Slashdot Mirror

If you travel enough to need a laptop you should understand that if/when you cross to the US from any other country the US security/INS/customs people have recently been given pretty much carte blanche to seize/browse/copy the contents of your laptop (and your MP3 player and video/still camera, cell phone, etc. - in the same way they can look through your luggage) so you should not have things that are secret or "secure" or personal on it anyway.

"Normal" PCs can be bolted down with various devices to keep them from being removed - and in some places should be.

Laptops - even the ones that masquerade as "real" PCs should not be considered primary holders of data - so either you should not care (because they don't hold data) or you should not be accessing them remotely (access the data directly via VPN or... - not via your laptop sitting on your desktop where it should not be)

If all you have is a hammer, the whole world looks like it should be put together with nails - if all you have is a laptop the world looks like it should cater to your inadequacy. You're asking the wrong question.

The question should be "why is my employer forcing me to only use a laptop?"

REAL ID
National ID Cards
Identification and Security

REAL ID
National ID Cards
Identification and Security

REAL ID
National ID Cards
Identification and Security

http://www.schneier.com/blog/archives/2008/03/quantum_computi_1.html

I couldn't help but wonder how you reconcile your security mindset with an open wireless network at home. A while ago you proposed an open network in the name of politeness http://www.schneier.com/blog/archives/2008/01/my_open_wireles.html

Hope they are careful about what they're buying...

I suggest reading "A Security Market for Lemons" by Bruce Schneier. (aka the author of Blowfish)

http://www.schneier.com/blog/archives/2007/04/a_security_mark.html

There ain't no resetting fingerprints!

Couldn't help but think of Men in Black here.

Bruce Schneier does make one good point, though: Biometrics can also work when you can verify the source. That is, fingerprint scanners work fine when you can verify that it is actually the person's finger -- as in, you have a guard standing there while people scan their fingers.

However, when the purpose is to secure something which might be stolen (like a USB key or a laptop), they make no sense at all.

When will fingerprint "security" die?

Obligatory links:

http://www.theregister.co.uk/2002/05/16/gummi_bears_defeat_fingerprint_sensors/
http://www.schneier.com/crypto-gram-9808.html#biometrics

It's important to understand that your fingerprints aren't secrets. You put them on thousands of objects every day. You can't create any security based on fingerprints unless you can assure that the reading device isn't tampered with. By placing a guard (a person) there or something.

Definitely worth the trip, as others are saying.

One thing I wondered about when I was there: SIGABA/ECM was touted by our tour guide as something which still hasn't been broken, even with modern computers. This seemed unlikely to me, especially after realizing how easily Enigma can be bruteforced (given any known plaintext) -- but then I read about Solitaire/Pontifex in Cryptonomicon, and it makes me wonder...

Do you really think that people who are too ignorant to change the SSID of their router are going to think to go look at the logs to see if anyone else has been using it? As long as you don't do anything illegal that results in their computer equipment getting seized by the police, chances of them noticing are incredibly slim - unless you hang around outside to do some surfing, which is not what the original poster was talking about. I seem to recall one of the cases that you couldn't be bothered to Google was based on someone seen sitting in a car with no apparent reason to be in that location. But if you've got a portable device that's just receiving e-mail as you travel past - well, it's like speeding: It may be illegal, but your chance of getting in trouble for it are very low.

But slippery slope arguments are not automatically fallacies. When the relationship between the steps is clear enough, it's a proof by induction. When the historical evidence is compelling enough, it's something you should pay attention to, or realise that you're going to be repeating the past.

Hold on now... no one proposed "hacking" anything so comparing it to "hack[ing] a satellite box" is absurd. The description of how the "hardware" (more than hardware actually) works is extremely relevant... in this case one item is advertising availability and another device says "hi here's who I am (mac address) may I have access?" and the first device responded "certainly, here is an IP address and other info (dns, etc)". IANAL, but that sure sounds like an agreement was made (as opposed to your stealing a bike example because no one *offered* a bicycle and no one *asked permission* to use it and no one *granted* such use).

