Bruce Schneier
Schneier on Security
A blog covering security and security technology.
« Santa Hacked | Main | Merry Christmas from the TSA »
December 23, 2011
Friday Squid Blogging: Goldman Sachs and the Vampire Squid Metaphor
It's a metaphor that will not die.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Posted on December 23, 2011 at 6:10 PM • 20 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
The effect of background checks that return false-positives for criminal records. There's the problem of mistakes, a look at how widespread background checks are, and then the measures some government Web sites are taking to keep their records from being scraped by agencies that then won't bother to update their databases if someone's record is expunged or a conviction is overturned.
Posted by: Petréa Mitchell at December 23, 2011 9:15 PM
I had to drop this link, though I don't what to say other than "watch out"! https://www.eff.org/deeplinks/2011/10/fbi-ramps-its-next-generation-identification-roll-out-winter-will-your-image-end
Posted by: EIA at December 23, 2011 9:39 PM
Microsoft will introduce picture/gesture passwords in the next Windows release:
https://blogs.msdn.com/b/b8/archive/2011/12/16/signing-in-with-a-picture-password.aspx
https://blogs.msdn.com/b/b8/archive/2011/12/19/optimizing-picture-password-security.aspx
Posted by: markucz at December 24, 2011 5:35 AM
I suspect one reason the image won't die in peoples minds is the original wording clearly evokes the same feelings as has the "face-hugger" from the Alien movies.
The follow on thought of how the face hugger provides minimal life support to the unfortunate victim until the Alien spawn is iremovable from the host where upon it consumes them from within, typicaly describe the trading behaviour typified by Goldman-Sachs and their ilk.
The fact that various people have tried to say it is "anti-semitic" commentary misses the point completely and says more about their Onanistic [1] behaviour than their understanding of the basic cultral psyche.
[1] Contrary to what many people believe... Onanisum is actually the sin of "having the pleasure of their behaviour whilst fully intending to avoid the responsability, usually for their own selfish pecuniary advantage. Which is why God struck down Onan for not providing the deceased Er with a child to inherit the 1/3 share of Jacob's estate.
Posted by: Clive Robinson at December 24, 2011 7:29 AM
@Patrea,
I noticed that article earlier this week.
What surprised me is that I went through a background check (circa 2006) for a job. That job involved a contractor that did work for a Military agency. The CEO of the company needed Clearance, we laborers needed only background checks.
I was given the opportunity to view the results of the background check, and they were boring. (IIRC, the contents of the background check could be summarized as no criminal convictions, no indictments, no bankruptcies, yes he did attend that University, yes he did graduate, and is not paying child support to anyone. All the data was assembled and reported by a local Private Investigator.)
Aside from this one job, I never have been told that the hiring company was checking my background. Not that I think I was safe. Just that they didn't have to tell me...
Afterwards, I learned that my (meatspace) name is shared with possibly 150 people in the US. Most of whom appear to be equally-boring in terms of background checks.
Is that luck? Are such name-collisions rare? Or is this something that's changed in the past 5 years? Or have the providers of background-checks changed greatly in the last 5 years?
Posted by: karrde at December 24, 2011 10:08 AM
Bruce, thought you'd like this TSA variant on a Christmas classic. :)
Posted by: skreidle at December 24, 2011 12:23 PM
@Clive
>"Contrary to what many people believe"
You'll have to enlighten me as I'm happily agnostic with doubts. How do many people interpret Onanistic according to you? (Just the latter part..avoiding responsibility?)
Any religious book gives me head aches. However I was wondering about God's presence the other day and people being struck down and it occurred to me if there indeed is an all powerful and omnipotent being it seems he/she is having a field day in north africa and the middle east....
Posted by: Vles at December 24, 2011 2:55 PM
That image of a Chthulhu like being with thorny tentacles wrapped around someones head needs to be cast in bronze and dropped on the headquarters of all the world's major investment banks.
Several tons of the things apiece would be a good start. And the first place to turn for acquiring the casting materials is Goldman Sachs Detroit warehouses full of hoarded metal ingots.
As per Reuters...
