Slashdot Mirror

ChoicePoint protects its data, but only to the extent that it values it. The hundreds of millions of people in ChoicePoint's databases are not ChoicePoint's customers. They have no power to switch credit agencies. They have no economic pressure that they can bring to bear on the problem. Maybe they should rename the company "NoChoicePoint."
The upshot of this is that ChoicePoint doesn't bear the costs of identity theft, so ChoicePoint doesn't take those costs into account when figuring out how much money to spend on data security....Until ChoicePoint feels those costs -- whether through regulation or liability -- it has no economic incentive to reduce them.

Schneier wrote about this in his blog.

Kind of like this?.... schneier.com

But how does the vendor knows that you didnt sent him: encrypt(Kbankfoo, sign(Kself, "Authorize $2 to [vendor] from account 000001 at bank foo"))

Cryptographic cut-and-choose protocols.

Bascially, you send 100 sealed (encrypted), but unsigned, money orders to the vendor. The vendor picks 99 of them, and says "Open these". You do (you provide the decryption keys), he sees that they're all for $200, so he has a pretty good assurance that the 100th is also for $200. You sign the 100th.

You're sort of signing through the envelope, so the metaphor breaks down (I guess you can imagine a piece of carbon paper in there)...actually what's involved are, IIRC, "blinded" crytographic signatures. See Schneider's Applied Cryptography for the gory details.

Bruce Schneier estimates that a SHA-1 collision finding machine, built along the same lines as the old DES cracker would cost $25M-$38M and could do the needed 2^69 calculations in 56 hours. distributed.net has already completed a 2^64 operation challenge a few years ago, which along with Moores law puts 2^69 ops into the realm of the possible.

Fighting the FUD, indeed.

Ummm. No. It is because given any string, I can produce another string with the same hash faster.

And yes you do sign gibberish...It is called keys, which are used for encrypted communication. Now I can produce the key with the same hash as your key faster, and (depending on session speed) I can substitute my key for your key.

Now -- all this only means that I can do it about 2048 times faster [...]

Let's look at 2^80. Where does that come from? It is the square root of 2^160. Why is that significant. Because 2^80 is number of operations required to perform a Birthday Attack on a 160 bit hash.

What is a Birthday Attack? It is merely that that if I run the attack program (which executes SHA-1) for 2^80 operations on 2^80 unique inputs (numbers 1 through 2^80 work just fine here, or generate 2^80 random messages; as long as they aren't longer than your key size), I have a 50% chance that two numbers will produce the same hash. Not a pair of numbers you pick, but some pair out of a set of size 2^80 (or less).

So if you are relating 2^69 to 2^80, then I conclude you are saying that 2^69 is the new Birthday Attack computation cost for SHA-1.

Well then, you cannot, in 2^69 operations produce a key with the same hash as my key (unless you are going to con me into changing me key to the of the pair you found in the birthday attack. I'm not that stupid). More like 2^(2*69) = 2^138 operations.

Schneier, on his web site blog, says:

If you hashed 2^80 random messages, you'd find one pair that hashed to the same value. That's the "brute force" way of finding collisions, and it depends solely on the length of the hash value. "Breaking" the hash function means being able to find collisions faster than that. And that's what the Chinese did.

They can find collisions in SHA-1 in 2^69 calculations, about 2,000 times faster than brute force. Right now, that is just on the far edge of feasibility with current technology.

But perhaps everyone has it wrong; the 2^69 does relate to 2^160 (which is the number of bruteforce operations necessary to find a message with the same hash as a chosen message. If so, then this is a huge, huge, result, I would vehemently disagree with the quote: "It's time to walk, but not run, to the fire exits.". On the contrary, it's probably too late to survive the fire.

See TOP SECRET in http://www.schneier.com/blog/archives/2005/02/sha1 _broken.html.

I don't need a supercomputer to crack it.

open4free © i'm HyperAlienigenHuman.

Actually, there's a rather novel way to detect (and to some extent, clean) rootkits with Ghostbuster. Bruce Schneier expands on it in a blog entry on Ghostbuster.

Basically, one would use it in conjunction with something like an antivirus package. The antivirus-like thing (even running on the compromised machine) could detect any rootkits that weren't hiding themselves sufficiently (i.e., not lying through the filesystem to mask their presence).