Also, I suggest that many people intentionally leave their access points open as a form of hospitality, etc. One very public example is security expert Bruce Schneier http://www.schneier.com/blog/archives/2008/01/my_open_wireles.html . So one does NOT need to assume that the person offering an open access point is "ignorant". Clearly the temporary use of the offered access is not ironclad "exploitation of ignorance".

Absurd or greedy use of an offered courtesy (e.g. downloading such massive amounts of data that cause degraded service to others or surcharges) is inappropriate and impolite but that does not automatically make something illegal. For example if cookies are offered for free I don't let my children take all or even a large portion of them; however I would be shocked if someone suggested that someone taking most or even all of the offered free cookies was a thief and should be prosecuted.

Also, your assertion about legal responsibility for what occurs through one's access point proving use of open access points to be illegal seems extremely questionable at best to me and most likely IMHO not relevant to whether or not use of an open access point is "theft" like stealing a bicycle.

Devil's advocate: What attributes? Being brown?

This is what vigilantism looks like.

I'm not so sure. Your argument rests on the assumption that the terrorists make well-reasoned decisions to further their cause. They do have objectives -- "get out of the Middle East, U.S!" -- but in my opinion they are horribly misguided in their decisions: If they wanted to reduce the U.S. military presence there, they sure as hell haven't succeeded.

Some people say, "the terrorists have succeeded beyond their wildest dreams." I don't think so. Rather, the current situation is a dismal failure for all involved, terrorists included. It's a failure for the U.S., which is now engaged in a bloody, costly (we have spent more than we did in Vietnam), no-way-out quagmire of a war. It's a failure for the extremists who downed those planes, who rather than convincing the U.S. to pull out of the Middle East has provoked it to deploy even more troops there. It is a failure for "Iraqi" civilians (even if no "Iraqi" ethnic identity really exists), who might have been oppressed under Saddam but who at least had electricity and drinking water. It is a failure for nearly everyone. The only reason this mess continues is that we, the extremists, and everyone else, are stuck together in yet-another (the world has so many) collective action problem.

[The list of those who have benefited from this situation is short -- mainly politicians (in the US and in the Middle East) and government contractors (Haliburton/KBR, etc) happy to multiply the terror and exploit the situation (see the BBC's The Power of Nightmares -- video here). But these people didn't engineer the attacks; they're just opportunists.]

I got a little sidetracked, but the point is this: The terrorists did not plan a well-reasoned attack to achieve their objectives; by most rational metrics I can think of, they have failed. Therefore, I wouldn't put it past them to do something stupid again -- like stage an attack which will ultimately make their task more difficult. That's the part of your post I was disagreeing with -- that these terrorists make smart decisions. I suspect they don't -- not because they're populated by stupid people (terrorists tend to be well-educated. I'm most familiar not with Middle-Eastern terrorists, but with the Japanese terror cult Aum Shinrikyo that released Sarin nerve gas on the Tokyo subway -- and that organization was full of Ph.D.s and physics students) but because their logical, analytical minds have been short-circuited by a seductive ideology.

In other words, we've got one group of people whose brains have been short-circuited by ideology and anger against another whose frontal lobes have been shut off by a hyperactive fear-and-stress center. I'm not counting on rationality from anyone.

Bruce Schneier discusses this with KipHawley, the head of the TSA and comes to many of the same conclusions.

Just again, this hints at the fact that TSA screening is at best a security simulation and not real security.

Meanwhile, check out this neat music video (via Schneiers blog).

That is, you can't hijack a plane with a knife, but only if you think you can't:

http://www.nzherald.co.nz/section/1/story.cfm?c_id=1&objectid=10491291

Via:

http://www.schneier.com/blog/archives/2008/02/hijacking_in_ne.html

No. I have read it here and here, but I'm not certain whether Vista actually does this or if it's just a massive fud campaign. From what I've read, it seems to be true. But as I said, I'm not 100% sure.

Bruce sold his company Counterpane to BT some time ago, and is now a BT employee.
BT is going to sell it's DSL users clickstream data to an advertising company.
This sort of thing seems to be a huge invasion of privacy, and part of the march of "inevitability" that this Brin guy seems to be selling books about.

