Schneier on Security

A blog covering security and security technology.

Security Implications of "Lower-Risk Aircraft"

Interesting paper: Paul J. Freitas (2012), "Passenger aviation security, risk management, and simple physics," Journal of Transportation Security.

Abstract: Since the September 11, 2001 suicide hijacking attacks on the United States, preventing similar attacks from recurring has been perhaps the most important goal of aviation security. In addition to other measures, the US government has increased passenger screening requirements to unprecedented levels. This has raised a number of concerns regarding passenger safety from radiation risks associated with airport body scanners, psychological trauma associated with pat-down searches, and general cost/benefit analysis concerns regarding security measures. Screening changes, however, may not be the best way to address the safety and security issues exposed by the September 11 attacks. Here we use simple physics concepts (kinetic energy and chemical potential energy) to evaluate the relative risks from crash damage for various aircraft types. A worst-case jumbo jet crash can result in an energy release comparable to that of a small nuclear weapon, but other aircraft types are considerably less dangerous. Understanding these risks suggests that aircraft with lower fuel capacities, speeds, and weights pose substantially reduced risk over other aircraft types. Lower-risk aircraft may not warrant invasive screening as they pose less risk than other risks commonly accepted in American society, like tanker truck accidents. Allowing passengers to avoid invasive screening for lower-risk aircraft would introduce competition into passenger aviation that might lead to better overall improvements in security and general safety than passenger screening alone is capable of achieving.

The full paper is behind a paywall, but here is a preprint.

Posted on February 9, 2012 at 6:10 AM • 17 Comments

Solving the Underlying Economic Problem of Internet Piracy

This essay is definitely thinking along the correct directions.

Posted on February 8, 2012 at 6:46 AM • 51 Comments

Error Rates of Hand-Counted Voting Systems

The error rate for hand-counted ballots is about two percent.

All voting systems have nonzero error rates. This doesn't surprise technologists, but does surprise the general public. There's a myth out there that elections are perfectly accurate, down to the single vote. They're not. If the vote is within a few percentage points, they're likely a statistical tie. (The problem, of course, is that elections must produce a single winner.)

Posted on February 7, 2012 at 5:53 AM • 58 Comments

The Failure of Two-Factor Authentication

In 2005, I wrote an essay called "The Failure of Two-Factor Authentication," where I predicted that attackers would get around multi-factor authentication systems with tools that attack the transactions in real time: man-in-the-middle attacks and Trojan attacks against the client endpoint.

This BBC article describes exactly that:

After logging in to the bank's real site, account holders are being tricked by the offer of training in a new "upgraded security system".

Money is then moved out of the account but this is hidden from the user.

[...]

Called a Man in the Browser (MitB) attack, the malware lives in the web browser and can get between the user and the website, altering what is seen and changing details of what is being entered.

The solution is to authenticate the transaction, not the person.

EDITED TO ADD (2/6): Another link.

Posted on February 6, 2012 at 1:23 PM • 44 Comments

Friday Squid Blogging: Clothing that Keeps an Exercise Journal

It's called Squid.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Posted on February 3, 2012 at 4:18 PM • 30 Comments

The Problems of Too Much Information Sharing

Funny. Fake, but funny.

Edited to add (2/3): The rest of the story.

Posted on February 3, 2012 at 2:49 PM • 12 Comments

VeriSign Hacked, Successfully and Repeatedly, in 2010

Reuters discovered the information:

The VeriSign attacks were revealed in a quarterly U.S. Securities and Exchange Commission filing in October that followed new guidelines on reporting security breaches to investors. It was the most striking disclosure to emerge in a review by Reuters of more than 2,000 documents mentioning breach risks since the SEC guidance was published.

The company, unsurprisingly, is saying nothing.

VeriSign declined multiple interview requests, and senior employees said privately that they had not been given any more details than were in the filing. One said it was impossible to tell if the breach was the result of a concerted effort by a national power, though that was a possibility. "It's an ugly, slim sliver of facts. It's not enough," he said.

The problem for all of us, naturally, is if the certificate system was hacked, allowing the bad guys to forge certificates. (This has, of course, happened before.)

Are we finally ready to accept that the certificate system is completely broken?

Posted on February 3, 2012 at 10:49 AM • 42 Comments

Prisons in the U.S.

Really good article on the huge incarceration rate in the U.S., its causes, its effects, and its value:

Over all, there are now more people under "correctional supervision" in America -- more than six million -- than were in the Gulag Archipelago under Stalin at its height. That city of the confined and the controlled, Lockuptown, is now the second largest in the United States.

The accelerating rate of incarceration over the past few decades is just as startling as the number of people jailed: in 1980, there were about two hundred and twenty people incarcerated for every hundred thousand Americans; by 2010, the number had more than tripled, to seven hundred and thirty-one. No other country even approaches that. In the past two decades, the money that states spend on prisons has risen at six times the rate of spending on higher education.