All Ghostbuster does is detect things that are hiding themselves; it does the equivalent of generating a list of files and hashes from the (possibly compromised) environment and saving them. The next step boots from known good media and does the same thing again. If there's any difference in the two, there's something attempting to mask its presence.

This plays the rootkit's goals against themselves: If a rootkit doesn't hide itself, it's not a very good rootkit and should be detectable by the antivirus; if it does hide, it will stand out like a sore thumb when the scan is rerun from the clean media.

Of course, the mere existence of a Ghostbuster would create an arms race where rootkits try to detect its presence and instead provide it with a true view of the filesystem with the rootkit exposed (so that the clean boot check doesn't flag anything). With files exposed to the scanning process, however, one can detect the rootkit through more traditional means. Interesting ideas, but unless I misunderstand it, there will eventually be an arms race between Ghostbuster and rootkits (e.g., rootkit stores its own version of Ghostbuster that can see the real version of files but is crippled to not run any antivirus-type scans on them, Ghostbuster retaliates by looking for modified copies of itself, ad infinitum).

This is a really interesting technical report from Microsoft. It describes a clever prototype -- called GhostBuster -- they developed for detecting arbitrary persistent and stealthy software, such as rootkits, Trojans, and software keyloggers. It's a really elegent idea, based on a simple observation: the rootkit must exist on disk to be persistent, but must lie to programs running within the infected OS in order to hide.

Here's how it works: The user has the GhostBuster program on a CD. He sticks the CD in the drive, and from within the (possibly corrupted) OS, the checker program runs: stopping all other user programs, flushing the caches, and then doing a complete checksum of all files on the disk and a scan of any registry keys that could autostart the system, writing out the results to a file on the hard drive.

Then the user is instructed to press the reset button, the CD boots its own OS, and the scan is repeated. Any differences indicate a rootkit or other stealth software, without the need for knowing what particular rootkits are or the proper checksums for the programs installed on disk.

Simple. Clever. Elegant.

In order to fool GhostBuster, the rootkit must 1) detect that such a checking program is running and either not lie to it or change the output as it's written to disk (in the limit this becomes the halting problem for the rootkit designer), 2) integrate into the BIOS rather than the OS (tricky, platform specific, and not always possible), or 3) give up on either being persistent or stealthy. Thus this doesn't eliminate rootkits entirely, but is a pretty mortal blow to persistent rootkits.

Of course, the concept could be adopted for any other operating system as well.

This is a great idea, but there's a huge problem. GhostBuster is only a research prototype, so you can't get a copy. And, even worse, Microsoft has no plans to turn it into a commercial tool.

This is too good an idea to abandon. Microsoft, if you're listening, you should release this tool to the world. Make it public domain. Make it open source, even. It's a great idea, and you deserve credit for coming up with it.

Any other security companies listening? Make and sell one of these. Anyone out there looking for an open source project? Here's a really good one.

Note: I have no idea if Microsoft patented this idea. If they did and they don't release it, shame on them. If they didn't, good for them.

Linux Security

I'm a big fan of the Honeynet Project (and a member of their board of directors). They don't have a security product; they do security research. Basically, they wire computers up with sensors, put them on the Internet, and watch hackers attack them.

They just released a report about the security of Linux:

Recent data from our honeynet sensor grid reveals that the average life expectancy to compromise for an unpatched Linux system has increased from 72 hours to 3 months. This means that a unpatched Linux system with commonly used configurations (such as server builds of RedHat 9.0 or Suse 6.2) have an online mean life expectancy of 3 months before being successfully compromised.

This is much greater than that of Windows systems, which have average life expectancies on the order of a few minutes.

It's also important to remember that this paper focuses on vulnerable systems. The Honeynet researchers deployed almost 20 vulnerable systems to monitor hacker tactics, and found that no one was hacking the systems. That's the real story: the hackers aren't bothering with Linux. Two years ago, a vulnerable Linux system would be hacked in less than three days; now it takes three months.

Why? My guess is a combination of two reasons. One, Linux is that much more secure than Windows. Two, the bad guys are focusing on Windows -- more bang for the buck.

