Bruce Schneier | |||||||||||||||
Schneier on SecurityA blog covering security and security technology. Password Sharing Among American TeenagersInteresting article from the New York Times on password sharing as a show of affection. "It's a sign of trust," Tiffany Carandang, a high school senior in San Francisco, said of the decision she and her boyfriend made several months ago to share passwords for e-mail and Facebook. "I have nothing to hide from him, and he has nothing to hide from me." Ethnologist danah boyd discusses what's happening: For Meixing, sharing her password with her boyfriend is a way of being connected. But it's precisely these kinds of narratives that have prompted all sorts of horror by adults over the last week since that NYTimes article came out. I can't count the number of people who have gasped "How could they!?!" at me. For this reason, I feel the need to pick up on an issue that the NYTimes let out. Much more in her post. Related: a profile of danah boyd. Posted on January 27, 2012 at 6:39 AM • 31 Comments Evidence on the Effectiveness of TerrorismReaders of this blog will know that I like the works of Max Abrams, and regularly blog them. He has a new paper (full paper behind paywall) in Defence and Peace Economics, 22:6 (2011), 583–94, "Does Terrorism Really Work? Evolution in the Conventional Wisdom since 9/11, Defence and Peace Economics": The basic narrative of bargaining theory predicts that, all else equal, anarchy favors concessions to challengers who demonstrate the will and ability to escalate against defenders. For this reason, post-9/11 political science research explained terrorism as rational strategic behavior for non-state challengers to induce government compliance given their constraints. Over the past decade, however, empirical research has consistently found that neither escalating to terrorism nor with terrorism helps non-state actors to achieve their demands. In fact, escalating to terrorism or with terrorism increases the odds that target countries will dig in their political heels, depriving the nonstate challengers of their given preferences. These empirical findings across disciplines, methodologies, as well as salient global events raise important research questions, with implications for counterterrorism strategy. Posted on January 26, 2012 at 10:36 AM • 22 Comments Federal Judge Orders Defendant to Decrypt LaptopA U.S. federal judge has ordered a defendent to decrypt her laptop. Posted on January 25, 2012 at 1:56 PM • 107 Comments Supreme Court Rules that GPS Tracking Requires a WarrantThe U.S Supreme Court has ruled that the police cannot attach a GPS tracking device to a car without a warrant. EDITED TO ADD (1/26): It seems I was wrong when I said that the ruling forces the police to get a warrant before placing a GPS tracking device on a car. The ruling is much more complicated and nuanced. Posted on January 25, 2012 at 12:54 PM • 12 Comments Research into an Information Security Risk RatingThe NSF is funding research on giving organizations information-security risk ratings, similar to credit ratings for individuals: Existing risk management techniques are based on annual audits and only provide a snapshot of a partner's security posture. However, new vulnerabilities are discovered everyday and the industry needs a solution that enables a business to continuously monitor changing risk posture of all its partners and proactively manage assumed risks. The Phase II research objective is to build a scalable fully-automated ratings system. The research will focus on identifying and incorporating new data sources, improving the statistical properties of the ratings model, and making the ratings predictive of future behavior. I have no idea if this is snake oil or if it actually works, but note that this is a Phase II award. There was already a Phase I award, and the NSF must have liked the results from that. Posted on January 25, 2012 at 6:44 AM • 13 Comments Using Plant DNA for AuthenticationTurns out you can create unique signatures from plant DNA. The idea is to spray this stuff on military components in order to verify authentic items and detect counterfeits, similar to SmartWater. It's a good idea in theory, but my guess is that the security is not going to center around counterfeiting the plant DNA, but rather in subverting the systems that apply, detect, and verify the chemicals. Posted on January 24, 2012 at 6:46 AM • 12 Comments Authentication by "Cognitive Footprint"DARPA is funding research into new forms of biometrics that authenticate people as they use their computer: things like keystroke patterns, eye movements, mouse behavior, reading speed, and surfing and e-mail response behavior. The idea -- and I think this is a good one -- is that the computer can continuously authenticate people, and not just authenticate them once when they first start using their computers. I remember reading a science fiction story about a computer worm that searched for people this way: going from computer to computer, trying to identify a specific individual. Posted on January 23, 2012 at 11:49 AM • 40 Comments The Continued Militarization of the U.S. PoliceThe state of Texas gets an armed patrol boat. I guess armed drones weren't enough for them. Posted on January 20, 2012 at 6:39 AM • 57 Comments The Onion on FacebookFunny news video on Facebook and the CIA. Posted on January 19, 2012 at 1:02 PM • 23 Comments Using False Alarms to Disable SecurityI wrote about this technique in Beyond Fear: Beginning Sunday evening, the robbers intentionally set off the gallery's alarm system several times without entering the building, according to police. Posted on January 19, 2012 at 6:36 AM • 36 Comments Going Dark to Protest SOPA/PIPATomorrow, from 8 am to 8 pm EST, this site, Schneier on Security, is going on strike to protest SOPA and PIPA. In doing so, I'll be joining Wikipedia (in English), BoingBoing, WordPress, and many others. A list of participants, and HTML and JavaScript code for anyone who wants to participate, can be found here.
Posted on January 17, 2012 at 4:10 PM • 50 Comments Tor OpsecGood operational security guide to Tor. Posted on January 17, 2012 at 12:29 PM • 21 Comments
Powered by Movable Type. Photo at top by Geoffrey Stone.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT. |
|