Slashdot Mirror

The article is also available at his blog.

Yes, I admit it: I respect him, and have subscribed to the newsletter for years.

June - Cloud Computing
July - Risks of Cloud Computing

June - Cloud Computing
July - Risks of Cloud Computing

Yeah, but illegal drug use, generally speaking, is rare, and when true positives are rare, the base-rate fallacy takes over, so to speak.

Put another way: the test had better be EXTREMELY good and EXTREMELY specific, or it won't be even remotely useful.

This was something that was discussed in Bruce Schnier discussed in his book ( http://www.schneier.com/book-sos.html ). Preventing people from taking liquid onto an airplane is just going to end up with more booze sales and anybody who truly wants to get a liquid onto an airplane for horrible reasons is still going to be very difficult to stop.

I thought this was a very insightful comment so I sort of cross posted it with attribution to Schneier's blog. No mod points because I have bad karma. :(

http://www.schneier.com/blog/archives/2009/07/another_new_aes.html#c387128

Sorry.. to clarify my own post I said the second stated option for short term fixes would be to create a Double AES standard that "doubles up the key size and per block passes". That was actually partially incorrect; the proposal was to double up the AES passes with a single key, e.g. C = AES(K,AES(K,P)) to encrypt P to C.

http://www.schneier.com/blog/archives/2009/07/another_new_aes.html#c386973

Schneier directly referenced this comment in answering the question at the BlackHat talk.

I don't know.. I've heard bad things about that Bruce Schneider guy. Now, Bruce Schneier on the other hand!

Even Bruce Schneier ignores these warnings:
http://www.schneier.com/blog/archives/2008/12/forging_ssl_cer.html

EDITED TO ADD (12/31): While it is true that browsers do some SSL certificate verification, when they find an invalid certificate they display a warning dialog box which everyone -- me included -- ignores.

Bruce has blogged several times over the years, about the problem of false positives:
Here are a couple of them:

http://www.schneier.com/blog/archives/2005/01/terrorism_false.html
http://www.schneier.com/blog/archives/2005/03/nuclear_terrori.html
http://www.schneier.com/blog/archives/2009/04/dna_false_posit.html

Bruce has blogged several times over the years, about the problem of false positives:
Here are a couple of them:

http://www.schneier.com/blog/archives/2005/01/terrorism_false.html
http://www.schneier.com/blog/archives/2005/03/nuclear_terrori.html
http://www.schneier.com/blog/archives/2009/04/dna_false_posit.html

Bruce has blogged several times over the years, about the problem of false positives:
Here are a couple of them:

http://www.schneier.com/blog/archives/2005/01/terrorism_false.html
http://www.schneier.com/blog/archives/2005/03/nuclear_terrori.html
http://www.schneier.com/blog/archives/2009/04/dna_false_posit.html

Wow. I don't think you understand what full disclosure is and what they are allegedly advocating.

Nope. He has it right, you have it 100% wrong. The ATM issue is a perfect example. That vulnerability was disclosed to the vendor eight months ago and they haven't done jack shit. Now the threat of full disclosure - to the entire world - has caused the vendor to get an injunction to prevent disclosure. Where is the fix? I still don't see a fix. Under your theory of "full disclosure is just another word for limited disclosure" the vendor would have fixed the problem long ago.

It rarely ever works like that and we have 30+ years of history to prove it - the security industry used to work the way you wish and the results were the same, vendors didn't do shit. The only time a fix comes is when the vendor knows that the only way to stop the script kiddies and all the serious blackhats is to actually fix the problem instead of sitting on it. Without at least the threat of true full disclosure vendors won't fix their problems, they don't have enough of an economic incentive to do so.

Providing the public with a warning that a vulnerability exists is not unethical and neither is providing information to the vendor but providing full exploit information is not only unethical but completely useless to the end user and places them at additional risk.

Without the threat of true full disclosure, nothing ever comes of limited disclosure.

expectation of privacy

You and the government keep using those words. I do not think it means what you think it means, and Scalia's shitfit proves it.

Also, I suspect that the majority of the public do not realize that they can be tracked by their cellphone, so they clearly not "explicitly granting" any such thing.

With easy (which comes with legal) copying, just one good quality bootleg (as in, stolen film reel or disk, not camera-in-a-theater) and tons of people won't bother with a theater.

