recentpopularlog in

mcherm : via:bruceschneier   235

« earlier  
Trump's Credibility Crisis Arrives - The Atlantic
One reason Trump's lies are so harmful is because someday he will need to say "trust me" and we won't be able to. Here's an example within the first weeks of the administration.
DonaldTrump  politics  via:BruceSchneier 
march 2017 by mcherm
Schneier on Security: How the NSA Threatens National Security
Bruce Schneier: the NSA surveillance hasn't helped and it HAS harmed security. Here's how, with lots of links to back it up.
nsa  BruceSchneier  via:BruceSchneier  surveillance 
january 2014 by mcherm
How the Bitcoin protocol actually works | DDI
A really good explanation of how Bitcoin works, motivating each step of the design.
bitcoin  cryptography  via:BruceSchneier 
january 2014 by mcherm
Schneier on Security: World War II Anecdote about Trust and Security
Just the chance that someone COULD undermine your protocol can be damaging, even if they don't -- and an example from World War II.
security  via:BruceSchneier  BruceSchneier 
january 2014 by mcherm
Schneier on Security: Why the Government Should Help Leakers
A really good suggestion: the US Govt should *HELP* journalists secure the Snowden documents (and others) because it's in both party's interests.
snowden  security  via:BruceSchneier  BruceSchneier 
november 2013 by mcherm
Schneier on Security: The NSA's New Risk Analysis
Bruce Schneier explains how the NSA has a whole bag of exploits and they choose the appropriate one for a given intrusion.
security  nsa  surveillance  via:BruceSchneier  BruceSchneier 
october 2013 by mcherm
Schneier on Security: Air Gaps
Bruce Schneier's advice on maintaining an air-gapped computer. He's using this to protect the Snowden documents.
security  privacy  snowden  BruceSchneier  via:BruceSchneier 
october 2013 by mcherm
Backdoor found in D-Link router firmware code | Security - InfoWorld
Incredibly stupid: they left a "backdoor" in their wireless router firmware: pass a certain user agent string and you automatically get control of the device. It's not even a bug, it's just monumentally stupid.
security  via:BruceSchneier 
october 2013 by mcherm
Schneier on Security: Reforming the NSA
The NSA is too powerful, and it needs to be reformed from outside.
nsa  snowden  politics  BruceSchneier  via:BruceSchneier 
october 2013 by mcherm
Schneier on Security: Our Newfound Fear of Risk
Bruce Schneier: we have gotten too risk averse, and not smartly either.
risk  via:BruceSchneier  via:HackerNews 
september 2013 by mcherm
Schneier on Security: Secret Information Is More Trusted
Scientific study shows people trust information more if they think it was classified (secret).
trust  BruceSchneier  via:BruceSchneier 
august 2013 by mcherm
To make journalism harder, slower, less secure » Pressthink
The actions surrounding Snowden's revelations have been intentionally targeted to put pressure on journalism, to make is slower and less effective because that allows the NSA to operate with more freedom. This needs to be reigned in.
journalism  snowden  via:BruceSchneier  nsa  politics 
august 2013 by mcherm
Schneier on Security: The Security Risks of Unregulated Google Search
If google slanted their search results in one consistent direction they could influence elections. But if they were known to slant their search results then many more people would find competing services instead, so I'm not THAT worried.
BruceSchneier  via:BruceSchneier 
june 2013 by mcherm
security theater, martial law, and a tale that trumps every cop-and-donut joke you've ever heard | Popehat
The lockdown of Boston because of a terrorist on the run was excessive. It didn't work (he was found as soon as they ENDED the lockdown because someone went outside and saw him). And as further evidence, the police literally told doughnut shops to stay open so police could stop by for snacks.
terrorism  politics  security  securitytheater  rights  via:BruceSchneier 
may 2013 by mcherm
BitCon: Don't in [Market-Ticker]
A valid, coherent critique of bitcoin and how it interacts with government regulation.. Points out that it does not anonymize transactions (and may add money laundering and tax evasion to your charges, with no statute of limitations).
