Schneier on Security
A blog covering security and security technology.
« The Dangers of Surveillance |
| What I've Been Thinking About »
March 29, 2013
Friday Squid Blogging: Bomb Discovered in Squid at Market
An unexploded bomb was found inside a squid when the fish was slaughtered at a fish market in Guangdong province.
Oddly enough, this doesn't seem to be the work of terrorists:
The stall owner, who has been selling fish for 10 years, told the newspaper the 1-meter-long squid might have mistaken the bomb for food.
Clearly there's much to this story that remains unreported.
More news articles.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Posted on March 29, 2013 at 4:19 PM
• 35 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I have a Huawei router for my internet connection (the router supplied by my ISP).
I have seen stories about other Huawei routers having security flaws.
Is it possible that my router has vulnerabilities? How could I find out?
Acoustic cryptanalysis -
On nosy people and noisy machines
"One of the methods for extracting information from supposedly secure systems is side-channel attacks: cryptanalytic techniques that rely on information unintentionally leaked by computing devices. Most side-channel attack research has focused on electromagnetic emanations (TEMPEST), power consumption and, recently, diffuse visible light from CRT displays. The oldest eavesdropping channel, namely acoustic emanations, has received little attention. Our preliminary analysis of acoustic emanations from personal computers shows them to be a surprisingly rich source of information on CPU activity."
The squid could have escaped from the Russians along with those anti-personnel dolphins.
Earlier this month, there was an American Public Media article about armed police officers (sometimes called "school resource officers") in schools. Of particular note was the last paragraph:
Over the last three decades, there have been about 150 shootings in U.S. schools. But the argument for armed security defies cost-benefit analysis. This week, the board of finance in Newtown, Conn., added $400,000 to the town's budget, to put an armed police officer in every school.
From Robert Parry's site....
(Long Essay but worth reading)
The Tragic Saga of Gary Webb
March 26, 2013
Starring Jeremy Renner as the late Gary Webb, the movie of Webb’s investigation of the CIA’s Contra-cocaine scandal – and of Webb’s destruction by mainstream news outlets – is set to begin filming this summer. If Hollywood gets the story right, it will be a dark and enlightening tale, says H. “Corky” Johnson.
More info here:
Iran Contra veteran found to be central player in Iraq death squads (No surprise here) Article and 1 hr video
UK Guardian Series on James Steele, Torture in Iraq March 6, 2013
ON Topic :-)
All sorts of strange man made things turn up in the bellies of various denizens of the deep. And some have been sugested since biblical times as the work of god (jonah and the whale).
Now in certain parts of the world bombs in sea water are not exactly unknown for various reasons, such as training grounds, or dumps (both of which are marked as "no fishing areas" on charts in UK waters). Further some ports have "narrow channels" approaches for larger vessels and during war time these can become "bomb runs" as the ships have little or no option but to sail what is in effect a fixed course and enemy attackers know this.
The odd thing about the "bomb" pictured is it does not look the right shape or size for an aircraft type bomb from WWII or later, during WW1 era they did have hand dropped "trench" bombs dropped from aircraft that were small and streamlined. However difficult as it is to tell it does look more like a mortar or warhead of an early rocket.
Now there is another reason why explosives of various kinds end up in sea water and it's sometimes called "handgrenade fishing". Fish tend to congregate around underwater structures (like oil rig legs) and it's not possible to use a net to fish them. In some parts of the world explosives are cheep and easily available from previous conflicts etc. So it's not unknown for fishermen to chuck explosives on short fuses over the side of a boat to act like a stun grenade that kills or knocks out very many fish that float quickly to the surface where they can be easily gathered into the boat.
Such fishing was carried out in various parts of Africa in places like Nigeria around oil installations and it did so much damage that the Nigerian Government of the time declared in effect "open season" on fishing vessals within sight of oil platforms. It was not unknown on some instalations to have members of the Nigerian Army with large caliber machine guns who's job it was to provide "warning shots" in the direction of any boat that aproached the instalation without pre aranged permiission.
When I used to work off shore I used to know one specialised diver reasonably well (he had also worn the green) and he had quite a few pictures of dury riged blocks of explosives etc that he had to go down and remove from around off shore instalations befor other divers could do routien maintanence.
And there is yet another reason for bombs and other munitions to be found on the sea bed often quite close to shore, which is shipwreaks and those that have run aground etc.
