblown," Norton says, "but the point is that fingerprint technology cannot determine 'liveness.' You can't foil the Lumidigm system with fake or dead tissue."

Or Gelatine.

This, combined with traditional fingerprinting, would be pretty damn accurate as far as I can see. I'll leave the privacy knee-jerks to other people, I'm really far too tired at the moment. ;-)

Ali

No, no, you don't understand.

Once you create something digital and immaterial, you can make an infinite number of copies without spending any more resources (aside from a little electricity). Compare this to a shovel, which needs much human labour, plastic, metal, etc.

I don't think it's stealing. The author should somehow get enough money, the goal which they've set, and then the information should be free for all. Have a look at Kelsey & Schneier's Street Performer Protocol to find out what I mean. Such a method would promise income to the creator of the information, and it would be fair to those who want to pay for the information.

Since digital information is impossible to detain, if you intend to mass-market it, I see Kelsey & Schneier's idea as the best one to achieve the goals of making money in mass markets with immaterial information.

You can find the paper at Counterpane.

This interview with Gene Spafford was recommended by Bruce Schneier in his Crypto-Gram newsletter some months back.

Bruce says:

Long and interesting interview with Gene Spafford, about the infosec threat landscape; privacy; the challenges of digital certificates, CRLs, public key infrastructure standards and interoperability; key escrow, backup and recovery; identity fraud; trust on the Internet; and the problems of security education today. Sample quote: "Security doesn't work as an add-on. It really needs to be built-in from the beginning."

I skipped over the intro page but if you really want to see it it's here.

This interview with Gene Spafford was recommended by Bruce Schneier in his Crypto-Gram newsletter some months back.

Bruce says:

Long and interesting interview with Gene Spafford, about the infosec threat landscape; privacy; the challenges of digital certificates, CRLs, public key infrastructure standards and interoperability; key escrow, backup and recovery; identity fraud; trust on the Internet; and the problems of security education today. Sample quote: "Security doesn't work as an add-on. It really needs to be built-in from the beginning."

I skipped over the intro page but if you really want to see it it's here.

This sounds to me like an "Air-Gap".

Whale Communications has had a similar product out for years.

Bruce Schneier has some thoughts on "Air-Gap" technologies.

-SPG

According to former and current DEA, military, and State Department officials, the cartel had assembled a database that contained both the office and residential telephone numbers of U.S. diplomats and agents based in Colombia, along with the entire call log for the phone company in Cali, which was leaked by employees of the utility. The mainframe was loaded with custom-written data-mining software. It cross-referenced the Cali phone exchange's traffic with the phone numbers of American personnel and Colombian intelligence and law enforcement officials. The computer was essentially conducting a perpetual internal mole-hunt of the cartel's organizational chart. "They could correlate phone numbers, personalities, locations -- any way you want to cut it," says the former director of a law enforcement agency. "Santacruz could see if any of his lieutenants were spilling the beans."

They were. A top Colombian narcotics security adviser says the system fingered at least a dozen informants -- and that they were swiftly assassinated by the cartel. A high-level DEA official would go only this far: "It is very reasonable to assume that people were killed as a result of this capability. Potential sources of information were compromised by the system."

Sounds like in the war between the cartel's and the gov.us, the cartel's have won. It seem's like they ownz you US folk already...

1. Would we believe the seriousness of virus threat anouncements? (BTW, please see the interesting musings of Bruce Schneier in the last issue of CRYPTO-GRAM.
2. Would we believe in the security of Symantec's products?
3. Would Symantec take advantage of first hand information before releasing it to public knowledge?

I'm not convinced that that even small-time criminals will be forced to downgrade. I can pick up source code for twofish at the local library or on the web and just about any library capable of DES can produce 3DES. As such the cost of developing a strong encryption program is trivial. A quick google search found an example of how to use OpenSSL to produce DES-encrypted code. I find it doubtful that DES will disappear in the new future, because it appears to be the lowest denominator for regulation.

Which points to the fundamental futility of regulating cryptographic code. Source code for AES, Blowfish, Twofish, and DES has been published widely as part of public review processes. Developing a new cipher is tough but using an existing cipher is relatively easy. Weak ciphers such as DES can be made stronger by using multiple rounds of encryption. The materials required for producing a cryptographic program are free.