bitcoin  via:BruceSchneier 
april 2013 by mcherm
Cheating in Chess: Daily Chess Columns
About cheating in chess - some history, an example, and the final conclusion: there is no effective way to prevent it given today's technology.
chess  cheating  security  via:BruceSchneier 
february 2013 by mcherm
Sample anti-harassment policy for conferences
This was created as a model policy for conference organizers to use (or at least use as inspiration).
discrimination  gender  conferences  via:BruceSchneier 
august 2012 by mcherm
Schneier on Security: "Raise the Crime Rate"
"Crime rates are down significantly on the outside, but up drastically inside prisons. We have reduced crime by locking them all up and making them prey on each other. That's unfair and we should release them and accept slightly higher crime." An interesting viewpoint.
prison  security  via:BruceSchneier  BruceSchneier 
april 2012 by mcherm
Schneier on Security: Friday Squid Blogging: How Squid Hear
Squid ears work differently. They've got a stone in a cavity and the squid itself vibrates around that.
animals  biology  squid  via:BruceSchneier 
april 2012 by mcherm
Detect if visitors are logged into Twitter, Facebook or Google+
A security flaw that allows a site to detect whether you are logged into certain sites.
security  webdevelopment  via:BruceSchneier 
march 2012 by mcherm
Schneier on Security: <i>Liars and Outliers</i>: The Big Idea
A summary of his latest book's big idea. There are always a small minority of "defecting" individuals -- what mechanisms do we use to reduce the size of that group and how do we limit the amount of harm they can cause?
via:BruceSchneier 
march 2012 by mcherm
Hand counts of votes may cause errors
Hand-counting votes has a 0.75% to 2% error rate, depending on the technique used.
voting  via:BruceSchneier 
february 2012 by mcherm
The Perfect Crime by Brian Kalt :: SSRN
"This article argues that there is a 50-square-mile swath of Idaho in which one can commit felonies with impunity."
law  via:BruceSchneier 
february 2012 by mcherm
Burgling beetle targets plants with the heaviest security | Not Exactly Rocket Science | Discover Magazine
The things with lots of security are the ones worth stealing from. Here's an example from the world of plants and insects.
security  via:BruceSchneier  animals 
december 2011 by mcherm
Schneier on Security: Recent Developments in Full Disclosure
Schneier says that there is more and more resistance lately to public disclosure of security vulnerabilities.
security  via:BruceSchneier  BruceSchneier  censorship 
december 2011 by mcherm
BCrypt Library for Java
Here is a java library for an acceptable hash function (bcrypt). SHA-1 is already weakening, and will be broken before too long. SHA-2 doesn’t exist yet. Use this (it might even win SHA-2).
via:BruceSchneier  cryptography  hash  java  programming  security 
july 2011 by mcherm
Lifetimes of cryptographic hash functions
Some comments on the state of hash functions, including a look at how long previous hash functions lasted.
via:BruceSchneier  cryptography  hash  programming  security 
july 2011 by mcherm
Insider info theft from law firm; never accessed the documents
To make off with insider information from his own law firm he didn’t open docs, just looked at their titles, also checked things like which client was billed when certain bigwigs ran off to a sudden meeting.
security  via:BruceSchneier 
june 2011 by mcherm
nsa-redact.pdf (application/pdf Object)
Actual instructions (from the NSA) on how to redact content in documents (especially MS Word).
censorship  security  privacy  via:BruceSchneier 
june 2011 by mcherm
Video: They Sure Don't Make Pyrex Like They Used To | Popular Science
Pyrex is no longer made from borosilicate glass (which doesn't expand with heat). This affected crack cocaine producers.
via:BruceSchneier  materialsscience 
may 2011 by mcherm
Vulnerabilities in Online Payment Systems: Schneier on Security
Buy.com doesn't validate messages from PayPal as it should. They're blaming Buy, but I think it's PayPal's fault for not designing a protocol that would have prevented this.