Some of the feedback is interesting as well. Basically, the 'solution' doesn't solve any problems, and it's money that could be better spent on teachers and books. Yes, I know, this one was 'free', but it won't always be free.

http://www.schneier.com/blog/archives/2005/01/fing erprinting_1.html

You might find Bruce Schneier's Unique E-mail Addresses and Spam interesting. While your technique allows you to easily deactivate any email address you get spammed to, it still has potential for framing.

I'm a parent of two with one on the way and I hate this idea for my kids. I'm not as troubled as some about all the ways its intended to be used (basically tattle-taling on kids). I don't think that knowing where the IDs are (not the kids, the IDs) is really going to help that much for what they want and that the time saved in attendence can be fixed other ways (like an old mechanical punchclock if we really need to save the teacher that 90 seconds).

What scares me is all the ways this *isn't* supposed to be used, especially when the kids aren't at school. Now we have a nice 15-digit unique identifier that anyone can read. Wouldn't that be handy for someone other than schools? Why not let the arcade use it for your account number? That seems ok. Drink machines? We can make sure you don't go over your parent-approved daily limit. Sounds good. SSNs were supposed to be *just* for Social Security, we promise, we would never make them a universal identifier. Now they're everything. Now we get a new one, but it has a thousand more uses because it broadcasts.

Broadcasts. Good high-gain antenna and I wonder what I can pick up at a distance. Bruce Schneier says they're good out to 20 meters today. Everyone's so worried about the government. What about the creeps out there? What about marketers? (But I repeat myself.)

If this is over attendence, give the kids contact badges like everyone uses to get into work these days. Let them "beep" into class. They'll get all the attendence benefits without the worst of the RFD side effects (at least with a contact badge you get to *choose* when it's read). As for catching kids doing bad stuff, you can threaten all you like, but the punishments for misplacing your badge here and there won't be expulsion. So badges will have a habit of being elsewhere if the kid is going somewhere he doesn't want the badge to be. You'll catch a few smoking in the john, but it won't be worth what we give up.

By spec this is true. That's got nothing to do with what you can achieve with decent equipment. Physics doesn't care what the specs say you can and can't do.

Bruce Schneier did an excellent discussion of this relative to RFID passports: "In tests, RFID chips have been read by receivers 20 meters away. Improvements in technology are inevitable."

It is quite possible, though not very easy, to do, and there are already many excellent tips posted in this thread so I will not repeat them. What nobody seems to be talking about, though, is that you have to be aware of the gotchas of any technology you are going to use. Wireless security is much different than wierd, because your adversary only needs a $50 laptop and Airsnort (so called "war driving") instead of much much more expensive hardware needed to intercept wired communication especially in a shielded medium like STP for Ethernet. The security of your systems is something that you have to design before you do anything else. You cannot just say: "I'll add security later." That's why it is important to understand how the systems in question really work. Good luck.

It is completely useless, just as any other authentication relying on sending data that is not secret. This is really getting old... Ley me quote a 1998 article on biometrics by Bruce Schneier:

Schneier also follows up with a 2002 Crypto-gram blurb, noting Matsumoto's excellent work with the gelatin-finger.

Biometrics are seductive: you are your key. Your voiceprint unlocks the door of your house. Your retinal scan lets you in the corporate offices. Your thumbprint logs you on to your computer. Unfortunately, the reality of biometrics isn't that simple.

Biometrics are the oldest form of identification. Dogs have distinctive barks. Cats spray. Humans recognise each other's faces. On the telephone, your voice identifies you as the person on the line. On a paper contract, your signature identifies you as the person who signed it. Your photograph identifies you as the person who owns a particular passport.

What makes biometrics useful for many of these applications is that they can be stored in a database. Alice's voice only works as a biometric identification on the telephone if you already know who she is; if she is a stranger, it doesn't help. It's the same with Alice's handwriting; you can recognize it only if you already know it. To solve this problem, banks keep signature cards on file. Alice signs her name on a card, and it is stored in the bank (the bank needs to maintain its secure perimeter in order for this to work right). When Alice signs a check, the bank verifies Alice's signature against the stored signature to ensure that the check is valid.

There are a bunch of different biometrics. I've mentioned handwriting, voiceprints, and face recognition. There are also hand geometry, fingerprints, retinal scans, DNA, typing patterns, signature geometry (not just the look of the signature, but the pen pressure, signature speed, etc.), and others. The technologies behind some of them are more reliable than others, and they'll all improve.

