Schneier on Security

This is a first, I think: The airline's central computer which registered technical problems on planes was infected by Trojans at the time of the fatal crash and this resulted in a failure to raise an alarm over multiple problems with the plane, according to Spanish daily El Pais (report here). The plane took off with flaps and slats retracted,...

Who knew? "Hulse was shooting with burst mode on his camera, so I know exactly what the interval is between the frames and I can calculate velocity of squid flying though the air," O'Dor says. "We now think there are dozens of species that do it. Squid are used to gliding in the water, so the same physiology probably allows...

Intel buys McAfee. It's another example of a large non-security company buying a security company. I've been talking about this sort of thing for two and a half years: It's not consolidation as we're used to. In the security industry, there are waves of consolidation, you know, big companies scoop up little companies and then there's lots of consolidation. You've...

Good essay by Seth Godin: We pay the fear tax every time we spend time or money seeking reassurance. We pay it twice when the act of seeking that reassurance actually makes us more anxious, not less. We pay the tax when we cover our butt instead of doing the right thing, and we pay the tax when we take...

The Crypto 2010 Conference is going on right now at the University of California, Santa Barbara. Springer-Verlag publishes the proceedings, but they're available as a free download for the next few days....

Still minor, but this kind of thing is only going to get worse: The new research shows that other systems in the vehicle are similarly insecure. The tire pressure monitors are notable because they're wireless, allowing attacks to be made from adjacent vehicles. The researchers used equipment costing $1,500, including radio sensors and special software, to eavesdrop on, and interfere...

In seconds. Garage doors with automatic openers have always seemed like a lot of security theater to me....

It wasn't me: A hardened computer hacker has been arrested on suspicion of writing a computer virus that systematically destroys all the files on victims' PCs and replaces them with homemade manga images of squid, octopuses and sea urchins....

Clever attack. After researching how gift cards work, Zepeda purchased a magnetic card reader online, began stealing blank gift cards, on display for purchase, from Fred Meyer and scanning them with his reader. He would then return some of the scanned cards to the store and wait for a computer program to alert him when the cards were activated and...

"Smudge Attacks on Smartphone Touch Screens": Abstract: Touch screens are an increasingly common feature on personal computing devices, especially smartphones, where size and user interface advantages accrue from consolidating multiple hardware components (keyboard, number pad, etc.) into a single software definable user interface. Oily residues, or smudges, on the touch screen surface, are one side effect of touches from which...

Facebook Privacy Settings: Who Cares?" by danah boyd and Eszter Hargittai. Abstract: With over 500 million users, the decisions that Facebook makes about its privacy settings have the potential to influence many people. While its changes in this domain have often prompted privacy advocates and news media to critique the company, Facebook has continued to attract more users to its...

Good information from Mikko Hyppönen. Q: What is this all about? A: It's about a site called jailbreakme.com that enables you to Jailbreak your iPhones and iPads just by visiting the site. Q: So what's the problem? A: The problem is that the site uses a zero-day vulnerability to execute code on the device. Q: How does the vulnerability work?...

Lately I've been reading about user security and privacy -- control, really -- on social networking sites. The issues are hard and the solutions harder, but I'm seeing a lot of confusion in even forming the questions. Social networking sites deal with several different types of user data, and it's essential to separate them. Below is my taxonomy of social...

Lately I've been reading about user security and privacy -- control, really -- on social networking sites. The issues are hard and the solutions harder, but I'm seeing a lot of confusion in even forming the questions. Social networking sites deal with several different types of user data, and it's essential to separate them. Below is my taxonomy of social...

There's a new paper circulating that claims to prove that P ≠ NP. The paper has not been refereed, and I haven't seen any independent verifications or refutations. Despite the fact that the paper is by a respected researcher -- HP Lab's Vinay Deolalikar -- and not a crank, my bet is that the proof is flawed. EDITED TO ADD...

Interesting: According to Moffett, we might actually learn a thing or two from how ants wage war. For one, ant armies operate with precise organization despite a lack of central command. "We’re accustomed to being told what to do,” Moffett says. “I think there’s something to be said for fewer layers of control and oversight." Which, according to Moffett, is...

It's a giant fiberglass squid from Newfoundland....

Coffee cup disguised as a camera lens....

Worked well in a test: For the first time, the Northwestern researchers used the P300 testing in a mock terrorism scenario in which the subjects are planning, rather than perpetrating, a crime. The P300 brain waves were measured by electrodes attached to the scalp of the make-believe "persons of interest" in the lab. The most intriguing part of the study...

Most people might not be aware of it, but there's a National Cryptologic Museum at Ft. Meade, at NSA Headquarters. It's hard to know its exact relationship with the NSA. Is it part of the NSA, or is it a separate organization? Can the NSA reclassify things in its archives? David Kahn has given his papers to the museum; is...