Oh and one of special notte for those who enjoy a night out in London or Southend etc. Say for instance you are thinking of going to the "O2 Center" that was the Millennium Dome on the Greenwich peninsula to see a major artist or group. Then have a thought about the SS Richard Montgomery munitions ship that sank in shallow water at the mouth of the Thames estury down stream from there during WWII. Basicaly after draging anchor and running aground and breaking it's back on the Nore sandbank (a notorious hazard to navigation that was the first place to get a permanent light ship) it started to break up and it's cargo of munitions was only partly recovered...
The wreck off of Southend (51.46583°N 0.78667°E) which remains visable at all states of the tide still has unexploded munitions aboard well into the kiloton range. If a ship or other large vessal going up the Thames bumped into the wreak potentialy a significant explosion could happen causing watter to be focussed up the estuary mouth into an ever larger wave (one initial estimate has indicated that the actual explosion would cause an initial 1000ft wide fountain of water that would rise to over 10,000ft).
Now depending on who you belive in a worst case it could cause an explosion equivalent to a tactical nuclear bomb. Thus it would for a brief moment make your night out go with a bang, prior to it becoming a total washout as a tsunami style wave swept up the river over whelmed the Thames barrier and wiped the O2 center off the map. Befor continuing to rush into London wiping out much of the river frontage including thhe Palace of Westminster that had survived the initial blast wave etc etc.
Oh and one reason for these predictions of doom is that the wreck is a little down stream from the sight that the current London Mayor "Bonking Borris" Johnston wants to build the new major London airport on a man made island, which is very unpopular with many people and vested interests. So the line you hear is if thiss wreck could do so much damage to London think what would happen if this airport is built it could also take out what would become London's major airport as well OMG it would be a disaster economicaly for London etc etc.
Whilst the wreck is noticably deteriorating after 70 years the truth is nobody knows what would happen if anything, if the wreck was hit by a vessel or was as has been sugested in movie plot type stories attacked by terrorists. As far as I'm aware only one similar vessel has exploded in UK waters before and that was back in 1967 and no deaths or injuries resulted...
On nosy people and noisy machines
Acoustic cryptanalysis has been around for a very long time. Back when Britain still used "typex machines" (similar to german Enigma) for much enciphered traffic, it also had an electronic 'One Time Pad' machine for diplomatic traffic from the US to UK called the Rockex. The BSC New York end was in a building (Rockerfeller building) that was not very desirable from a security perspective.
Initialy the machine was used "online" but after a quiet word it was only used offline untill a later model was produced.
It is known that there was an issue in that the relays used to do the "XOR" addition of the OTP tape to the message tape had unbalanced pull in and release times so it was possible to recognise the different pulse widths what the OTP was and thus strip it off.
Now what is not clear is if the attack was just by looking at the electrical output on the telegraph pair or if it had first been detected by the use of what would later be called a "spike mic" stuck into the wall from an adjoining office.
There were various stories told by various people who had first hand experiance in the likes of the DWS, MI8 and MI6. Unfortunatly as far as I know that generation are now all dead (Pat Hawker MBE having died just last month) and the official records have long since been destroyed (in the move from Pounden to Hanslope Park) so the truth may now never be known.
It has an odd parallel with Quantum Cryptography, the initial test bed was so achosticaly noisy that you could tell by ear exactly what state Alice and Bob's polarizers were in.
I also know from experiance with early ICL kit that you could hear what was hhappening in early mainframe computers by the noise the various power supply components made.
And this is something that all engineers who design electronics should be aware of "inductors sing". That is any coil around a magnetic material will cause "magneto constriction" of the material, and this get's especialy bad if there is high hysterisys in the material. Many people have experianced this due to "ballasts" in fluorescent lights humming at 5555555555555555555555555555
On topic くコ：彡
Something smells fishy.
Would a meter long squid (about half of which is tentacles) have sufficient capacity, buoyancy, or propulsion to effectively tote an eight inch long, three pound mortar bomb? Perhaps the dud was scraped up by nets while fishing and was found while cleaning a squid rather inside one...
