Slashdot Mirror

Yeah, I nearly didn't post w/o a reference, because it is right to question anything w/o proof, but I did and was too lazy to find evidence.

However, a quick google search brought up this story http://www.schneier.com/blog/archives/2006/01/who_watches_the.html and this isn't even the one I was thinking of.

I'm sure there are many instances of this kind of thing happening. Like you said, we are very predictable.

Corrected link: Schneier's blog. That'll teach me not to use Preview.

by Ajehais Whoever arranged the procurement of those aircraft in the first place wasn't terribly smart. Who would spend Millions of AU$'s on something that in effect doesn't work, and not just some feature is missing, but the primary use of the thing is impaired, oh and the supplier wont help.

I'm perfectly willing to posit, and even bet money, that it will never happen, except perhaps through an insanely egregious implementation error on the part of one of the device vendors. An error akin to an automobile manufacture using explosive bolts to attach the wheels to a car.

Unlike WEP, which was never scrutinized by real cryptographers before being published and built into millions of devices, WPA and WPA2 were designed and publicly reviewed by the best we have. Particularly in the case of WPA2, the protocol is not going to fall unless AES is broken. WEP would not have been broken but for a weakness in RC4 (a weakness which was well-known years before the bozos who designed WEP released their first spec). Based on 10 years of experience studying and working in the security and cryptography industry, I predict quite confidently that AES will not suffer a practical break in our lifetime.

If you think I'm insulting you, it's because you don't know me and don't know my background in this area. But you don't have to rely on my opinion. Google a bit to see if you can find any experts predicting any significant probability of AES being broken, ever, and maybe even study some block cipher design and cryptanalysis so you can become enough of an expert to evaluate it yourself. Here is a excellent course. Even working your way through a fraction of that will give you a great understanding of the issues involved. Add to that understanding a review of AES and the AES selection process and I'm quite confident you'll agree with me that AES is not likely to be broken soon, if ever.

I'd agree with that. So how do I run WPA2 over wires?

I don't care what data mining tool they use, as long as it actually works. The problem is that they have all this data to mine in the first place.

Bruce Schneier also points to one of the Chasers videos about regarding racial profiling and terrorsim on his blog .

"How Australian Authorities Respond to Potential Terrorists

Watch the video of how the Australian authorities react when someone -- dressed either as an American or Arab tourist -- films the Sydney Harbor Bridge and a nuclear reactor.

The synopsis: The Arab is intercepted within three minutes both times, while the U.S. tourist is given instructions on how to get inside the nuclear facility.

Moral for terrorists: dress like an American.

By the way, Lucas Heights is a research reactor. It produces medical isotopes and performs research, and doesn't produce power."

http://www.schneier.com/blog/archives/2007/04/how_ australian.html

The video can be found here
http://youtube.com/watch?v=McB9tsabPn0

Bruce Schneier posted this a few days back. Consensus is that it's not that good an analysis, but that the attacker was even worse. Some discussion also of whether it is better to take the machine offline immediately (and risk alerting the attacker that he has been rumbled) or to begin your analysis with the machine still live and operational. I for one side with the 'shut that thing down NOW' faction.

No ID would be fine with me. I just want to be sure that you're not taking any bombs on the plane. Please read Bruce Schneier's take on ID's as a security measure.

I know that airport security is a tough issue, and something that needs to be done right, but allowing an interpretation of a micro-expression to be used to select people for further investigation basically gives the airport staff the option of pulling over anyone, any time under this pretext.

They already have this option!

This is designed to make that option actually, you know, useful.

Even if you think it could be "abused", they can already effectively select anyone, for any reason, for secondary inspection. That's the whole point of trying to use some kind of behavioral cues, instead of just randomly doing it to anyone (or young blonde women), or only persons who appear to be of Middle Eastern descent.

Yes, as you say, it needs to be done right. But please read Schneier's article and the New York Times story on the topic.

As seen on Bruce Schneier's blog.

" I don't think many Americans carry their passports around - if they even have one. Even if they did, the passport is constructed so that you can't read the RFID chip when it is closed."

That's what they want you to believe ...

other problems

Maybe they can't read it today ... but what about 5 years from now? 10 years from now? Tech changes. Look at your computer. Its probably running a cpu with a feature size that was supposedly impossible to reach outside a research lab, never mind in production quantities...

Basically, congress (and through it's actions, TSA and DHS) need to look like theyre being strong and "doing something" about a threat amped up by the 24/7 media's need to have high impact news to generate revenue.

