Essays: 2007 Archives
Why "Anonymous" Data Sometimes Isn't
Last year, Netflix published 10 million movie rankings by 500,000 customers, as part of a challenge for people to come up with better recommendation systems than the one the company was using. The data was anonymized by removing personal details and replacing names with random numbers, to protect the privacy of the recommenders.
Arvind Narayanan and Vitaly Shmatikov, researchers at the University of Texas at Austin, de-anonymized some of the Netflix data by comparing rankings and timestamps with public information in the Internet Movie Database…
Caution: Turbulence Ahead
Bruce Schneier and Marcus Ranum look at the security landscape of the next 10 years.
Bruce Schneier
Predictions are easy and difficult. Roy Amara of the Institute for the Future once said: “We tend to overestimate the effect of a technology in the short run and underestimate the effect in the long run.”
Moore’s Law is easy: In 10 years, computers will be 100 times more powerful. My desktop will fit into my cell phone, we’ll have gigabit wireless connectivity everywhere, and personal networks will connect our computing devices and the remote services we subscribe to. Other aspects of the future are much more difficult to predict. I don’t think anyone can predict what the emergent properties of 100x computing power will bring: new uses for computing, new paradigms of com- munication. A 100x world will be different, in ways that will be surprising…
How Does Bruce Schneier Protect His Laptop Data? With His Fists—and PGP
Computer security is hard. Software, computer and network security are all ongoing battles between attacker and defender. And in many cases the attacker has an inherent advantage: He only has to find one network flaw, while the defender has to find and fix every flaw.
Cryptography is an exception. As long as you don’t write your own algorithm, secure encryption is easy. And the defender has an inherent mathematical advantage: Longer keys increase the amount of work the defender has to do linearly, while geometrically increasing the amount of work the attacker has to do…
Did NSA Put a Secret Backdoor in New Encryption Standard?
Random numbers are critical for cryptography: for encryption keys, random authentication challenges, initialization vectors, nonces, key-agreement schemes, generating prime numbers and so on. Break the random-number generator, and most of the time you break the entire security system. Which is why you should worry about a new random-number standard that includes an algorithm that is slow, badly designed and just might contain a backdoor for the National Security Agency.
Generating random numbers isn’t easy, and researchers have discovered lots of …
Cyberwar: Myth or Reality?
This essay appeared as the second half of a point/counterpoint with Marcus Ranum. Marcus’s half is here.
The biggest problems in discussing cyberwar are the definitions. The things most often described as cyberwar are really cyberterrorism, and the things most often described as cyberterrorism are more like cybercrime, cybervandalism or cyberhooliganism—or maybe cyberespionage.
At first glance there’s nothing new about these terms except the “cyber” prefix. War, terrorism, crime and vandalism are old concepts. What’s new is the domain; it’s the same old stuff occurring in a new arena. But because cyberspace is different, there are differences worth considering…
The Death of the Security Industry
The hardest thing about working in IT security is convincing users to buy our technologies. An enormous amount of energy has been focused on this problem—risk analyses, ROI models, audits—yet critical technologies still remain uninstalled and important networks remain insecure. I’m constantly asked how to solve this by frustrated security vendors and—sadly—I have no good answer. But I know the problem is temporary: in the long run, the information security industry as we know it will disappear.
The entire IT security industry is an accident: an artifact of how the computer industry developed. Computers are hard to use, and you need an IT department staffed with experts to make it work. Contrast this with other mature high-tech products such as those for power and lighting, heating and air conditioning, automobiles and airplanes. No company has an automotive-technology department, filled with car geeks to install the latest engine mods and help users recover from the inevitable crashes…
How We Won the War on Thai Chili Sauce
We’ve opened up a new front on the war on terror. It’s an attack on the unique, the unorthodox, the unexpected. It’s a war on different. If you act different, you might find yourself investigated, questioned and even arrested—even if you did nothing wrong, and had no intention of doing anything wrong.
The problem is a combination of citizen informants and a CYA attitude among police that results in a knee-jerk escalation of reported threats.
