Friday Squid Blogging: Squid Desk Lamp
Beautiful sculpture.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Beautiful sculpture.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Brandon • February 17, 2012 5:22 PM
If the hacker group Anonymous is to be believed, one Middle Eastern dictator’s email password is “12345” … or it was, until they decided to share much of his (and his staff’s) email with the world. Can this really be true?
Thunderbird • February 17, 2012 5:33 PM
I’m assuming you know the “drunk squid wants to fight you” image ? If not, just google it. I’ll never hang my coat or jacket without thinking of that one…
To save others the problems of finding it, I’ll note it appears to be “drunken octopus” instead of “drunken squid.” And you’re right–it sure will always be in my mind when I see one again.
NobodySpecial • February 17, 2012 5:40 PM
1-2-3-4-5? That’s the stupidest combination I’ve ever heard of in my life!
That’s the kinda thing an idiot would have on his luggage!
Steve • February 17, 2012 6:04 PM
How long do you think it will be before Governments/courts start doing password bounties?
Is there something preventing them from doing this?
Such as password reuse which will cause problems for the person or sensitive information in the password like it could contain a SS#?
Since all you need is the header/parts of the encrypted data those can be given out and anyone can try to crack it. Speaking of… is there any software that hides where the “header” is depending on the password?
Petréa Mitchell • February 17, 2012 6:05 PM
The newswires are ablaze with stories on the first successful human trial of delivering drugs from an implanted microchip which is triggered by wireless signals. No reporter seems to have asked any questions regarding anything remotely like security.
Daniel • February 17, 2012 7:20 PM
The NYT has an article called “How Companies Learn Your Secrets”. The short answer seems by bribing, manipulating, and lying to you. But the article takes six web pages to say that, presumably to up the page views for the NYT advertisers.
http://www.nytimes.com/2012/02/19/magazine/shopping-habits.html?_r=1
The LA times has an update on the use of drones in US airspace. Basically they will be able to fly where they want when they want without any non-military oversight.
http://www.latimes.com/business/la-fi-military-drones-20120214,0,5726973.story
The International Federation of the Phonographic Industry’s annual report on the music industry has interesting data both on the amount of piracy taking place and music industry efforts to combat it (second half of .pdf)
http://ifpi.com/content/library/DMR2012_key_facts_and_figures.pdf
richrumble • February 17, 2012 7:35 PM
University Laptops stolen on purpose to demonstrate and shore up security policies and procedures: http://www.utwente.nl/en/archive/2012/02/stealing_for_science.doc/
-rich
A blog reader • February 18, 2012 12:06 AM
To protect children, “intensive parenting” (with lots of oversight and restrictions imposed by parents) may not always lead to increased safety and security, and many persons may not be experts at risk assessment. Lenore Skenazy at FreeRangeKids talked about the issue of parents being essentially forced to practice “intensive parenting” due to the possibility of otherwise being charged with child abuse/neglect. Law professor David Pimentel mentioned such factors as media attention towards unusual but spectacular risks, and that this could contribute to prosecutors and jurors coming to view excessively protective and sheltered child-raising as the “legal standard of care.”
In other news, the US Justice Department failed for some years to provide Congress with certain records concerning the usage of pen-register/trap-and-trace telephone surveillance. (Also, there was the issue of Congress failing to take action.) On the upcoming Mountain Lion version of the Mac OSX platform, the Gatekeeper technology may disallow the running of applications that are not digitally signed, though users can configure the system to allow unsigned applications.
Daniel • February 18, 2012 1:44 AM
A few weeks ago I linked to an article about a new device could process a DNA sequence in a day and speculated that we would see that time cut in 1/2 within five years (IIRC).
My bad.
It took one month and we are now down to fifteen minutes in a unit the size of a thumb drive.
http://www.bloomberg.com/news/2012-02-17/oxford-nanopore-plans-portable-gene-sequencing-device.html
More technical details here:
http://omicsomics.blogspot.com/2012/02/oxford-nanopore-doesnt-disappoint.html#more
So now I’ll say that within five years every beat cop and squad car will have one and within a decade your dna will be encoded on your drivers license.
A Nonny Bunny • February 18, 2012 3:31 AM
@Daniel,
15 minutes is only for very short gene sequences. To sequence the whole genome of a person that device would take 6 hours. And it’s currently not able to do that, they’re still working on the version that can.
NobodySpecial • February 18, 2012 11:21 AM
DNA matches don’t match the whole sequence. It would be rather pointless anyway since we share rather a lot of our DNA with other individuals (and species) – so they use short sequences of non-coding DNA.
In theory since this DNA doesn’t code for any vital function it is more random. In practice if you are from a small genetic population it can be very non-random.
Of course – courts, prosecutors and police are very careful to explain the difference between population and sample statistics to a jury, and most juries are highly expert in Bayesian statistical techniques.
Petréa Mitchell • February 18, 2012 11:25 PM
There have been several stories over the last few months about the NYPD becoming so paranoid about Muslim terrorists that it’s been getting itself military weapons, inviting anti-Islamic fringe “experts” in to give training sessions, working with the CIA to monitor Muslims without cause all over the city, and possibly stepping into the FBI and CIA’s jurisdiction through its own efforts.
Well, the cherry on the top of the WTF sundae is that the AP has now found it displaying no regard for its geographical jurisdiction either.
A blog reader • February 19, 2012 12:09 AM
Mother Jones has an article about trucks that transport nuclear weapons and weapon components via US highways. Then again, this may or may not be a particularly great concern as security issues go.