"Improve" means two different things. First, it means that the system will not incorrectly identify an impostor as Alice. The whole point of the biometric is to prove that Alice is Alice, so if an impostor can successfully fool the system it isn't working very well. This is called a false positive. Second, "improve" means that the system will not incorrectly identify Alice as an impostor. Again, the point of the biometric is to prove that Alice is Alice, and if Alice can't convince the system that she is her then it's not working very well, either. This is called a false negative. In general, you can tune a biometric system to err on the side of a false positive or a false negative.

Biometrics are great because they are really hard to forge: it's hard to put a false fingerprint on your finger, or make your retina look like someone else's. Some people can mimic others' voices, and Hollywood can make people's faces look like someone else, but these are specialized or expensive skills. When you see someone sign his name, you generally know it is him and not someone else.

Biometrics are lousy because they are so easy to forge: it's easy to steal a biometric after the measurement is taken. In all of the applications discussed above, the verifier needs to verify not only that the biometric is accurate but that it has been input correctly. Imagine a remote system that uses face recognition as a biometric. "In order to gain authorization, take a Polaroid picture of yourself and mail it in. We'll compare the picture with the one we have in file." What are the attacks here?

Easy. To masquerade as Alice, take a Polaroid picture of her when she's not looking. Then, at some later date, use it to fool the system. This attack works because while it is hard to make your face look like Alice's, it's easy to get a picture of Alice's face. And since the system does not verify that the picture is of your face, only that it matches the picture of Alice's face on file, we can fool it.

Similarly, we can fool a signature biometric using a photocopier or a fa

Use Bruce Schneier's Password Safe if you cannot remember passwords, but saying that passwords are useless when they are hard to guess because they are hard to remember, so we should use no passwords at all so there won't be anything to guess in the first place is the most stupid thing I have ever heard. If not using secrets that people can remember than what? Biometrics? Oh please... From the article: "79 percent of people questioned on the streets of London revealed such desirable security-sensitive data as mother's maiden name and birth date." Really? People revealed such secrets as their birth date? Let us all stop using passwords then! This is just laughable.

Use Bruce Schneier's Password Safe if you cannot remember passwords, but saying that passwords are useless when they are hard to guess because they are hard to remember, so we should use no passwords at all so there won't be anything to guess in the first place is the most stupid thing I have ever heard. If not using secrets that people can remember than what? Biometrics? Oh please... From the article: "79 percent of people questioned on the streets of London revealed such desirable security-sensitive data as mother's maiden name and birth date." Really? People revealed such secrets as their birth date? Let us all stop using passwords then! This is just laughable.

Use Bruce Schneier's Password Safe if you cannot remember passwords, but saying that passwords are useless when they are hard to guess because they are hard to remember, so we should use no passwords at all so there won't be anything to guess in the first place is the most stupid thing I have ever heard. If not using secrets that people can remember than what? Biometrics? Oh please... From the article: "79 percent of people questioned on the streets of London revealed such desirable security-sensitive data as mother's maiden name and birth date." Really? People revealed such secrets as their birth date? Let us all stop using passwords then! This is just laughable.

I remember hearing how gelitan gummy can be used to fool a fingerprint reader. I thought it was kind of cool. If someone questions you, just eat the evidence. read the story here

Credit cards are trivial to track anyway, so no immediate extra privacy implications as long as the data isn't retained for too long.

This way, if someone steals your card info and puts their own fingerprint info on it (or onto the back-end database, or whatever), there is an immediate method to start tracking them.

Of course, there are ways to defeat fingerprint scanners, see Schneier for a starting point.

I therefore think that the danger here isn't in the fingerprinting itself, which is just another way of tracking usage. It is that cost/risk of fraud will be passed on from the banks to the consumer (or possibly stores).

Password Safe was designed by Bruce Schneier

According to the site it can be used on Windows, as well as an older PocketPC version.

Right, because the Germans invented DES which started the rush of crypto algorithms while IBM (an American company) was still using polyalphabetic substitution cipers. No, wait, it's the other way around, stupid ass. You're not only wrong, but stupid.

One thing Capitalism does very well is foster innovation, both in invention and improvement of other inventions. We didn't invent the rocket, but we made it better. We invented the atomic bomb. We made serious cryptography.

Partly true.

We invented the automobile and the cotton gin.

