Slashdot Mirror

brothke writes "There is a perception in both the private and government sector, that security, both physical and digital, is something you can buy. Witness the mammoth growth of airport security products following 9/11, and the sheer number of vendors at security conferences. With that, government officials and corporate executives often think you can simply buy products and magically get instant security by flipping on the switch. The reality is that security is not something you can buy; it is something you must get." Keep reading for the rest of Ben's review. Schneier on Security author Bruce Schneier pages 336 publisher Wiley rating 10 reviewer Ben Rothke ISBN 978-0470395356 summary The best articles from one of security's best Perhaps no one in the world gets security like author Bruce Schneier does. Schneier is a person who I am proud to have as a colleague [Schneier and I are both employed by the same parent company, but work in different divisions, in different parts of the country]. Schneier on Security is a collection of the best articles that Bruce has written from June 2002 to June 2008, mainly from his Crypto-Gram Newsletter, his blog, and other newspapers and magazine. The book is divided into 12 sections, covering nearly the entire range of security issues from terrorism, aviation, elections, economics, psychology, the business of security and much more.

Two of the terms Schneier uses extensively throughout the book are intelligence and economics. From an intelligence perspective, he feels that Washington has spent far too much on hardware and other trendy security devices that create a sense of security theater. The security theater gives an aura and show of security, but in reality, has little real effect.

The lack of intelligence is most manifest with airports, which are a perfect example of misguided security. Schneier notes that current trends in US airport security requires that people remove their shoes, due to a one-time incident with shoe-based explosive. Such an approach completely misses the point. Also, Schneier notes that the attempt to create a no-fly list, by feeding a limited set of characteristics into a computer, which is somehow expected to divine a person's terrorist leaning, is farcical.

Schneier therefore feels that the only way to effectively uncover terrorist plats is via intelligence and investigations, not via large-scale processing of everyone. Intelligence is an invaluable tool against terrorism, and the beauty of it is that it works regardless of what the terrorists are plotting. The bottom line according to Schneier in the book is that too much of the United State's counterterrorism security spending is not designed to protect us from the terrorists; but instead to protect public officials from criticism when another attack occurs.

Schneier also astutely notes that for the most part, security is not really so much of a technical issue, rather one of economics. A perfect example he gives is that of bulletproof vests. Since they are so effective, why doesn't everyone wear them all of the time? The reason people don't is that they do not think they are worth the cost. It is not worth the money or inconvenience, as the risk of being shot for most people is quite low. As a security consumer, people have made the calculation that not wearing a bulletproof vest is a good security trade-off. Schneier also notes that much of what is being proposed as national security is a bad security trade-off. It is not worth it and as consumers, the public is being ripped off.

Another recurring theme throughout the book is how the Bush administration has little by little eroded the Constitution, all in the name of fighting terrorism. Schneier notes that the brilliant framework the founding fathers created by creating divisions of power (executive, legislative, judicial) with checks and balances violates a basic unwritten rule, that the government should be granted only limited powers, and for limited purposes. Since there is a certainty that government powers will be abused.

Schneier observes that the USA PATRIOT is a perfect example of this abuse. The Constitution was designed and carefully outlines which powers each branch may exercise. While Schneier is best-known as a cryptographer and security expert, Schneier on Security also shows him to be a defender of the Constitution. In a number of essays in the book, he shows how unchecked presidential powers is bad not only for security, but for the preservation of democracy.

In chapter 8, on the topic of the economics of security, Schneier suggests a three-step program for improving computer and network security. He notes that none of them have anything to do with technology; they all have to do with businesses, economics, and people.

In chapter 9, on the psychology of security, Schneier writes that he tells people that if something is in the news, then they do not have to worry about it. He writes that the very definition of news is something that hardly ever happens. It's when something is not in the news, when it is so common that it is no longer news, drunk drivers killing people, domestic violence, deaths from diabetes, etc., that is when you should start worrying. And much of the terrorist threats that the Department of Homeland Security is spending tens of billions of dollars on, are those news threats, such as shoe bombers and liquid explosives that present very little real threat to the people of the US.

A fundamental theme of the book is that security is a trade-off. And far too many people have made the security trade-off without thinking if it is truly worth it. In essay after essay, Schenier challenges those assertions. Since 9/11, much has been given up in the name of terrorism, and that has been personal privacy and security. Schenier asks, has it been worth it?

Schneier on Security is an exceptionally important book that is overflowing with thought-provoking articles. Schneier gets above vague adages such as the war on terror and gets to the heart of the matter. His insight details what the real threats are, and what we should really be worrying about. The irony is that what Washington does is often the exact opposite of what should be done.

Much of the security carried out in the name of 9/11 has proven to be infective in the seven years since the attack. Schneier on Security is a manifesto of what should have been done, and what should be done. The book is eye-opening from the first page to the last. It lets you know that the next time you see grandma asked to take her shoes off by a TSA agent at the airport, why she is simply a bit player in the large security theater. And why spending tens of billions on a charade like that, makes that a tragedy of epic proportions.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Schneier on Security from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "There is a perception in both the private and government sector, that security, both physical and digital, is something you can buy. Witness the mammoth growth of airport security products following 9/11, and the sheer number of vendors at security conferences. With that, government officials and corporate executives often think you can simply buy products and magically get instant security by flipping on the switch. The reality is that security is not something you can buy; it is something you must get." Keep reading for the rest of Ben's review. Schneier on Security author Bruce Schneier pages 336 publisher Wiley rating 10 reviewer Ben Rothke ISBN 978-0470395356 summary The best articles from one of security's best Perhaps no one in the world gets security like author Bruce Schneier does. Schneier is a person who I am proud to have as a colleague [Schneier and I are both employed by the same parent company, but work in different divisions, in different parts of the country]. Schneier on Security is a collection of the best articles that Bruce has written from June 2002 to June 2008, mainly from his Crypto-Gram Newsletter, his blog, and other newspapers and magazine. The book is divided into 12 sections, covering nearly the entire range of security issues from terrorism, aviation, elections, economics, psychology, the business of security and much more.

Two of the terms Schneier uses extensively throughout the book are intelligence and economics. From an intelligence perspective, he feels that Washington has spent far too much on hardware and other trendy security devices that create a sense of security theater. The security theater gives an aura and show of security, but in reality, has little real effect.

The lack of intelligence is most manifest with airports, which are a perfect example of misguided security. Schneier notes that current trends in US airport security requires that people remove their shoes, due to a one-time incident with shoe-based explosive. Such an approach completely misses the point. Also, Schneier notes that the attempt to create a no-fly list, by feeding a limited set of characteristics into a computer, which is somehow expected to divine a person's terrorist leaning, is farcical.

Schneier therefore feels that the only way to effectively uncover terrorist plats is via intelligence and investigations, not via large-scale processing of everyone. Intelligence is an invaluable tool against terrorism, and the beauty of it is that it works regardless of what the terrorists are plotting. The bottom line according to Schneier in the book is that too much of the United State's counterterrorism security spending is not designed to protect us from the terrorists; but instead to protect public officials from criticism when another attack occurs.

Schneier also astutely notes that for the most part, security is not really so much of a technical issue, rather one of economics. A perfect example he gives is that of bulletproof vests. Since they are so effective, why doesn't everyone wear them all of the time? The reason people don't is that they do not think they are worth the cost. It is not worth the money or inconvenience, as the risk of being shot for most people is quite low. As a security consumer, people have made the calculation that not wearing a bulletproof vest is a good security trade-off. Schneier also notes that much of what is being proposed as national security is a bad security trade-off. It is not worth it and as consumers, the public is being ripped off.

Another recurring theme throughout the book is how the Bush administration has little by little eroded the Constitution, all in the name of fighting terrorism. Schneier notes that the brilliant framework the founding fathers created by creating divisions of power (executive, legislative, judicial) with checks and balances violates a basic unwritten rule, that the government should be granted only limited powers, and for limited purposes. Since there is a certainty that government powers will be abused.

Schneier observes that the USA PATRIOT is a perfect example of this abuse. The Constitution was designed and carefully outlines which powers each branch may exercise. While Schneier is best-known as a cryptographer and security expert, Schneier on Security also shows him to be a defender of the Constitution. In a number of essays in the book, he shows how unchecked presidential powers is bad not only for security, but for the preservation of democracy.

In chapter 8, on the topic of the economics of security, Schneier suggests a three-step program for improving computer and network security. He notes that none of them have anything to do with technology; they all have to do with businesses, economics, and people.

In chapter 9, on the psychology of security, Schneier writes that he tells people that if something is in the news, then they do not have to worry about it. He writes that the very definition of news is something that hardly ever happens. It's when something is not in the news, when it is so common that it is no longer news, drunk drivers killing people, domestic violence, deaths from diabetes, etc., that is when you should start worrying. And much of the terrorist threats that the Department of Homeland Security is spending tens of billions of dollars on, are those news threats, such as shoe bombers and liquid explosives that present very little real threat to the people of the US.