[...]

The trouble with the Bill of Rights, he argues, is that it emphasizes process and procedure rather than principles. The Declaration of the Rights of Man says, Be just! The Bill of Rights says, Be fair! Instead of announcing general principles­ -- no one should be accused of something that wasn't a crime when he did it; cruel punishments are always wrong; the goal of justice is, above all, that justice be done­ -- it talks procedurally. You can't search someone without a reason; you can't accuse him without allowing him to see the evidence; and so on. This emphasis, Stuntz thinks, has led to the current mess, where accused criminals get laboriously articulated protection against procedural errors and no protection at all against outrageous and obvious violations of simple justice. You can get off if the cops looked in the wrong car with the wrong warrant when they found your joint, but you have no recourse if owning the joint gets you locked up for life. You may be spared the death penalty if you can show a problem with your appointed defender, but it is much harder if there is merely enormous accumulated evidence that you weren't guilty in the first place and the jury got it wrong. Even clauses that Americans are taught to revere are, Stuntz maintains, unworthy of reverence: the ban on "cruel and unusual punishment" was designed to protect cruel punishments -- flogging and branding -- that were not at that time unusual.

The author mentions the rise of for-profit businesses increasingly running prisons in the U.S., but I don't think he makes the point strongly enough. There is now a corporate interest in the U.S. lobbying for such things as mandatory minimum sentencing.

Posted on February 2, 2012 at 9:04 AM • 64 Comments

The Idaho Loophole

Brian C. Kalt (2005), "The Perfect Crime," Georgetown Law Journal, Vol. 93, No. 2.

Abstract: This article argues that there is a 50-square-mile swath of Idaho in which one can commit felonies with impunity. This is because of the intersection of a poorly drafted statute with a clear but neglected constitutional provision: the Sixth Amendment's Vicinage Clause. Although lesser criminal charges and civil liability still loom, the remaining possibility of criminals going free over a needless technical failure by Congress is difficult to stomach. No criminal defendant has ever broached the subject, let alone faced the numerous (though unconvincing) counterarguments. This shows that vicinage is not taken seriously by lawyers or judges. Still, Congress should close the Idaho loophole, not pretend it does not exist.

Posted on February 1, 2012 at 6:05 AM • 35 Comments

Possibly the Most Incompetent TSA Story Yet

The storyline:

1. TSA screener finds two pipes in passenger's bags.

2. Screener determines that they're not a threat.

3. Screener confiscates them anyway, because of their "material and appearance."

4. Because they're not actually a threat, screener leaves them at the checkpoint.

5. Everyone forgets about them.

6. Six hours later, the next shift of TSA screeners notices the pipes and -- not being able to explain how they got there and, presumably, because of their "material and appearance" -- calls the police bomb squad to remove the pipes.

7. TSA does not evacuate the airport, or even close the checkpoint, because -- well, we don't know why.

I don't even know where to begin.

Posted on January 31, 2012 at 5:03 PM • 79 Comments

Biases in Forensic Science

Some errors in forensic science may be the result of the biases of the examiners:

Though they cannot prove it, Dr Dror and Dr Hampikian suspect the difference in contextual information given to the examiners was the cause of the different results. The original pair may have subliminally interpreted ambiguous information in a way helpful to the prosecution, even though they did not consciously realise what they were doing.

[...]

This one example does not prove the existence of a systematic problem. But it does point to a sloppy approach to science. According to Norah Rudin, a forensic-DNA consultant in Mountain View, California, forensic scientists are beginning to accept that cognitive bias exists, but there is still a lot of resistance to the idea, because examiners take the criticism personally and feel they are being accused of doing bad science. According to Dr Rudin, the attitude that cognitive bias can somehow be willed away, by education, training or good intentions, is still pervasive.

Posted on January 31, 2012 at 11:13 AM • 18 Comments

Liars and Outliers Update

According to my publisher, the book was printed last week and the warehouse is shipping orders to booksellers today. Amazon is likely to start shipping books on Thursday. (Yes, Amazon's webpage claims that the book will be published on February 21, 2012, but they'll ship copies as soon as they get them -- this ain't Harry Potter.) The Kindle edition is already shipping.

Those of you who ordered signed copies from me are likely going to have to wait a couple more weeks. My copies will arrive from the publisher eventually; then I will sign them and ship them on to you.

Reviews are starting to come out. I expect more in the coming month.

At the end of February, I'll be at the RSA Conference in San Francisco. In addition to my other speaking events, Davi Ottenheimer will interview me about the book at something called The Author's Studio. I'll be doing two one-hour book signings at the conference bookstore. And, and this is the best news of all, HP has bought 1,000 copies of the book and will be giving them away at their booth. I'll be doing a couple of signings there as well.

Posted on January 30, 2012 at 1:59 PM • 44 Comments

Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.