Don't worry, that'll change soon enough. :)

Here, the man said it better than anyone:

"And that's the key to understanding [Digital Manners Policies by Microsoft]. Don't be fooled by the scare stories of wireless devices on airplanes and in hospitals, or visions of a world where no one is yammering loudly on their cellphones in posh restaurants. This is really about media companies wanting to exert their control further over your electronics. They not only want to prevent you from surreptitiously recording movies and concerts, they want your new television to enforce good "manners" on your computer, and not allow it to record any programs. They want your iPod to politely refuse to copy music to a computer other than your own. They want to enforce their legislated definition of manners: to control what you do and when you do it, and to charge you repeatedly for the privilege whenever possible." (-- Bruce Schneier http://www.schneier.com/essay-224.html)

To clarify the birthday problem is fundamental and it basically means that even in good algorithms one *on average* needs to check half of the possible key space to brute force the key.
 

In not-so-good algorithms (for example uneven distribution of keys) one can tune the search space and get away with checking much smaller amount of keys than half of the theoretical space.
 

And as stated earlier, cryptographers will consider an algo broken if there exist an attack that is better than pure brute force (need to check less than half of the keys), practical attacks are a wholly different matter.
 

And what comes to the MD5 debacle, it was known to be broken for ages and still was used for new certificates, that's just stupid. Granted SHA-1 is also broken, but for it there are no practical attacks, RIPEMD160 has no breaks yet but it seems it's not officially supported in SSL.

Disagree. It should be a government issue, but not solely a government issue and certainly not a clandestine government organization issue. Information and Network Security should be shared and handle by all end-points, government, commercial and private; and they should all work together and share information openly.

Bruce Schneier has an interesting essay which touches on this subject. http://www.schneier.com/essay-265.html

An interesting fact is that terrorists are also like that : they adapt faster to security measures than governments. As Bruce Schneier said[1], it's all about defending against what the terrorists did last time. You shall never underestimate creativity for evasive maneuvers.

[1] http://www.schneier.com/blog/archives/2009/06/fixing_airport.html

The one-time pad is a theoretical base case that has virtually no useful applications. Even Bruce Schneier says so: http://www.schneier.com/crypto-gram-0210.html#7

Sure, being the RTFA troll, I read the article. But that still doesn't convince me. The keyboard press is a brief instant on a device which is easy to place more or less out of line of sight. A visible password on a screen is present for a long time and there are a number of interesting ways to capture this. Whilst keyboards are not perfect I think that some protection is worthwhile. One thing is for sure. Nobody is going to remember to turn this on when they are in public and your password only needs to be captured once.

One thing that might be a possible compromise is the system the mail client on my Nokia phone uses. The most recent character entered in the password is displayed for a short time. I can see each individual character, but the entire password is not exposed. I worry on the subway, but since it's a personal device it's easier to make this difficult to see.

Or take another example: airport security. Assume that all the new airport security measures increase the waiting time at airports by -- and I'm making this up -- 30 minutes per passenger. There were 760 million passenger boardings in the United States in 2007. This means that the extra waiting time at airports has cost us a collective 43,000 years of extra waiting time. Assume a 70-year life expectancy, and the increased waiting time has "killed" 620 people per year -- 930 if you calculate the numbers based on 16 hours of awake time per day. So the question is: If we did away with increased airport security, would the result be more people dead from terrorism or fewer?

"The information about an individual should be the property of the individual, not the company (or govt. agency) that holds and collects it."

I couldn't agree more. It's not just a fancy idea you propose here, but it is a very fundamental issue for individual freedom. It is a matter of basic human freedom and dignity to be in command of your own representation, be it physical (i.e. dress code), digital or otherwise.

The current way in which organizations are collecting and storing many individuals' descriptions together in an aggregated, centralized database of some sort, is a remnant (unnecessary continuation) of our pre-internet past. Presently, it should not be as difficult or expensive to consult many individually authored, disparately stored representations of the many clients an organization has (like you and me). Each individual should be free (as in freedom) to create his/her own representation, kept at a provider of choice (or DYI), which could then be (partially) exposed (if so desired), to the many organizations that provide their service to you.

This ideal situation would ultimately shift the power from the organizations who now own your data (but don't have any incentives to care about it, as Mr. Schneier recently observed) to you and me, the people being represented. I am, like you, very concerned with the fact that the data which is supposed to represent me, is not under my own control.