Bruce Schneier had an interesting piece on this a while back on this sort of Cover-Your-Ass security.

"Seems like the real concern is not that ATI's code opens a security hole. You know ATI will patch it."

That's a really naive attitude. I think Bruce Schneier put it best: "Once you stop thinking about security backward, you immediately understand why the current software security paradigm of patching doesn't make us any more secure. If vulnerabilities are so common, finding a few doesn't materially reduce the quantity remaining. A system with 100 patched vulnerabilities isn't more secure than a system with 10, nor is it less secure. A patched buffer overflow doesn't mean that there's one less way attackers can get into your system; it means that your design process was so lousy that it permitted buffer overflows, and there are probably thousands more lurking in your code."

I say to ATI: your Kung Fu is lousy. This would also be why I haven't (on purpose) purchased an ATI card in years, and also why I continue to be disappointed with some of Apple's hardware choices. At least Apple manages the ATI drivers themselves, but if you wanted to use BootCamp (...). We know ATI does software as well as Microsoft does hardware (how many Xbox 360s are dead?); why do people continue to buy their snake-oil and bullshit?

Well, there is a delicious irony when a practitioner of Security Theater starts complaining about Security Theater. Maybe we need a new term, "Security thru Marketing". Buy our product and feel safer than you really are. (cough*cough, Apple (note: I'm a long time Apple Koolaid drinker, and I bask in the warm glow of the RDF.))

Anyway, the most interesting and insightful guy writing about security these days is Bruce Schneier. And not only is he insightful, but he once killed a man using only linear cryptanalysis (fact). Remember - if you ever lose your password, you can still ask Bruce Schneier.

True, full disclosure is needed as the ultimate Damocles sword to force companies to fix problems. If Sun acts slowly on this one, I'm all in favour of plastering it all over the front page of the WSJ.

Sun was made aware of this problem 10 days ago, and nothing seems to suggest that they don't take the issue seriously. The time it takes them to write a fix, do regression testing and push a patch out the door will likely not change due to this story reaching the /. frontpage or not. The only thing that will change is the number of people that are made aware of the issue before the fix is available, and in consequence the number of phishers/spammers/etc that have the opportunity to exploit it. That is, increasing the Window of Exposure

I'm far from an expert on this, but I'm surprised that no one has pointed out: http://www.schneier.com/paper-secure-logs.html A classic paper on how to do just this. IIRC correctly, it describes a scheme to add a digest to each log record/line which includes the digest of the prior record/line. So, in order to tamper with a record you have to tamper with all the following records/lines as well. Security by induction ;) ~rmp

Of course one should choose some other hash function, SHA-1 has been broken and while there is no reason to panic yet, using SHA-1 for new applications would not be wise.

No, the terrorists have not won because causing terror is not their goal; it is a tool. These people who are giving up their lives in these terroristic acts aren't doing so just because they want to make us scared and miserable. They want to achieve specific political goals, and terrorism is an attempt to make governments give in and acquiesce to their demands. In fact, there is an entry in Schneier's blog on this very topic: http://www.schneier.com/blog/archives/2007/07/corr espondent_i.html

http://www.schneier.com/blog/archives/2007/07/priv acy_and_the.html

Exactly.

As usual, Bruce Schneier has already been all over it - http://www.schneier.com/blog/archives/2005/10/auto matic_licen.html

It boils down to:
1. Automated scanning has great utility to PDs and violates no rights.
2. PDs have no need to retain data on innocent people - do not store non matches and allow the accused to challenge the accuracy of the data.

It seems that the type of overlap these days, is a superset.

Incorrect. There still exist non-islamic terrorist groups, for example ETA is Spain.

Virtually all terrorist threats are islamic, which means that there is no point doing security checks of anyone but muslims.

Some security researchers (I believe Bruce Schneier is one) have written about the danger of doing security checks only to people that fit a certain simplistic profile, as you're suggesting. The basic problem is that such a system can be gamed. You can do things to appear not to fit the profile and then you have an easy in; it's a poor security model.

Moreover, racial and ethnic profiling are not going to be very effective. The reality is that, even if we were to accept that all terrorists are Muslims (as I said, this is false), only a vanishingly small percentage of Muslims are terrorists. If you're relying on being Muslim as an important part of your screening criterion, then you're screwed. There are useful criteria to look at regarding behavior, travel, associations, etc., but ethnicity simply isn't a signficantly strong enough predictor to be very helpful. Consider that probably an even heigher proportion of terrorists are male than are Muslim. Would you consider being male to be good predictor of being a terrorist? When you then realize that some terrorists will not be of that ethnicity (or won't appear to be) then it becomes clear that this sort of ethnic profiling is very likely counterproductive to security. Taking into account the ethical implications of that sort of institutionalized racism, it's definitely not worth it.