Real-Time Gmail Spying FBI's 'Top Priority' for 2013
FBI Once Again Beating CALEA Update Drum
by Karl Bode Wednesday 27-Mar-2013 tags: business · wireless · privacy · content · wireless
While carriers already now give real-time access to all network data, the FBI says that real-time wiretapping of Gmail is their top priority in 2013. Speaking last week at the American Bar Association, FBI general counsel Andrew Weissmann argued once again that the agency wants to revamp the Communications Assistance for Law Enforcement Act to allow for real-time surveillance of e-mail, cloud storage services, and social networking websites. This is a drum the FBI has been beating for years, as they want easier access to services that use SSL encryption:
Spam Feud Leads to Largest DDoS Ever
Spamhaus Attacked for Adding Cyberbunker to SBL
by Karl Bode Wednesday 27-Mar-2013 tags: business
The squids hate your Freedoms Bruce you must go into to the sea to fight them there instead of here.
But Stanford had some interesting results today around the Brain Machine Interface. They've linked two rats together in cooperative tasks. Wired telepathy.
We've discussed encryption for our brains before and someone really needs to being the specification writing. Our brains on the internet.
Interesting UI research out of Japan. A system of dummy cursors uses hand-eye coordination to allow the user to recognize his cursor from among many dummies, and then enter a PIN on a soft keyboard while preventing onlookers from noting the PIN.
OFF Topic :
As some of you will have heard the Innternet was supposed to have been a bit slow this week and the DNS in danger of total collapse due to a spat between a hosting company and a site that blacklists supposed spamers and other Internet bottom feeders / crooks.
Well there are other reasons for this to happen, some may remember a rodent chewed it's way through a cable in the corner of a field some years ago and brought down the whole of the US Mid West Internet dur to the Internet trying to "route around the problem".
Well the same issue happens with "ships anchors" and sub-sea cables and occasionaly certain nations are aleged to send out their military divers to cut sub-sea cables.
Well it appears that this week Egypt caught three scuba divers in the process of cutting a major sub-sea cable, shortly after a ship had caused anchor damage to it.
Now there is insufficient information to say if the ship and the divers were in anyway connected. But if you think about it cutting a sub-sea cable is a way of "upping" the stakes in cyber-crime / warfare...
OFF Topic :
There has been a slowly increasing trend away from MS IE and paid for AV etc to Firefox and Chrome and freeware AV.
Whilst perhaps not surprising (MS realy did shoot themselves in the foot of IE9 and XP) to some it appears to be a surprise to others,
What good are anti-* scanners when none of them scan device firmware including router and NIC firmware?
When the SONY BMG Rootkit was discovered (Windows), only one scanner found it, an experimental one at the time, I believe it was called Rootkit Revealer, whatever rootkit scanner is rolled into Microsoft's SysInternals suite. Apart from this experimental and at the time non-Microsoft tool, none of the other anti-* scanners detected this. This should tell you something. IMO I believe most anti-* scanners are whitelisting tools used by Government(s).
Now the rootkit scanner in Microsoft's SysInternals has received no updates/features in several years, that I know of, it's there, but it's like it was left to die once it became Microsoft's, which is a pity.
At least Avast has GMER.
Any truth in "Backdoors Found In Bitlocker, FileVault and TrueCrypt?" (http://www.techarp.com/showarticle.aspx?artno=770&pgno=0)
I know that nobody can truly verify BitLocker and FileVault, but I was under impression that TrueCrypt was without backdoors...
What good are anti-* scanners when none of them scan device firmware including router and NIC firmware
The same "what good" could be said for just about any security product, the simple fact is none can give comprehensive cover of all aspects of a system.
The reality is it's a numbers game, where the odds are now firmly in the favour of the attacker not the defender.
Part of the reason for this is we have been "breeding our attackers, nurturing them and making them strong". We started with systems that had no security as they were designed not to have any as they were stand alone and security did not feature on the users list of requirments.
So even befor we added networking malware attacks were rife via "sneaker net" vulnerabilities and human engineering. Back then as far as we can remember the attacks were not financialy motivated but status / ego motivated.
And those "sneaker net" attacks still work today only the medium is not five inch floppy disks but USB memory devices. The difference is the malware is not status / ego these days but very much for gain / profit (even Stuxnet was for significant financial gain when you think about it).
We did not have security in MS products provided by MS untill well after Win95 during the intervening time consumers have voted for conveniance over security and Internet banking and other insecure financial services on the Internet started up. Arguably even though MS et al have provided increasing levels of security our OS's and Applications are comparitivly less secure now, than back when they had no inbuilt security, such is the advancment of the attackers.