  -- aadrink

The generally accepted stance on voter security (as I understand it from reading Bruce Schneier's blog and Ed Felten's blog is that what is important is that a vote get recorded accurately, that a user can verify (at the time of casting but not after) that the vote they're casting is the vote they intended to cast, and that we be able to ensure a one-to-one correspondence between votes and voters. That doesn't mean that we can map votes to voters later. Such a capability may be useful, but the security concerns (voter coercion, mostly) would outweigh the auditing benefits.

Think of the paper ballot example. Assuming users actually use the ballots correctly (obviously a huge assumption and one that doesn't play out in practice, but work with me here), you have an accurate, auditable record (a recount is meaningful because it has the potential to discover mistakes of the original count) of the voter's decision. At the time of casting the ballot, the voter can verify (if they so choose) that the ballot accurately reflects their choices. We have one-to-one correspondence because other measures were taken to ensure that each voter received one ballot. When the voter casts their ballot, their vote is recorded, but there will never be any way to trace back the choices that the voter made back to the voter. The voter isn't subject to coercion from, say, a shady employer who threatens to fire any employee who doesn't vote for Candidate A. Employees can lie to their employer about who they voted for and (this is important) nobody has the ability to retrieve the voter's vote to prove/disprove the voter's claim.

As I see it (though IANAExpert), the proper way to do an electronic vote is to tally votes electronically in a moderately secure environment ("absolute" security would be counter productive, IMO), but to print out a physical record of votes recorded by a machine which is verified by the user and dropped in a ballot box. If there's dispute with the machine tally, you have an auditable record to check the dispute against. If you ask a machine to do a recount of the 4,328,512 votes that it took (which seems like a strange number of votes to record in a precinct with 715,386 eligible voters), it's going to give you the same numbers. Sure, you may know fraud happened - but there's nothing you can do about it.

Read at least the closing 2 paragraphs of each of these essays:

http://www.schneier.com/essay-096.html
http://www.schneier.com/essay-038.html

You apparently think Bruce is a moron too.

Read at least the closing 2 paragraphs of each of these essays:

http://www.schneier.com/essay-096.html
http://www.schneier.com/essay-038.html

You apparently think Bruce is a moron too.

Strongmail isn't the "best" (whatever criteria you use for "best") webmail site for "security" (whatever your definition of "security"). It's proven that it's easily cracked, and that is in and of itself a stay-away sign.

I highly recommend Bruce's blog at http://www.schneier.com/blog/.

E

"I think that this story is half bogus. PIN numbers aren't stored on a debit card"

But if you have a keylogger installed on a compromised XP system then you can read it off as they are typing it in.

"When a PIN number is typed into an ATM machine it is automatically encrypted by a 3DES encryptor on the PIN pad"

Do you have any citations for this?

'Abstract. We describe new attacks on the financial PIN processing API'

Just because a guy put a bomb in his shoe does not mean the next person will put a bomb in their shoe. If the confiscated liquids and plum jams are so dangerous that they can't be allowed on planes, why are they just chucked in a bin and not disposed of by the bomb squad? Answer, because it is total BS.

If you are really interested, here is some good info:

http://www.schneier.com/blog/archives/2006/08/terrorism_secur.html

I actually used David Brin's quote in the article summary. Oops.

"David Brin, keeping on the topic of empowering citizens with mobile phone technology, delivered a self-described 'rant' on the lack of funds being spent to support citizen reservists to back up the military, homeland security officials and first responders in times of crisis. 'It is impossible for you to succeed without us!' he shouted at the assembled officials, while banging his fist on the table and at one point jumping off his chair to wave a mobile phone in their faces."

The original link from National Defense Magazine is dead, but you can see the comment thread on Schneier's blog here. Schneier's entire entry was just a link saying "This is embarrassing."

3. Has anyone ever done a study (a real study) of the effectiveness of security cameras at preventing crime? Any sort of crime.

Here you go, that's web economy for you (two answers in one link).

Have a nice day.

You can read the rest of Schneier's blog post "Attacking the Food Supply".

These kind of discussions often end up with someone quoting the Asimovian three laws and this even happens on forums with relatively intelligent informed readers but, apart from the fact that laws designed to ensure safety can't really apply to a device designed for killing, that's totally irrelevant since the three laws are stated in English. The real problem is how to state them in actual program code.

The second and third laws could still apply though. The whole "shall not harm, or by inaction allow harm to come to, a human being" law does make for a fairly useless war machine, but you'd want to hardcode the robot to follow orders from a human operator and preserve its own integrity.