The automobile? As apparently everyone but you knows, you're dead wrong there:

It's amusing to watch people go out of their way to try to find fault with the USA. History won't even bother recording you guys.

The historical record is only of relevance to those who actually bother using it to check their facts before posting.

Most disturbing is the prospect of ethnic profiling. After the September 11 attacks, reports Albrecht, "Federal agents reviewed the shopper card records of the men involved to create a profile of ethnic tastes and supermarket shopping patterns associated with terrorism." So anyone who likes hummus, say, may well be developing the shopper profile of a terrorist. While there is an assumption that, in the UK, there exists an invisible line that would not get crossed in this manner, the concern in any data protection context is over "function creep": "An information system set up for one reason can end up being used for other things," says Simon Davies of Privacy International, a human rights group set up to monitor surveillance by governments and corporations.

From Bruce Schneier "Recent data from our honeynet sensor grid reveals that the average life expectancy to compromise for an unpatched Linux system has increased from 72 hours to 3 months. This means that a unpatched Linux system with commonly used configurations (such as server builds of RedHat 9.0 or Suse 6.2) have an online mean life expectancy of 3 months before being successfully compromised." I think the term is not "more secure" but "less vulnerable".

Next paragraph from the article you quote: "It's also important to remember that this paper focuses on vulnerable systems. The Honeynet researchers deployed almost 20 vulnerable systems to monitor hacker tactics, and found that no one was hacking the systems. That's the real story: the hackers aren't bothering with Linux. Two years ago, a vulnerable Linux system would be hacked in less than three days; now it takes three months." [emphasis added] This is irrelevant to your argument. It shows that Linux is less likely to be targetted, not that it is more secure or less vulnerable, but only less popular.

From Bruce Schneier "Recent data from our honeynet sensor grid reveals that the average life expectancy to compromise for an unpatched Linux system has increased from 72 hours to 3 months. This means that a unpatched Linux system with commonly used configurations (such as server builds of RedHat 9.0 or Suse 6.2) have an online mean life expectancy of 3 months before being successfully compromised." I think the term is not "more secure" but "less vulnerable".

Every file that is written to an encrypted folder by User A has a private encryption key generated for it. That private encryption key is then encrypted with User A's public key and every designed Encrypted Data Recovery Agent's public key. Then either User A or any such recovery agent's private key can then decrypt the file. Of course, MS just lets lay users assume their "encrypted" files are private.

They (and they employers) also probably assume that when their key is lost then all of their work is not lost forever. You are right that Microsoft's encryption is a joke, but this is not a good example. What you have described is not a flaw per se, but a design decision. In fact, that is the only way to restore the encrypted data when the user's key is lost. On the other hand, the RC4 flaw is about reusing the same keystream in stream ciphers, which is an inexcusable amateur mistake and shows a level of incompetence just plainly laughable in the case of the largest software giant on the planet. Let me quote Bruce Schneier on Microsoft RC4 Flaw:

One of the most important rules of stream ciphers is to never use the same keystream to encrypt two different documents. If someone does, you can break the encryption by XORing the two ciphertext streams together. The keystream drops out, and you end up with plaintext XORed with plaintext -- and you can easily recover the two plaintexts using letter frequency analysis and other basic techniques.

It's an amateur crypto mistake. The easy way to prevent this attack is to use a unique initialization vector (IV) in addition to the key whenever you encrypt a document.

Microsoft uses the RC4 stream cipher in both Word and Excel. And they make this mistake. Hongjun Wu has details (link is a PDF).

In this report, we point out a serious security flaw in Microsoft Word and Excel. The stream cipher RC4 [9] with key length up to 128 bits is used in Microsoft Word and Excel to protect the documents. But when an encrypted document gets modified and saved, the initialization vector remains the same and thus the same keystream generated from RC4 is applied to encrypt the different versions of that document. The consequence is disastrous since a lot of information of the document could be recovered easily.

This isn't new. Microsoft made the same mistake in 1999 with RC4 in WinNT Syskey. Five years later, Microsoft has the same flaw in other products.

As you can see, Microsoft's crypto is a joke indeed. It is an old, unfunny joke that they keep repeating ad nauseam. But it is about a much more important incompetence than what you have noticed. As some people say: "When it comes to security, it's always Amateur Hour in Redmond." Sadly, this has been true forever. When people invest in Microsoft's security they always say "maybe this time they got it right, I'm sure." This is not without a reason.

