Co3 Systems Is Hiring
My company, Co3 Systems, is hiring both technical and nontechnical positions. If you live in the Boston area, click through and take a look.
Page 397
Testing for Explosives in the Chicago Subway
Chicago is doing random explosives screenings at random L stops in the Chicago area. Compliance is voluntary:
Police made no arrests but one rider refused to submit to the screening and left the station without incident, Maloney said.
[…]
Passengers can decline the screening, but will not be allowed to board a train at that station. Riders can leave that station and board a train at a different station.
I have to wonder what would happen if someone who looks Arab refused to be screened. And what possible value this procedure has. Anyone who has a bomb in their bag would see the screening point well before approaching it, and be able to walk to the next stop without potentially arousing suspicion.
Why Hyping Cyber Threats is Counterproductive
Robert Lee and Thomas Rid have a new paper: “OMG Cyber! Thirteen Reasons Why Hype Makes for Bad Policy.”
EDITED TO ADD (11/13): Another essay on the same topic.
How the Internet Affects National Sovereignty
Interesting paper by Melissa Hathaway: “Connected Choices: How the Internet Is Challenging Sovereign Decisions.”
Abstract: Modern societies are in the middle of a strategic, multidimensional competition for money, power, and control over all aspects of the Internet and the Internet economy. This article discusses the increasing pace of discord and the competing interests that are unfolding in the current debate concerning the control and governance of the Internet and its infrastructure. Some countries are more prepared for and committed to winning tactical battles than are others on the road to asserting themselves as an Internet power. Some are acutely aware of what is at stake; the question is whether they will be the master or the victim of these multilayered power struggles as subtle and not-so-subtle connected choices are being made. Understanding this debate requires an appreciation of the entangled economic, technical, regulatory, political, and social interests implicated by the Internet. Those states that are prepared for and understand the many facets of the Internet will likely end up on top.
Verizon Tracking Mobile Internet Use
Verizon is tracking the Internet use of its phones by surreptitiously modifying URLs. This is a good description of how it works.
Adam Shostack's Threat Modeling
Probably the best IT security book of the year is Adam Shostack’s Threat Modeling (Amazon page).
The book is an honorable mention finalist for “The Best Books” of the past 12 months. This is the first time a security book has been on the list since my Applied Cryptography (first edition) won in 1994 and my Secrets and Lies won in 2001.
Anyway, Shostack’s book is really good, and I strongly recommend it. He blogs about the topic here.
Friday Squid Blogging: Little Squid
Beautiful photo.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Hacking Team Documentation
The Intercept has published the complete manuals for Hacking Team’s attack software. This follows a detailed report on Hacking Team’s products from August. Hacking Team sells computer and cell phone hacking capabilities to the governments of Azerbaijan, Colombia, Egypt, Ethiopia, Hungary, Italy, Kazakhstan, Korea, Malaysia, Mexico, Morocco, Nigeria, Oman, Panama, Poland, Saudi Arabia, Sudan, Thailand, Turkey, UAE, and Uzbekistan…and probably others as well.
This is important. The NSA’s capabilities are not unique to the NSA. They’re not even unique to countries like the US, UK, China, Russia, France, Germany, and Israel. They’re available for purchase by any totalitarian country that wants to spy on foreign governments or its own citizens. By ensuring an insecure Internet for everyone, the NSA enables companies like Hacking Team to thrive.
Enigma Simulator
Good article, with pictures, diagrams, and code.
The Risk of Unfounded Ebola Fears
Good essay.
Worry about Ebola (or anything) manifests physically as what’s known as a fight, flight, or freeze response. Biological systems ramp up or down to focus the body’s resources on the threat at hand. Heart rate and blood pressure increase, immune function is suppressed (after an initial burst), brain chemistry changes, and the normal functioning of the digestive system is interrupted, among other effects. Like fear itself, these changes are protective in the short term. But when they persist, the changes prompted by chronic stress—defined as stress beyond the normal hassles of life, lasting at least one to two weeks—are associated with increased risk of cardiovascular disease (the leading cause of death in America); increased likelihood and severity of clinical depression (suicide is the 10th leading cause of death in America); depressed memory formation and recall; impaired fertility; reduced bone growth; and gastrointestinal disorders.
Perhaps most insidious of all, by suppressing our immune systems, chronic stress makes us more likely to catch infectious diseases, or suffer more—or die—from diseases that a healthy immune system would be better able to control. The fear of Ebola may well have an impact on the breadth and severity of how many people get sick, or die, from influenza this flu season. (The CDC reports that, either directly or indirectly, influenza kills between 3,000 and 49,000 people per year.)
There is no question that America’s physical, economic, and social health is far more at risk from the fear of Ebola than from the virus itself.
EDITED TO ADD (10/30): The State of Louisiana is prohibiting researchers who have recently been to Ebola-infected countries from attending a conference on tropical medicine. So now we’re at a point where our fear of Ebola is inhibiting scientific research into treating and curing Ebola.
Sidebar photo of Bruce Schneier by Joe MacInnis.