This isn’t the way counterterrorism is supposed to work, but it’s happening everywhere. It’s a result of our relentless campaign to convince ordinary citizens that they’re the front line of terrorism defense. “If you see something, say something,” is how the …
Economics, Not Apathy, Exposes Chemical Plants To Danger
It’s not true that no one worries about terrorists attacking chemical plants, it’s just that our politics seem to leave us unable to deal with the threat.
Toxins such as ammonia, chlorine, propane and flammable mixtures are constantly being produced or stored in the United States as a result of legitimate industrial processes. Chlorine gas is particularly toxic; in addition to bombing a plant, someone could hijack a chlorine truck or blow up a railcar. Phosgene is even more dangerous. According to the Environmental Protection Agency, there are…
Paying the Cost of Insecure Software
Having a liability clause is one good way to make sure that software vendors fix the security glitches in their products.
Information insecurity is costing us billions. We pay for it—year after year—when we buy security products and services. But all the money we spend isn’t fixing the problem, which is insecure software. Typically, such software is badly designed and inadequately tested, comprising poorly implemented features and security vulnerabilities.
Rather than paying to improve the security of the underlying software by fixing the bug permanently, we pay to deal with the problem on an ad-hoc basis. Vendors are the only ones who can fix this problem for good. however, they will not do so unless it works out to their best financial interests…
Gathering "Storm" Superworm Poses Grave Threat to PC Nets
The Storm worm first appeared at the beginning of the year, hiding in e-mail attachments with the subject line: “230 dead as storm batters Europe.” Those who opened the attachment became infected, their computers joining an ever-growing botnet.
Although it’s most commonly called a worm, Storm is really more: a worm, a Trojan horse and a bot all rolled into one. It’s also the most successful example we have of a new breed of worm, and I’ve seen estimates that between 1 million and 50 million computers have been infected worldwide…
Lesson From Tor Hack: Anonymity and Privacy Aren't the Same
As the name implies, Alcoholics Anonymous meetings are anonymous. You don’t have to sign anything, show ID or even reveal your real name. But the meetings are not private. Anyone is free to attend. And anyone is free to recognize you: by your face, by your voice, by the stories you tell. Anonymity is not the same as privacy.
That’s obvious and uninteresting, but many of us seem to forget it when we’re on a computer. We think “it’s secure,” and forget that secure can mean many different things.
Tor is a free tool that allows people to use the internet anonymously. Basically, by joining Tor you join a network of computers around the world that pass internet traffic randomly amongst each other before sending it out to wherever it is going. Imagine a tight huddle of people passing letters around. Once in a while a letter leaves the huddle, sent off to some destination. If you can’t see what’s going on inside the huddle, you can’t tell who sent what letter based on watching letters leave the huddle…
NBA Ref Scandal Warns of Single Points of Failure
Sports referees are supposed to be fair and impartial. They’re not supposed to favor one team over another. And they’re most certainly not supposed to have a financial interest in the outcome of a game.
Tim Donaghy, referee for the National Basketball Association, has been accused of both betting on basketball games and fixing games for the mob. He has confessed to far less—gambling in general, and selling inside information on players, referees and coaches to a big-time professional gambler named James “Sheep” Battista. But the investigation continues, and the whole scandal is an enormous black eye for the sport. Fans like to think that the game is fair and that the winning team really is the winning team…
Home Users: A Public Health Problem?
To the average home user, security is an intractable problem. Microsoft has made great strides improving the security of their operating system “out of the box,” but there are still a dizzying array of rules, options, and choices that users have to make. How should they configure their anti-virus program? What sort of backup regime should they employ? What are the best settings for their wireless network? And so on and so on and so on.
How is it possible that we in the computer industry have created such a shoddy product? How have we foisted on people a product that is so difficult to use securely, that requires so many add-on products?…
Time to Close Gaps in Emergency Communications
I live in Minneapolis, so the collapse of the Interstate 35W bridge over the Mississippi River earlier this month hit close to home, and was covered in both my local and national news.