Posted by: Golux at December 24, 2011 11:22 PM
ANyone notice that IE's SmartScreen Filter is not so smart (again...see http://www.zdnet.com/blog/microsoft/... I received a nice new ereader for xmas, and when I went to update the Calibre software I use for managing my ebooks, it popped up a warning that was something along the lines of "calibre 8.0.3.msi program is not commonly used by other people" and gave no option to actually ignore the warning and continue with the installation. In order to get the program to install, I actually had to disable SmartScreen Filter. This doesn't sem like a good way to design their security software: now that I have disabled it because of a bizarre false-positive (i say bizarre becase of the reason it gave for not letting me run it), I am not very likely to re-enable it. Wouldn't it be far better if they gave me an option to ignore the warning and install anyway, without having to turn off the filter entirely?
Posted by: Gib at December 25, 2011 9:21 AM
Sorry if this is a bit off-topic. It is about the databases used for permanent medical records in the US, which seem to be modeled on those used by homeland security.
On my last visit to the clinic, I was told to fill out an extensive history, which was then entered by the physician's assistant before the doctor came in. There were several questions that had no satisfactory answers available on the form. For example, smoking history was defined as the length of time between the age of first cigarette and the last. Like most people who try it, I experimented with smoking in high school; I also had two cigarettes while talking a smoker friend through a divorce several decades later. Between these events I led an athletic life which included cycling an average of sixty miles per week for more than fifteen years. The only way the computer system would register this information was as an uninterrupted thirty-year habit, despite the fact that the total number of cigarettes I have smoked averages to about half a pack per year over that period.
The PA apologized for the system, explaining that he had no way to comment or alter the online form. I called the clinic administration after my appointment and was told that, like no-fly lists and security theater info-dumps, there is no correction mechanism or access to their database (it is administered by a third-party contractor).
This is not only misleading to medical staff who may be evaluating possible treatment options for patients, it provides the data insurers use to determine premium and coverage rates. I fully expect to see my rates balloon next time I must switch insurance.
I thought it was bad enough when I tried to have a mortgage from a state I have never visited removed from my credit report several years ago, but at least those are semi-visible. What is it about information-systems contracting that perverts a reasonable idea (tracking incidents of crime, maintaining medical records) into a dump of inaccuracy and petty vendettas?
Posted by: Feebs at December 25, 2011 10:51 AM
For your post xmas blues, lookup Stratfor's xmas present.
Posted by: tqft at December 25, 2011 4:00 PM
Vampire squid?
One more reason to put off a SCUBA certification...
Posted by: me at December 25, 2011 4:15 PM
Some history on the KH-9 satellite told:
"Decades later, a Cold War secret is revealed"
http://www.canadianbusiness.com/article/...
Posted by: dbCooper at December 26, 2011 8:23 AM
Excellent article by James Fallows in The Atlantic
on the really bad aftermath of having your webmail
account hacked by "I've been mugged in ; please send money" crooks.
http://www.theatlantic.com/magazine/print/2011/...
It's worse than friends loosing the money; the crooks also deleted *all* of his archived E-mail. (There is a semi-happy ending.)
Posted by: Jonathan Thornburg at December 26, 2011 9:31 AM
markucz : I predict that will be easy to defeat. Just hoist up a middle finger. (Or two, if you live in England.)
Posted by: kingsnake at December 26, 2011 1:43 PM
@karrde, I was wondering the same thing ever since I first googled my name several years ago and getting more hits in Denmark than the US, where I live. That's not the case anymore - there are two or three same-name people who have lots of hits on their names, none of whom are the same-name people I already knew about who live within twenty miles or so of me. (All four of my grandparents were born in Denmark - apparently my name's reasonably common there too.)
Posted by: pfsm at December 26, 2011 4:48 PM
GPG creates interesting possibilities for social engineering attacks through the use of short key-ids:
Posted by: foo at December 26, 2011 7:16 PM
And now for something completely different... security theatre:
http://gma.yahoo.com/blogs/abc-blogs/...
Posted by: Aj Reznor at December 27, 2011 12:28 PM
The Vampire Squid metaphor is in the grand tradition of tentacly sea creature metaphors, which is lovingly chronicled at http://vulgararmy.com/ . Know your Communist Enemy!
Posted by: kme at December 28, 2011 3:23 AM
Subscribe to comments on this entry
Post a comment
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.
|
| Blog Menu |
SearchBlog Home Page
Archives by Date2012 J F M A M
  |
| Latest Book |
more books by Bruce Schneier |
| Syndication |
|
Full Text Feed
Excerpts Feed |
| Translations |
|
German
Italian |
| Crypto-Gram Newsletter |
|
If you prefer to receive Bruce Schneier's comments on security as a monthly e-mail digest, subscribe to Schneier on Security's sister publication, Crypto-Gram.
read more |
Comments