Tamper-Detection App for Android

Edward Snowden and Nathan Freitas have created an Android app that detects when it's being tampered with. The basic idea is to put the app on a second phone and put the app on or near something important, like your laptop. The app can then text you -- and also record audio and video -- when something happens around it: when it's moved, when the lighting changes, and so on. This gives you some protection against the "evil maid attack" against laptops.

Micah Lee has a good article about the app, including some caveats about its use and security.

Posted on January 3, 2018 at 6:17 AM • 41 Comments

Comments

RachelrJanuary 3, 2018 6:34 AM

I get that Snowden is a realist who is attempting to cater to the general public. Instead of all the time spent making this app, and the expense of someone buying a second phone: he could have tweeted ' Theres something called an Evil Maid attack. There is no defense against it' Thats easy enough to consume en masse I should think

RachelJanuary 3, 2018 6:36 AM

Just waiting for the #metoo campaign to leap upon the use of the word '..Maid'

RachelJanuary 3, 2018 6:41 AM

Sorry for all the posts.
Bruce writes '.. should give you some protection..'

Define 'some'? It doesn't provide any protection. It notifies you of an aberration. Now, granted there IS use in notification. But not to be confused with protection.

WaelJanuary 3, 2018 7:24 AM

Hmmm

put the app on or near something important

How do you put the app near something? Perhaps I need a bigger cup of coffee!

FrancJanuary 3, 2018 7:29 AM

But is does offer some protection. If the tamper alert goes off then you can take action before you proceed to step 2 of the maid attack so you can prevent leaking your encryption key or intercept the sending of the key or catch the maid when they come back to get the key.

"Step 2: You boot your computer using the attacker's hacked bootloader, entering your encryption key. Once the disk is unlocked, the hacked bootloader does its mischief. It might install malware to capture the key and send it over the Internet somewhere, or store it in some location on the disk to be retrieved later, or whatever."

https://www.schneier.com/blog/archives/2009/10/evil_maid_attac.html

ClipperJanuary 3, 2018 7:59 AM

I wonder if we are wrong about the evil maid attack and various attackers don't need it at all. Have you seen the news about the massive intel bug? It looks like it can be an intel meltdown.

If this bug is so serious and has gone undetected for a decade affecting all core i cpus, then serious attackers don't need to hire an evil maid, unless she is a stunning redhead needed for a plot twist.

RachelJanuary 3, 2018 8:11 AM

the premise appears to be one is targeted via the hotel staff or one with the skills to enter your room and safe.

how does one locate the phone, & unobserved , to film safe

hotel wifi will not stay connected indefinitely, even with a good connection

sigh. it would be nice to try and be positive. theres just too many caveats. it is such a special-use situation.Android!! i'd like better examples of how it could be really effective and reliably so.
Wael has a really big coffee cup. That helps, too

AliceJanuary 3, 2018 9:09 AM

@Rachel

>hotel wifi will not stay connected indefinitely, even with a good connection

If you need this app, then paying for mobile internet won't be a problem.

In addition to reporting sensor changes, I would expect it to send periodic "All good" messages for cases when the phone is covered with shielding packaging before it gets a chance to send an alert, for example.

WaelJanuary 3, 2018 9:24 AM

Somehow I'm not impressed. If I were to design such a device, it wouldn't be an app on a smart phone; it would be a raspberry pi or something. Several camera systems already provide this functionality (I had one installed one at home, after it was burgelarized.)

The app could be used by an adversary as a spy sensor too (encrypted real-time signal or not.) Too many entities have control of the smart phone: MNO, OS provider, Manufacturer, and spyware/malware.

GeorgeJanuary 3, 2018 9:35 AM

A battery attached to an old Android device, perhaps putting the device into 'kiosk' mode so that it only and automatically runs this app...

echoJanuary 3, 2018 10:51 AM

I don't know if it is my imagination or not but I remember a simple alarm with movement detectors used to be sold? This device is more sophisticated and allows you to leverage or repurpose hardware so has a broader use case and is cheap and accessible. How useful this is as a product versus marketing is a topic of discussion not to mention a 'safe' remote sensor for third parties others have rightly noted.

Recently I bought a used business laptop of a classic model I have always wanted only to discover this week the Intel CPU has a huge backdoor currently being patched. This is on top of, earlier, the firmware and Intel management engine being patched and who knows how many end runs around TPM.