Much of the initial coverage consisted of human interest stories, centered on the victims of the disaster and the incredible bravery shown by first responders: the policemen, firefighters, EMTs, divers, National Guard soldiers and even ordinary people, who all risked their lives to save others. (Just two weeks later, three rescue workers died in their almost-certainly futile attempt to save six miners in Utah.)…
E-Voting Certification Gets Security Completely Backward
Over the past several months, the state of California conducted the most comprehensive security review yet of electronic voting machines. People who I consider to be security experts analyzed machines from three different manufacturers, performing both a red-team attack analysis and a detailed source-code review. Serious flaws were discovered in all machines, and as a result the machines were all decertified for use in California elections.
The reports are worth reading, as is much of the blog commentary on the topic. The reviewers were given an …
Disaster Planning Is Critical, but Pick a Reasonable Disaster
If an avian flu pandemic broke out tomorrow, would your company be ready for it?
Computerworld published a series of articles on that question last year, prompted by a presentation analyst firm Gartner gave at a conference last November. Among Gartner’s recommendations: “Store 42 gallons of water per data center employee—enough for a six-week quarantine—and don’t forget about food, medical care, cooking facilities, sanitation and electricity.”
And Gartner’s conclusion, over half a year later: Pretty much no organizations are ready.
This doesn’t surprise me at all. It’s not that organizations don’t spend enough effort on disaster planning, although that’s true; it’s that this really isn’t the sort of disaster worth planning for…
The Evolutionary Brain Glitch That Makes Terrorism Fail
Two people are sitting in a room together: an experimenter and a subject. The experimenter gets up and closes the door, and the room becomes quieter. The subject is likely to believe that the experimenter’s purpose in closing the door was to make the room quieter.
This is an example of correspondent inference theory. People tend to infer the motives—and also the disposition—of someone who performs an action based on the effects of his actions, and not on external or situational factors. If you see someone violently hitting someone else, you assume it’s because he wanted to—and is a violent person—and not because he’s play-acting. If you read about someone getting into a car accident, you assume it’s because he’s a bad driver and not because he was simply unlucky. And—more importantly for this column—if you read about a terrorist, you assume that terrorism is his ultimate goal…
Strong Laws, Smart Tech Can Stop Abusive 'Data Reuse'
We learned the news in March: Contrary to decades of denials, the U.S. Census Bureau used individual records to round up Japanese-Americans during World War II.
The Census Bureau normally is prohibited by law from revealing data that could be linked to specific individuals; the law exists to encourage people to answer census questions accurately and without fear. And while the Second War Powers Act of 1942 temporarily suspended that protection in order to locate Japanese-Americans, the Census Bureau had maintained that it only provided general information about neighborhoods…
Portrait of the Modern Terrorist as an Idiot
The recently publicized terrorist plot to blow up John F. Kennedy International Airport, like so many of the terrorist plots over the past few years, is a study in alarmism and incompetence: on the part of the terrorists, our government and the press.
Terrorism is a real threat, and one that needs to be addressed by appropriate means. But allowing ourselves to be terrorized by wannabe terrorists and unrealistic plots—and worse, allowing our essential freedoms to be lost by using them as an excuse—is wrong.
The alleged plan, to blow up JFK’s fuel tanks and a small segment of the 40-mile petroleum pipeline that supplies the airport, …
Don't Look a Leopard in the Eye, and Other Security Advice
If you encounter an aggressive lion, stare him down. But not a leopard; avoid his gaze at all costs. In both cases, back away slowly; don’t run. If you stumble on a pack of hyenas, run and climb a tree; hyenas can’t climb trees. But don’t do that if you’re being chased by an elephant; he’ll just knock the tree down. Stand still until he forgets about you.
I spent the last few days on safari in a South African game park, and this was just some of the security advice we were all given. What’s interesting about this advice is how well-defined it is. The defenses might not be terribly effective—you still might get eaten, gored or trampled—but they’re your best hope. Doing something else isn’t advised, because animals do the same things over and over again. These are security countermeasures against specific tactics…
Virginia Tech Lesson: Rare Risks Breed Irrational Responses
Everyone had a reaction to the horrific events of the Virginia Tech shootings. Some of those reactions were rational. Others were not.