You could always go out of band, like this for example.

Quoting Bruce Schneier from his Why computers are insecure article:

Security engineering involves programming Satan's computer.

And Satan's computer is hard to test.

(source)

Other memorable statements by Bruce Schneier can be found here and here.

Quoting Bruce Schneier from his Why computers are insecure article:

Security engineering involves programming Satan's computer.

And Satan's computer is hard to test.

(source)

Other memorable statements by Bruce Schneier can be found here and here.

Quoting Bruce Schneier from his Why computers are insecure article:

Security engineering involves programming Satan's computer.

And Satan's computer is hard to test.

(source)

Other memorable statements by Bruce Schneier can be found here and here.

I am not smart enough to explain it, but I understand that 3DES is more resistant to a man-in-the-middle attack (also woman-in-the-middle).

I think Stanford's SRP was developed to address this.

Blowfish is awesome (fast & strong). Maybe Twofish is even better. But I think it is known that the randowm key exchange is stronger in 3DES, when it sets up the connection.

I am not smart enough to explain it, but I understand that 3DES is more resistant to a man-in-the-middle attack (also woman-in-the-middle).

I think Stanford's SRP was developed to address this.

Blowfish is awesome (fast & strong). Maybe Twofish is even better. But I think it is known that the randowm key exchange is stronger in 3DES, when it sets up the connection.

1. I'd rather have a 2n length key to encrypt an n length chunk, rather than an n-length key to encrypt a 2n length chunk.
   Helps spread the bits of "randomness" a little further. Why would you like it the other way around? Sounds insane.
2. What information have you found that proves blowfish is insecure? Links or your own cryptanalysis are welcome.
3. Anyone who wants some actual facts about blowfish should start here. I doubt if the AC who posted the parent will produce anything to refute the specs.

This is certainly true, however there is a large amount of security appears to come from the community / vendor around the code too. Yes, I'm generalising, but open source programmers treat security problems as security issues, rather than as a PR problem. Even though the apache team ( rightly, in my opinion ) criticized ISS for the manner of their reporting, they did also release a full disclosure release, and a suitable, working patch within 36 hours of the issue going public.

I don't see many vendors responding that quickly, although, to be fair, the apache team did know about the vulnerablity already.

It's all about the "Window of Exposure" really. Go to Bruce Scheiners Cryptogram page to see some excellent arguments about peer review, and the whole window of exposure idea.

Samuel Plimsoll, M.P. (1824-1898) Samuel Plimsoll brought about one of the greatest shipping revolutions ever known by shocking the British nation into making reforms which have saved the lives of countless seamen. By the mid-1800's, the overloading of English ships had become a national problem. Plimsoll took up as a crusade the plan of James Hall to require that vessels bear a load line marking indicating when they were overloaded, hence ensuring the safety of crew and cargo. His violent speeches aroused the House of Commons; his book, Our Seamen, shocked the people at large into clamorous indignation. His book also earned him the hatred of many shipowners who set in train a series of legal battles against Plimsoll. Through this adversity and personal loss, Plimsoll clung doggedly to his facts. He fought to the point of utter exhaustion until finally, in 1876, Parliament was forced to pass the Unseaworthy Ships Bill into law, requiring that vessels bear the load line freeboard marking. It was soon known as the "Plimsoll Mark" and was eventually adopted by all maritime nations of the world.

The risks,issues and solutions for providing a more secure operating and application enviroment have been known for decades. Those who do not already comprehend the issues and are willing to learn, should take some time out to listen to some of the speeches at Dr. Dobbs Journal's Technetcast security archives, starting with Meeting Future Security Challenges by Dr. Blaine Burnam, Director, Georgia Tech Information Security Center (GTISC) and previously with the National Security Agency (NSA)

The design and implementation of some applications and servers are just too unsafe to use in the "open ocean" of the internet.

Numerous security experts have railed against Microsoft's lack of security, best summed up by Bruce Schneier Founder and CTO Counterpane Internet Security, Inc who rightly stated ...