The reason for the advancment of the attackers is our slow incremental improvments in security have trained up the attackers. Each success they have had has enabled them to accrue the resources to make more significant attacks and the potenttial rewards and comparitivly low risk has dragged in even larger numbers of attackers, but more importantly the support networks from more traditional crime to launder money etc.
The only reason the levels of attack are not higher is a simple numbers game. Each new attack takes time to develop, deploy and reap the rewards. In such a target rich environment there is only so many targets attackers can deal with in any given time.
What Anti-* software does is narrow the oportunity window to a certain extent by making older more prominent attacks less useful to attackers, untill such time as the security hole is fixed by tthe OS and application vendors. That is Anti-* software is an imperfect "stop gap measure".
As you will appreciate Anti-* software developers also play a numbers game that to many of them feels like a game of Whack-o-mole. They can only analyse a small fraction of the supposed attacks they get made aware of. Obviously the more prominent the attack the higher it gets on their "to do list" but at best they can only deal with a small percentage of the attacks that get developed (it's why Flame and Duqu are so old yet only recently exposed, and we only know about them because they are "sexy" "james Bondish" and thus news worthy).
Worse for the Anti-* software developers the attack surface they have to cover gets larger with every new release of software, software update and even security patches from software vendors.
Thus the Anti-* companies have to decide on what they are going to focus on as they know they cannot cover all attack vectors and more importantly how they are going to provide the protection (blacklist, whitelist, tripwire, signiture method etc etc).
The more reputable anti-* companies are telling us they cannot keep up and in some cases openly admit it's a losing game they are playing (see technical comments around Flame and Duqu). They know the only real solution is to reduce the attack surface, but that is not in any way under their control.
And at the end of the day you, I and everyone else are the problem we don't want security, we want usability feature and fun with the latest apps etc.
The joke of it is that you don't have to try very hard to get an increased level of security that will put you over and above the interests of cyber-criminals and even some of the cyber-espionage attackers. This is because in a target rich environment they are almost always going to go for the "low hanging fruit" unless there is a specific reason to do otherwise.
Thus you can make plans accordingly such that if you are or are likely to be "a party of interest" to directed attacks then you can take fairly simple steps (segregation) that will make the attackers take a more direct approach if possible, which takes you out of Cyber-security into the older worlds of human and physical security.
However remember if you are of sufficient interest, then as the cartoon has it they will go for the "$5 wrench" technique. And as Ronald Reagan found out 32years ago to the day, that even US President's are not bullet proof and security is not absolute just probabalistic.
"they will go for the "$5 wrench" technique"
unless you've been trained to go *over the rainbow* with dissociative states triggered by extreme stress/pain.. which will provide the madmen with powertools nothing.
@ Josip Medved,
Any truth in "Backdoors Found In Bitlocker FileVault and TrueCrypt?"
That rather depends on what you consider a "backdoor" to be.
As far as we can tell all non trivial software has errors which we call bugs. Some of these will even with the best intentions and current main stream software development methods give rise to security vulnerabilities. If such bugs are discovered and kept quite as "zero days" then they may be regarded as "backdoors".
Further above software defects in particular applications are protocols and standards. These are known to often have security weaknesses (Wifi's WEP for instance). The problem with protocol and standards bugs is that they effect many if not all implementations (as we are currently seeing with SSL).
The next problem is how do you know if a bug is accidental or deliberate?
The answer is you don't nor can you tell retrospectivly when the bug has been found (it's not science to argue backwards from effect to cause, just opinion).
We know from Stuxnet and friends that there are some very clever people out there who have found methods to break things such as hashes that are unknown in the accademic and public domain. So we don't know what is actually weak or strong outside of the scope of our limited knowledge. Such knowledge obviously provides an avenue of attack which might be refered to as a "backdoor" (esspecialy if it's been used to get a flaw into a primary standard).
That said however you don't need to be clever and have an otherwise unknown flaw to use, a fairly switched on developer with a little knowledge they can find on the Internet will realise there are many was of "accidently" causing bugs to your advantage if you wish to put in a back door capability.
For instance do you know how your memory allocator works in your favourit development language implementation?