A fundamental theme of the book is that security is a trade-off. And far too many people have made the security trade-off without thinking if it is truly worth it. In essay after essay, Schenier challenges those assertions. Since 9/11, much has been given up in the name of terrorism, and that has been personal privacy and security. Schenier asks, has it been worth it?

Schneier on Security is an exceptionally important book that is overflowing with thought-provoking articles. Schneier gets above vague adages such as the war on terror and gets to the heart of the matter. His insight details what the real threats are, and what we should really be worrying about. The irony is that what Washington does is often the exact opposite of what should be done.

Much of the security carried out in the name of 9/11 has proven to be infective in the seven years since the attack. Schneier on Security is a manifesto of what should have been done, and what should be done. The book is eye-opening from the first page to the last. It lets you know that the next time you see grandma asked to take her shoes off by a TSA agent at the airport, why she is simply a bit player in the large security theater. And why spending tens of billions on a charade like that, makes that a tragedy of epic proportions.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Schneier on Security from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Bruce Schneier's blog says "This is good: Microsoft Corp. and the state of Washington this week filed lawsuits against a slew of 'scareware' purveyors, scam artists who use fake security alerts to frighten consumers into paying for worthless computer security software. "

mathoda writes "Investigative reporter Bob Woodward states that America has developed secret capabilities 'to locate, target and kill key individuals in groups such as al-Qaeda in Iraq, the Sunni insurgency and renegade Shia militias, or so-called special groups. The operations incorporated some of the most highly classified techniques and information in the US government.' The LA Times now reports, 'As part of an escalating offensive against extremist targets in Pakistan, the United States is deploying Predator aircraft equipped with sophisticated new surveillance systems that were instrumental in crippling the insurgency in Iraq, according to US military and intelligence officials.' Part of the capabilities appear to be that the unmanned flying drones can track targets even inside of buildings." Update by J : Bruce Schneier's readers have some thoughts.

An anonymous reader sends word of a paper presented a few days back by Adi Shamir, the S in RSA, that promises a new form of mathematical attack against a broad range of cryptographic ciphers. The computerworld.com.au report leans heavily on Schneier's blog entry from the Crypto 2008 conference and the attached comments. Shamir's paper has not been published yet. "[The new attack could affect] hash functions (such as MD5, SHA-256), stream ciphers (such as RC4), and block ciphers (such as DES, Triple-DES, AES) at the Crypto 2008 conference. The new method of cryptanalysis has been called a 'cube attack' and formed part of Shamir's invited presentation at Crypto 2008 — 'How to solve it: New Techniques in Algebraic Cryptanalysis.' The new attack method isn't necessarily going to work against the exact ciphers listed above, but it offers a new generic attack method that can target basically formed ciphers irrespective of the basic cipher method in use, provided that it can be described in a 'low-degree polynomial equation'... What may be the biggest outcome from this research is the range of devices in widespread use that use weaker cryptographic protection, due to power or size limitations, that are now vulnerable to a straightforward mathematical attack."

An anonymous reader writes "The board game The War On Terror is a satirical game in which George Bush's 'Axis of Evil' is reduced to a spinner in the middle of the board, which determines which player is designated a terrorist state. That person then has to wear a balaclava (included in the box set) with the word 'Evil' stitched onto it. Kent police said they had confiscated the game because the balaclava 'could be used to conceal someone's identity or could be used in the course of a criminal act.' Balaclavas are freely sold all over the place in the area." Schneier has blogged this stupidity, of course.

DangerFace writes "A little while ago some Dutch researchers cracked the Oyster card, meaning they could get free public transport around London. The company that makes the cards, NXP, sought and got an injunction to stop the exploit being published, but that has now been overruled by a Dutch judge. The lovely Dutch blokes are holding off from releasing the hack for the time being, to give NXP time to secure their systems."

An anonymous reader writes "Bruce Schneier and colleagues from the University of Washington have figured out a way to break the deniability of TrueCrypt 5.1a's hidden files. What about the spanking-new TrueCrypt 6? Schneier says that 'The new version will definitely close some of the leakages, but it's unlikely that it closed all of them.' Meanwhile, PC World is reporting that the problems Schneier and colleagues found are bigger than just TrueCrypt. Among their discoveries: Word auto-saves the contents of encrypted files to the unencrypted portions of your disk, and this problem should apply to all non-full disk encryption software. Their research paper will appear at Usenix HotSec '08."

An anonymous reader writes "The age-old full disclosure debate has been raging again, this time in no other place than at the foundations of the open-source flagship GNU/Linux operating system: within the Linux kernel itself. It beggars belief, but even Linux creator, Linus Torvalds, has advocated against the sort of openness on which Linux has thrived, arguing that security fixes to the kernel should be obscured in changelogs, saying 'If it's not a very public security issue already, I don't want a simple "git log + grep" to help find it.' Unfortunately, it's not kernel exploit writers who need to grep the changelog in order to find kernel vulnerabilities. On the contrary, it's downstream distributors who rely on changelog information in order to decide when to patch the kernels of their distributions, in order to keep their users safe."

Bruce Schneier's latest commentary looks into one of my pet peeves: faxed signature requirements. He writes "Aren't fax signatures the weirdest thing? It's trivial to cut and paste -- with real scissors and glue -- anyone's signature onto a document so that it'll look real when faxed. There is so little security in fax signatures that it's mind-boggling that anyone accepts them. Yet people do, all the time. I've signed book contracts, credit card authorizations, nondisclosure..." It's amazing how organizations are sometimes willing to accept low-quality, unverified scans delivered over POTS as authoritative, when they won't take the same information in a high-resolution scan delivered over (relatively secure) email.

Schneier points out an interesting article comparing modern cybersecurity to piracy on the high seas in the early 1800s. The article extends the comparison into projected action based on historical context. "Similarly, in many ways, current U.S. policy on the security of electronic commerce is similar to Adams' appeasement approach to the Barbary pirates. The U.S. government's inability to dictate a consistent cyber commerce protection policy is creating a financial burden on the U.S. private sector to maintain a status quo, when those resources could be used to mount a more-effective Internet-focused defense. In the case of financial fraud on the Internet, the costs associated with fraudulent transactions are currently borne by private companies, which then have to pass those costs on to their customers. This basically creates a system in which the financial institutions are paying a type of 'tribute' to the cyber criminals, just as Adams did to the Barbary pirates."

Boiled Frog from a Nation of Suspects writes "The Oyster card, an RFID single-swipe card (which was recently cracked), was introduced to London's public transport users purportedly to make their lives easier. Now, British Intelligence services want some of the benefits by trawling through the travel data amassed by the card to spy on the 17 million Britons who use it. The article notes, "Currently the security services can demand the Oyster records of specific individuals under investigation to establish where they have been, but cannot trawl the whole database. But supporters of calls for more sharing of data argue that apparently trivial snippets — like the journeys an individual makes around the capital — could become important pieces of the jigsaw when fitted into a pattern of other publicly held information on an individual's movements, habits, education and other personal details. That could lead, they argue, to the unmasking of otherwise undetected suspects."

Frequent Slashdot contributor Bennett Haselton adds his experience to the litany of woes with Microsoft Vista. Unlike most commentators who have a beef with the operating system, Bennett does a bit of surveying to bolster his points. Read his account by clicking on the magic link.

My brand-new-out-of-the-box Windows Vista machine could not access www.facebook.com. A nearby XP machine could, but the Vista machine couldn't. I went back to Circuit City to try out the other Vista demo machines, and they could access other sites but not Facebook, either. And that honeymoon feeling that you get when you buy a new computer and expect it to solve all your problems, was over for me. Having built my latest career on helping people access Facebook where they were blocked from it, by some cosmic joke was Vista now blocking me from getting to Facebook on my own machine?

I know, another article bashing Vista, what could be more banal. (Kids! That word, meaning "trite" or "unoriginal", is pronounced "ba-NAHL". If you say it the wrong way like I did in an interview, it sounds naughty and you sound stupid.) But in my own random survey of 30 Vista users on Amazon's Mechanical Turk service (a handy way to check these things), three quarters (23) said the only reason they were using Vista was that the PC store they went to didn't sell XP machines any more, and about half of all respondents (14) said that they would go back to Windows XP if they could. So I don't want to get a bunch of e-mails with Ron Paul links in the signature saying "Nobody has to use Vista if they don't want to!" (I'm aware that a survey of 30 people is too small to be scientific, but it's enough to get a ballpark figure for about $5 on Mechanical Turk.) Besides, the more people write testimonials to what they found frustrating about Vista, the more likely it is that some future version will keep what is good about the new OS, while providing a less frustrating interface (suggested name: "Vista 98").