The second law is at least easy to approximate in modern code. If a given order with the right authorization is received through whatever channels the robot is designed to listen to, then it obeys. That actually could be a problem if the machine is used against an enemy with significant electronic warfare capability - they might be able to block orders entirely or substitute new ones.

There's a world of difference between a machine autonomous enough to need ethical programming and what we have today. I could fairly easily envision a combat robot that had nothing even remotely approximating strong AI, yet still functioned autonomously (would need general orders, but not step by step instructions). A sort of middle ground between an Asimov robot and a modern combat drone.

For ground robots to fill the role of infantry or armoured vehicles, you'd need some fairly advanced terrain navigation software. This isn't too far off, but we're not there yet. You'd need software to evaluate standing orders versus mission orders and prioritize them accordingly, which seems like it could be accomplished with modern code. You'd need to be able to phrase instructions in a way that a machine can understand, which is as you rightly pointed out difficult, but obviously still possible.

The real challenge is going to be IFF software - how do you judge a civilian from a combatant, or one side's soldiers from the other? This would be on par with robotic ethics, but target recognition is bound to be simpler to program than right or wrong.

If those problems were solved, then a combat robot could operate on orders that amount to "proceed to the following GPS coordinates, engage targets, report back."

My own estimate is that we'll reach this middle ground in a matter of decades, if we're quick about it. We'll doubtlessly see fully autonomous aircraft before ground units - say at least 5-10 years between the former and the later. Will we ever see strong AI deployed independently in warfare? I doubt it. No commander is going to trust a machine that implicitly. What we may see is a centralized strong AI used to manage a network of drones and soldiers, since that at least leaves human decision making in the system.

A robot is pretty much defined as a device with sensors which acts independently on them. The US Army predator drones are able to land on their own with no operator input and as such definitely count as robots. However, most do not kill automatically, but there seeem to even be some which do that.

However, I think you are right in a deeper way. None of these things are "intelligent" robots in the sense of Asimov stories. The story has a discussion about the possibility of designing these robots to make ethical decisions but one which ignores the fact that these are hard AI problems over which there has been practically no progress since the dawn of computing. These kind of discussions often end up with someone quoting the Asimovian three laws and this even happens on forums with relatively intelligent informed readers but, apart from the fact that laws designed to ensure safety can't really apply to a device designed for killing, that's totally irrelevant since the three laws are stated in English. The real problem is how to state them in actual program code.

I bet Bruce Schneier will post on how bad an idea this is any hour now. Some classic Schneier: "Why Technology Won't Prevent Identity Theft" http://www.schneier.com/essay-255.html ...and what about the old-fashioned Law of Large Numbers? If you give 390,000 people access to something, the chance that some of them are criminals is: 100%! (Rounded to the nearest six decimals or so.) Simply because there are 390,000 of them.

Take out the yellow ink or toner. Copy only with a black and white copier. This article is about laser printers but the same thing would work for inkjet: http://www.schneier.com/blog/archives/2005/10/secret_forensic.html

Well, if we assume the machine was sensitive up to the LD50 for ethanol of 0.5% BAC, then with only 4 bits of precision the uncertainty just from the rounding error is comparable to the difference between being over the limit and being completely sober. This was covered in the comments on Bruce Schneier's blog. That one's probably wrecked a few peoples' lives too.

This comment to Schneier's blog post might shed some light on the biggest bug in the code. If a user of the device is in one of the only *eight* ranges that the device recognises, there's a 60% chance they're below the legal limit when it will register as above the limit.

(Of course, that analysis relies on a couple [reasonable] assumptions about the range of the device that may or may not be true.)

He mentioned last year about the last security czar who had no security experience, but didn't do his rant right then. And his rant should be good. `8r)

He mentioned last year about the last security czar who had no security experience, but didn't do his rant right then. And his rant should be good. `8r)

In terms of commercial spending, "security" has so far been an excuse to spend a bunch of money and check a lot of little boxes.

Bruce Schneier addresses this and other related security issues on his blog and in his books; among them the tendency of companies to treat security as a "product in a box" which can be purchased, turned on, and then forgotten about instead of as way of thinking and doing business so that security becomes ingrained into the corporate culture out of habit and practiced effort.

From Bruce Schneier

Cloud computing services like Google Docs, and social networking sites like RealAge and Facebook, bring with them significant privacy and security risks over and above traditional computing models. Unlike data on my own computer, which I can protect to whatever level I believe prudent, I have no control over any of theses sites, nor any real knowledge of how these companies protect my privacy and security. I have to trust them.