Zaphod • February 19, 2012 12:44 AM
Wholesale surveillance of the UK population comes a step closer.
Zaphod
Clive Robinson • February 19, 2012 2:51 AM
OFF Topic:
Of historic interest is John Nash’s (he of “A Beautiful Mind” biography/film) letter to the NSA shortly after they were formed. It predicted several advances in the mathmatical outlook in cryptograhpy as much as a quater of a century before they became common in the public cryptographic world.
http://agtb.wordpress.com/2012/02/17/john-nashs-letter-to-the-nsa/
kashmarek • February 19, 2012 7:42 AM
Found on Slashdot, more British spying…
Petréa Mitchell • February 19, 2012 9:43 AM
As an addendum to the NYPD article, my SO adds that it already has an established record of operating even further outside its geographical boundaries. Here’s an article on a gun-buying sting in Arizona last year, part of a nationwide operation going back to at least 2006.
Not only was this done without the knowledge of the local authorities or the ATF, the alleged illegal sales are not, according to the ATF agent quoted, actually illegal. The mayor of NYC claims the sting operation broke no laws since the people who actually went to the gun show to perform the sting were all residents of Arizona.
Vles • February 19, 2012 10:06 AM
No reporter seems to have asked any questions regarding anything remotely like security.
What about them being implanted against your will or without you being aware?
Natanael L • February 19, 2012 10:41 AM
Cloud computing with homomorphic encryption.
What do you guys think of it?
Anonymouse • February 19, 2012 2:05 PM
Looks like the English are going hell for leather towards 1984.
It’s claimed “Direct messages between subscribers to websites such as Twitter would also be stored, as well as communications between players in online video games.”
Anyone care to comment on the feasibility of cracking SSL on this scale ? What about breaking DNSSEC ?
And how are they going to decode every web sites protocol to extract the message ?
The trade-off’s probably warrent their own article from Bruce 🙂
Clive Robinson • February 19, 2012 2:35 PM
@ Anonymouse,
Looks like the English are going hell for leather towards 1984
It’s a bit more complicated than it first appears.
First off it needs to be said that the “torygraph” is so far right of center even the US “tea baggers” think it’s run by people so right wing they would be embarrassed to be seen in their company.
Also the UK did not think this up by it’s self, it comes from an EU Directive… Which it is rumourd was formulated by Ms Merkles friends to get around the restraint of German privacy Laws brought in many years ago to stop a repeate of dictatorships like the “National Socialist Party” (Nazi’s and their ilk to the rest of us).
However they say things come “full circle” and in this case the “torygraph’s” hate for all things EU has taken it so far right of center it’s crossed the political “international dateline” and thus appears in this case to be well to the left of “the loony left”…
Anonymouse • February 19, 2012 3:31 PM
@Clive Robinson
This goes well beyond the needs of the EU retention directive (nasty as it is) and well beyond what any other democracy in the world feels is needed.
Hell, we didn’t even need this when the IRA terrorists were actually blowing people up every month.
MW • February 19, 2012 11:26 PM
Slashdot reports “GSM cellular networks leak enough location data to give third-parties secret access to cellphone users’ whereabouts, according to new University of Minnesota research.”
http://yro.slashdot.org/story/12/02/20/010216/leaky-cellphone-nets-can-give-attackers-your-location
Richard Birenheide • February 20, 2012 2:16 AM
@Nathanel L.
Only the key is encrypted homomorphologic if I understand the website correctly. Data processing is still being done at customer site. More interesting would be homomorphic encryption which allows processing masses of encrypted data (in the cloud).
karrde • February 20, 2012 7:13 AM
This is not the kind of news-story I normally pay attention to, but was forwarded to me by an old acquaintance with a note about information leakage.
This could be viewed as one of the side effects of Big Data. Lots of large corporations collect data automatically, especially corporations selling items to customers.
Thus, a store like Target has the ability to see purchasing patterns associated with large, life-changing events. And it’s very hard for a customer to hide this data.
I wonder if Target (or other stores) attempt to track the pay-with-cash-only customers and assign them unique, persistent ID’s.
kingsnake • February 21, 2012 7:14 AM
Squid fly to save energy: http://www.nature.com/news/squid-can-fly-to-save-energy-1.10060
LinkTheValiant • February 21, 2012 8:23 AM
I wonder if Target (or other stores) attempt to track the pay-with-cash-only customers and assign them unique, persistent ID’s.
Of course they do. This is what customer loyalty cards are for. I’m not sure what other “non-intrusive” measures are possible to track cash customers though. But most cash customers use cash for financial reasons rather than privacy, (so far as I know,) so unless the customer is at least minimally paranoid, stores won’t have too much trouble implementing new tracking methods.
kashmarek • February 21, 2012 3:49 PM
The Transparency Gredade…?
kashmarek • February 21, 2012 3:49 PM
Make that “grenade”
MW • February 21, 2012 6:19 PM
GPS jammers in the UK:
http://www.bbc.co.uk/news/technology-17119768
“GPS jammers are believed to be mostly used by people driving vehicles fitted with tracking devices in order to mask their whereabouts.”
But of course it causes troubles for others.
kashmarek • February 22, 2012 4:28 PM
Squashing your Google history…
What about the history for those of us that DON’T have Google accounts?
In that web page, they say that removing your web history only pauses it. So, if I un-pause web history, does it all come back (that before the pause)?
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Paul • February 17, 2012 5:16 PM
I’m assuming you know the “drunk squid wants to fight you” image ? If not, just google it. I’ll never hang my coat or jacket without thinking of that one…