It turns out the Facebook issue was not really Microsoft's fault -- www.facebook.com had a broken IPv6 record, and Vista defaults to using IPv6 where XP used IPv4, so that's why the host wasn't working. (In case you run into this with any other Web sites on Vista, I fixed the problem by disabling IPv6 in network settings and rebooting.) But it was one more example of something that used to work pre-Vista and then stopped working, and every case like that adds up to the overall frustration of switching to a new system, regardless of whose fault it is.

I hasten to add that I am not some partisan Microsoft basher. I like XP just fine, never more than when I went back to it after a few days on Vista, and I still think for that matter that Vista would be easier to switch to than Linux. Having been involved for years with free speech activism, I run into a lot of people in the same circles who are strong Linux advocates, apparently because the concept of "freedom of speech" is closely aligned with "making every file search as simple and stress-free as a Hamas hostage negotiation". So every year or two I'll try out the latest version of some Linux distro to see how long it would take to get used to it. In 2005, full of optimism, I cheerfully booted up the latest version of Shrike, then tried to find a directory and discovered I could not right-click on the hard drive root dir and specify the name of a directory I wanted to search for (that only worked for files, not directories). I posted a query to a Linux newsgroup, and a respondent told me that the solution was to open a command prompt and type "man find", which I am aware is a polite way of saying "screw you, newbie", but which I dutifully followed anyway and got an output screen of which the first paragraph was:

find searches the directory tree rooted at each given file name by evaluating the given expression from left to right, according to the rules of precedence (see section OPERATORS), until the outcome is known (the left hand side is false for and operations, true for or), at which point find moves on to the next file name.

and that was all my Linux for that year. Maybe I'm overdue to try it again. (Microsoft gives away their Virtual PC program that makes it easy to try other operating systems; I think it's a ploy to make us appreciate Windows more.) Now, I love the concept of a freely-distributable, freely-modifiable operating system, and I've recommended Linux to people when you need it to do something cool that Windows can't do, like bypassing Windows security by booting a PC from a CD. And it's done a lot of good for organizations like the One Laptop Per Child program, which can keep their costs down by using a free operating system. But to this day I've never heard an answer to one question: Since even Linux advocates admit that it's harder to use, what can you do with Linux that you can't do with Windows, to make it worth switching over to? If I was nervous about Vista because some of the interface had changed and some of my old programs no longer worked, it wasn't helpful to tell me to switch to a system where all of the interface would change and none of my old programs would work.

So, I wanted to like Vista. I knew that eventually everyone would have to upgrade anyway, so, not wanting to be left behind, I wanted to switch to Vista because of the same factor that spammers use to get your attention: "Other guys are improving themselves, why aren't you?" But there were some things I ran into almost immediately:

• Windows Explorer and Internet Explorer no longer have the "File / Edit / View" menu bars across the top of the window. Was this a big problem under XP? When the menus gave quick, two-click access to most actions that you could take within the application, was there a grassroots movement to have them removed? I did eventually find that you can hit the "Alt" key to bring the menus back, but why put people through that frustration? The most annoying feeling while using a computer is being yanked out of thinking about what you're doing with the computer to having to concentrate on how to use it.

  Perhaps the idea was to steer users towards using the buttons on the toolbar, but there aren't enough buttons to cover all the options located under the menus. If the UI designers wanted to steer users gently towards using the buttons, my suggestion would have been: Whenever the user picks something under a menu that corresponds to something accessible from the toolbar, display a dialog box which says for example, "In the future, you can print faster by clicking the printer button on the toolbar", along with a picture (and a "Do not show this message again" checkbox -- important!).

• Windows Explorer also did away with the "Up" button that lets you browse from the current directory to the higher-level directory. Again, probably not in response to a groundswell of users demanding for that button to be removed, when it took up about one square centimeter of screen space. Supposedly Windows Explorer makes up for this by displaying the entire path to the current directory in the address bar, so that if the path is "C:\Financial Records\Chris Pirillo\ Pectoral Real Estate\", you can click on "Chris Pirillo" to go one directory higher. The trouble is that I frequently give my directories extremely long and descriptive names like (this is a real example) "Flash-Player-8.5.0.246-beta2.downloaded-2006-03-20-from-labs.macromedia.com" so that I can keep track of where and when I got each piece of downloaded software, in case I ever need to go back to a previous version that the software maker no longer makes available because they're trying to steer me away from it (ironically, "Vista syndrome"). With a directory that has a long name like that, the higher-level directories aren't visible in the address bar, so I had to locate it manually in the left-hand tree view panel. OK, knock off the violins, the point is that I didn't have to do that in XP.
• I have an older monitor, so I wanted to turn ClearType off. The IE7 help file describes how to do this in IE, but that didn't work for me no matter how many times I tried, and my eyes were aching by the time I found out that in Vista it's a default system-wide setting that overrides IE's setting until you change the system-wide one. I would have suggested putting one line in the IE7 help file: "Note: if your operating system such as Windows Vista is set to use ClearType system-wide, you must disable this as well to disable ClearType in IE."
• Virtual PC, which worked on all versions of Windows XP, is not supported on Vista Home Premium. I need Virtual PC (for reasons other than Linux-bashing), so this was a deal-breaker.
• Telnet no longer installed by default. Even though I use a different telnet program for regular use, telnet.exe was handy to test whether a remote machine was reachable on a given port. (For example, in a command prompt, type "telnet www.yahoo.com 80" and when the command prompt screen goes blank, that means the machine www.yahoo.com is accepting responses on port 80, the standard port for Web traffic. Try connecting to port 81 instead, and you get no response on that port. This can be useful when diagnosing problems with Web servers and other programs.) Even though it's not hard to get telnet back, why would they go to the trouble of removing it?
• The aforementioned Facebook problem. This seemed so startling at the time that I almost stopped everything to write an article just about that, musing on Microsoft having so much power that all PC stores were now exclusively stocking computers running an OS that, at the time anyway, couldn't access Facebook. But then I asked another bunch of users on Mechanical Turk, and all respondents using Vista said they could access Facebook after all. Of course, this wasn't a random sample, since users who bought Vista and couldn't access Facebook, probably would have returned their machines a long time ago, but I'm still not sure what caused it to work on some machines and not others -- all I know is that Facebook was inaccessible until I disabled IPv6.
  
  I know Facebook is reading these articles, since in November I wrote about how you could circumvent Facebook's system of verifying that users were real high school students, by doing the following: "(1) create a profile of a non-overweight girl and sign up as a member of a high school network, pending confirmation; (2) search for several boys in that network and send them friend requests; and (3) wait for at least one of them to confirm you back". Shortly afterwards, Facebook changed the verification system, so that now, if you're confirming someone who is a pending member of a high school network but no one else has confirmed them yet, Facebook warns you, "Only check this box if you're absolutely sure that you know this person." So, whichever of Mark Zuckerberg's friends is reading my articles: Clever idea, and, keep the IPv6 records working.

That was as far as I got before I stopped trying to get used to Vista and started taking notes for this article (working title: "Vist Vucked"). From the Mechanical Turk users who responded to my survey, the other most common reported problems were: software compatibility, hardware compatibility, difficulty with the UI, and running too slowly. Presumably the first two problems will improve over time, but the UI will always be hard to switch to as long as users can't find functions that were easy locatable in the old interface, and if it runs slower than XP, that will always be a factor no matter how fast your computer is. (However fast it runs Vista, you'd always be able to make it run even faster with XP instead!)

The best things I've heard about Vista have been that (a) it is the most secure Windows ever (which Dave Barry says is like calling asparagus the "most articulate vegetable ever"), and (b) it features better multimedia integration. To which my responses were: (a) the number of incomprehensible warnings that Vista flashes at a user whenever they look at the computer funny, does not make it more secure, because users will condition themselves to just ignore those warnings, and (b) I hate watching TV on my computer anyway.

Since TV/PC integration is a major selling point for Vista, I thought this last issue was worth looking harder at: Do people really want to use their computers to watch TV? My computer monitor is in an office where I sit up close when I'm working; but TV feels more comfortable to watch from several feet away, and in my office I can't even scoot my chair back that far. (And if I lived with family, I doubt they'd want to crowd into my office to watch a movie.) In fact, I like the psychological separation of the TV set in the living room from the distractions of the computer in the office: I go in there when I'm done with everything in here. The only way I'd regularly download and watch movies would be if I had a way to send them wirelessly to my TV, but a wireless PC-to-TV converter and the corresponding receiver together cost about $200.

Seeking more validation of my opinions from strangers, I did another survey of 30 Mechanical Turk users, asking if they would rather drive to a movie rental store or download a movie online for the same price. Almost half (14) said they'd rather drive to the movie store, citing the comfort of watching the movie on their TV as opposed to on the computer. Another fourth of the respondents (8) said they'd download the movie but only if they could send the content to their TV to watch, and only the last fourth (8) said they'd actually watch it on their computer monitor. So the future of convergence between PC and TV will probably be not in all-in-one systems but in devices that link the PC in your study with the TV in your living room, and since there's no household name yet for PC-to-TV linkage, the field is wide open for some lucky company to make a product that becomes synonymous with the concept, the way "TiVo" is easier to say than "Digital Video Recorder". Maybe that will be a boost for systems like Vista. If that happens at about the same time that a Vista successor is released that makes the interface easier to switch to from XP, I'll bet that will be the tipping point that gets people switching voluntarily. (Of course many people will switch by then just because they need a new computer and they couldn't find one with anything but Vista on it.)

