Entries Tagged "comics"
Page 3 of 10
Secret Questions
Interesting research:
Analysing our data for security, though, shows that essentially all human-generated names provide poor resistance to guessing. For an attacker looking to make three guesses per personal knowledge question (for example, because this triggers an account lock-down), none of the name distributions we looked at gave more than 8 bits of effective security except for full names. That is, about at least 1 in 256 guesses would be successful, and 1 in 84 accounts compromised. For an attacker who can make more than 3 guesses and wants to break into 50% of available accounts, no distributions gave more than about 12 bits of effective security. The actual values vary in some interesting ways-South Korean names are much easier to guess than American ones, female first names are harder than male ones, pet names are slightly harder than human names, and names are getting harder to guess over time.
I’ve written about this problem.
EDITED TO ADD (4/13): xkcd on the secret question.
Crypto Comic Book
EDITED TO ADD (4/10): It’s out. Here’s a review.
Cybersecurity Theater at FOSE
FOSE, the big government IT conference, has a “Cybersecurity Theater” this year. I wonder if they’ll check photo IDs.
On a similar note, I am pleased that my term “security theater” has finally hit the mainstream. It’s everywhere. My favorite variant is “security theater of the absurd.”
And this great cartoon. And two more.
Jon Stewart didn’t use the words “security theater,” but he was pretty funny on January 4.
Connecting the Dots
I wrote about intelligence failures back in 2002.
EDITED TO ADD (1/7): Tom Toles cartoon on connecting the dots.
Sidebar photo of Bruce Schneier by Joe MacInnis.