So I wonder what Bruce has to say about Webwise, and if BT even asked him for his input on its implementation.

think of the long term strategic advantage gained by targeting a particular area there. One school perhaps, that covers a particular asian or middle eastern language. You can hamper intelligence collection significantly by one well placed attack.

And we're making it harder by disclosing more risks than ever to more people than ever. Not only does all of this disclosure make us feel helpless, but it also gives us ever more of those images and experiences that trigger the intuitive response without analytical rigor to override the fear.

Obscurity isn't an exclusive substitute for security.

But any good security model employs security in depth, including elements from security by design and security through obscurity. In fact, it's foolish to not do both.

I'm sorry, but the justification that anyone can get onto some ungated bases and drive/walk around is absolutely no excuse for Google Street View coverage of US military installations.

Terrorists

Drug dealers

Kidnappers

Child pornographers

http://www.schneier.com/blog/archives/2007/01/how_to_recover.html

it would mean that Microsoft is pretty much scrapping it's entire codebase for Windows and replacing it with a Unix or Unix-like architecture.

Hence the risk of the official interception and surveillance systems being suborned for non-official intercepts... (that's the amazing Greek Vodaphone network backdoor hack scandal... amazing stuff and frightening for those of us in corporate security...

Your position is basically a "who cares if i have nothing to hide" attitude. Bruce Schneier has an excellent writeup about the value of privacy here:

http://www.schneier.com/blog/archives/2006/05/the_value_of_pr.html

Basically, privacy is a right, not a privilege. It is not something that should be easily given away.

To answer your question, the idea is that other friendly governments (UK, Australia) do the eavesdropping on the US's behalf. The US does the same for them. They then share the information with each other. No laws were violated, and this is completely "legit".

Not sure if you've heard about echelon, but much of this global surveillance system is already in place today.

> Mental note: If I ever decide to have an affair, I'd better make sure I don't use a GSM phone.

If you were planning on using a CDMA phone instead, you should check what encryption is used. Most of the algorithms have been broken.

CMEA is extremely weak and was broken in the late '90s.
ORYX is also broken.

My understanding is that CMEA was "patched" up into SCMEA and ECMEA but I don't know if anyone has broken them yet.

Insightful: http://www.schneier.com/blog/archives/2007/01/in_praise_of_se.html

Cynical, but very funny: http://www.kuro5hin.org/story/2006/7/26/1497/94515

"The debate isn't security versus privacy. It's liberty versus control."

If they don't get it after you explain that, walk away, as you are never going to convince them.

On a related note... Humans are still the weakest link in any network.

While it is interesting to read about insecurities in wireless it always bears to mention that even many well configured wired networks are easily compromised through the human component.

I always think of this when reading about new network vulnerabilities: http://www.schneier.com/blog/archives/2006/02/proof_that_empl.html

http://www.schneier.com/paper-attacktrees-ddj-ft.html

Bruce also wrote about "attack trees". Having long passwords ONLY helps if the attacker has unlimited access to crack them. A simple WordNumberWord combination can give you enough security as long as each login attempt is noted and tracked.

If there is a 15 minute delay between every 3 attempts to login, and a HUMAN reviews the logs every work day, your online security should be sufficient.

You only need the 1024bit security when the attacker can download the file and crack it at his leisure. But then, the failure is that you did not prevent the attacker from downloading that file.

There will ALWAYS be some risk. What's to stop the attacker from kidnapping your CEO's daughter and demanding that he let the attackers use his laptop to access your databases? The key is REDUCING the threat. If 99.99% of the attackers out there are not skilled enough or motivated enough to get through your security, are you "secure"?

http://www.schneier.com/crypto-gram-0404.html#1

As far as the recent cable cuts go, what I am about to say is a conspiracy fantasy: I don't believe the U.S. is about to attack Iran. But if it were to do so, cutting off Internet might make good sense.