Anyway, I was only trying a new Vista machine because the hard drive on my old computer died, but after all the data had been recovered, I just installed a new drive in the old machine and went back to XP, while my Vista machine was returned to its perch, gargoyle-like, on the shelves at Circuit City, waiting to pounce on the next unsuspecting wretch with dreams of self-improvement through newer computer purchases. The only remnant of Vista that I have left is IE7, which was installed by my Windows XP restore disk and can't be removed, and which is incompatible with some sites and programs that I need, so I've been using Firefox more and getting to like it. That's lucky, since I've already offended the loyal software-logo-wearing constituencies of Vista and Linux, and wouldn't want to deal with the Firefox crowd too. As my friend Anne Mitchell says, "Admitting you hate Firefox is almost as bad as admitting to being Republican." (Except that when Firefox screws with a page, the chat logs don't end up on national television. Ba-dump-bump!)

You may have noticed a number of stories recently about undersea cables getting cut around the world. Apparently the total is now up to 5, but the scariest part of this is that Iran is now offline. You can also read Schneier's comments on this coincidence. Update: 02/06 17:42 GMT by Z : As a commenter notes, though the country of Iran is obviously experiencing some networking difficulties, it is not offline.

Schneier points out an interesting (and long, 117-pages) paper on the ethical implications of robots in war [PDF]. "This report has provided the motivation, philosophy, formalisms, representational requirements, architectural design criteria, recommendations, and test scenarios to design and construct an autonomous robotic system architecture capable of the ethical use of lethal force. These first steps toward that goal are very preliminary and subject to major revision, but at the very least they can be viewed as the beginnings of an ethical robotic warfighter. The primary goal remains to enforce the International Laws of War in the battlefield in a manner that is believed achievable, by creating a class of robots that not only conform to International Law but outperform human soldiers in their ethical capacity."

Schneier is reporting that Arizona State University's Paul Torrens has been developing a computer simulation to model urban panic. "The goal of this project is to develop a reusable and behaviorally founded computer model of pedestrian movement and crowd behavior amid dense urban environments, to serve as a test-bed for experimentation." The simulation tests behaviors from how a crowd flees from a burning car to how a pathogen might be transmitted through a mobile pedestrian over time among others.

Schneier is reporting that Microsoft has added the new Dual_EC-DRBG random-number generator to Vista SP1. This random-number generator is the same one discussed earlier that may have a secret NSA backdoor built into it.

Schneier is reporting that Microsoft has added the new Dual_EC-DRBG random-number generator to Vista SP1. This random-number generator is the same one discussed earlier that may have a secret NSA backdoor built into it.

Schneier has posted a conversation between himself and Marcus Ranum, Chief Security Officer for Tenable Network Security, Inc. looking at where security is headed. "[...] at a meta-level, the problems are going to stay the same. What's shocking and disappointing to me is that our responses to those problems also remain the same, in spite of the obvious fact that they aren't effective."

Schneier has pointed out a great law review article about the problems with copyright. The author takes a look at normal daily practices and how many commonplace actions actually result in what can be considered copyright violations. "By the end of the day, John has infringed the copyrights of twenty emails, three legal articles, an architectural rendering, a poem, five photographs, an animated character, a musical composition, a painting, and fifty notes and drawings. All told, he has committed at least eighty-three acts of infringement and faces liability in the amount of $12.45 million (to say nothing of potential criminal charges). There is nothing particularly extraordinary about John's activities. Yet if copyright holders were inclined to enforce their rights to the maximum extent allowed by law, he would be indisputably liable for a mind-boggling $4.544 billion in potential damages each year. And, surprisingly, he has not even committed a single act of infringement through P2P file sharing."

An anonymous reader writes "Ten kids in a pilot program in the Hungerhill School in Edenthorpe, England will participate in a program that puts RFID chips in students' uniforms to keep track of their whereabouts. A group called 'Leave Them Kids Alone' is opposing the program. Bruce Schneier blogs: '...Now it's easy to cut class; just ask someone to carry your shirt around the building while you're elsewhere.'"

jamie found this essay by Bruce Schneier, The War on the Unexpected. (It originally appeared in Wired but this version has all the links.) "We've opened up a new front on the war on terror. It's an attack on the unique, the unorthodox, the unexpected; it's a war on different. If you act different, you might find yourself investigated, questioned, and even arrested — even if you did nothing wrong, and had no intention of doing anything wrong. The problem is a combination of citizen informants and a CYA attitude among police that results in a knee-jerk escalation of reported threats... After someone reports a 'terrorist threat,' the whole system is biased towards escalation and CYA instead of a more realistic threat assessment... If you ask amateurs to act as front-line security personnel, you shouldn't be surprised when you get amateur security."

Schneier has pointed out an excellent series of blog posts about threat modeling by Microsoft's Larry Osterman. The series focuses on the PlaySound API as an example. "As you go about filling in the threat model threat list, it's important to consider the consequences of entering threats and mitigations. While it can be easy to find threats, it is important to realize that all threats have real-world consequences for the development team. At the end of the day, this process is about ensuring that our customer's machines aren't compromised. When we're deciding which threats need mitigation, we concentrate our efforts on those where the attacker can cause real damage."

Schneier is reporting that Mike McConnell, U.S. National Intelligence Director, recently gave an interesting interview to the El Paso Times. "I don't think he's ever been so candid before. For example, he admitted that the nation's telcos assisted the NSA in their massive eavesdropping efforts. We already knew this, of course, but the government has steadfastly maintained that either confirming or denying this would compromise national security."

Stanistani sends us to MSNBC for a dyspeptic Newsweek commentary on the TSA's latest attempt to make air travel safer: the rather ominously named "Behavior Detection Officers" now working in a dozen US airports, and slated to go nationwide in 2008. They are trained in the discipline of reading "micro-expressions." The editorialist calls that a pseudo-science, but in fact it's a well-understood skill that can be taught and learned. A cursory look at this TSA program might put one in mind of Orwell's "facecrime," and that's the road the Newsweek writer goes down. Yet some who bemoan the security theater historically run by the TSA point to the gold standard of airport security, Tel Aviv airport, and wonder why TSA officers can't act more like the Israelis. Bruce Schneier wrote recently about one reason why the Israeli security model isn't completely transplantable to these shores: scale. And here's Schneier's take on behavioral profiling from a year ago. That's what the BDOs will be trying for: scrutinizing intent instead of pocket knives. Let's just hope they don't get swamped with false positives.

Stanistani sends us to MSNBC for a dyspeptic Newsweek commentary on the TSA's latest attempt to make air travel safer: the rather ominously named "Behavior Detection Officers" now working in a dozen US airports, and slated to go nationwide in 2008. They are trained in the discipline of reading "micro-expressions." The editorialist calls that a pseudo-science, but in fact it's a well-understood skill that can be taught and learned. A cursory look at this TSA program might put one in mind of Orwell's "facecrime," and that's the road the Newsweek writer goes down. Yet some who bemoan the security theater historically run by the TSA point to the gold standard of airport security, Tel Aviv airport, and wonder why TSA officers can't act more like the Israelis. Bruce Schneier wrote recently about one reason why the Israeli security model isn't completely transplantable to these shores: scale. And here's Schneier's take on behavioral profiling from a year ago. That's what the BDOs will be trying for: scrutinizing intent instead of pocket knives. Let's just hope they don't get swamped with false positives.

The NSA wants automatic surveillance capabilities in telephone switches. But once such capabilities are built in, others could use them to intercept communications. Within 10 years this could render the US vulnerable to attacks from terrorist groups across the globe, as well as from the military establishments of other nations. "Such threats are not theoretical: In April 2004, phones belonging to members of the Greek government, including the prime minister, were spied on with wiretapping software that was misused."

enharmonix writes "Courtesy of Bruce Schneier, it's nice to hear something good about data mining for a change: predicting and stopping crime. For example, police in Redmond, VA, 'started overlaying crime reports with other data, such as weather, traffic, sports events and paydays for large employers. The data was analyzed three times a day and something interesting emerged: Robberies spiked on paydays near cheque cashing storefronts in specific neighbourhoods. Other clusters also became apparent, and pretty soon police were deploying resources in advance and predicting where crime was most likely to occur.'"

Bruce Schneier recently had the chance to sit down with Kip Hawley, head of the Transportation Security Administration (TSA), and discuss some of the frustrations travelers experience head-on. "In April, Kip Hawley, the head of the Transportation Security Administration (TSA), invited me to Washington for a meeting. Despite some serious trepidation, I accepted. And it was a good meeting. Most of it was off the record, but he asked me how the TSA could overcome its negative image. I told him to be more transparent, and stop ducking the hard questions. He said that he wanted to do that. He did enjoy writing a guest blog post for Aviation Daily, but having a blog himself didn't work within the bureaucracy."