If you want to read about more technical details and social implications of the RC4 flaw, I highly recommend starting from Bruce Schneier on Security: Microsoft RC4 Flaw (January 18, 2005). There are a lot of informative links and interesting comments there.

Zimmerman's great and all, but in this scenario we need a simple symmetric algorithm. Have Bruce Schneier implement his patent-free 448 bit key, 64 bit block Blowfish or 256 bit key, 128 bit block Twofish.

Zimmerman's great and all, but in this scenario we need a simple symmetric algorithm. Have Bruce Schneier implement his patent-free 448 bit key, 64 bit block Blowfish or 256 bit key, 128 bit block Twofish.

Zimmerman's great and all, but in this scenario we need a simple symmetric algorithm. Have Bruce Schneier implement his patent-free 448 bit key, 64 bit block Blowfish or 256 bit key, 128 bit block Twofish.

I remember reading a Crypto-Gram article on this a while back. Here's some great, relevant commentary from Schneier. The original link is http://www.schneier.com/crypto-gram-0406.html#4.

The security of your computer and your network depends on two things: what you do to secure your computer and network, and what everyone else does to secure their computers and networks. It's not enough for you to maintain a secure network. If everybody else doesn't maintain their security, we're all more vulnerable to attack. When there are lots of insecure computers connected to the Internet, worms spread faster and more extensively, distributed denial-of-service attacks are easier to launch, and spammers have more platforms from which to send e-mail. The more insecure the average computer on the Internet is, the more insecure your computer is.

It's like malaria: everyone is safer when we all work together to drain the swamps and increase the level of hygiene in our community.

This is the backdrop from which to understand Microsoft's Windows XP security upgrade: Service Pack 2. SP2 is a major security upgrade. It includes features like Windows Firewall, an enhanced personal firewall that is turned on by default, and a better automatic patching feature. It includes a bunch of small security improvements. It makes Windows XP more secure.

In early May, stories were written saying that Microsoft would make this upgrade available to all XP users, both licensed and unlicensed. To me, this was a very smart move on Microsoft's part. Think about all the ways it benefits Microsoft. One, its licensed users are more secure. Two, its licensed users are happier. Three, worms that attack Microsoft products are less virulent, which means Microsoft doesn't look as bad in the press. Microsoft wins, Microsoft's customers win, the Internet wins. It's the kind of marketing move that businessmen write best-selling books about.

Sadly, the press was wrong. Soon after, Microsoft said the initial comments were wrong, and that SP2 would not run on pirated copies of XP. Those copies would not be upgradeable, and would remain insecure. Only legal copies of the software could be secured.

This is the wrong decision, for all the same reasons that the opposite decision was the correct one.

Of course, Microsoft is within its rights to deny service to those who have pirated its products. It makes sense for them to make sure performance or feature upgrades do not run on pirated software. They want to deny people who haven't paid for Microsoft products the benefit of them, and entice them to become licensed users. But security upgrades are different. Microsoft is harming its licensed users by denying security to its unlicensed users.

This decision, more than anything else Microsoft has said or done in the last few years, proves to me that security is not the first priority of the company. Here was a chance to do the right thing: to put security ahead of profits. Here was a chance to look good in the press, and improve security for all their users worldwide. Microsoft claims that improving security is the most important thing, but their actions prove otherwise.

SP2 is an important security upgrade to Windows XP, and I hope it is widely installed among licensed XP users. I also hope it is quickly pirated, so unlicensed XP users can also install it. In order for me to remain secure on the Internet, I need everyone to become more secure. And the more people who install SP2, the more we all benefit.

Is it really that surprising? Hardly. We had it coming. The lesson is: don't ignore security professionals when they say that your products are inherently flawed, but we knew that already, right? Right?

CRYPTO-GRAM News

Then search for The Honeynet Project. Something to think about.

Bruce Schneier has written about this sort of thing several times. He expresses concern that technology is shifting the balance of power between police powers and citizen rights in favor of the police.

In some cases, the solution is to legislate limits (such as requiring warrants for wiretaps). In others, the solution is to lower penalties for crimes, since the penalty was high when prevention (detection) was hard. Now that technology makes a crime easy to detect (such as aerial surveillance to detect building code violations), high penalties are unnecessary.