If I create a buffer with a memory allocator and then use it to decrypt a key from a protected key ring what happens when I free the buffer?
What happens if I then create another buffer of the same size using the memory allocator?
Well in some cases you get the decrypted key back because it was never overwritten at any point and the memory allocator hands out the first chunk of memory it finds on it's free list that is large enough for the buffer, which in many cases just happens to be the most recently freed bit of memory...
As I know from experiance such tricks have sailed through code review processes and most other main stream development processes at full speed and nobody noticed. And likewise sailed all the way through software testing and eventually became what these days would be signed release code (it's why I have no faith in code signing as anything other than a way to mark release code as released).
And that's the problem, irrespective of if the bug is accidental or deliberate it can make it all the way through the development process un noticed.
It's worse with protocols and standards. Take AES for instance the actual algorithm is belived to be secure if implemented correctly. But thereby hangs a problem what do you mean by correctly?
One of the design criteria for the AES competition was "speed of implementation" which ment that the example code posted freely for use as part of the competiton rules was optimized for speed not security. And not unexpectedly was full of time based side channels leaking information about the key on modern processors with cache memory.
Now the NSA who were NIST's technical advisors must have been fully aware of the timing side channel issue, and the effect of making the speed optomised AES code freely available.
But did the "Never Say Anything" organisation advise NIST of this? No not that we are aware of. It was only later that a proof of concept attack against cache based systems showed how bad the problem is. And guess what there are many many AES implementations out there that are still full of time based covert channels leaking information to those who know how to grab it.
Which shows up two problems, firstly recognising there is in effect an unknown security flaw, and secondly getting rid of all the legacy code that contains the flaw.
Right now we are seeing this with SSL it's basicaly broken in one way or another and has been ever since day one. We are now aware of these weaknesses and as the attacks are new we have a little time to change our SSL implementations. The problem is that even though later versions of the SSL/TLS standards have methods that are currently believed to be secure so change should be easy, nearly everyone still uses the old insecure versions and probably won't change unless they are forced to in some way (and for various reasons that's not likely to happen).
So is it possible there is bugs/flaws in these products, the answer is a most definate "yes", could they be used as backdoors the answer is "probably" are we going to find out well... "only time will tell".
I believe anyone reading this blog can see the flaws here, but it definitely is a new twist on putting your money in your mattress:
The sad thing is, people will probably buy it.
@ Bruce Schneier and others
HackaDay put together a top 10 hacking failures in movies here.
One thing they link to is this clip from NCIS of two people using 1 keyboard to quickly fight off attackers.
It's way worse than they think. Sure two people and 1 keyboard. Here's a few more issues with it. Guaranteed intrusion detection. Every enemy access and operation is caught in real-time. Every access that's caught displays the entire target file or database on screen in a new window . Typical buzzword dialogue. They have the enemy's source code (not binary or assembler) in seconds and it's on screen.
The epic conclusion: the guy saves the *network and servers* by pulling the power on the *client* terminal. In reality, he would have stopped the analysts and attacker's would have extra bandwidth.
Tangent conclusion: they didn't use a UPS.
 "Our real-time, threat detection, analysis, and presentation software requires a workstation with these minimum specs: Intel Xeon 16-core 3GHz CPU's, 64GB RAM, 4TB 15,000RPM HD space, four 10Gigabit Ethernet Cards, and NVIDIA Tesla graphics. Second keyboard is optional." (NCIS supplier brochure)
OFF Topic :
As many people suspected the DHS fusion centers are spying on US citizens for un-american activities (such as protesting against the death penalty).
And the admission comes right from the mouth of a director in charge of a Fusion Center.
But to make it worse it appears that many Fusion centers are at best incompetent and fail to actually produce any let alone incorrect, misleading, or otherwise tainted or usless intelligence.
@ Nick P,
...requires a workstation with these minimum specs: Intel Xeon 16-core 3GHz CPU's, 64GB RAM, 4TB 15,000RPM HD space, four 10Gigabit Ethernet Cards, and NVIDIA Tesla graphics...
Hmm I was looking at a new smart phone that had much more uptodate specs than that.
The only problem was the 24wheeler to carry the battery and 18wheeler to cary the cryogenic cooling plant :-)
Is google really this invasive?
Re: Instawallet/Bitcoin-Central Security Breach
Today at 03:13:48 AM
My day job, I'm president of Yooter InterActive.