A couple of years ago, I attended a talk given by Iranian blogger Hossein Derakshan. He suggested that war with Iran would be much more politically difficult than the war with Iraq, because Iranian bloggers would tell the world about the suffering on the ground. And blogging is extremely popular in Iran. So, if the U.S. were to attack Iran, the aim might not be to censor what Iranians see of the rest of the world, but what the rest of the world sees happening in Iran.

There's some interesting discussion on Bruce Schneier's blog. I'm hoping Global Guerrillas will return to the topic also.

Adds the NIST SP 800-90 Elliptical Curve Cryptography (ECC) pseudo-random number generator (PRNG) to the list of available PRNG in Windows Vista.

Do they mean this one by any chance?

Slashdot has covered this before but, conspiracy theories aside, isn't the possibility of a backdoor enough to make this algorithm a misfeature?

Don't panic, it's not a security problem for you unless software developers choose to use it. I just can't see why they are giving us such a bad option.

Adds the NIST SP 800-90 Elliptical Curve Cryptography (ECC) pseudo-random number generator (PRNG) to the list of available PRNG in Windows Vista.

Do they mean this one by any chance?

Slashdot has covered this before but, conspiracy theories aside, isn't the possibility of a backdoor enough to make this algorithm a misfeature?

Don't panic, it's not a security problem for you unless software developers choose to use it. I just can't see why they are giving us such a bad option.

I am absolutely amazed and impressed that the TSA has opened their own blog to finally try and explain and educate their 'angry customers'.

In fact it is such a good thing, I can't believe they thought of it themselves.

Has this got anything to do with Bruce Schneier's interview with the TSA head, Kip Hawley?

Regardless of what people think about the TSA, this move is to be applauded. I hope it expands even further into other areas of government.

There are not to many people in the airport, there are too many people on no fly lists. Technically, one person is too many because proscriptions violate your right to due process of law as outlined in the bill of rights. There are 750,000 people slandered as fellons by these lists, so many that it's possible that too many of them could come to the airport one day and overwhelm the TSA agents there. I'm not sure what the real problem is, because people on the no fly lists are never arrested.

To recap, there are so many people on a secret, illegal list of terrorists who are so dangerous that they can't fly AND they are let go immediately AND there are not enough guards for them. Only someone working for Homeland Defense could worried about the details of such an idiotic task.

So how are you getting that onto the plane?

A blasting cap is very small... about the size of a crayon. It could be wrapped in cotton and stuck in a sock, for example. And then set off with a cell phone battery.

What I'm saying is if you're going to screen for explosives effectively, you need to screen everything: shoes, clothing, and even the body.

Whether or not screening for explosives is a cost-effective security measure for commercial air travel is another matter entirely. The Israelis who run El Al seem to think so, and the rest of the world's air transport system looks to El Al for leadership in security practices. Everybody, including Bruce Schneier, agrees that El Al's security measures are effective (but also quite intrusive).

Please mod parent up.

While on topic: http://www.schneier.com/blog/archives/2004/11/the_problem_wit.html

I get what you are saying about the potential for vote buying... and it is a Valid point.
But as a voter, that is so much less of a fear to me than the ability for someone or an entity to be able to electronically rig an election (if not just part). Allowing the voter to lookup to "verify" their vote choices *after the fact* is the point!
How do I know if my vote was electronically changed to a different choice than the one I made? Buy looking it up!
Using statistics to prove a system is secure sure sounds like telling an individual their vote does not count. I want to look mine up! After all the money spent on political ads and other advertising, there's no way for a specific voter to vbe able to verify their vote? Even my local cable company can look up mt account and verify what choices I made on my channel and data plan selections. I have had some of those changed without mt permission, I verified my choices and resolved the error. Verification is key to trust.
Now if someone or some entity is paying others for their votes and they want to use the 'verification' system to prove who they voted for... that's abuse and is already against the law in the US.

If I can account for my exact 'choices' and 'values' made at precise times and locations with a simple credit card receipt NOW, why not for my electronic vote!!!??
There is a real reason we do not have an accountable system in place. What could it be?
Furthermore, we need to verify identity with a fingerprint (or other not-exclusive-to-an-ID-Card biometric information) when we vote to ensure multiple voting abuses do not take place. Wait a minute... I do this *already* with my fingerprint whenever I cash a check at my local bank.. Why not for voting too??