And detailed information is required. If a researcher just publishes vague statements about the vulnerability, then the vendor can claim that it's not real. If the researcher publishes scientific details without example code, then the vendor can claim that it's just theoretical. The only way to make vendors sit up and take notice is to publish details: both in human- and computer-readable form. (Microsoft is guilty of both of these practices, using their PR machine to deny and belittle vulnerabilities until they are demonstrated with actual code.) And demonstration code is the only way to verify that a vendor's vulnerability patch actually patched the vulnerability.

What we've learned during the past eight or so years is that full disclosure helps much more than it hurts. Since full disclosure has become the norm, the computer industry has transformed itself from a group of companies that ignores security and belittles vulnerabilities into one that fixes vulnerabilities as quickly as possible.

I believe in giving the vendor advance notice. CERT took this to an extreme, sometimes giving the vendor years to fix the problem. I'd like to see the researcher tell the vendor that he will publish the vulnerability in a few weeks, and then stick to that promise.

During the early years of computers and networks, bug secrecy was the norm. When users and researchers found vulnerabilities in a software product, they would quietly alert the vendor. In theory, the vendor would then fix the vulnerability...There were incidents of vendors threatening researchers if they made their findings public, and smear campaigns against researchers who announced the existence of vulnerabilities (even if they omitted details). And so many vulnerabilities remained unfixed for years.

The full disclosure movement was born out of frustration with this process. Once a vulnerability is published, public pressures give vendors a strong incentive to fix the problem quickly. For the most part, this has worked. Today, many researchers publish vulnerabilities they discover on mailing lists such as Bugtraq. The press writes about the vulnerabilities in the computer magazines. The vendors scramble to patch these vulnerabilities as soon as they are publicized, so they can write their own press releases about how quickly and thoroughly they fixed things. The full disclosure movement is improving Internet security.

[...] excluding the biometric scanner (which is awesome). I'd buy one just for that.

If you're concerned with data compromise, a nontrivial passphrase combined with encryption seems much more secure. Aren't there applications for these boxes that do something like that? Something like Password Safe? (In fact, that probably would just work on the Windows-based PDAs, but there are still a lot of Palms out there...).

I'm assuming that the passwords you store on your PDA are the things you really don't want compromised. If you have bigger stuff, then you can just plain encrypt it, then save the passwords securely. Possibly more trouble, but a lot more secure than the iPaq Rectal Scan Unit (tm).

Checking IDs at restricted access places like military bases, NASA, NSA, etc. makes a hell of a lot of sense.

Timothy McVeigh had ID, too.

IDs do nothing for security at all, except lure gullible people into believing they do something to promote security. The proposed Federal IDs can tell you if a known terrorist is trying to get a job in the government. If a person is a "known terrorist" why in god's green earth hasn't she/he been picked up yet? Oh wait...

And, again, what is a 1024-bit cryptographic signature going to give me at work that the security guard at the front desk wouldn't have caught to begin with in terms of identification?

That card will give you the ability to fingerprint communications and documents digitally the same way a web server signs SSL web pages. It will also give information that security guard does not know off the top of his head, such as which classified doors you are allowed to enter and which you are not. If you had to ask the guard, he would just look it up in a centralized computer system anyway. This is how security clearances are handled in the real world -- there are centralized databases showing who has what clearance. All this card does is automate the process one step further.

I have to agree with your point in a way, that the best security involves pairs of attentive eyes and a brain with common sense behind them. Mr. Bruce Schneier reiterates this point over and over in his writing, and people still don't get it. Sigh.

I read the article and there's nothing in it detailing why free software was chosen over non-free software. I do assume that the reason has something to do with the software not costing the government any money.

Venezuelan president Hugo Chávez is a power hungry socialist demagogue who believes the United States was behind a rebuffed coup attempt against him and he may be right: US officials made statements in support of the coup in the few days before if collapsed (this coup should not be confused with the failed coup attempt he once led against an earlier Venezuelan government) and US officials and diplomats refused to even use the word "coup" to describe the armed overthrow of Chávez. It's only natural that he would publicly embrace Linux (especially given Richard Stallman's communist-sounding "freedom" and [anti] "piracy" rhetoric) as an alternative to Microsoft -- he can play it both as an anti-capitalist move and an anti-American move.

