Essays Tagged "Wired"
Page 9 of 11
It's the Economy, Stupid
I’m sitting in a conference room at Cambridge University, trying to simultaneously finish this article for Wired News and pay attention to the presenter onstage.
I’m in this awkward situation because 1) this article is due tomorrow, and 2) I’m attending the fifth Workshop on the Economics of Information Security, or WEIS: to my mind, the most interesting computer security conference of the year.
The idea that economics has anything to do with computer security is relatively new. Ross Anderson and I seem to have stumbled upon the idea independently. He, in his brilliant article from 2001, “…
The Scariest Terror Threat of All
For a while now, I have been writing about our penchant for “movie-plot threats”—terrorist fears based on very specific attack scenarios.
Terrorists with crop-dusters, terrorists exploding baby carriages in subways, terrorists filling school buses with explosives—these are all movie-plot threats. They’re good for scaring people, but it’s just silly to build national security policy around them.
But if we’re going to worry about unlikely attacks, why can’t they be exciting and innovative ones? If Americans are going to be scared, shouldn’t they be scared of things that are really scary? “Blowing up the Super Bowl” is a movie plot, to be sure, but it’s …
Make Vendors Liable for Bugs
Have you ever been to a retail store and seen this sign on the register: “Your purchase free if you don’t get a receipt”? You almost certainly didn’t see it in an expensive or high-end store. You saw it in a convenience store, or a fast-food restaurant. Or maybe a liquor store. That sign is a security device, and a clever one at that. And it illustrates a very important rule about security: It works best when you align interests with capability.
If you’re a store owner, one of your security worries is employee theft. Your employees handle cash all day, and dishonest ones will pocket some of it for themselves. The history of the cash register is mostly a history of preventing this kind of theft. Early cash registers were just boxes with a bell attached. The bell rang when an employee opened the box, alerting the store owner—who was presumably elsewhere in the store—that an employee was handling money…
The Eternal Value of Privacy
Finnish translation
French translation [#1]
French translation [#2]
German translation
Italian translation
Japanese translation
Polish translation
Portuguese translation
Spanish translation
The most common retort against privacy advocates—by those in favor of ID checks, cameras, databases, data mining and other wholesale surveillance measures—is this line: “If you aren’t doing anything wrong, what do you have to hide?”
Some clever answers: “If I’m not doing anything wrong, then you have no cause to watch me.” “Because the government gets to define what’s wrong, and they keep changing the definition.” “Because you might do something wrong with my information.” My problem with quips like these—as right as they are—is that they accept the premise that privacy is about hiding a wrong. It’s not. Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect…
Everyone Wants to 'Own' Your PC
When technology serves its owners, it is liberating. When it is designed to serve others, over the owner’s objection, it is oppressive. There’s a battle raging on your computer right now—one that pits you against worms and viruses, Trojans, spyware, automatic update features and digital rights management technologies. It’s the battle to determine who owns your computer.
You own your computer, of course. You bought it. You paid for it. But how much control do you really have over what happens on your machine? Technically you might have bought the hardware and software, but you have less control over what it’s doing behind the scenes…
The Anti-ID-Theft Bill That Isn't
California was the first state to pass a law requiring companies that keep personal data to disclose when that data is lost or stolen. Since then, many states have followed suit. Now Congress is debating federal legislation that would do the same thing nationwide.
Except that it won’t do the same thing: The federal bill has become so watered down that it won’t be very effective. I would still be in favor of it—a poor federal law is better than none—if it didn’t also pre-empt more-effective state laws, which makes it a net loss.
Identity theft is the fastest-growing area of crime. It’s badly named—your identity is the one thing that cannot be stolen—and is better thought of as fraud by impersonation. A criminal collects enough personal information about you to be able to impersonate you to banks, credit card companies, brokerage houses, etc. Posing as you, he steals your money, or takes a destructive joyride on your good credit…
Why VOIP Needs Crypto
There are basically four ways to eavesdrop on a telephone call.
One, you can listen in on another phone extension. This is the method preferred by siblings everywhere. If you have the right access, it’s the easiest. While it doesn’t work for cell phones, cordless phones are vulnerable to a variant of this attack: A radio receiver set to the right frequency can act as another extension.
Two, you can attach some eavesdropping equipment to the wire with a pair of alligator clips. It takes some expertise, but you can do it anywhere along the phone line’s path—even outside the home. This used to be the way the police eavesdropped on your phone line. These days it’s probably most often used by criminals. This method doesn’t work for cell phones, either…
Let Computers Screen Air Baggage
It seems like every time someone tests airport security, airport security fails. In tests between November 2001 and February 2002, screeners missed 70 percent of knives, 30 percent of guns and 60 percent of (fake) bombs. And recently, testers were able to smuggle bomb-making parts through airport security in 21 of 21 attempts. It makes you wonder why we’re all putting our laptops in a separate bin and taking off our shoes. (Although we should all be glad that Richard Reid wasn’t the “underwear bomber.”)
The failure to detect bomb-making parts is easier to understand. Break up something into small enough parts, and it’s going to slip past the screeners pretty easily. The explosive material won’t show up on the metal detector, and the associated electronics can look benign when disassembled. This isn’t even a new problem. It’s widely believed that the Chechen women who blew up the two Russian planes in August 2004 probably smuggled their bombs aboard the planes in pieces…
U.S. Ports Raise Proxy Problem
Does it make sense to surrender management, including security, of six U.S. ports to a Dubai-based company? This question has set off a heated debate between the administration and Congress, as members of both parties condemned the deal.
Most of the rhetoric is political posturing, but there’s an interesting security issue embedded in the controversy. It’s about proxies, trust, and transparency.
A proxy is a concept I discussed in my book Beyond Fear. It’s a person or organization that acts on your behalf in some way. It’s how complex societies work—it’s impossible for us all to do everything or make every decision, so we cede some authority to proxies…
Fighting Fat-Wallet Syndrome
I don’t know about your wallet, but mine contains a driver’s license, three credit cards, two bank ATM cards, frequent-flier cards for three airlines and frequent-guest cards for three hotel chains, memberships cards to two airline clubs, a library card, a AAA card, a Costco membership, and a bunch of other ID-type cards.
Any technologist who looks at the pile would reasonably ask: why all those cards? Most of them are not intended to be hard-to-forge identification cards; they’re simply ways of carrying around unique numbers that are pointers into a database. Why does Visa bother issuing credit cards in the first place? Clearly you don’t need the physical card in order to complete the transaction, as anyone who has bought something over the phone or the internet knows. Your bank could just use your driver’s license number as an account number…
Sidebar photo of Bruce Schneier by Joe MacInnis.