A high school student was suspended for customizing a first-person shooter game with a map of his school. A contractor was fired from his government job for talking about a gun, and then visited by the FBI when he created a comic about the incident. A dean at Yale banned realistic stage weapons from the university theaters—a policy that was reversed within a day. And some teachers terrorized…
Testimony before the Senate Judiciary Committee
Testimony of Bruce Schneier
Security technologist, author, founder and CTO of BT Counterpane
“Will REAL ID Actually Make Us Safer?
An Examination of Privacy and Civil Liberties Concerns”
Senate Judiciary Committee
Room 226, Dirksen Senate Office Building
Tuesday, May 8, 2007
STATEMENT
I appreciate the opportunity to appear before the Committee today to discuss privacy issues. My name is Bruce Schneier. I am a security technologist, author, and CTO of BT Counterpane. The expertise I bring to this committee is less in the privacy and civil liberties realms, and more in the security realm. As such, I will focus my comments on the insecurities of the REAL ID system, the ineffectiveness of identity-based security systems, and the need to find smart and effective solutions to new security challenges. I’d like to emphasize at the start that this is an enormously interesting, important, and subtle topic, and I appreciate the decision of the Committee to hold these hearings…
Do We Really Need a Security Industry?
Last week I attended the Infosecurity Europe conference in London. Like at the RSA Conference in February, the show floor was chockablock full of network, computer and information security companies. As I often do, I mused about what it means for the IT industry that there are thousands of dedicated security products on the market: some good, more lousy, many difficult even to describe. Why aren’t IT products and services naturally secure, and what would it mean for the industry if they were?
I mentioned this in an interview with Silicon.com, and the published article …
Nonsecurity Considerations in Security Decisions
View or Download in PDF Format
Security decisions are generally made for nonsecurity reasons. For security professionals and technologists, this can be a hard lesson. We like to think that security is vitally important. But anyone who has tried to convince the sales VP to give up her department’s Blackberries or the CFO to stop sharing his password with his secretary knows security is often viewed as a minor consideration in a larger decision. This issue’s articles on managing organizational security make this point clear.
Below is a diagram of a security decision. At its core are assets, which a security system protects. Security can fail in two ways: either attackers can successfully bypass it, or it can mistakenly block legitimate users. There are, of course, more users than attackers, so the second kind of failure is often more important. There’s also a feedback mechanism with respect to security countermeasures: both users and attackers learn about the security and its failings. Sometimes they learn how to bypass security, and sometimes they learn not to bother with the asset at all…
Psychology of Security
The security literature is filled with risk pathologies, heuristics that we use to help us evaluate risks. I’ve collected them from many different sources.
| Exaggerated Risks | Downplayed Risks |
|---|---|
| Spectacular | Pedestrian |
| Rare | Common |
| Personified | Anonymous |
| Beyond one’s control | More under control |
| Externally imposed | Taken willingly |
| Talked about | Not discussed |
| Intentional or man-made | Natural |
| Immediate | Long-term or diffuse |
| Sudden | Evolving slowly over time |
| Affecting them personally | Affecting others |
| New and unfamiliar… |
Is Big Brother a Big Deal?
This essay appeared as part of a point-counterpoint with Marcus Ranum. Marcus’s side, to which this is a response, can be found on his website.
Big Brother isn’t what he used to be. George Orwell extrapolated his totalitarian state from the 1940s. Today’s information society looks nothing like Orwell’s world, and watching and intimidating a population today isn’t anything like what Winston Smith experienced.
Data collection in 1984 was deliberate; today’s is inadvertent. In the information society, we generate data naturally. In Orwell’s world, people were naturally anonymous; today, we leave digital footprints everywhere…
How Security Companies Sucker Us With Lemons
More than a year ago, I wrote about the increasing risks of data loss because more and more data fits in smaller and smaller packages. Today I use a 4-GB USB memory stick for backup while I am traveling. I like the convenience, but if I lose the tiny thing I risk all my data.