Honestly, security experts don't pick on Microsoft because we have some fundamental dislike for the company. Indeed, Microsoft's poor products are one of the reasons we're in business. We pick on them because they've done more to harm Internet security than anyone else, because they repeatedly lie to the public about their products' security, and because they do everything they can to convince people that the problems lie anywhere but inside Microsoft. Microsoft treats security vulnerabilities as public relations problems. Until that changes, expect more of this kind of nonsense from Microsoft and its products. (Note to Gartner: The vulnerabilities will come, a couple of them a week, for years and years...until people stop looking for them. Waiting six months isn't going to make this OS safer.)

However Microsoft's products are not alone in the presence of vulnerabilities, this is a major issue for Linux/BSD and Unix as well as any other OS and vendor.

In a recent speech Fixing Network Security by Hacking the Business Climate Bruce Schneier claimed that for change to occur, the software industry must become libel for damages from "unsecure" software, however historically, this has not always been the case, since most businesses can insure against damages and pass the cost along to the consumer.

The Ford Pinto and more recently the Ford Explorer's tires are two examples of public and media pressure being more successful than just threat of lawsuits. Even so, eventually though public pressure the governments around the world have to step in and pass regulations that set up a minimum set of requirements an automobile has to meet to be deemed "road worthy". This includes crash testing as well as the inclusion of safety equipment on all models. The requirement are not constant and change to meet the expectations and demands of the public and lawmakers.

The onus is not only on the automotive industry itself but also on the users. Most countries require that all automobiles undergo regular inspection and maintain an up to date "Warrant of Fitness".

In the same way, if you want a secure IT infrastructure, eventually the software design, implementation and each deployment will have to undergo the same type of regulation and scrutiny.

I wonder if he took into account the difference between remotely exploitable and locally explotable vulnerability?

I also wonder if he took into consideration the Window of Exposure between the discovery of the vulnerability and the release of the patch?

See Closing the Window of Exposure by Bruce Schneier , the security section of David Wheeler's "Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers! and also again visit the disproportionately high number of open vulnerabilities in its Internet Explorer.

Subject: "Opening the Open Source Debate"

Date: 31 May 2002 15:45:59 +1200

Some references you might wish to consider before publishing your article "Opening the Open Source Debate"

http://www.businesswire.com/cgi-bin/f_headline.cgi ?bw.053002/221502375

Bruce Schneier, one of the recognized leading expert on computer security on Kerckhoffs' Principle and Secrecy, Security, and Obscurity of software.

http://www.counterpane.com/crypto-gram-0205.html#1

Dr. Blaine Burnham, Director, Georgia Tech Information Security Center (GTISC) and previously with the National Security Agency (NSA), gives an keynote speech overview of current encryption and security technologies and outlines possible strategies for future defense.

http://technetcast.ddj.com/tnc_play_stream.html?st ream_id=411

Also you might wish to address the issue of Microsoft's disproportionately high number of open vulnerabilities in its Internet Explorer components. All of which where discovered without access to the source code.

http://jscript.dk/unpatched/

Richard Purcell, Microsoft's director of corporate privacy, has recently stated that any major improvement in regard to the security of it's products may be at least "5, 10 years, maybe".

http://www.businessweek.com/technology/content/may 2002/tc20020523_6029.htm

As for the issue of Trojan horse injection into open source code, it is far from being an open source only issue.

http://www.eeggs.com/

Or were all the "Easter Eggs" currently found in Microsoft's products officially authorized?

If you are looking for a methodology for providing a suitably secure and hardened solution, start with a real world example.

http://www.openbsd.org/security.html

I welcome any open debate.

I forgot to mention: the co-host is *not* internet routable: put a second NIC in the web host, and hide the co-host behind that. Anything touching the co-host other than a decrypt request should trigger a shut-down: John Q. Hacker roots your web server & database, sees requests going to the co-host, pokes it a bit to see what it is and in the process shuts the box down cold.

Not perfect security, but done right unlikely to be the weakest link: a determined hacker will root your web server and simply copy all of the credit card numbers as they are used, by backdooring your e-commerce application.

But at least that's a trickle: you lose numbers to him as they are used, rather than your whole database at once. Read Bruce Schnier's stuff about all security being target hardening.....