An anonymous reader writes "At the Black Hat Conference in Amsterdam, security experts from India demonstrated a special boot loader that gets around Vista's code-signing mechanisms. Indian security experts Nitin and Vipin Kumar of NV labs have developed a program called the VBootkit that launches from a CD and boots Vista, making on-the-fly changes in memory and in files being read. In a demonstration, the 'boot kit' managed to run with kernel privileges and issue system rights to a CMD shell when running on Vista, even without a Microsoft signature. The demo was run on Vista RC2. The researchers say the only reason they didn't do it on Vista final was cost. Schneier blogged the exploit."

Bruce Schneier has said that trying to make digital files uncopyable is like trying to make water not wet. With Vista, Microsoft seems to have done a pretty good job of making premium content files not copyable. Now a few readers have tipped us to a new wrinkle: Vista also makes it very, very slow to copy, rename, or delete ordinary files. Here is a Microsoft TechNet thread on the problem. The Reg reports that Microsoft has a hotfix for what sounds like a subset of the more general problem complained about on TechNet; but they will only give it to customers who ask nicely. And a hotfix is fussier to install than a proper patch.

Regular Slashdot contributor Bennett Haselton writes in to say "The December 1st release of Psiphon has sparked renewed interest in the various software programs that can help circumvent Internet censorship in China, Iran, and other censored countries. (Some of this interest undoubtedly being motivated by the fact that many of these programs also work for getting around blocking software at work or school.) Have you ever wanted to understand the science behind these programs, the way that mathematicians and codebreakers understand the magic behind PGP? If you loved the mental workout of reading "Applied Cryptography", have you ever wanted a tutorial to do the same for Psiphon and Tor and other anti-censorship programs?" The rest of his editorial follows.

Well, here's a primer, but you might be disappointed. Like making the Statue of Liberty disappear, it doesn't sound very cool once you know how it's done; the truth is that most anti-censorship programs, including mine, only work because the censors are not trying very hard.

(Note that I am going to be talking about ways that certain anti-censorship programs can be defeated. I don't believe that this is giving much help to censors, because these are obvious weaknesses that would occur to anyone who knows how the programs work. For reasons I'll get into at the end, I don't think these weaknesses actually make much difference.)

Basically, all anti-censorship programs fall into two categories: those that require you to have a helper outside of the censored country, and those that don't.

Take Psiphon. To use Psiphon, someone in a non-censored country has to install it on their home computer, which turns their computer into a Web server with an interface similar to Anonymouse.org, where you type in the URL of the page you want to view and it fetches it for you. The difference, of course, is that Anonymouse.org is widely known and blocked by any self-respecting Internet filtering system, while your newly created Psiphon URL pointing to your home computer is not blocked anywhere, yet. So if you set up a Psiphon URL on your computer in the U.S. and e-mail it to your friend in China, your friend can use it to surf wherever they want. (Note that this also has the desirable property that the person in China doesn't have to install any software, so they can use the URL even from a cybercafe computer with restricted user permissions.) The hurdle, of course, is that the person in China has to have a contact outside the country to help them. This is not a huge barrier for many Chinese, but it still means the program doesn't have the instant gratification property of something that you turn on and it just works.

Peacefire, by the way, had released the Circumventor program in 2003 which did essentially the same thing. (And the Circumventor was itself really just a wizard for installing a Web server with James Marshall's CGIProxy script, which deserves most of the credit, although the Circumventor did help bring it "to the masses", since most users don't have the ability to set up an SSL-enabled Web server themselves.) Psiphon made some improvements, namely:

• Ability to create password-protected accounts to restrict the URL to certain users.
• Smaller download (although it may not matter much since only broadband users would be installing it anyway).
• Ability to run on Linux. (Circumventor only works on Windows, although you can install CGIProxy on a Linux webserver if you know how.)

Circumventor has some of its own advantages, although they're the kind that could easily be incorporated into Psiphon soon:

• A wizard to help users forward incoming connections on their router and enter exceptions in software firewalls to make the software work. (If they want to. No tweaking people's firewall settings without asking them!)
• Slightly harder to block, due to some strategies such as using a different SSL certificate for each install (Psiphon uses the same one each time).

And both programs fall victim to the same attacks, although as far as I know, none of these have been implemented in practice:

• Blocking sites whose SSL certificates do not match the site hostname (easier for a censoring proxy server like the ones used in the Middle East, than for an IP firewall like the Great Firewall of China).
• Blocking outgoing Web connections to residential IP address ranges like Comcast.

But basically, they're the same program -- so the difference in press coverage has been illustrative of how much context matters to reporters. Psiphon is the "politically correct" version -- they've played down the fact that it can be used to get around blocking software in schools and played up the fact that it can be used to beat the censors in China and Iran, and the press coverage has focused exclusively on that human rights aspect. The Circumventor was also written to help foreign victims of censorship, and articles have been written about its uses for that purpose, but I've also been unapologetically promoting its use to get around blocking software at home and in school, as part of an advocacy for greater civil rights for people under 18. (Also because the more installations there are in the U.S., the more it helps users abroad.) As a result, some of the TV news pieces about it have used such ominous music and lighting that they practically looked like recycled footage from "To Catch a Predator". Of course, Psiphon can be used for exactly the same thing. (I also emailed some of the reporters who recently wrote about Psiphon, to tell them about Circumventor; so far, I haven't heard back from any of them, but I doubt they're being politically correct this time, I think they're just not thrilled that C-Net scooped them by three years and seven months.)

So, Psiphon and Circumventor fall in the first category -- programs that only work if you've got a contact outside the censored country to help you. In the second category is Tor, which was originally written to provide mathematically secure anonymity, but had the nice property that it could be used to get around the Great Firewall of China as well. With your browser in China using Tor as a proxy, packets are routed to other Tor nodes outside the country, which connect you with any blocked Web site that you want to see. Best of all, you just install it on a machine in China, and presto, it works, no nagging your expat cousin in the U.S. to install something on their computer to help you. Dynamic Internet Technologies, run by Chinese dissident Bill Xia in North Carolina, runs another service that works "out of the box" -- you send an instant-message to one of the DIT screen names, and it replies with a list of currently running Web proxies. (Bill has asked me not to publicize the actual screen names that perform this service, because it's intended only for Chinese users. I think that's a case of "security through obscurity", but I respect his wishes.)

Unfortunately, all such "instant gratification" solutions have the same basic weakness, which by a simple argument can be extended even to hypothetical future programs in the same category. In the case of a program like Tor, the censor only has to install the software, look at what IP addresses the software connects to when it bootstraps itself, and add those IP addresses to the blacklist. Even if the software chooses at random from multiple IP addresses to bootstrap to, the censor can still obtain all of them by repeatedly re-installing the software (possibly wiping the machine each time so the software can't tell that it's been installed before). No matter how you slice it, if Alice the legitimate user and Bob the censor download the program on the same day, Bob can make the program not work for Alice if he updates the blacklist quickly enough. He doesn't even have to reverse-engineer the software, he just has to use a network sniffer to see where it connects to. (For DIT's proxy-by-instant-message system, the censor can instant-message the screen name repeatedly, from different accounts, until they've collected and blocked all the available proxies; this would be analogous to re-installing Tor repeatedly and seeing what IPs it connects to.)

Peacefire has produced other approach which is a simple, obvious idea, and it was quite by accident that we found out it slips through the cracks of the seemingly "unsolvable" problem with instant-gratification outlined above. Like the other solutions, it works only as long as the censors are fairly lazy, but they are, and it does. About 30,000 people have signed up through a form on our site to be notified each time we create a new Circumventor site and mail it out, every 3 or 4 days. Agents of the blocking companies have joined the list too, of course, but we mail different sites to different subsets of the list. Now, an attack analogous to the attacks listed in the previous paragraph, would be for the censors to join under many different accounts, and then block any site that gets mailed to any of those accounts. But the catch is that when an address joins the list, a new site doesn't get mailed to that address until some random time in the future. So the censor has to check all of the fake Hotmail accounts that they've created, over and over, if they want to block all of the new sites as soon as they're released. Hardly impossible, but the censor can no longer use the instantaneous approach of: (1) enter the system / join the list / install the software; (2) see where it connects to and block those points of access; (3) repeat. (If we instantly e-mailed a randomly selected site to each new signup, then this attack would work.) By going from instant gratification to almost-instant-gratification, you change one of the conditions for the theorem stated in the previous paragraph, so that it no longer holds true. Still, like Tor and the DIT system, it could be blocked with a moderate amount of effort.