Voting IS a National Security issue and therefore falls under the territorial umbrella of the NSA (just as cryptography strength verification or even how to securely up your Computer). http://www.nsa.gov/snac/
With the proven fraud methods illegal aliens (and legal aliens) have used before to vote in US elections, self-identification is also essential. (Just like with credit card use! Ever been asked for your Picture ID when using your credit card? Why not with voting?)
With current electronic voting systems I remain unconvinced that there is not the ability to alter the voting data after I make my choice.
I say prove it. What better way then to provide the voting citizen the ability to look up their data individually from a unique number given at the time of voting?
->Bruce Schneier's excellent essay addresses the real need for electronic voting devices to have: Accuracy, Anonymity, Scalability, and Speed. http://www.schneier.com/blog/archives/2004/11/the_problem_wit.html

If illegal vote buying takes place after the fact because users can look up their unique number given at the time of voting, pass harsh laws that make any adjudged vote selling a instant federal felony conviction unexpungeable from their permanent arrest records (felons in the US lose their right to vote, although certain former trial-lawyer politicians have been quietly seeking ways to allow non-citizens and felons to be able vote.)
You rarely hear about the theft of US Mail, and nobody in the criminal world wants a US Mail Fraud conviction. There are very harsh penalties for messing with the USPS.

Present electronic voting systems are unaccountable and therefore it might be hard to fint a security flaw and exploit it to alter the voting data (or to just change the data), but it is just too easy to get away with it!
There MUST be a permanent and unalterable when-cast vote record created *and* a way for each voter to verify that their data made it into the system precisely as they cast it. The Anonymity portion of my proposal is that the printed number is linked to what the vote choices were, not to the user's name.
The

This kind of thing is already happening with existing anti-terrorist radiation detectors, e.g.:

http://www.schneier.com/blog/archives/2005/03/nuclear_terrori.html

http://findarticles.com/p/articles/mi_qn4176/is_20041221/ai_n14588366

http://environment.newscientist.com/article/dn3150

While autorun is quite obviously profoundly dumb, it's also possible to create devices which do not use autorun feature and also exploit the OS directly over USB. I've discussed this a bit in my section on the "attack surface", currently here:

http://www.subspacefield.org/security/security_concepts.html#tth_sEc4.1

I'm going to incorporate these Microsoft vulnerabilities (centered around autorun) as well, to single it out...

Here's Bruce Schneier's article on a similar incident:

http://www.schneier.com/blog/archives/2006/06/hacking_compute.html

Actually it would still include paper. A paper receipt that cannot be altered, or maybe an email... this receipt is used by the voter to audit the system and check that their votes were properly registered in at least three of the public databases.

Alright, let me get this straight: Are these "public databases" exposed, in full? Are they simply every single vote, and who it was for?

If so, that kills your anonymity/secrecy. It now becomes possible for people to literally and directly buy votes, because they can make sure, when you come back out, that your vote was for the candidate they paid you to vote for.

I have designed a universal information architecture / system that engineers Big Brother out of the system and retains privacy and control of one's data, yet includes transparency. The voting system could use some of the methods and structure.

The system is autonomous, with anonymity yet also providing certification and verification.

I'll believe it when I see it. (Or specs, or a whitepaper, or an informal rant.)

It is also my understanding based on insight and thought from William Poundstone and others that we need to switch from plurality voting to range voting or instant-runoff voting.

Maybe so, but it doesn't solve the fundamental problems with the voting process.

As far as hacking the system we will award anyone several hundred thousand dollars that can figure out how to hack the system.

Read this.

They also have to create the counter measure, fix or methods to close the vulnerability to get the award.

Read this. A relevant excerpt:

You might think: "How does he KNOW that this is nonsense? If it's so bad, why can't he break it?" That's actually backwards. In the world of cryptography, we assume something is broken until we have evidence to the contrary. (And I mean evidence, not proof.)