Arguments for profiling sound sort of reasonable at first, but when you really think a bit harder about them you will realize that they are not. It's picking out one characteristic that is not a useful predictor and irrationally giving it inflated importance. When this is race or ethnicity, this is called bigotry, and it's something that all of us fall victim to once in a while. What seperates the rest of us from a racist is that we're willing to challange our preconceptions with reason and accept evidence that shows them to be illogical.

Anyway, Schneier actually has two very good articles on the topic here and here that go into much more detail. I suggest you give them a look.

It seems that the type of overlap these days, is a superset.

Incorrect. There still exist non-islamic terrorist groups, for example ETA is Spain.

Virtually all terrorist threats are islamic, which means that there is no point doing security checks of anyone but muslims.

Some security researchers (I believe Bruce Schneier is one) have written about the danger of doing security checks only to people that fit a certain simplistic profile, as you're suggesting. The basic problem is that such a system can be gamed. You can do things to appear not to fit the profile and then you have an easy in; it's a poor security model.

Moreover, racial and ethnic profiling are not going to be very effective. The reality is that, even if we were to accept that all terrorists are Muslims (as I said, this is false), only a vanishingly small percentage of Muslims are terrorists. If you're relying on being Muslim as an important part of your screening criterion, then you're screwed. There are useful criteria to look at regarding behavior, travel, associations, etc., but ethnicity simply isn't a signficantly strong enough predictor to be very helpful. Consider that probably an even heigher proportion of terrorists are male than are Muslim. Would you consider being male to be good predictor of being a terrorist? When you then realize that some terrorists will not be of that ethnicity (or won't appear to be) then it becomes clear that this sort of ethnic profiling is very likely counterproductive to security. Taking into account the ethical implications of that sort of institutionalized racism, it's definitely not worth it.

Arguments for profiling sound sort of reasonable at first, but when you really think a bit harder about them you will realize that they are not. It's picking out one characteristic that is not a useful predictor and irrationally giving it inflated importance. When this is race or ethnicity, this is called bigotry, and it's something that all of us fall victim to once in a while. What seperates the rest of us from a racist is that we're willing to challange our preconceptions with reason and accept evidence that shows them to be illogical.

Anyway, Schneier actually has two very good articles on the topic here and here that go into much more detail. I suggest you give them a look.

We learned the news in March: Contrary to decades of denials, the U.S. Census Bureau used individual records to round up Japanese-Americans during World War II. The Census Bureau normally is prohibited by law from revealing data that could be linked to specific individuals; the law exists to encourage people to answer census questions accurately and without fear. And while the Second War Powers Act of 1942 temporarily suspended that protection in order to locate Japanese-Americans, the Census Bureau had maintained that it only provided general information about neighborhoods. New research proves they were lying.

Suddenly there's a flurry of press activity because someone notices that the second key in Microsoft's Crypto API in Windows NT Service Pack 5 is called "NSAKEY" in the code. Ah ha! The NSA can sign crypto suites. They can use this ability to drop a Trojaned crypto suite into your computers. Or so the conspiracy theory goes.

I don't buy it.

First, if the NSA wanted to compromise Microsoft's Crypto API, it would be much easier to either 1) convince MS to tell them the secret key for MS's signature key, 2) get MS to sign an NSA-compromised module, or 3) install a module other than Crypto API to break the encryption (no other modules need signatures). It's always easier to break good encryption by attacking the random number generator than it is to brute-force the key.

Second, NSA doesn't need a key to compromise security in Windows. Programs like Back Orifice can do it without any keys. Attacking the Crypto API still requires that the victim run an executable (even a Word macro) on his computer. If you can convince a victim to run an untrusted macro, there are a zillion smarter ways to compromise security.

Third, why in the world would anyone call a secret NSA key "NSAKEY"? Lots of people have access to source code within Microsoft; a conspiracy like this would only be known by a few people. Anyone with a debugger could have found this "NSAKEY." If this is a covert mechanism, it's not very covert.

http://www.schneier.com/blog/archives/2005/11/sony s_drm_rootk.html

remember the sony root kit fiasco. how did -that- get past the virus vendors?

Here.