The Tor protocol, by the way, has been the subject of a great deal of sophisticated mathematical analysis, really brainy stuff that is beyond the scope of this article. But it's important to understand that that analysis focuses on the security of the Tor protocol for achieving anonymity. For anonymity, the protocol is very strong; for routing around censorship, it's fairly straightforward to defeat. That's not at all a criticism of the Tor developers; Tor was designed to achieve anonymity, and just turned out to work for beating censorship as well -- but only, of course, as long as the censors aren't making much effort to block it.

Which all leads to the obvious question: Why have the censors not bothered?

Nobody knows for sure, but I fear the answer is that the Chinese government and other censors know that the greatest weapon in their arsenal is not IP blocking, or keyword filtering, or even the threat of arrest. It's just apathy. The Chinese censors know what we anti-censorware developers in the free world keep forgetting: that most Chinese are not liberty-minded Jeffersonians chomping at the bit under the oppressive yoke of their government and waiting to be freed by circumvention software. As Michael Chase and James Mulvenon of the RAND Corporation put it in their report on Internet usage by Chinese dissidents, You've Got Dissent!: "[A]lthough some peer-to-peer applications... are designed specifically to combat censorship on the Internet and address privacy concerns, most Chinese Internet users are undoubtedly more interested in using peer-to-peer applications for entertainment purposes such as downloading MP3 music files." The censors know what Netscape knew when they fought tooth and nail against Microsoft including Internet Explorer on the desktop of every Windows machine: defaults matter. It doesn't matter that users can go to Netscape's site and download their browser, and it doesn't matter that users can access a banned site by installing a cool p2p program. Most people just don't.

When I first started working on the Circumventor, I assumed that since the Chinese Internet censorship bureau reportedly employed about 30,000 people, surely if they were already spending that much effort and money, they'd throw plenty of resources at defeating any new anti-censorship program, so the Circumventor would have to be able to withstand any such attack. But I was wrong. According to the RAND corporation paper, the censors have been quite busy, for example, policing political forums for dissident postings that other users might casually run into. But they apparently assume -- correctly, it seems -- that content doesn't pose much of a threat if users have to go out of their way and download a program to access it. And if the user has to have a friend outside the country to help them, then forget it.

This is not to downplay the enormous good that programs like Tor, Circumventor and Psiphon can do in bringing free speech to the people in censored countries who want it. But it's easy to forget that those often do not comprise a large part of the population.

One of the biggest disappointments for me came in May 2005 when I was looking for ways to get around the word filter on MSN China's blogging service. Microsoft, apparently acting on public relations advice from Lex Luthor, had decided to filter the words "freedom", "democracy", and "Taiwan independence" from the titles of blogs on MSN China. (I know, I know, they have to comply with Chinese laws to do business there. But I don't think the Chinese have actually outlawed the word "democracy".) Eventually I did find a loophole, so I searched on MSN for some Chinese blogs published by expatriates to ask them to help test the workaround for me. With a few exceptions, most of the bloggers were rather hostile, saying that they supported their government's efforts to censor the Internet and to stamp out Falun Gong as a dangerous "cult". (These were expats living in the U.S., so presumably they were not worried about the Chinese government sending a tank across the Pacific to run them over if they criticized the ruling party. Even if they thought they had to watch what they said because they might someday return to China, or because they still had family there, surely it would have been easier just to ignore me; the hostility that I encountered sounded genuine.) The moral is, no matter how much your movement believes in its efforts to help oppressed people, you can't just assume you'll be greeted as liberators (ahem).

So now you know most of what there is to know about the state of the art in anti-censorship software. It's just that there is less to understand than the hype originally suggests -- the programs aren't really secure, but they work because the censors aren't really trying. And there aren't any cool mathematical formulas that you can impress your friends with -- for that, you'll still have to go back to Applied Cryptography. It's a lot less impressive to be the Bruce Schneier of circumvention algorithms than it is to be the real Bruce Schneier.

Regular Slashdot contributor Bennett Haselton writes in to say "The December 1st release of Psiphon has sparked renewed interest in the various software programs that can help circumvent Internet censorship in China, Iran, and other censored countries. (Some of this interest undoubtedly being motivated by the fact that many of these programs also work for getting around blocking software at work or school.) Have you ever wanted to understand the science behind these programs, the way that mathematicians and codebreakers understand the magic behind PGP? If you loved the mental workout of reading "Applied Cryptography", have you ever wanted a tutorial to do the same for Psiphon and Tor and other anti-censorship programs?" The rest of his editorial follows.

Well, here's a primer, but you might be disappointed. Like making the Statue of Liberty disappear, it doesn't sound very cool once you know how it's done; the truth is that most anti-censorship programs, including mine, only work because the censors are not trying very hard.

(Note that I am going to be talking about ways that certain anti-censorship programs can be defeated. I don't believe that this is giving much help to censors, because these are obvious weaknesses that would occur to anyone who knows how the programs work. For reasons I'll get into at the end, I don't think these weaknesses actually make much difference.)

Basically, all anti-censorship programs fall into two categories: those that require you to have a helper outside of the censored country, and those that don't.

Take Psiphon. To use Psiphon, someone in a non-censored country has to install it on their home computer, which turns their computer into a Web server with an interface similar to Anonymouse.org, where you type in the URL of the page you want to view and it fetches it for you. The difference, of course, is that Anonymouse.org is widely known and blocked by any self-respecting Internet filtering system, while your newly created Psiphon URL pointing to your home computer is not blocked anywhere, yet. So if you set up a Psiphon URL on your computer in the U.S. and e-mail it to your friend in China, your friend can use it to surf wherever they want. (Note that this also has the desirable property that the person in China doesn't have to install any software, so they can use the URL even from a cybercafe computer with restricted user permissions.) The hurdle, of course, is that the person in China has to have a contact outside the country to help them. This is not a huge barrier for many Chinese, but it still means the program doesn't have the instant gratification property of something that you turn on and it just works.

Peacefire, by the way, had released the Circumventor program in 2003 which did essentially the same thing. (And the Circumventor was itself really just a wizard for installing a Web server with James Marshall's CGIProxy script, which deserves most of the credit, although the Circumventor did help bring it "to the masses", since most users don't have the ability to set up an SSL-enabled Web server themselves.) Psiphon made some improvements, namely:

• Ability to create password-protected accounts to restrict the URL to certain users.
• Smaller download (although it may not matter much since only broadband users would be installing it anyway).
• Ability to run on Linux. (Circumventor only works on Windows, although you can install CGIProxy on a Linux webserver if you know how.)

Circumventor has some of its own advantages, although they're the kind that could easily be incorporated into Psiphon soon:

• A wizard to help users forward incoming connections on their router and enter exceptions in software firewalls to make the software work. (If they want to. No tweaking people's firewall settings without asking them!)
• Slightly harder to block, due to some strategies such as using a different SSL certificate for each install (Psiphon uses the same one each time).

And both programs fall victim to the same attacks, although as far as I know, none of these have been implemented in practice:

• Blocking sites whose SSL certificates do not match the site hostname (easier for a censoring proxy server like the ones used in the Middle East, than for an IP firewall like the Great Firewall of China).
• Blocking outgoing Web connections to residential IP address ranges like Comcast.

But basically, they're the same program -- so the difference in press coverage has been illustrative of how much context matters to reporters. Psiphon is the "politically correct" version -- they've played down the fact that it can be used to get around blocking software in schools and played up the fact that it can be used to beat the censors in China and Iran, and the press coverage has focused exclusively on that human rights aspect. The Circumventor was also written to help foreign victims of censorship, and articles have been written about its uses for that purpose, but I've also been unapologetically promoting its use to get around blocking software at home and in school, as part of an advocacy for greater civil rights for people under 18. (Also because the more installations there are in the U.S., the more it helps users abroad.) As a result, some of the TV news pieces about it have used such ominous music and lighting that they practically looked like recycled footage from "To Catch a Predator". Of course, Psiphon can be used for exactly the same thing. (I also emailed some of the reporters who recently wrote about Psiphon, to tell them about Circumventor; so far, I haven't heard back from any of them, but I doubt they're being politically correct this time, I think they're just not thrilled that C-Net scooped them by three years and seven months.)

So, Psiphon and Circumventor fall in the first category -- programs that only work if you've got a contact outside the censored country to help you. In the second category is Tor, which was originally written to provide mathematically secure anonymity, but had the nice property that it could be used to get around the Great Firewall of China as well. With your browser in China using Tor as a proxy, packets are routed to other Tor nodes outside the country, which connect you with any blocked Web site that you want to see. Best of all, you just install it on a machine in China, and presto, it works, no nagging your expat cousin in the U.S. to install something on their computer to help you. Dynamic Internet Technologies, run by Chinese dissident Bill Xia in North Carolina, runs another service that works "out of the box" -- you send an instant-message to one of the DIT screen names, and it replies with a list of currently running Web proxies. (Bill has asked me not to publicize the actual screen names that perform this service, because it's intended only for Chinese users. I think that's a case of "security through obscurity", but I respect his wishes.)