Look, we both agree on what the perfect, ideal goal is. I'm not really sure it's possible -- in fact, I'm reasonably sure it's not possible, and that we can only get some rough approximation of it. So, when I say "nice try", I actually mean that I'm glad you're trying, but I sincerely doubt you've come up with anything fundamentally different enough to work.

Actually it would still include paper. A paper receipt that cannot be altered, or maybe an email... this receipt is used by the voter to audit the system and check that their votes were properly registered in at least three of the public databases.

Alright, let me get this straight: Are these "public databases" exposed, in full? Are they simply every single vote, and who it was for?

If so, that kills your anonymity/secrecy. It now becomes possible for people to literally and directly buy votes, because they can make sure, when you come back out, that your vote was for the candidate they paid you to vote for.

I have designed a universal information architecture / system that engineers Big Brother out of the system and retains privacy and control of one's data, yet includes transparency. The voting system could use some of the methods and structure.

The system is autonomous, with anonymity yet also providing certification and verification.

I'll believe it when I see it. (Or specs, or a whitepaper, or an informal rant.)

It is also my understanding based on insight and thought from William Poundstone and others that we need to switch from plurality voting to range voting or instant-runoff voting.

Maybe so, but it doesn't solve the fundamental problems with the voting process.

As far as hacking the system we will award anyone several hundred thousand dollars that can figure out how to hack the system.

Read this.

They also have to create the counter measure, fix or methods to close the vulnerability to get the award.

Read this. A relevant excerpt:

You might think: "How does he KNOW that this is nonsense? If it's so bad, why can't he break it?" That's actually backwards. In the world of cryptography, we assume something is broken until we have evidence to the contrary. (And I mean evidence, not proof.)

Look, we both agree on what the perfect, ideal goal is. I'm not really sure it's possible -- in fact, I'm reasonably sure it's not possible, and that we can only get some rough approximation of it. So, when I say "nice try", I actually mean that I'm glad you're trying, but I sincerely doubt you've come up with anything fundamentally different enough to work.

Absolutely correct.

And as Bruce Schneier likes to point out, if we can't keep weapons (improvised or otherwise) out of prisons, how can we have any possible expectation of keeping them out of airports and off of airplanes?

It's probably insufficient money to buy you a congressman or two to introduce the necessary changes to the laws concerned.

Because changing the laws or TSA guidelines to drop these required checks would probably be the best way - or at least the way that makes the most sense. The checks at airports don't provide much real security - mostly, they are there to provide a (false) sense of security. According to several reports, the checks don't actually catch most real threats at all (and even very low-tech threats like knives slip through a lot of the time), and are just costing everyone involved a lot of time/money. Also see snake oil security.

Not that the EU is much better in this regard btw - the ridiculous bans on liquids on planes are still in place, even though the European Parliament wants to lift those (at some point).

It's probably insufficient money to buy you a congressman or two to introduce the necessary changes to the laws concerned.

Because changing the laws or TSA guidelines to drop these required checks would probably be the best way - or at least the way that makes the most sense. The checks at airports don't provide much real security - mostly, they are there to provide a (false) sense of security. According to several reports, the checks don't actually catch most real threats at all (and even very low-tech threats like knives slip through a lot of the time), and are just costing everyone involved a lot of time/money. Also see snake oil security.

Not that the EU is much better in this regard btw - the ridiculous bans on liquids on planes are still in place, even though the European Parliament wants to lift those (at some point).

It's probably insufficient money to buy you a congressman or two to introduce the necessary changes to the laws concerned.

Because changing the laws or TSA guidelines to drop these required checks would probably be the best way - or at least the way that makes the most sense. The checks at airports don't provide much real security - mostly, they are there to provide a (false) sense of security. According to several reports, the checks don't actually catch most real threats at all (and even very low-tech threats like knives slip through a lot of the time), and are just costing everyone involved a lot of time/money. Also see snake oil security.

Not that the EU is much better in this regard btw - the ridiculous bans on liquids on planes are still in place, even though the European Parliament wants to lift those (at some point).