One concludes in spite of best efforts this device could simply serve as a remote monitor to check that a computer riddled with compromises hasn't been tampered with by the other sides compromises...

RachelJanuary 3, 2018 11:01 AM

Agent 1: You say the journalist is checking into a hotel?
Agent : 2: Yep. And he's just bought a second phone. Android.
Agent 1: Well, we need. Hm. We need that laptop. He drinks yeah? Hang on let me finish this doughnut.
Agent 2 : Laptop. Hey. Dude. Lets root both his phones and, and - activate the camera and mic so we can see where he hides the laptop. Maybe gyro and other sensors too. Keep tabs if he gets tricky. Bluetooth to nail his room number. Two phones two signals! Thats two sides of a triangle
Agent 1: (chewing) Watch him prepare his stash before he goes to get all commie pissed
Agent 2: exacto.
Agent 1: Dude!

Mr. PalmerJanuary 3, 2018 11:57 AM

I think it's cool. No, it doesn't "prevent" anything but I'd want to know if something was tampered with. And most people have an old phone laying around so it's FREE. and might use the same charging cable as your current phone so you wouldn't need to carry an extra/second one. Don't like it? don't use it. Not good enough? come up with something better for everyone.

hmmJanuary 3, 2018 2:52 PM

"come up with something better for everyone."

How about a fake OS runtime app that mimics a vulnerable windows laptop, and without the correct password simply logs everything done to it including audio/video?

If the maid is the threat why not turn your box into a sandbox/honeypot and let them fool around?

Wouldn't you want to know what they were actually UP TO?

Clive RobinsonJanuary 3, 2018 4:32 PM

@ Rachel,

Wael has a really big coffee cup

Yup rumour has it that there are taps at one end, and that you could float away on the surface...

But... the trouble with a realy big cup is that unless you fill it the coffee goes cold real quick and if you do fill it when you drink that much coffee it's not just your eyes that will cross ;-)

Clive RobinsonJanuary 3, 2018 4:46 PM

@ Wael,

If I were to design such a device, it wouldn't be an app on a smart phone; it would be a raspberry pi or something.

Sounds nice till you start thinking about traveling with it, especially across a customs boarder...

A mobile phone and charger is not suspicious, heck even two are not these days.

But a Raspberry Pi, cables, power supply, CCTV cameras and their cables and possibly power supplies as well is going to get a large question mark by even a quite sleepy good natured boarder guard.

WaelJanuary 3, 2018 5:21 PM

@Clive Robinson,

Sounds nice till you start thinking about traveling with it, especially across a customs boarder...

It won't be a prototype. I'd gut an old phone and stuff it with a Raspberry Pi Zero. Also, on travel, leaving the phone and the laptop in a hotel room is a bad idea to start with. You know there are lots of foreign evil maids :)

MarkJanuary 3, 2018 7:15 PM

I get the use case for such an app.

However, for most of us, an evil maid attack isn't part of our threat model. I'm not worried about the government -- or anyone else -- breaking into my apartment/hotel/mum's place when I'm home over Christmas.

I wish he'd spent his time on something targeted at the average user.

oh snapJanuary 3, 2018 7:29 PM

" I'm not worried about the government -- or anyone else -- breaking in "

That's not the "single case" in which this type of thing would be handy or useful.
You're misreading that and perhaps you need to update your threat model also.

It specifically was said to be developed for people interested in anti-tampering for that purpose.
If you're not concerned about that, certainly you can feel free to develop your own products...
But why are you giving an uninterested non-critique of this one, then?

"I wish he'd spent his time on something targeted at the average user."

Snowden owes you something? As opposed to lamenting how other people spend their time?
Your approval is not required, average users of the world. He'll live.

"I wish Snowden would make my abs rock hard and mow my lawn."

Yeah he's not a genie, go back to bed and find something wrong with it.

Mike BarnoJanuary 3, 2018 11:11 PM

@ oh snap, Mark,

Yeah he's not a genie, go back to bed and find something wrong with it.

"The first bed, Papa Bear's bed, was Too Hard. The second bed, Mama Bear's bed, was Too Soft. The third bed, Baby Bear's bed, was Just Right."

echoJanuary 3, 2018 11:45 PM

Petty theft and domestic abuse are both within the premises and psychological abuse issues. Workplace bullying may be another scenario.