Encryption is the obvious solution for this problem—I use PGPdisk—but Secustick sounds even better: It automatically erases itself after a set number of bad password attempts. The company makes a bunch of other impressive claims: The product was commissioned, and eventually approved, by the French intelligence service; it is used by many militaries and banks; its technology is revolutionary…
Vigilantism Is a Poor Response to Cyberattack
Last month Marine Gen. James Cartwright told the House Armed Services Committee that the best cyberdefense is a good offense.
As reported in Federal Computer Week, Cartwright said: “History teaches us that a purely defensive posture poses significant risks,” and that if “we apply the principle of warfare to the cyberdomain, as we do to sea, air and land, we realize the defense of the nation is better served by capabilities enabling us to take the fight to our adversaries, when necessary, to deter actions detrimental to our interests.”
The general isn’t alone. In 2003, the entertainment industry tried to get a …
How to Not Catch Terrorists
Data mining for terrorists: It’s an idea that just won’t die. But it won’t find any terrorists, it puts us at greater risk of crimes like identity theft, and it gives the police far too much power in a free society.
The first massive government program to collect dossiers on every American for data mining purposes was called Total Information Awareness. The public found the idea so abhorrent, and objected so forcefully, that Congress killed funding for the program in September 2003. But data mining is like a hydra—chop one head off, two more grow in its place. In May 2004, the General Accounting Office published a …
Why the Human Brain Is a Poor Judge of Risk
The human brain is a fascinating organ, but it’s an absolute mess. Because it has evolved over millions of years, there are all sorts of processes jumbled together rather than logically organized. Some of the processes are optimized for only certain kinds of situations, while others don’t work as well as they could. There’s some duplication of effort, and even some conflicting brain processes.
Assessing and reacting to risk is one of the most important things a living creature has to deal with, and there’s a very primitive part of the brain that has that job. It’s the amygdala, and it sits right above the brainstem, in what’s called the medial temporal lobe. The amygdala is responsible for processing base emotions that come from sensory inputs, like anger, avoidance, defensiveness and fear. It’s an old part of the brain, and seems to have originated in early fishes…
The Problem With Copycat Cops
It’s called ” splash-and-grab,” and it’s a new way to rob convenience stores. Two guys walk into a store, and one comes up to the counter with a cup of hot coffee or cocoa. He pays for it, and when the clerk opens the cash drawer, he throws the coffee in the clerk’s face. The other one grabs the cash drawer, and they both run.
Crimes never change, but tactics do. This tactic is new; someone just invented it. But now that it’s in the news, copycats are repeating the trick. There have been at least 19 such robberies in Delaware, Pennsylvania and New Jersey. (Some …
Is Penetration Testing Worth it?
This essay appeared as the first half of a point-counterpoint with Marcus Ranum. Marcus’s side can be found on his website.
There are security experts who insist penetration testing is essential for network security, and you have no hope of being secure unless you do it regularly. And there are contrarian security experts who tell you penetration testing is a waste of time; you might as well throw your money away. Both of these views are wrong. The reality of penetration testing is more complicated and nuanced.
Penetration testing is a broad term. It might mean breaking into a network to demonstrate you can. It might mean trying to break into a network to document vulnerabilities. It might involve a remote attack, physical penetration of a data center or social engineering attacks. It might use commercial or proprietary vulnerability scanning tools, or rely on skilled white-hat hackers. It might just evaluate software version numbers and patch levels, and make inferences about vulnerabilities…
Real-ID: Costs and Benefits
The argument was so obvious it hardly needed repeating. Some thought we would all be safer—from terrorism, from crime, even from inconvenience—if we had a better ID card. A good, hard-to-forge national ID is a no-brainer (or so the argument goes), and it’s ridiculous that a modern country like the United States doesn’t have one.
Still, most Americans have been and continue to be opposed to a national ID card. Even just after 9/11, polls showed a bare majority (51%) in favor—and that quickly became a minority opinion again. As such, both political parties came out against the card, which meant that the only way it could become law was to sneak it through…
Bruce Schneier: Privatizing the Police Puts Us at Greater Risk
Abuses of power and brutality are likelier among private security guards
In Raleigh, N.C., employees of Capitol Special Police patrol apartment buildings, a bowling alley and nightclubs, stopping suspicious people, searching their cars and making arrests.