It wouldn't be entirely bad if, say, PDVSA, the giant government-run petroleum company, were to show that Linux helped its operations and bottom line (Venezuela is a powerful member of OPEC). But I, knowing people who have lived and worked in Venezuela the last few years, and having been there myself, would assume that this decree is rooted in anti-American politics, not economics.

Or maybe el Presidente didn't buy the official explanation of Windows' NSAKEY?

An excellent password management utility. With support for multiple password databases, password generation, etc.

http://www.schneier.com/crypto-gram-0310.html

And the specific section:

SmartShield

I've gone back and forth about whether to doghouse this. Although silly, it's not as obviously nonsensical as my typical doghouse item.

It's a shield designed to protect contactless smart cards from surreptitious access. A contactless smart card works in proximity to a reader. It looks like a regular smart card, but there is an inductor (i.e., a coil) running around the outer edge of the card. If you put the card in a strong, varying field, it'll power itself from the coil (and be able to communicate wirelessly). Conventional smart cards are more common, but wireless smart cards are being used for applications where it's awkward to have the customer remove the card from his wallet and insert it in a slot (e.g., transit applications).

Your typical contactless smart card has a range of about ten inches. Someone could, at least in theory, walk up behind someone carrying one of these cards and access a card in his wallet. With specialized equipment, like a directional antenna pumping out a lot more power, an attacker could probably get the range quite a bit higher. If the attacker knew the protocol, he might be able to steal money or, even easier, cause the card to fail. A metal shield around the card would prevent such attacks.

All security is a trade-off, and I don't think it's worth the additional security to carry the shield around. Also, having to take the card out of the shield every time you want to use it negates much of the convenience of a contactless card. Honestly, the risk that someone will steal the card, shield and all, is much greater.

He completely missed the point then that its EASIER to steal data remotely. Pick pocketing runs the very real risk of being caught.

It is plausible, but it's just not particularly likely. The SIGINT agencies once had a huge lead on the open community simply because before the 1970s there was no real research happening in cryptography outside of the government; the likes of NSA and GCHQ, of course, had been breaking ciphers for decades. However, it's quite clear that now, after 25-30 years of an academic discipline of cryptography, the gap has shrunk. Quite how much we don't know, but, for example, Bruce Schneier speculates that it might be only a couple of years.

Signing can help in that people who trust a certain publisher can be assured that the software arrived from that publisher in unmodified form. Of course, the software used to verify the signature must also be trusted for this to work...

Signed software is very convincing but it would not necessarily help if the manufacturer overlooked a security hole or if someone at the manufacturer tampered with the software before it was signed. There was even an incident where Microsoft code-signing certificates were successfully obtained under false pretenses. (Notice the comments about revoking the certificates and about people overlooking expired certificates.) If something bad happens with signed software, there is the question of going after the manufacturer. For a situation like a security flaw leaking personal information, no amount of legal action may be able to expunge the information from Internet sites. This is where sandboxing of software and secure programming techniques are important, even with code signing.

A lot of software on the Internet, including security-related software, is distributed unsigned. Remember that a lot of this software is distributed by individuals, possibly at no cost. A lot of people likely go ahead and use this software despite the issue of it being unsigned. Interesting...

Bruce Schneier has an interesting article about the security aspects of Google desktop search. His take on it is that it reveals underlying security flaws in Windows, so if there's a problem, it's not a problem with Google's utility. Blaming it on Google is like shooting the messenger.

Don't shoot the messenger. Desktop search is only exposing a weakness that is already there as it can only index stuff it has permission to index.

As always, Schneier is particularly lucid on this issue, see his essay here

Simon.

I should point out that the ideas behind my statements did not originate with me, but rather with articles like by Bruce Schneier.

I use the open source PasswordSafe The original was written by Bruce Schneier who worked on an AES finalist and runs CounterPane Security and writes the CryptoGram Newsletter

The program saves all your passwords in an encrypted file, which you then keep on your USB keychain. You only have to remember one password to open the safe, and then you can copy/paste your different username/passwords to the site that needs them. As long as you keep the data file on your keychain (and keep that with you) then you should be fairly secure. You can alse make all your passwords 12 digit random alphanumerics (though some idiotic places limit your password length, never figured that one out...)