I believe this app is both a useful driver of discussion and also easy and acessible and cheap. I am sure this app will be useful during formal investigations and later court cases.

For all is theoretcial flaws and irrelevance to many people it is a useful tool and now exists whereas before it didn't.

echoJanuary 4, 2018 12:01 AM

@wael

I believe a modified smartphone may be useful in workplace bullying and similar situations. Cameras are very modular and extracting the tiny camera and hiding it behind a badge or broach via a cable to the smartphone and the smartphone becomes a high resolution recording device capable of continuous surveillance.

In the UK within the Data Protection Act the legal situation is a citizen may use a covert recording device (the state and business may not without a warrant or consent). Material may also be collected as long as it is not published or made available to third parties with fairly strict public interest and court exceptions. There are additional legal caveats. One not mentioned in the link is that manufactured situations or coercion for the purposes of catching someone out on camera will weigh very heavily against the case.

https://www.stephens-scown.co.uk/employment/employment-law-can-my-employee-record-our-conversations/

WaelJanuary 4, 2018 12:47 AM

@echo,

I believe a modified smartphone may be useful in workplace bullying and similar situations.

Yes, it can be and there're already apps available that do that sort of thing maybe over BT and WiFi transports. Haven't seen any that use cellular data (not that I searched for them. It's not the kind of thing I look for.)

In the UK within the Data Protection Act the legal situation is a citizen may use a covert recording device...

I'm no law expert but it's different in the US. In fact these laws vary from state to state, I believe.

Clive RobinsonJanuary 4, 2018 1:32 AM

@ oh snap,

"I wish Snowden would make my abs rock hard and mow my lawn."

Those are your words not Mark's so why present them as though they were Mark's?

There is a term for that kind of argument, and in general the use of such an argument is considered not just poor form, but also indicative of a failed case.

But further Mark clearly stating a "wish" rather than a criticism or direction is a valid and fair comment.

After all would you ridicule some one who says,

    I wish armed cops spent their time on something targeted at not killing the average innocent person.

Clive RobinsonJanuary 4, 2018 2:38 AM

@ Wael,

Also, on travel, leaving the phone and the laptop in a hotel room is a bad idea to start with. You know there are lots of foreign evil maids :)

I shall as is becoming a tradition answer your two points in reverse order ;-)

As you are aware I used to design electronic locks for amongst others the "Hospitality Industry". The company I worked for had installed an earlier design in a large Hotel in Communist China. It was reserved specifically for foreign business travlers, and had a large excess of "floor staff". You would have to be fairly dim not to realise that it was not just the maids that were evil. After all how many bell hops do you know that were obviously not just well practiced in the likes of defencive and offensive martial arts but also in bypassing hotel door security with nothing more than their hands and normal pocket items? One had a nice trick, to save battery life electronic door locks generaly do not pull back the latch. What they do is pull a cog into a gear train/chain so the user turning the door handle drives the now compleated gear train to pull back the latch.

The older design of lock had a design flaw, to save space and manufacturing costs the pivit point for the movable cog was around the shaft that the door handle used... This "agent of the Chinese Government" had worked out a way of putting both hands around the round door handle and spinning it rapidly back and forth caused Newton's laws of motion to overcome the small amount of friction thus pull in the cog and pull back the latch. The bit that made me realy smile was that he had not told his superiors or other agents in the Hotel for the good old capitalist reason of "keeping an edge via a secret in an otherwise transparent market"...

Which brings me to your first point about leaving a phone/laptop or for that matter any secret keeping or valuable device in a hotel room. Sometimes you have little choice in the matter because you may have to go to a place where it would be more dangerous to take them. For instance business in foreign places often involves a degree of social intercourse such as going out for the evening with the client to a restaurant / bar / club, where carrying a laptop would be unwise to put it mildly.

But... There is more than one type of value involved. There is the value a petty thief would ascribe to any identical phone/laptop and then there is an entirely different value that is based not on the devices but the information on them.

Currently most people do not know how to make the second value worthless to anyone other than them. Yes they may be aware of FDE and use it but they probably do not know,how to deal with the cold boot aspects of evil maid attacks that can install key loggers etc.