But really, does anyone with sense think your data is secure when it's somewhere else that you don't control?

"The device is said to be in the final stages of development at the National Security Agency, which will check that its encryption software meets federal standards. It might not be ready for months"

Really, I would have thought it would be less secure after the spooks got their hands on it. As such I have corrected the title.

When a group that exploits a communication network system for information is also in charge of its security, what happens when a weakness is found? Do you:

A) Keep the weakness secret so you can exploit it.
B) Publish the fix so your networks are fixed, but also allowing those you may be monitoring to fix as well, and cut off an information source.

Bruce Schneier has a great commentary on this at his blog.

> Brazil?
What do you know of Brazilian techies? Ever worked with Brazilian engineers? Ever been to Brazil? I can assure you they are every bit as good as any Chinese, Russian, American, Indian, Brit, Czech, Japanese, or Pole I've worked with. Slashdotters may also be interested to know that Brazil has a very open-source, creative-commons sort of culture.

> And not an organized military either. Pirates.
It's likely that the recently reported Chinese cracks of US military systems were freelance.

So the decision to be anonymous on facebook has an entirely different meaning than the supermarket. It is far from paranoia, even more so when you think of all the new ways this information could be used ,in the future. And of course, the thing that really matters here is politic: by setting up an anonymous account on facebook, you can lead a political life, convincing people to go to protests, or to vote or donate for a cause. It is a pretty new thing to be able to do so anonymously, and there is nothing cowardly about it when you see how scientology (for example) illegally harasses opponents.

Even minor advances in data mining and/or loosening of privacy laws could enable the dots to be joined on "anonymous" sets of data. It's already kind of possible and I've no doubt that were someone (e.g. government) to get access to that Facebook account data, they could use common sense, word scanning and data mining to tie it together with identities on the same or other websites.

Matter of fact, I suspect that it may even be possible- if not now then in the very near future- to do something similar by grabbing and standardising the existing data presented by a standard Facebook page.

Let's use pattern matching to tie together one or more accounts where you mention or discuss your favourite films. Or bands you like, activities you enjoy, organisations you support. Even if there's nothing concrete from comparing two simple lists on two accounts, you can use data mining on multiple attack vectors and use statistics to spot possibly or probably connected accounts. Which- like doing a jigsaw- makes it easier to make more connections, and so on.

Once you've connected one or more that directly or indirectly gives your identity away, the game is up and there's a nice fat mass of interconnected information about you.

Unless you're being very careful in the way you use such services and how you isolate them, their "anonymity" may present a feeling of false security that will seem laughable in a few years time.

And remember that even if you realise this after a while, you've already put a lot of (not really) "anonymous" personal information already out there, potentially just as dangerous as having done it under your own name.

It is worth looking at Bruce Schneier' view of this: http://www.schneier.com/blog/archives/2009/04/us_power_grid_h.html The point being that there are no control/SCADA systems on the grid which are also connected to the internet.

"Schneier is a computer security expert, not a geo-strategist, and he was wrong about Iran's lost connectivity a few months ago when we all discovered the high frequency of Internet cables malfunctions"

In what way was Schneier wrong about Iran and how does not being a geo-strategist relate to the validity of the claims that China infiltrated the US power grid?

Original article by John Goekler: http://www.counterpunch.org/goekler03242009.htmlhttp://www.counterpunch.org/goekler03242009.html

Of the top things to be scared of there is no mention of terrorism. But watch out for family members! "Over 16,000 Americans will be murdered this year, most often by a relative or friend."

a DDOS attack against the NYSE trading network
-- netruner

The NYSE and NASDAQ networks are isolated from teh interwebs for that very reason. It is also against the exchange rules for the floor traders to have cell phones that can get an outside line (off the floor, that is).

The only areas of vulnerability (for NYSE) are a Timothy McVeigh-type U-Haul assault, a sufficiently-large HERF gun blast aimed at the building or an attack on the power plant across the river. The entire internet could die in a massive DDOS fire and it would affect only the schlubs trying to buy more shares of EAT for their eSchwab IRAs. The brokerage houses either have direct access (i.e., OpenBloomberg or Instanet) or would continue to use their phones.

...but that won't stop the government for planning for Movie Plot Terrorist Scenarios, wasting money and burning our rights unnecessarily in the process.