Page 402
There’s a new article on NSA’s Technology Transfer Program, a 1990s-era program to license NSA patents to private industry. I was pretty dismissive about the offerings in the article, but I didn’t find anything interesting in the catalog. Does anyone see something I missed?
My guess is that the good stuff remains classified, and isn’t “transferred” to anyone.
Slashdot thread.
Warmer waters are moving squid fishing up the California coast.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
There’s a Reuters article on new types of fraud using stolen medical records. I don’t know how much of this is real and how much is hype, but I’m certain that criminals are looking for new ways to monetize stolen data.
This is a good essay on the security trade-offs with cloud backup:
iCloud backups have not eliminated this problem, but they have made it far less common. This is, like almost everything in tech, a trade-off:
- Your data is far safer from irretrievable loss if it is synced/backed up, regularly, to a cloud-based service.
- Your data is more at risk of being stolen if it is synced/backed up, regularly, to a cloud-based service.
Ideally, the companies that provide such services minimize the risk of your account being hijacked while maximizing the simplicity and ease of setting it up and using it. But clearly these two goals are in conflict. There’s no way around the fact that the proper balance is somewhere in between maximal security and minimal complexity.
Further, I would wager heavily that there are thousands and thousands more people who have been traumatized by irretrievable data loss (who would have been saved if they’d had cloud-based backups) than those who have been victimized by having their cloud-based accounts hijacked (who would have been saved if they had only stored their data locally on their devices).
It is thus, in my opinion, terribly irresponsible to advise people to blindly not trust Apple (or Google, or Dropbox, or Microsoft, etc.) with “any of your data” without emphasizing, clearly and adamantly, that by only storing their data on-device, they greatly increase the risk of losing everything.
It’s true. For most people, the risk of data loss is greater than the risk of data theft.
Inevitably we’re going to see articles pointing at this and at Heartbleed and claim a trend in vulnerabilities in open-source software. If anyone has any actual data other than these two instances and the natural human tendency to generalize, I’d like to see it.
Julian Sanchez of the Cato Institute has a lengthy audio interview on NSA surveillance and reform. Worth listening to.
Interesting article on the arms race between creating robot “handwriting” that looks human, and detecting text that has been written by a robot. Robots will continue to get better, and will eventually fool all of us.
I found the story of the Federal Reserve on 9/11 to be fascinating. It seems they just flipped a switch on all their Y2K preparations, and it worked.
Jonathan Zittrain argues that our military weapons should be built with a kill switch, so they become useless when they fall into enemy hands.
The National Highway Traffic Safety Administration (NHTSA) has released a report titled “Vehicle-to-Vehicle Communications: Readiness of V2V Technology for Application.” It’s very long, and mostly not interesting to me, but there are security concerns sprinkled throughout: both authentication to ensure that all the communications are accurate and can’t be spoofed, and privacy to ensure that the communications can’t be used to track cars. It’s nice to see this sort of thing thought about in the beginning, when the system is first being designed, and not tacked on at the end.
Sidebar photo of Bruce Schneier by Joe MacInnis.