Here's the essence of what he has to say:
"I don't think it was possible to keep the book under wraps."
"There are simply too many people who must be trusted in order for the security to hold."
"My guess is that the publishers will lose zero sales"

Consider what happened with the SONY rootkit? Bruce Schneier (Cryptography and Security Expert) reported that Symantec and McAfee who both knew about the SONY rootkit did not add it to their signatures file. Apparently if SONY hacks your computer, that's fine with them! They only updated their files once SONY themselves had retracted the rootkit. http://www.schneier.com/blog/archives/2005/11/sony s_drm_rootk.html

If Symantec and McAfee will let SONY hack your PC, they'll let the government hack your PC.

Can anyone recommend a virus scanner that looks after the customer rather than the virus companies one-day maybe potential business partners if they get lucky?

I mean, like, totally! That Schneier guy, what is up with him? Really! Did you read his post on correspondent inference theory? Like, I was totally cool with him when he was all "security through obscurity does not work". But now he's basically giving a recipe for how to be an effective terrorist. If I see that bitch at the mall, me and my homies are gonna have to give him a what's-what, ya hear?

Not to fear, just like PlaysForSure, this will be patched by next week. After all, Microsoft does care about its real customers: Shareholders and Music Industry. http://www.schneier.com/essay-126.html

Here's some reasons why it is problematic and people are against it..

A cryptographer friend tells the story of an amateur who kept bothering him with the cipher he invented. The cryptographer would break the cipher, the amateur would make a change to "fix" it, and the cryptographer would break it again. This exchange went on a few times until the cryptographer became fed up. When the amateur visited him to hear what the cryptographer thought, the cryptographer put three envelopes face down on the table. "In each of these envelopes is an attack against your cipher. Take one and read it. Don't come back until you've discovered the other two attacks." The amateur was never heard from again.

...like Bruce Schneier:

from Crypto-Gram: September 15, 1999

But what could we expect from an FCC headed by a lawyer, a businessman, a professional Senate staffer, a DRM-supporter who received coaching from Clear Channel to oppose a satellite radio merger, and a professional telecom corporate lobbyist.

> You don't exactly need any special training to set off explosives in a suicide bomb attack (making explosives on the other hand would need special expertise).

Yes you do. Bruce Schneier ("Secrets and Lies") says the reason the Glasgow Attacks were a failure was because the terrorists didn't know how to use them: "putting a propane tank into a car and driving into a building at high speed is the sort of thing that only works in old episodes of The A Team. On television, you get a massive, extensive explosion. In real life, you only get a small localized fire." http://www.schneier.com/blog/archives/2007/07/terr orist_speci_1.html

Yeah. "Explosives Camp" seems cool and funny, until someone uses what they learn to blow something up, then there will be an outcry, "Why didn't anyone see this coming?" and finally Congress will pass some bill with a stupid name "The Proud to be an American Bill" to soothe the jittery public. The fact that I have to justify why this is dumb, and that people say it isn't, amazes me. I mean, how stupid can the human race get?

It's not like Domestic Terrorism isn't without Precedent, and at that, on a large scale. $450 and proof of American Citizenship. McVeigh was an American Citizen. Dumb.

Unless you're an active suspect that is specifically being watched, there's no reason to watch you.

Thank god the government and businesses are perfectly honest. Law enforcement officials never abuse access to such data for personal use. The government never uses data originally collected for innocent purposes then uses it to round up everyone of a particular ethnicity. Private investigators and stalkers never engage in pretexting and other forms of fraud to get access to phone records and other private information.

Abuse of data is a matter of when, not if. My money is on it only being a matter of time before we discover that a murder victim was stalked by someone with access to the victim's cell phone location data. By erring on the side of limiting how much data you give businesses or government, you limit the possible damage if you're the unlucky person who gets incorrectly targeted.

And why would you trust it any more than MS or Cisco or others? Using "Open source" as an equivalent of "cryptographically impregnable" is a dangerous misconception. A serious company selling security solutions has a compelling interest to ensure the correctness and robustness of their solution; an anonymous coder doesn't really, even assuming he's a bona fide developer trying to provide a good solution, and not some russian hacker really curious about your credit card number.

See, I've worked for and with the big companies, and primary interest is profit. The emphasis was never on "best security possible", but always on "good enough to sell".