As I've pointed out in the past it's a question of "Where End Points are". The evil maid attack is in essense an end run attack around the security end point. Thus if you design the system such that the security end point is "off the device" then the evil maid attack fails.

The trick is how to do this... The NSA has a partial solution in their In-line Media Encryptors or IME's. These sit between the mass storage decice and the processing device and use a seperate "krypto ignition keys" that securely holds the KeyMat information for the FDE mass storage device. But more importantly some KIKs actually do the crypto inside of them in a tamper proof way. Which leaves the problem of doing the same for the Human Computer Interface for the User Interface. This is still regarded as an "open problem" but I can see ways of doing it ...

Thus the issue of the evil maid attack can be mitigated.

oh snapJanuary 4, 2018 4:03 AM

"There is a term for that kind of argument, and in general the use of such an argument is considered not just poor form, but also indicative of a failed case."

It was an exaggeration to prove a point by absurdum. I don't rely on it to make my point.

"After all would you ridicule some one who says,
I wish armed cops spent their time on something targeted at not killing the average innocent person."

Absolutely not but that's not a wish of scale is it? Snowden is just a man. NOT a genie!

The absurdism if of the expectation that he would have time, LIVING IN EXILE AFTER SACRIFICING HIMSELF FOR THE COMMON KNOWLEDGE OF UBIQUITOUS SURVEILLANCE WITH PROOF OF IT, to make something for "common users" to secure their spyware-in-binary-form Windows install.

Now I use a little rib-shot ridicule to emphasize a point, but I don't mean it to hurt anyone.
Genies aren't real, wishing never accomplished much, and Snowden is a man against all odds
MAKING SOFTWARE to try to help people.

And still the kvetching about what he didn't do? I wish Ghandi solved world hunger.
I wish Kennedy ducked and went on to break the CIA into a million pieces, etc.

Tight abs and a mowed lawn isn't that much to ask for, is it Snowden?

WaelJanuary 4, 2018 5:07 AM

@Clive Robinson,

As you are aware I used to design electronic locks for amongst others the "Hospitality Industry".

Yes! It rings a bell: you designed locks for "Hospitality Industries" located in otherwise inhospitable environments.

involves a degree of social intercourse such as going out for the evening with the client...

I understand! Who'd want to take along a phone and a laptop to an orgy, especially if the evil maid attends the "social intercourse" event!

This is still regarded as an "open problem" but I can see ways of doing it ...

As I can see too. All you need is a physical token such as a smart card with a PIN that decrypts an encryption key which decrypts the drive. A more sophisticated version would use several keys for different files or directories on top of FDE. This way an extracted passphrase via an installed key-logger wouldn't be helpful without the smart card or (pardon me) a dongle.[1]

[1] Don't read Urban Dictionary's definitions of the word.

RachelJanuary 4, 2018 6:27 AM

Wael

your social intercourse reminds me of an article on Naked Capitalism a couple of days ago about the drug fueled 'cuddle puddle' exploitation parties regularly maintained by many Silicon Valley CEO's and executives. discrete but common knowledge. its a spiritual , 'disruptive' thing for them. maybe they need Haven? Maybe they need the app you are about to design for them? You could use a Rasp CuddlePi .

Clive RobinsonJanuary 4, 2018 6:32 AM

@ Wael,

All you need is a physical token such as a smart card with a PIN that decrypts an encryption key which decrypts the drive.

Whilst that might solve the "data at rest" issue (which is all an IME is claimed to do) it still leaves the problem of the Human Computer Interface (HCI) and end run attacks around the screen and keyboard by "shims" in the driver level of the computing stack.

An evil maid could in theory do what Lenovo did to their consumer customers. Which is use those driver installation prorocols that have been there since day 1 of the PC to pull the shims in off of the BIOS or equivalent ROM and install them under the OS in a way where it can not be seen by the user or AV software etc.

Thus they don't need the encryption key or your log on password. As long as you log on they have access through the shims and the RAT they chose to control them with...

It's fully solving that problem which is why the Evil Maid attack is still considered open.

Yes I can see ways to start in on it but it all boils down to how far you let the maid get to work on your stuff...

Clive RobinsonJanuary 4, 2018 7:03 AM

@ Rachel,

reminds me of an article on Naked Capitalism a couple of days ago about the drug fueled 'cuddle puddle' exploitation parties regularly maintained by many Silicon Valley CEO's and executives.