Unfortunately, all such "instant gratification" solutions have the same basic weakness, which by a simple argument can be extended even to hypothetical future programs in the same category. In the case of a program like Tor, the censor only has to install the software, look at what IP addresses the software connects to when it bootstraps itself, and add those IP addresses to the blacklist. Even if the software chooses at random from multiple IP addresses to bootstrap to, the censor can still obtain all of them by repeatedly re-installing the software (possibly wiping the machine each time so the software can't tell that it's been installed before). No matter how you slice it, if Alice the legitimate user and Bob the censor download the program on the same day, Bob can make the program not work for Alice if he updates the blacklist quickly enough. He doesn't even have to reverse-engineer the software, he just has to use a network sniffer to see where it connects to. (For DIT's proxy-by-instant-message system, the censor can instant-message the screen name repeatedly, from different accounts, until they've collected and blocked all the available proxies; this would be analogous to re-installing Tor repeatedly and seeing what IPs it connects to.)

Peacefire has produced other approach which is a simple, obvious idea, and it was quite by accident that we found out it slips through the cracks of the seemingly "unsolvable" problem with instant-gratification outlined above. Like the other solutions, it works only as long as the censors are fairly lazy, but they are, and it does. About 30,000 people have signed up through a form on our site to be notified each time we create a new Circumventor site and mail it out, every 3 or 4 days. Agents of the blocking companies have joined the list too, of course, but we mail different sites to different subsets of the list. Now, an attack analogous to the attacks listed in the previous paragraph, would be for the censors to join under many different accounts, and then block any site that gets mailed to any of those accounts. But the catch is that when an address joins the list, a new site doesn't get mailed to that address until some random time in the future. So the censor has to check all of the fake Hotmail accounts that they've created, over and over, if they want to block all of the new sites as soon as they're released. Hardly impossible, but the censor can no longer use the instantaneous approach of: (1) enter the system / join the list / install the software; (2) see where it connects to and block those points of access; (3) repeat. (If we instantly e-mailed a randomly selected site to each new signup, then this attack would work.) By going from instant gratification to almost-instant-gratification, you change one of the conditions for the theorem stated in the previous paragraph, so that it no longer holds true. Still, like Tor and the DIT system, it could be blocked with a moderate amount of effort.

The Tor protocol, by the way, has been the subject of a great deal of sophisticated mathematical analysis, really brainy stuff that is beyond the scope of this article. But it's important to understand that that analysis focuses on the security of the Tor protocol for achieving anonymity. For anonymity, the protocol is very strong; for routing around censorship, it's fairly straightforward to defeat. That's not at all a criticism of the Tor developers; Tor was designed to achieve anonymity, and just turned out to work for beating censorship as well -- but only, of course, as long as the censors aren't making much effort to block it.

Which all leads to the obvious question: Why have the censors not bothered?

Nobody knows for sure, but I fear the answer is that the Chinese government and other censors know that the greatest weapon in their arsenal is not IP blocking, or keyword filtering, or even the threat of arrest. It's just apathy. The Chinese censors know what we anti-censorware developers in the free world keep forgetting: that most Chinese are not liberty-minded Jeffersonians chomping at the bit under the oppressive yoke of their government and waiting to be freed by circumvention software. As Michael Chase and James Mulvenon of the RAND Corporation put it in their report on Internet usage by Chinese dissidents, You've Got Dissent!: "[A]lthough some peer-to-peer applications... are designed specifically to combat censorship on the Internet and address privacy concerns, most Chinese Internet users are undoubtedly more interested in using peer-to-peer applications for entertainment purposes such as downloading MP3 music files." The censors know what Netscape knew when they fought tooth and nail against Microsoft including Internet Explorer on the desktop of every Windows machine: defaults matter. It doesn't matter that users can go to Netscape's site and download their browser, and it doesn't matter that users can access a banned site by installing a cool p2p program. Most people just don't.

When I first started working on the Circumventor, I assumed that since the Chinese Internet censorship bureau reportedly employed about 30,000 people, surely if they were already spending that much effort and money, they'd throw plenty of resources at defeating any new anti-censorship program, so the Circumventor would have to be able to withstand any such attack. But I was wrong. According to the RAND corporation paper, the censors have been quite busy, for example, policing political forums for dissident postings that other users might casually run into. But they apparently assume -- correctly, it seems -- that content doesn't pose much of a threat if users have to go out of their way and download a program to access it. And if the user has to have a friend outside the country to help them, then forget it.

This is not to downplay the enormous good that programs like Tor, Circumventor and Psiphon can do in bringing free speech to the people in censored countries who want it. But it's easy to forget that those often do not comprise a large part of the population.

One of the biggest disappointments for me came in May 2005 when I was looking for ways to get around the word filter on MSN China's blogging service. Microsoft, apparently acting on public relations advice from Lex Luthor, had decided to filter the words "freedom", "democracy", and "Taiwan independence" from the titles of blogs on MSN China. (I know, I know, they have to comply with Chinese laws to do business there. But I don't think the Chinese have actually outlawed the word "democracy".) Eventually I did find a loophole, so I searched on MSN for some Chinese blogs published by expatriates to ask them to help test the workaround for me. With a few exceptions, most of the bloggers were rather hostile, saying that they supported their government's efforts to censor the Internet and to stamp out Falun Gong as a dangerous "cult". (These were expats living in the U.S., so presumably they were not worried about the Chinese government sending a tank across the Pacific to run them over if they criticized the ruling party. Even if they thought they had to watch what they said because they might someday return to China, or because they still had family there, surely it would have been easier just to ignore me; the hostility that I encountered sounded genuine.) The moral is, no matter how much your movement believes in its efforts to help oppressed people, you can't just assume you'll be greeted as liberators (ahem).

So now you know most of what there is to know about the state of the art in anti-censorship software. It's just that there is less to understand than the hype originally suggests -- the programs aren't really secure, but they work because the censors aren't really trying. And there aren't any cool mathematical formulas that you can impress your friends with -- for that, you'll still have to go back to Applied Cryptography. It's a lot less impressive to be the Bruce Schneier of circumvention algorithms than it is to be the real Bruce Schneier.

Schneier is reporting that the Department of Homeland Security has decided to delve into why upper management doesn't "get" IT security threats. The results aren't terribly surprising to those in the trenches, stating that most executives view security as something akin to facilities management. "Thankfully", the $495 report (if you aren't a "Conference Board associate") helps tell you how to handle the situation.

prostoalex writes "Encryption guru Bruce Schneier takes a look at perceived and actual risks with some insightful commentary on how warped the public perception of risks may be: '...we worry more about anthrax (with an annual death toll of roughly zero) than influenza (with an annual death toll of a quarter-million to a half-million people). Influenza is a natural accident, anthrax is an intentional action, and the smallest action captures our attention in a way that the largest accident doesn't. If two airplanes had been hit by lightning and crashed into a New York skyscraper, few of us would be able to name the date on which it happened.'"

Schneier is reporting that a 3 year old freedom of information act request has finally come to fruition showing us indices from the NSA Technical Journal, Cryptographic Quarterly, Crytologic Spectrum, and Cryptologic Almanac. From the article: "The request took more than three years for them to process and declassify -- sadly, not atypical -- and during the process they asked if he would accept the indexes in lieu of the tables of contents pages: specifically, the cumulative indices that included all the previous material in the earlier indices. He agreed, and got them last month. Consider these bibliographic tools as stepping stones. If you want an article, send a FOIA request for it. Send a FOIA request for a dozen. There's a lot of stuff here that would help elucidate the early history of the agency and some interesting cryptographic topics."

An anonymous reader writes, "In his latest newsletter, security author Bruce Schneier delivered a scathing critique of politicians and the media for promoting fear and ultimately doing exactly what the terrorists want. Citing several cases of false alarms, Schneier writes: 'Our politicians help the terrorists every time they use fear as a campaign tactic. The press helps every time it writes scare stories about the plot and the threat... Our job is to think critically and rationally, and to ignore the cacophony of other interests trying to use terrorism to advance political careers or increase a television show's viewership.' Are the terrorists laughing at us?"

mrogers writes "Following on the heels of last year's collision search attack against SHA-1, researchers at the Crypto 2006 conference have announced a new attack that allows the attacker to choose part of the colliding messages. "Using the new method, it is possible, for example, to produce two HTML documents with a long nonsense part after the closing </html> tag, which, despite slight differences in the HTML part, thanks to the adapted appendage have the same hash value." A similar attack against MD5 was announced last year."

Krishna Dagli writes to mention a post by Bruce Schneier on his site indicating that the U.S. Navy may be patenting the Firewall. Whether or not it is their intention to do so is unclear. From the patent description: "In a communication system having a plurality of networks, a method of achieving network separation between first and second networks is described. First and second networks with respective first and second degrees of trust are defined, the first degree of trust being higher than the second degree of trust. Communication between the first and second networks is enabled via a network interface system having a protocol stack, the protocol stack implemented by the network interface system in an application layer."

