Essays Tagged "Wired"
Page 4 of 11
I've Seen the Future, and It Has a Kill Switch
It used to be that just the entertainment industries wanted to control your computers—and televisions and iPods and everything else—to ensure that you didn’t violate any copyright rules. But now everyone else wants to get their hooks into your gear.
OnStar will soon include the ability for the police to shut off your engine remotely. Buses are getting the same capability, in case terrorists want to re-enact the movie Speed. The Pentagon wants a kill switch installed on airplanes, and is worried about potential enemies installing kill switches on their own equipment…
The Pros and Cons of LifeLock
LifeLock, one of the companies that offers identity-theft protection in the United States, has been taking quite a beating recently. They’re being sued by credit bureaus, competitors and lawyers in several states that are launching class action lawsuits. And the stories in the media … it’s like a piranha feeding frenzy.
There are also a lot of errors and misconceptions. With its aggressive advertising campaign and a CEO who publishes his Social Security number and dares people to steal his identity—Todd Davis, 457-55-5462—LifeLock is a company that’s easy to hate. But the company’s story has some interesting security lessons, and it’s worth understanding in some detail…
Why Do We Accept Signatures by Fax?
Aren’t fax signatures the weirdest thing? It’s trivial to cut and paste—with real scissors and glue—anyone’s signature onto a document so that it’ll look real when faxed. There is so little security in fax signatures that it’s mind-boggling that anyone accepts them.
Yet people do, all the time. I’ve signed book contracts, credit card authorizations, nondisclosure agreements and all sorts of financial documents—all by fax. I even have a scanned file of my signature on my computer, so I can virtually cut and paste it into documents and fax them directly from my computer without ever having to print them out. What in the world is going on here?…
Our Data, Ourselves
Dutch version by Jeroen van der Ham
In the information age, we all have a data shadow.
We leave data everywhere we go. It’s not just our bank accounts and stock portfolios, or our itemized bills, listing every credit card purchase and telephone call we make. It’s automatic road-toll collection systems, supermarket affinity cards, ATMs and so on.
It’s also our lives. Our love letters and friendly chat. Our personal e-mails and SMS messages. Our business plans, strategies and offhand conversations. Our political leanings and positions. And this is just the data we interact with. We all have shadow selves living in the data banks of hundreds of corporations’ information brokers—information about us that is both surprisingly personal and uncannily complete—except for the errors that you can neither see nor correct…
America's Dilemma: Close Security Holes, or Exploit Them Ourselves
On April 27, 2007, Estonia was attacked in cyberspace. Following a diplomatic incident with Russia about the relocation of a Soviet World War II memorial, the networks of many Estonian organizations, including the Estonian parliament, banks, ministries, newspapers and broadcasters, were attacked and—in many cases—shut down. Estonia was quick to blame Russia, which was equally quick to deny any involvement.
It was hyped as the first cyberwar: Russia attacking Estonia in cyberspace. But nearly a year later, evidence that the Russian government was involved in the denial-of-service attacks still hasn’t emerged. Though Russian hackers were indisputably the major instigators of the attack, the only individuals …
Prediction: RSA Conference Will Shrink Like a Punctured Balloon
Last week was the RSA Conference, easily the largest information security conference in the world. More than 17,000 people descended on San Francisco’s Moscone Center to hear some of the more than 250 talks, attend I-didn’t-try-to-count parties, and try to evade over 350 exhibitors vying to sell them stuff.
Talk to the exhibitors, though, and the most common complaint is that the attendees aren’t buying.
It’s not the quality of the wares. The show floor is filled with new security products, new technologies, and new ideas. Many of these are products that will make the attendees’ companies more secure in all sorts of different ways. The problem is that most of the people attending the RSA Conference can’t understand what the products do or why they should buy them. So they don’t…
The Difference Between Feeling and Reality in Security
Security is both a feeling and a reality, and they’re different. You can feel secure even though you’re not, and you can be secure even though you don’t feel it. There are two different concepts mapped onto the same word—the English language isn’t working very well for us here—and it can be hard to know which one we’re talking about when we use the word.
There is considerable value in separating out the two concepts: in explaining how the two are different, and understanding when we’re referring to one and when the other. There is value as well in recognizing when the two converge, understanding why they diverge, and knowing how they can be made to converge again…
Inside the Twisted Mind of the Security Professional
Uncle Milton Industries has been selling ant farms to children since 1956. Some years ago, I remember opening one up with a friend. There were no actual ants included in the box. Instead, there was a card that you filled in with your address, and the company would mail you some ants. My friend expressed surprise that you could get ants sent to you in the mail.
I replied: “What’s really interesting is that these people will send a tube of live ants to anyone you tell them to.”
Security requires a particular mindset. Security professionals—at least the good ones—see the world differently. They can’t walk into a store without noticing how they might shoplift. They can’t use a computer without wondering about the security vulnerabilities. They can’t vote without trying to figure out how to vote twice. They just can’t help it…
The Myth of the "Transparent Society"
When I write and speak about privacy, I am regularly confronted with the mutual disclosure argument. Explained in books like David Brin’s The Transparent Society, the argument goes something like this: In a world of ubiquitous surveillance, you’ll know all about me, but I will also know all about you. The government will be watching us, but we’ll also be watching the government. This is different than before, but it’s not automatically worse. And because I know your secrets, you can’t use my secrets as a weapon against me.
This might not be everybody’s idea of utopia—and it certainly doesn’t address the …
When the Internet Is My Hard Drive, Should I Trust Third Parties?
Wine Therapy is a web bulletin board for serious wine geeks. It’s been active since 2000, and its database of back posts and comments is a wealth of information: tasting notes, restaurant recommendations, stories and so on. Late last year someone hacked the board software, got administrative privileges and deleted the database. There was no backup.
Of course the board’s owner should have been making backups all along, but he has been very sick for the past year and wasn’t able to. And the Internet Archive has been only somewhat helpful.
More and more, information we rely on—either created by us or by others—is out of our control. It’s out there on the internet, on someone else’s website and being cared for by someone else. We use those websites, sometimes daily, and don’t even think about their reliability…
Sidebar photo of Bruce Schneier by Joe MacInnis.