This all assumes that the terrorists will not try to fool the system. If a face recognition system was implemented at a given place, don't you think the terrorist would try to fool that system in some way with some kind of "fake faces"?

I assume that fingerprint readers should be much easier to make than this technology, correct? The fact is that those can be *very easily* fooled too! Read the latest Crypto-Gram newsletter for a story about how easy it really actually is - it's so easy it's almost scary.

How easy will it not be to fool this then?

Bruce talks about 99.9%, so there's 0.1% left, not 0.01% as the story says right now.

No, sorry, just read Bruce's Cryptogram

Suppose this magically effective face-recognition software is 99.99 percent accurate. That is, if someone is a terrorist, there is a 99.99 percent chance that the software indicates "terrorist," and if someone is not a terrorist, there is a 99.99 percent chance that the software indicates "non-terrorist." Assume that one in ten million flyers, on average, is a terrorist. Is the software any good?

No. The software will generate 1000 false alarms for every one real terrorist. And every false alarm still means that all the security people go through all of their security procedures. Because the population of non-terrorists is so much larger than the number of terrorists, the test is useless. This result is counterintuitive and surprising, but it is correct. The false alarms in this kind of system render it mostly useless. It's "The Boy Who Cried Wolf" increased 1000-fold.

He makes some good points here: Why Digital Signatures Are Not Signatures

"Anybody not using IPSec is an idiot."

The people using L2TP or PPTP would slightly disagree. ;-)

The people using PPTP would be slightly wrong.

Just bring out the fingerprint scans or retina scans, etc. and be done with it.

Heh, Trademarks are the only "IP" that actually are analogus to property, they have scarcity value. Others can't copy them without damaging thier value, to both merchant and customer.

Copyright and Patent, on the other hand, are flat out monopolies. And they were never intended to protect the individual vs. corporations. Which is good, because they never have.

Patents could still serve the original purpose (getting people to contibute useful inventions that they hold secret into the public domain), though the system badly needs reform. (example of why: The Patent King) Copyright is just plain obsolete, as far as the original purpose goes; Any author can publish themselves on the Internet for neglible cost, publishers are no longer needed as gatekeepers. As for insuring that authors get paid, Stephen King has tried variations on The Street Performer Protocol with satisfactory results (he was satisfied, he's the author, his is the only opinion that counts).

20 May 2002: There are currently 13 unpatched vulnerabilities in Microsoft's Internet Explorer. The lack of source code access provides no real defense.

See the latest issue of Bruce Schneier's Crypto-gram Newsletter

Secrecy, Security, and Obscurity

A basic rule of cryptography is to use published, public, algorithms and protocols. This principle was first stated in 1883 by Auguste Kerckhoffs: in a well-designed cryptographic system, only the key needs to be secret; there should be no secrecy in the algorithm. Modern cryptographers have embraced this principle, calling anything else "security by obscurity." Any system that tries to keep its algorithms secret for security reasons is quickly dismissed by the community, and referred to as "snake oil" or even worse. This is true for cryptography, but the general relationship between secrecy and security is more complicated than Kerckhoffs' Principle indicates. ...

Here's what Bruce Schneier has to say about the subject. On the one hand, Linux code is open and available to the bad guys. On the other, it gets a great deal of peer review (often while still in alpha / beta). Schneier's thesis is that in general expert peer review trumps "security by obscurity". Empirical evidence tends to bear this out.

he talked about countermeasures instituted against hackers, but doesn't want them openly published (security through obscurity, anyone?)

I'm quite tired of hearing statements like 'company X won't reveal Y; this demonstrates security though obscurity which everyone knows is bad.' Well, it's not! Your statement demonstates that you can echo the slogans but don't understand what security really means. I strongly encourage you to read a recent Crypto-gram by Bruce Schneier. You cannot apply the principles used for analyzing a mathematical system to all real world security issues.

Here is my take. And here is Bruce Schneier's..

Biometrics in general has a number of well-known problems, of which the most alarming (to me, anyway) is the question of what happens when, as is inevitable, somebody manages to steal your credentials (not by taking your finger or eye themselves, but hacking the Oracle database that will surely be at the heart of this thing.) From then on you may never be able to use your biometrics again, because now there's two of you out there. When your credit card number is stolen, you can get another one pretty easily. But, unfortunately, there is no easy way to get a new biometric ID -- it's your thumb, right?