I've been working with search engines for a long time..
Let me tell you some tibits of what I have discovered over the years regarding Google.
1 - Their mission is to obtain information, and resell that in the form of advertising. Period.
2 - They used to collect it back the very late 1990's and early 2000's virtually all though spidering.
3 - Then out of no where they started spending money on stuff like gmail, google maps, google chrome, android, google voice, google chat, google x, y ,z etc...
4 - these products exist for the sole purpose of collecting information.. that spider collects only a fraction of their info now. every search you make is recorded, every url you visit is recorded if you use their product, every time you use google maps and your start location is residental and that happens more than 2 or 3 times they now know where you live.
5 - you send a link to your friend from gmail or to a gmail address, they now know that link exists, if your friend clicks on that link.. now google knows that url exists.. even if that site is banned in the robots.txt file
This goes on forever... in one huge massive ungodly database of tens of thousands of machines linked together that makes the complete hashing power of the bitcoin network look like a peanut.
If they wanted to find the urls of instawallet.. nothing on earth could stop them. That being stated, the fact that instawallet didn't ban Google from listing all urls in Webmaster tools (instead relying on just a robots.txt file) is their (instawallets) fault.
For the record, if 3000 people over the course of 2 years e-mail themselves (not anyone, but themselves) to their gmail account their instawallet address for safe keeping... google knows and most likely will list the results.
These people most likely leaked the info ... TO THEMSELVES!!! hence the problem!
The more I research, the more I believe that some of these instawallet urls (not all but a big number of them) were due to people mailing themselves their OWN URL using Gmail.
I wish I could get a million people to read this exact post... because I don't think people fully comprehend what they are dealing with when they mention the company google.
"A study shows urban vegetation correlates with reduced crime rates."
One of the hypothesis proposed is "that more vegetation promotes the use of public space, leading to more "social supervision" and surveillance. Social supervision, in essence, is the idea that people are more likely to establish beneficial relationships with positive, crime-deterring role models. Increased surveillance, meanwhile, does not imply the proliferation of CCTV."
@ Clive Robinson
"The only problem was the 24wheeler to carry the battery and 18wheeler to cary the cryogenic cooling plant :-)"
Lol. Those darned excessive energy requirements.
@ Nick P,
as you may have guessed I'm a bit of a fan of what was once "Big Iron U dumb terminals" through "thin clients" etc as a basic security measure and I suspect you likewise have a hankering for it as well.
As you are nodoubt aware BYOD is turning into a total security nightmare for many and as far as security is concerned has more holes than a glass bottom row boat that someone has tried to to shotgun the fish through.
Well one way is a new (not realy) take on terminal servers and thin clients now renamed as "Virtual Desktop Infrastructure" (VDI) and has been discussed at RSA.
The dark reading article highlights one area of concern which ist the Hypervisor / terminal server but does not mention the other issues that would worry me which is "Driver Shims" doing an "End Run" around the client end application security (which we have seen done on desktops with Banking Apps).
Human Breath Analysis May Support the Existence of Individual Metabolic Phenotypes
The metabolic phenotype varies widely due to external factors such as diet and gut microbiome composition, among others. Despite these temporal fluctuations, urine metabolite profiling studies have suggested that there are highly individual phenotypes that persist over extended periods of time. This hypothesis was tested by analyzing the exhaled breath of a group of subjects during nine days by mass spectrometry. Consistent with previous metabolomic studies based on urine, we conclude that individual signatures of breath composition exist. The confirmation of the existence of stable and specific breathprints may contribute to strengthen the inclusion of breath as a biofluid of choice in metabolomic studies. In addition, the fact that the method is rapid and totally non-invasive, yet individualized profiles can be tracked, makes it an appealing approach."
The story of Robert Lee Johnson, one of the most important Spy's of the KGB:
"The date was 22 February 1953. It was George Washington's Birthday, a holiday for all American troops stationed in Berlin. The drunken man being shuttled out of East Berlin in a Soviet car was Robert Lee Johnson, a 31-year-old sergeant in the United States Army. Most competent intelligence services would have considered the Army clerk useless, dismissing him as an embittered bureaucrat with a grossly inflated sense of self-worth. Nine years later he would, through a combination of luck and circumstance, become one of the most destructive spies the KGB had ever implanted into the US military."
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.