Schneier on Security
A blog covering security and security technology.
« FireDogLake Book Salon for Liars and Outliers |
| Honor System Farm Stands »
June 15, 2012
Friday Squid Blogging: Woman's Mouth Inseminated by Cooked Squid
This story is so freaky I'm not even sure I want to post it. But if I don't, you'll all send me the links.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Posted on June 15, 2012 at 4:02 PM
• 31 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Eww. I'll take a raincheck on the calamari.
Aaaaaaaaagh. Must. Wash. Brain.
I hope SHE washed her mouth haha
Keep meaning to collect a list of people doings to combat the "people wouldn't ABUSE the system. Not PEOPLE."
The Transportation Security Administration has recommended firing seven employees at Philadelphia International Airport, the agency said Friday.
The announcement came after an eight-month investigation that revealed that the employees were involved in bribery.
According to TSA:
A training instructor responsible for administering annual proficiency exams was found to have accepted payment from TSA security officers to ensure passing grades. The training instructor pleaded guilty in Federal District Court on Feb. 28, 2012, to a charge of bribery.
Didn't see any mention of the CloudFlare attack that occurred earlier this month:
Social engineering, the bypassing Google's two-factor authentication, and poor system administration practices make for a pretty interesting story.
@ Someone in particular 6:29pm
Yeah i oddly saw the Cloudfare attack report around when i was evaluating their claims to resist DDOS attacks. Good news for them is they seem honest on that one: LulzSec successfully used them to defend their site while attacking people. Cloudfare's spokesman said it was the best pentesting they could get & came largely free of charge haha.
Short summary of post in other squid thread
It seems high assurance security certification is truly dead in market for anything more complicated than a kernel or data diode. Products certified high assurance under old rules (B3/A1) were ordered to undergo costly reevaluations to modern eauivalents EAL 6/7.
Products surviving old market collapse were GEMSOS (A1), Boeing SNS (A1), and XTS-400 (B3). GEMSOS couldnt afford re-evaluation, BAE dropped XTS-400 to EAL5+, and SNS's EAL7 evaluation recently resulted in a very augmented EAL5 rating.
Boeing is a major defense contractor with a big budget and guaranteed contracts. The product is just a guard. They have much experience in assuring guards. They apparently see no reason to invest in an EAL6/7 rating. If big Boeing cant justify it, then is there reason anymore for American companies to produce truly secure systems? At the moment, it seems not.
Oh no, they are searching for a host!!!
What has bothers me about that attack is how elaborate it is. This wasn't done by your typical Lolsec script kiddie. It was carefully and meticulously planned by someone who is competent at analyzing various systems in multiple companies and exploiting their weaknesses. I am also impressed by the agility of his mind when he got caught in the act (something that I think caught him off guard). That was some quick thinking on his feet.
At the end of the day this hack should probably be considered a failure but if only one person was behind it I have no qualms about saying I'm impressed.
Preliminary US crime statistics from 2011 show violent crime dropping overall again. Burglary is up a smidge, and there's been a spike in murders in small towns that no one has any idea how to begin to explain.
I saw this cartoon a few weeks back. Kept meaning to mention it....
You just have to love those lines: "Those records are supposed to be private." "Why do humans keep thinking that minimum wage buys undying loyalty?"
That story is totally blowing up the squid blogosphere.
Ottawa airport wired with microphones as Border Services prepares to record travellers’ conversations
www - ottawacitizen - com/news/Ottawa+airport+wired+with+microphones+Border+Services/6788759/story.html
Have you heard of any link between the recent "state sponsored" Gmail hacks and malware running on Android phones? Gmail at least on some Android devices is "always on", i.e.; cannot be logged out. If Gmail is hacked/infected, then phones (could be) too. Do you agree? Has anyone heard of this happening, or have any proof that it does happen?
I quit eating Squid in 2003 when I saw a PBS show about how the cellular structure of their eyes is so very similar to human eyes. :)
Cannibalism isn't for me.
Since then I've learned a lot of reasons not to kill our ocean, and seen how interdependent we and sea life are.
No Polly Anna here, just hoping to survive without eating something that might save me. :)
By the way, I've been learning to pay attention to how my body reacts to different foods--and if something makes you feel lousy later, (pork does that to me) or gives you gas, etc, maybe our bodies are trying to tell us what we can handle and what we shouldn't.
Knowing could improve quality of life, even if no guarantees for quantity.
bon appetit guys!
The only way I know of to delete your gmail account from your android phone is to do a factory reset on the phone. I don't like that and wondered why it behaves that way. Same applies to Google voice, once you sign up, you cannot delete your account. You can remove the numbers of the phones that are forwarded, but you can not delete your account. That was a year ago. Not sure if they changed that.
Here we go again, the web site of a hospital equipment provider riddled with malware... and hospitals downloading malware infested updates for respirators and the like ... Just plain scary ... From threatpost: http://threatpost.com/en_us/blogs/...
Does anyone understand this? Game theory, stackelberg, TSA.
I never used the email address I had to make to use the phone, but like Wael said, I know Google voice would remain activated. Very frustrating. Instantaneously after turning it off, it would turn itself right back on. Plus, apps that I didn't download would turn up on my phone. Was glad to get rid of the p.o.s., it serves as a second alarm clock now :)
The post asks whether an approach based on game theory is can be helpful in designing airport security strategies. It raises some good questions about whether the type of game under discussion even properly models the problem, and then answers them with an unsupported assertion that yes, it works and everything is cool.
Thanks Petréa -- for the information, and for the laugh you gave me!
I know it's Monday but did anyone see this:
"What are the practical applications of this research? We hope to use our findings to develop a software application that could be installed on home computers and mobile devices. It would monitor your Internet usage and alert you when your usage patterns might signal symptoms of depression."
Well, if having an internet program that watches my every activity in the name of my "health" doesn't depress me, I don't know what will.
Interesting. It might explain my ISP.
"Let's piss him off a little bit more and then we better stop".... ;)
I recently ordered "Liars and Outliers" from the local library. Ironically, while it was being held for me to pick it up, somebody stole it.
It would appear that the cat&mouse story of Julian Assange has taken another weird step...
He walked into the London embassy of Ecuador and asked for asylum. Apparently he believes he was about to be shipped off to Sweden prior to his latest attempt to get the extradition order quashed.
It appears this may not be unrelated to an offer made back in 2010 by Ecuador to offer Mr Assange residency, which in of it's self has a few twists and turns.
ON another matter the EFF are supporting the "Internet Archive" in a legal case against Washington State,
Put simply Washington State has enacted a badly written law (SB-6251) that flies in the face of US Federal law.
In essence it's purpose is to make online service providers criminally liable for providing access to third parties' offensive materials, and on the face of it, it would appear to have laudable goals. But in practice it is to broadly written in very vague terms thus making it dangerous in many respects. Further it brings it squarly into conflict with Section 230 of the Communications Decency Act, which is current Federal law which adequately covers what SB-6251 attempts to cover so badly.
Oh and "one for the parents"... How is you kids maths? are they any good at division, fractions or surds?
If not they may not be able to hack it in our modern world according to some reasurch,
Of course underpining all of this as normal is a good knowledge of primes ;-)
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.