Bruce Schneier is reporting on his blog that a recent paper is discussing how to defeat China's national firewall. From the article: "However, because the original packets are passed through the firewall unscathed, if both of the endpoints were to completely ignore the firewall's reset packets, then the connection will proceed unhindered! We've done some real experiments on this -- and it works just fine!! Think of it as the Harry Potter approach to the Great Firewall -- just shut your eyes and walk onto Platform 9¾."

ckswift writes "From security expert Bruce Schneier's blog, a major security hole has been found in Diebold voting machines." From the article: "The hole is considered more worrisome than most security problems discovered on modern voting machines, such as weak encryption, easily pickable locks and use of the same, weak password nationwide. Armed with a little basic knowledge of Diebold voting systems and a standard component available at any computer store, someone with a minute or two of access to a Diebold touch screen could load virtually any software into the machine and disable it, redistribute votes or alter its performance in myriad ways."

Bruce Schneier posts on a story being reported in the Seattle Intelligencer. Greek and U.S. officials in Greece apparently had their phones tapped for over a year before the 2004 Olympics. From the article: "It was not known who was responsible for the taps, which numbered about 100 and included Greek Prime Minister Costas Caramanlis and his wife, and the ministers of foreign affairs, defense, public order and justice. Most of Greece's top military and police officers were also targeted, as were foreign ministry officials and a U.S. embassy number. Also tapped were some journalists and human rights activists." Schneier gives a bit of technical background on how the tapping was accomplished.

wiredog writes "Security expert Bruce Schneier is reporting on a continuing effort to penetrate US government and industry computer systems that most likely stems from the Chinese military." From the Terranet article: "The attacks have been traced to the Chinese province of Guangdong, and the techniques used make it appear unlikely to come from any other source than the military, said Alan Paller, the director of the SANS Institute, an education and research organization focusing on cybersecurity."

sebFlyte writes "There's an interesting look at the Trusted computing initiative running over on ZDNet UK, written by security guru Bruce Schneier. He looks at the suggestions for best practice made in a recent policy document, and Microsoft's 'Machiavellian manoeuvring' to stall said document. He posits their moves are to avoid having to enforce such best-practice when it comes to Vista's DRM and other copy-restriction technology." From the article: "This sounds great, but it's a double-edged sword. The same system that prevents worms and viruses from running on your computer might also stop you from using any legitimate software that your hardware or operating system vendor simply doesn't like. The same system that protects spyware from accessing your data files might also stop you from copying audio and video files. The same system that ensures that all the patches you download are legitimate might also prevent you from, well, doing pretty much anything."

VxSote writes "According to Bruce Schneier's blog, a team of Chinese cryptographers has announced new results against SHA-1 that speed up the time required to find collisions compared to their previously published attack. Schneier says that a SHA-1 collision search is now 'squarely in the realm of feasibility,' and that further improvements are expected."

Gary W. Longsine writes "Bruce Schneier has posted an interesting entry on expected attack trends to his blog. Of particular interest is the increasing sophistication of automated worm-based attacks. He cites the developing W32.spybot.KEG worm -- once inside a network it scans for several vulnerabilities and reports its findings via IRC. Trend Micro also has information on a scanning-capable version of this worm, which they call: WORM_SPYBOT.ID"

A handful of updates, corrections and further thoughts on recent Slashdot stories follow; read on for updates on the Real-ID Act, Hollywood consultant math professor Jonathan Farley, the real first losers (and winners of the U.S. Open's Aibo League) at the 2005 Robo-Cup, and more. Details below.

Keeping America strong by making mislabeling the problem! It really isn't too late to avoid the worst of the Real-ID Act, and Bruce Scheier's essay on it should be required reading.

Needs more cowbell! c1one writes "In an update to the story Trent Reznor Challenges Music Norms, there has been an "Unofficial The Hand that Feeds Remix Contest." The contest has produced an extreme range of styles, from Hip-Hop to HeeHaw and even a few lounge versions, to name a few. The point though, is that after listening to almost 400 remixes, some of the tracks rival the level of professionalism and creativity found on some of the "official" halo releases. The contest deadline was 5/5/05 and voting by 20 appointed international judges ranging from a Berklee College of Music graduate and various studio engineers to a former Nothing Studio's intern has commenced. They will determine a top ten list using the "nine inch rating scale" that should be available to entertain and to vote on soon."

Graceful reactions are worth emulating. Author Will Iverson writes with a reaction to Simon Chappell's review of his book Apache Jakarta Commons :

"Hi Guys!

I would just like to respond regarding the Slashdot review as posted:

1. The book itself is published under an open license - the material in the book will be available as a free electronic download in a few months.
2. Yes, the last 125 pages *is* (for all intents and purposes) the printed javadoc. This was included at the request of the publisher, and it is valuable for some people.

So... I don't know how negatively the review was influenced by the inclusion of the Apache material, but it is entirely above-board per the Apache license and essentially reciprocal - I'm giving the material in the book back to the community via a free license to download the material.

Oh, and as an FYI, book writing is hardly a cash cow - I only wish. ;)

Cheers & best wishes,

Will Iverson

A classic case of Americans all looking alike. Of the post "German Robot Dogs Dominate 2005 RoboCup U.S. Open," Ethan Tira-Thompson writes "The linked article has it wrong -- the German team played CMU, not UT Austin. Major screwup on the AP's part, but they don't say who wrote the original article! "

Here's an excerpt from the team's CMU team's announcement:

From: Manuela Veloso Date: May 10, 2005 2:51:14 PM EDT To: scs-all@cs.cmu.edu Subject: US Open Champs :-)

Hi,

We won the RoboCup US Open, in the AIBO league. We played UPenn in the final and won 2-1 in overtime. UPenn (Dan Lee) and UT Austin (Peter Stone) came second and third, playing very well and very close to us. They are great teams. Our team, CMDash'05 still has a long way to go to better prepare for the Internationl RoboCup in Japan in July :-)

Please congratulate the complete team for the USOpen victory:

Sonia Chernova, team leader, CSD PhD student, robot behaviors, motion learning Colin McMillen, CSD PhD student, teamwork, networking, goalie Paul Rybski, RI PostDoc, state estimation, multi-robot world modeling, behaviors Juan Fasola, CSD junior, vision, defender, behaviors, motion Felix vonHundelshausen, CSD PostDoc, vision Alex Trevor, CSD senior, vision Sabine Hauert, exchange CS Master student from Switzerland, localization, behaviors Raquel Ros Espinoza, visitor from Barcelona, behaviors, vision

and with the help at the Open of the veterans: Doug Vail, CSD PhD student, vision James Bruce, CSD PhD student, vision, motion"

Hey, they got most of it right. A Harvard Crimson story linked from a Slashdot post headlined "Mathematicians Become Hollywood Consultants" described Jonathan Farley, a math professor who co-founded a consulting agency to help Hollywood get mathematics right in movies an television shows. Farley wrote to point out that his neither a Harvard post-doctoral fellow nor a professor at the State University of New York at Buffalo, writing "I am not and never have been either. (I am a tenured professor elsewhere and have been for several years.) This was an incorrect statement initially made by poor reporters at the Harvard University student newspaper. " Farley points to this Boston Globe story which gets it right.

Saint Aardvark writes "SecurityFocus has published an interview with Bruce Schneier. Fascinating stuff, especially the level-headed assessments of the NSA, spam and the impact of full disclosure: 'Q: Since most crypto protocols on the internet, such as SSL or SSH, uses public-keys to build a secure channel, wouldn't a unexpected public disclosure create a chaos on the internet ? A: No. Chaos is hard to create, even on the Internet. Here's an example. Go to Amazon.com. Buy a book without using SSL. Watch the total lack of chaos.'"

An anonymous reader writes "Symantec has come under fire for claiming that 73 percent of smart phone users are aware of viruses and attacks aimed at their handsets. Wireless company WDSGlobal described this as a scaremongering tactic, with its spokesman saying: 'If you look at the viruses out there, currently there are about 14 core viruses, the majority of which are fairly benign. They are mostly developed as "proof of concept" to warn manufacturers of handsets and operating systems or the antivirus industry about potential vulnerabilities.' But Bruce Schneier, chief technology officer at Counterpane Internet Security, believes mobile viruses and attacks shouldn't be discounted altogether, though he believes they aren't currently registering on any significant scale."

jschauma writes "NetBSD's Alistair Crooks has announced the availability of the new stable branch pkgsrc-2005Q1 of the NetBSD Packages Collection (aka pkgsrc). This branch includes all the updates to the thousands of existing and additions of hundreds of new applications since the hereby obsoleted pkgsrc-2004Q4 branch. Some noteworthy infrastructure changes applicable to all 13 operating systems for which pkgsrc is available include the support for multiple digests to check the integrity of the distribution files as found on the Internet (triggered by the recently-found problems with the SHA-1 algorithm) and the so-called alternates framework."