Bruce Schneier has some smart remarks about this here.

Many of you have probably already read this, but here is an excellent newsletter on security and ID cards.

To paraphrase, the following questions must be answered for each proposed security measure:

1. What problem does it solve?
2. How well does it solve the problem?
3. What new problems does it add?
4. What are the economic and social costs?
5. Given the above, is it worth the costs?

Therefore, allow me to present three proposals that will not prevent copying, but will make it difficult:

• Encypted media - encrypt the media (music, video, etc.) using strong encryption. Do not provide a decryption key in the device. Thus, it will be very difficult for pirates to access the content. A minor side effect is that it will be equally difficult for consumers to access the content. I suspect that this will not present a problem to the entertainment industry. An added benefit, is that it will supply interesting challenges to the folks at Distributed.Net.
• Switch back to analog - CD's and DVD's are digital and thus perfect copies can be made. The industry can simply switch back to VHS tapes and vinyl records. As a bonus, their marketing departments can cite the advantages of the new analog formats and they can charge higher prices for it.
• Mandatory brain implants - the music must be decrypted before it reaches the consumers ears. Similarly, the video must be decrypted before reaching the users eyes. Turn this problem into an opportunity. With mandatory DRM devices implanted into the consumers brain, the entertainment industry can reach new heights of efficiency, productivity, and profit. Just think, if music is playing in a room, only the consumer that is licensed to hear it, will be able to hear it. Other consumers in the room will hear nothing at all. Of course, this solution will require international cooperation - so that eventually, everyone in the world must have a DRM device implanted in their brain. But an industry that created worldwide DVD regions is surely up to this task.

1. He'll have an awfully difficult time convincing his bank that this s00per d00per 007-type system can be cracked so easily. "We think you really DID buy 100 copies of Debbie Does Dallas and you're just too embarrassed to admit it!"
2. Even if he convinces the bank, he can't exactly get new fingerprints issued. His only option is to have his fingerprint records removed from the bank's records entirely.
3. Even if he convinces the bank to remove the records, his fingerprints are probably in lots of other databases. As Bruce Schneier points out, biometrics make lousy keys, because even if they're sufficiently random, they're not secret. I've never been arrested, but I did spearhead protests against the Gulf War at my univeristy, so I have no doubt that my fingerprints are on file with the FBI, and probably a few other other .govs as well.

First off, the reason your security is broken is that you probably don't have a policy and if you do nobody understands it and if they do there's no QA ensuring that they follow it.

Good security starts with the establishment of a security policy followed by education and regular awareness events. Please be aware that paying someone a ton of money to pen. test and inventory your assets will *not* result in a stronger security posture all on it's own. You must have a policy in place and you must compel your users to abide by it (primarily through education, secondarily through threat of penalty). Consider hiring a CISSP or other certified professional to help you through this process. You might be able to find one in your area by using the ISC2 directory. SANS is doing some ISO certification as part of the GIAC program now and they may be able to point you towards some appropriate people as well. The ISSA might be able to help as well. As has been mentioned already, you probably don't want to entrust this to someone selling countermeasures or management services.

Understand, however, that you don't need a firewall engineer right now and you don't need some krad ex-hacker to pen test either. You need someone to help you get your house in order on the administrative side and then you can look into some detailed engineering and assessment. That someone should probably be an independent consultant or at least one working with an infosec specializing firm. If you want a couple bigger names there's @Stake, Booz Allen Hamilton, and Predictive, however, I would encourage you to seek out a local independent with good references.

Any knucklehead can run Nessus and patch systems. This alone does not equal information security. If you want a secure environment, start by defining what "secure" means within your environment.

Counterpane? Bruce Schneier's rep for security is certainly pretty strong. Oh, this is their website.

Audits suck in my opinion, I would go with a managed security solution like Counterpane.

Bruce Schneir's company, counterpane can probably help you.

It's interesting to hear Mr. Valenti of the RIAA admitting this, because it basically implies that they don't own anything. I'm sure he did not intend to make that point, but he did.