For a comparatively easy example, check Bruce Shneier's analysis of the Micosoft Challenge Handshake Authentication Protocol. http://www.schneier.com/paper-pptpv2.html

The open source developer could be a crook, he could be an amateur that isn't nearly as intelligent about security as he thinks he is, or he could be lazy. I accept that. But there's a decent chance the open source guy is just trying to write good software. The software corporation has to prioritize profit first and good software second, or they won't last long. Even if the developer has good intentions, the accountants trying to make enough money to pay the developer are running the show. I am sympathetic to the accountants' situation - but that doesn't mean I trust them.

It wasn't the phone that was "hacked".

Dammit. See what you made me do? You made me type "Paris Hilton" into Google. Now I've got to look for pr0n to feel clean again.

it's just me and I'm not up on all the whys and wherefores but how fricken hard can it be to count something?

The DHS's own Privacy Committee has put out a couple of very sensible reports in response to Real ID and other issues. I don't see any action. What's the point if nobody's going to listen?

terrorists, drug dealers, kidnappers, and child pornographers.

Rare risk and overreactions. A great article on human psychology and our "failures" inside our own brain: http://www.schneier.com/crypto-gram-0706.html

http://www.schneier.com/crypto-gram-0412.html#11

Ignore point #1 in that link (it's not relevant to a discussion of "democracy") but points #2 and #3 are.

Already done (see here)

Also see Bruce Schneier's opinion on the matter.

In short, it isn't a good idea.

How do you suppose TV would work without copyright? So NBC broadcasts an episode that cost them $150K to make [say lots of actors, music, special effects]. Then some local station copies it and re-airs it without paying for it?

I don't know. $150k isn't a lot of money given the price of advertising - I bet NBC could come up with that if they could even get four affiliate stations to sign payment contracts beforehand. If that doesn't work, they could use the street performer protocol on a per-episode basis. People seem to prefer on-demand content to broadcast content anyway - the street performer protocol business model would remove the pressure from businesses against that trend.

Books are already usually in PDF format at the same time as paper. Without copyright or royalties we would just copy the PDF. Hell, I could get a PDF of a text book printed at lulu.com for cheaper than what it would cost retail. Does that make it right?

I occasionally play tabletop roleplaying games like D&D. Historically, money has been made in that field by selling books (game rules, rule supplements, and setting information). Players just downloading the books in PDF rather than buying them is a simple reality in the industry now - and books are less profitable than they used to be.

The first fact is this: People still want books. Even when the choice is between a $0 PDF and a $40 book, RPG publishers still get enough sales to make producing and selling the books worthwhile. In addition to that, the RPG publishers are starting to adjust their business model to the new reality. Wizards of the Cost (who make D&D) have been focusing more and more on their official plastic miniatures line - people buy those and you can't copy them by computer currently.

Sure, the same details don't work for every kind of book. Some books people will read on a screen happily - maybe the authors have to resort to the street performer protocol. Reference books are generally best on paper - people will keep buying them. Maybe there are other kinds of books that would cease to exist, self help books maybe; Are those really worth keeping the economy radically warped and sacrificing access to culture to preserve them?

And about NDAs, those are government enforced ultimately. You break your NDA, I sue, if I win, the government can enforce the decision.

NDAs are contracts. Contracts have nothing to do with copyright - they would still be perfectly valid if copyright were eliminated. I'm not talking about abolishing the rule of law here - just the removal of one specific class of law: copyright.

Point is we have, as a society, come up with a set of rules to follow in order to make certain ventures profitable.

The reason for copyright law is not to make "certain ventures profitable". That's just a means to an end. The goal is this: to encourage the production of artistic works so our culture can reap the benefits of that art.

In the case of books, movies, and music a royalty model is chosen so that the upfront costs to sign a band aren't excessive but they are rewarded if they appeal to the public.

That's how it works today. There's no reason it needs to exactly that way in the future. The vast majority of books and music don't make the authors a significant amount of money in royalties. The few superstars who make a living off it are exceptions, and there are perfectly good ways to turn being a superstar into making money anyway. Movies are a more interesting question, but I don't think that it would be severely disadvantageous to society if sequels with budgets like Oceans 13 become uneconomical. For smaller budget movies, you can fund them in other ways.

If you can think of a better way I'd love to hear it.

The point

pfft. You're an amateur. I've seen how organized crime does it.

Surely it would be far better to ask whether the policy or action makes any sense, rather than whether it was proposed by your team or the opposing team? Celebration or derision should follow, rather than preceeding the analysis.

Second annual movie-plot threat contest already has loads of suggestions: http://www.schneier.com/blog/archives/2007/04/anno uncing_seco.html