Yes they were not a nice read.

I came away thinking "Great the freemarket at it's finest" in heavy sarcasm.

The point is what these "exploitation parties" show is that where there is wealth a market will arise to fill wealths needs. Ultimately it matters not who exploits who or how, morals and ethics have no place where such markets arise, and they always do...

A sad indictment of the "free market" ethos/myth that many chose to believe is the ultimate good...

Back when Adam Smith was sitting in Kirkcaldy scratching away with his quill, there was little or no regulation thus the price is based on "supply and demand" made sense in it's own right. However regulation both drives fulfilment down and price up irrespective of demand. Thus only the wealthy can aford certain regulated "goods or services" in effect they become luxury goods, thus "quality" makes it's way into the equation which even further reduces the supply side...

Mad as it might seem we know that some people will under the right circumstances alow you to cut parts off of them then eat them, which can only lead to the service providers death... Likewise it is a consequence of a "free market"...

JG4January 4, 2018 8:14 AM


@Clive - I particularly liked your recent comments on The Naked Ape. You didn't explicitly connect it to your comment on markets today, but there is a deep (no pun intended) connection. The Naked Apes are just cogs in the entropy maximization engine known as reality. Since you and Rachel opened the door to comments on markets, I'll jam it open with another link from today's compendium - below with my comments on it. Markets are just another engine of entropy maximization. We could hope that they have governors, but time will find a point of failure.

Can't recall where I spotted this, but NC would be a good guess. It may have been in the comments here, but my memory problems don't permit me to recall:

http://bigthink.com/robby-berman/new-tech-can-accurately-read-the-emotions-you-may-be-hiding

I've probably said before that it would be clever to have a voice stress analyzer and mannerism recognition engine running any time you are watching politicians like Clapper lying on TV. The tells no doubt are useful in front-running the lies. This goes a bit further to interpersonal radar. You may recall that I posted a link to a radar motion detector for $7 and change. We can look forward to greater capabilities, wider application and lower prices.

I had started to suspect in the early 1990's that the fractional reserve banking system is intrinsically unstable (walking a knife edge between inflation and deflation), but the deeper truth probably is that all human arrangements are intrinsically unstable. Certainly they are transient, which I didn't fully appreciate in the 1990's when I began the libertarian wet dream. When you are looking at a tranquil tropical beach and blue ocean, you'd never guess that it's on a blob of melted rock circling a nuclear fireball. The lead-up to the section that I excerpted here is well worth the few minutes.

Anthropic Capitalism And The New Gimmick Economy
https://www.edge.org/response-detail/26756
...
Assuming that a suite of such anthropic arguments can be made
rigorous, what will this mean? In the first place, we should expect
that because there is as yet no known alternative to market
capitalism, central banks and government agencies publishing official
statistics will be under increased pressure to keep up the illusion
that market capitalism is recovering by manipulating whatever dials
can be turned by law or fiat, giving birth to an interim “gimmick
economy”.

If you look at your news feed, you will notice that the economic news
already no longer makes much sense in traditional terms. We have
strong growth without wage increases. Using Orwellian terms like
“Quantitative Easing” or “Troubled Asset Relief”, central banks print
money and transfer wealth to avoid the market’s verdict. Advertising
and privacy transfer (rather than user fees) have become the business
model of last resort for the Internet corporate giants. Highly trained
doctors squeezed between expert systems and no-frills providers are
moving from secure professionals towards service sector-workers.

Capitalism and Communism which briefly resembled victor and
vanquished, increasingly look more like Thelma and Louise; a tragic
couple sent over the edge by forces beyond their control. What comes
next is anyone’s guess and the world hangs in the balance.

albertJanuary 4, 2018 1:27 PM

@JG4,
Just like 'fake news', we have 'fake economics'. It's primary function is to extract as much wealth from the system as possible, primarily by converting fiat currency into hard assets. There are no absolute limits to the greed of those who control the system. None. They mortgage their own children and grandchildren against the next quarters profits, and to hell with everything else. They never had any morals, and abandoned even 'show' ethics decades ago.

Free market capitalism isn't intrinsically bad; it happens to be not-free, not-market, and not capitalism:)

The problems with the economic system are the same as the problems with cyber security. They can be overcome only by strict regulation and draconian enforcement.