Sounds like a good thing, but Capitol Special Police isn’t a police force at all—it’s a for-profit security company hired by private property owners.
This isn’t unique. Private security guards outnumber real police more than 5-1, and increasingly act like them.
They wear uniforms, carry weapons and drive lighted patrol cars on private properties like banks and apartment complexes and in public areas like bus stations and national monuments. Sometimes they operate as ordinary citizens and can only make citizen’s arrests, but in more and more states they’re being granted official police powers…
Why Smart Cops Do Dumb Things
Since 9/11, we’ve spent hundreds of billions of dollars defending ourselves from terrorist attacks. Stories about the ineffectiveness of many of these security measures are common, but less so are discussions of why they are so ineffective. In short: Much of our country’s counterterrorism security spending is not designed to protect us from the terrorists, but instead to protect our public officials from criticism when another attack occurs.
Boston, Jan. 31: As part of a guerilla marketing campaign, a series of amateur-looking blinking signs depicting characters in …
Why Vista's DRM Is Bad For You
Windows Vista includes an array of “features” that you don’t want. These features will make your computer less reliable and less secure. They’ll make your computer less stable and run slower. They will cause technical support problems. They may even require you to upgrade some of your peripheral hardware and existing software. And these features won’t do anything useful. In fact, they’re working against you. They’re digital rights management (DRM) features built into Vista at the behest of the entertainment industry.
And you don’t get to refuse them…
An American Idol for Crypto Geeks
The U.S. National Institute of Standards and Technology is having a competition for a new cryptographic hash function.
This matters. The phrase “one-way hash function” might sound arcane and geeky, but hash functions are the workhorses of modern cryptography. They provide web security in SSL. They help with key management in e-mail and voice encryption: PGP, Skype, all the others. They help make it harder to guess passwords. They’re used in virtual private networks, help provide DNS security and ensure that your automatic software updates are legitimate. They provide all sorts of security functions in your operating system. Every time you do something with security on the internet, a hash function is involved somewhere…
In Praise of Security Theater
While visiting some friends and their new baby in the hospital last week, I noticed an interesting bit of security. To prevent infant abduction, all babies had RFID tags attached to their ankles by a bracelet. There are sensors on the doors to the maternity ward, and if a baby passes through, an alarm goes off.
Infant abduction is rare, but still a risk. In the last 22 years, about 233 such abductions have occurred in the United States. About 4 million babies are born each year, which means that a baby has a 1-in-375,000 chance of being abducted. Compare this with the infant mortality rate in the U.S.—one in 145—and it becomes clear where the real risks are…
Solving Identity Theft
Identity theft is the information age’s new crime. A criminal collects enough personal data on the victim to impersonate him to banks, credit card companies and other financial institutions. Then he racks up debt in the victim’s name, collects the cash and disappears. The victim is left holding the bag.
While some of the losses are absorbed by financial institutions—credit card companies in particular—the credit-rating damage is borne by the victim. It can take years for the victim to completely clear his name.
So far, we’ve seen several “solutions” to this problem: forcing companies to disclose when they lose personal information, forcing companies to secure personal information, forcing financial institutions to enhance their authentication procedures. Unfortunately, these won’t help…
Life in the Fast Lane
CLEAR, a private service that prescreens travelers for a $100 annual fee, has come to Kennedy International Airport. To benefit from the Clear Registered Traveler program, which is run by Verified Identity Pass, a person must fill out an application, let the service capture his fingerprints and iris pattern and present two forms of identification. If the traveler passes a federal background check, he will be given a card that allows him to pass quickly through airport security.
Sounds great, but it’s actually two ideas rolled into one: one clever and one very stupid…
Camera Phones vs. Crime: Now We're Talking
On Wednesday, Mayor Bloomberg announced that New York will be the first city with 911 call centers able to receive images and videos from cell phones and computers. If you witness a crime, you can not only call in – you can send in a picture or video as well.