Sure, the RIAA keeps trying to impose copy protection on their content, but as Schneier eloquently explains, their efforts are futile:

... software content protection does not work. It cannot work. You can distribute encrypted content, but in order for it to be read, viewed, or listened to, it must be turned into plaintext. A clever enough hacker with good enough debugging tools will always be able to ... capture the plaintext after decryption. And he can write a software program that allows others to do it automatically. This cannot be stopped.

Check out the Street Performer Protocol. Pretty cool idea in my opinion, but will take a critical mass of support and interest to get off the ground.

Would it bother you if somebody could just take that paper and get an A too?

I agree that this is an inaccurate analogy. I don't have the ability to sell millions of copies of my A paper and collect royalties not commensurate with the effort I put into it.

Even if I could, what about all A minus papers, who'd be locked out of all that moola? The system as it is set up right now discriminates against small and non-mainstream artists.

I suggest boycotting popular music, at least the major labels. C'mon, it's not THAT good. I've heard lots of unknowns who are as good IMHO as the big names.

Another suggestion: support alternate funding of artists, for example The Street Performer Protocol.

I'd personally feel a lot less invaded if I knew the system was in place and in this form.

I'll personally continue to encrypt my emails - as many as possible of course.
Routine use of encryption (like for the one-liners) defeats to some extent traffic analysys.

The recent improvements in factoring (look here and here) don't affect 1536- or 2048-bit keys (or larger). For the time being, public-key encryption is the best means of protecting your e-mail privacy. Don't rely on some guys' kindness - with a little effort you can be sure your nosy admin/ parent/ spouse/ street cop won't "accidentally" read your stuff.

http://www.gnupg.org

There's also the concept of "need to know". If the concept works for world affairs and national security, i'm fairly sure it can work pretty well for plain-jane trucks.

My point isn't that secrecy and obscurity are useless, my point is that they need to be supported with additional protection. Secrecy alone is too easy to defeat. Eventually someone has a valid "need to know", and some of those people will be corruptable.

But if you're relying on it as your sole defense, you're foolish.

Foolish is making assuptions about things that were not asserted.

My apologies if I wasn't clear. That particular point wasn't intended to be directly targeted at the "secret routes of regular trucks hauling dangerous / secret / valuable things" example. My point is that secrecy and obscurity are very weak if they are the only defense employed. As a first layer of defense obscurity is a good tool for weeding out many attackers easily. This applies to computers and real life. Changing the banner sendmail emits won't even slow a dedicated attacker, but will reduce attacks from script kiddies.

In the example of hauling valuable goods, if someone were to rely strickly on the secrecy of the route, a dedicated thief could eventually find the truck. Varying the route helps, but only increases the difficulty of finding the truck, it doesn't make it impossible. However, I suspect most of these "plain-jane" trucks are not as plain as you claim, and the shipments are further supported by a system to protect it. Off the top of my head, I can think of a number of low cost things that could be done to protect the trucks: Equip the driver's with cell phones, if anything odd happens, call it in. Equip the trucks with GPS systems that constantly call a central base with their location. Put really good locks on the doors. Add a "panic button" that sets off internal sirens (a standard car alarm would work fine) and contacts the central base. Set up a system where the driver is expected to call in its status regularly. If he misses a call, start following up on the situation.

Well, yes and no. He's certainly saner than Yourdon, but he does like to sell his monitoring service. Are we really secure? Schneier likes to wring his hands and worry alot too. I love the bogus counter clicking off the number of network events the company monitored. Sheesh. I guess I shouldn't be so negative. Security is important and you do need to make this obvious to people. But I wish there was a way that didn't involve being a scare monger.

This is very useful. Damn Useful.

here is part of the info from the RFN story:

Here is Bruce Schneier's five step process, in brief.

This five-step process works for any security measure, past, present, or future:

1. What problem does it solve?
2. How well does it solve the problem?
3. What new problems does it add?
4. What are the economic and social costs?
5. Given the above, is it worth the costs?

Take step one above, for example. Here is part of Schneier's comment on it:

Step one: What problem does the security measure solve? You'd think this would be an easy one, but so many security initiatives are presented without any clear statement of the problem. National ID cards are a purported solution without any clear problem. Increased net surveillance has been presented as a vital security requirement, but without any explanation as to why.