My crystal ball tells me that's not going to happen.
. .. . .. --- ....

hmmJanuary 4, 2018 7:37 PM

"Free market capitalism isn't intrinsically bad; it happens to be not-free, not-market, and not capitalism"

Bingo.

Clive RobinsonJanuary 5, 2018 11:01 AM

@ Albert, JG4, hmm,

The problems with the economic system are the same as the problems with cyber security. They can be overcome only by strict regulation and draconian enforcement.

And thereby is the problem. What the greedy do is not a crime or illegal, Why? Because they have the spare resources to buy off such legislation. Thus we the increasingly impoverished citizen get the touch your toes treatment yet again. You only have to look at that Republican tax legislation to see the greedy grubby hands off the greedy and politicos scrabling for what they can get...

The first step to solving tgis is to take the money and status and other values of exchange out of politics. Oddly for what claims it is the greatest democracy on earth and ab example to all, "One Man One Vote" is still considered a dirty dirt expression in the US...

Just the way it goes I guess, but you can see a fair way of doing things which unfortunatly the politicos will never alow...

hmmJanuary 5, 2018 11:45 AM

"One Man One Vote" is still considered a dirty dirt expression in the US..."

-Anyone who doesn't believe in this tenet of representation is NOT AN AMERICAN, by definition.

Our Constitution is upheld by those who defend every bit - picking and choosing is not an option.

The balance between oppression by over-governance or under-governance will always be a struggle.
Picking either extreme makes but an extremist, and the people are not served by that.

We need to decide if we're a representative government or just a toady hall for corporations.

That decision is being bought as we speak by casual traitors. We need to be upset about that.

The problem is we're getting used to it.

JonKnowsNothingJanuary 6, 2018 9:06 AM

For those not able to envision how this would be helpful because they are focused on "the maid" part of the issue. Here are a few other Use Cases:

  1. Every teenager who has parents snooping in their bedrooms, personal items, diaries and phones
    So, it would be handy if you could spot your parents riffling through your drawers looking for signs of Adult Behavior without Parental Permission.
  2. Every spouse who has stalking partners looking through their personal items, phones, schedules
    It would be handy if you have that nagging feeling that your spouse is playing a bigger field greater than one. Of course it won't protect you from falling asleep leaving your fingers unprotected allowing the suspicious spouse to open your phone by pressing your sleep-dead finger on it. ( I wonder if the Feds need a warrant to open your phone this way? Probably not as biometrics don't require a warrant.)
  3. Every parent who has items subject to mis-use.
    It would be handy for all those folks with guns in their homes (loaded or not) who think their 3 year olds don't know where the gun and the ammo are or how to load and shoot the thing. It could also be used to monitor that "stash of X", the liquor cabinet, or the medicine cabinet.
  4. Every person who has friends or family that "make unauthorized removals".
    Perfect for those pesky times when friends/relatives come to visit, the kind of visits where things are found to be "missing" after they leave.
  5. Every person with sensitive information at work or in other public locales.
    Also good for when you bring stuff home from work or bring home stuff to work. Lets you know if anyone is a nosy parker.

DilbertJanuary 9, 2018 9:41 AM

There are already numerous "security cam" apps for use on tablets, cell phones, etc. What he's doing isn't even new. I've had one on an old tablet for a couple years now acting as a simple and cheap "pet cam".

JonKnowsNothingJanuary 9, 2018 10:40 AM

@Dilbert

There are already numerous "security cam" apps for use on tablets, cell phones, etc. What he's doing isn't even new. I've had one on an old tablet for a couple years now acting as a simple and cheap "pet cam".

I don't think the point of it is that it is "new".

The point is that is uses a personally controlled recycled smartphone to provide a moveable security monitor that doesn't look like one.

While the application of turning on mics, video and tracking on all sorts of equipment is de rigueur now by nearly everyone+dog except the individual targeted, this allows an ordinary bloke to watch the watchers watching.

It may be limited but pretty much people know to look for CCTV cameras but they don't look at smartphones or the New IdiOT Devices the same way.

It doesn't stop you from doing your own "pet cam". Hopefully you aren't using like this:

ht tps://en.wikipedia.org/wiki/Suicide_of_Tyler_Clementi
(url fractured to prevent autorun)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.