This is a great idea that can make us all safer. Often the biggest problem a 911 operator has is getting enough good information from the caller. Sometimes the caller is emotionally distraught. Sometimes there’s confusion and background noise. Sometimes there’s a language barrier. Giving callers the opportunity to use all the communications tools at their disposal will help operators dispatch the right help faster…
On Police Security Cameras
Wholesale Surveillance
San Francisco police have a new law enforcement tool: a car-mounted license-plate scanner. Similar to a radar gun, it reads the license plates of moving or parked cars—250 or more per hour—and links with remote police databases, immediately providing information about the car and its owner. Right now, the police check for unpaid parking tickets. A car that comes up positive on the database is booted.
On the face of it, this is nothing new. The police have always been able to run a license plate check. The difference is they would do it manually, and that limited its use. It simply wasn’t feasible for the police to run the plates of every car in a parking garage, or every car that passed through an intersection. What is different isn’t the police tactic, but the efficiency of the process…
Secure Passwords Keep You Safer
Ever since I wrote about the 34,000 MySpace passwords I analyzed, people have been asking how to choose secure passwords.
My piece aside, there’s been a lot written on this topic over the years—both serious and humorous—but most of it seems to be based on anecdotal suggestions rather than actual analytic evidence. What follows is some serious advice.
The attack I’m evaluating against is an offline password-guessing attack. This attack assumes that the attacker either has a copy of your encrypted document, or a server’s encrypted password file, and can try passwords as fast as he can. There are instances where this attack doesn’t make sense. ATM cards, for example, are secure even though they only have a four-digit PIN, because you can’t do offline password guessing. And the police are more likely to get a warrant for your Hotmail account than to bother trying to crack your e-mail password. Your encryption program’s key-escrow system is almost certainly more vulnerable than your password, as is any “secret question” you’ve set up in case you forget your password…
Automated Targeting System
This article was published under the title “They’re Watching.”
If you’ve traveled abroad recently, you’ve been investigated. You’ve been assigned a score indicating what kind of terrorist threat you pose. That score is used by the government to determine the treatment you receive when you return to the U.S. and for other purposes as well.
Curious about your score? You can’t see it. Interested in what information was used? You can’t know that. Want to clear your name if you’ve been wrongly categorized? You can’t challenge it. Want to know what kind of rules the computer is using to judge you? That’s secret, too. So is when and how the score will be used…
Does Secrecy Help Protect Personal Information?
This essay appeared as the second half of a point-counterpoint with Marcus Ranum. Marcus’s side can be found on his website.
Personal information protection is an economic problem, not a security problem. And the problem can be easily explained: The organizations we trust to protect our personal information do not suffer when information gets exposed. On the other hand, individuals who suffer when personal information is exposed don’t have the capability to protect that information.
There are actually two problems here: Personal information is easy to steal, and it’s valuable once stolen. We can’t solve one problem without solving the other. The solutions aren’t easy, and you’re not going to like them…
Information Security and Externalities
This essay is an update of Information security: How liable should vendors be?, Computerworld, October 28, 2004.
Information insecurity is costing us billions. There are many different ways in which we pay for information insecurity. We pay for it in theft, such as information theft, financial theft and theft of service. We pay for it in productivity loss, both when networks stop functioning and in the dozens of minor security inconveniences we all have to endure on a daily basis. We pay for it when we have to buy security products and services to reduce those other two losses. We pay for the lack of security, year after year…
Schneier: Full Disclosure of Security Vulnerabilities a 'Damned Good Idea'
Full disclosure—the practice of making the details of security vulnerabilities public—is a damned good idea. Public scrutiny is the only reliable way to improve security, while secrecy only makes us less secure.
Unfortunately, secrecy sounds like a good idea. Keeping software vulnerabilities secret, the argument goes, keeps them out of the hands of the hackers (See The Vulnerability Disclosure Game: Are We More Secure?). The problem, according to this position, is less the vulnerability itself and more the information about the vulnerability…
Sidebar photo of Bruce Schneier by Joe MacInnis.