security  banking  BruceSchneier  via:BruceSchneier 
may 2011 by mcherm
Act_Giving_Bribe_Legal.pdf (application/pdf Object)
India’s chief economic adviser says *paying* (but not receiving) bribes needed to get a service you're entitled to should be made legal. Then only one party wants to keep it secret and the incidence of demanding bribes will go down.
via:BruceSchneier  ethics  law  philosophy  gametheory 
april 2011 by mcherm
RSA 2011: Winning the War But Losing Our Soul | threatpost
Article (not BY Bruce) about how a computer security company moved from inventing cyber attack techniques for the DOD to selling those services to some conservative groups to use to attack liberal groups.
security  hacking  ethics  via:BruceSchneier  BruceSchneier 
march 2011 by mcherm
Cops: Orlando Man Sabotaged "Whac-A-Mole" Games - News Story - WFTV Orlando
The guy installed a bug (or perhaps virus) into the product in order to ensure that there's be problems that only he could fix.
via:BruceSchneier  security  personal_net  programming 
march 2011 by mcherm
Immigration officer fired after putting wife on list of terrorists to stop her flying home | Mail Online
A UK official decided he didn't want to deal with his wife. So while she was out of the country, he added her to the watch list -- so she was unable to return. It stayed that way for 3 years before the official got a background check and when questioned admitted to it.
via:BruceSchneier  security  securitystupidity  securitytheater  TSA  terrorism 
february 2011 by mcherm
Schneier on Security: The Security Threat of Forged Law-Enforcement Credentials
Bruce Schneier reports on research that shows it's easy to make a fake badge and get away with all kinds of stuff. Only solution? Verify badges like we do with credit cards: instantly and on-site.
security  via:BruceSchneier  BruceSchneier  authentication 
january 2011 by mcherm
Schneier on Security: Changing Passwords
How often should you change your password? Depends on the use: changing it only protects against snooping, so if that's the threat, change it as frequently as you need; otherwise don't bother changing it.
security  BruceSchneier  via:BruceSchneier  passwords 
november 2010 by mcherm
Schneier on Security: Indian OS
India can write its own operating system, but that won't make it secure. (I think they'd do better to invest the same effort into Linux.)
security  operatingsystem  via:BruceSchneier  BruceSchneier  personal_net 
november 2010 by mcherm
Schneier on Security: Fingerprinting Telephone Calls
From audio artifacts you can tell what systems the call was routed through.
via:BruceSchneier  security  personal_net 
october 2010 by mcherm
Social Steganography: Learning to Hide in Plain Sight
Using messages on Facebook that your parents will interpret one way and your friends interpret a different way.
steganography  cryptography  privacy  via:BruceSchneier  personal_net 
august 2010 by mcherm
Data at Rest vs. Data in Motion: Schneier on Security
Cryptography has amazing powers for almost perfectly securing communications. But STORED data requires that the keys be stored too, and this is then vulnerable to ordinary computer security attacks, not defended by pure mathematics.
via:BruceSchneier  BruceSchneier  security  cryptography 
august 2010 by mcherm
What Car Thieves Think of the Club - Freakonomics Blog - NYTimes.com
Car thieves LIKE having "The Club" because it makes it EASIER to steal the car.
via:BruceSchneier  security  nytimes 
august 2010 by mcherm
Hiring Hackers: Schneier on Security
Is it ok to hire convicted hackers to do computer security? Bruce Schneier says yes.
risk  security  via:BruceSchneier  BruceSchneier 
june 2010 by mcherm
The Deadliest of Games: The Institution of Dueling
A rational argument for dueling: it was a signal of a good credit rating.
personal_net  via:BruceSchneier 
june 2010 by mcherm
Preventing attacks on a user's history through CSS :visited selectors
Firefox's plans for how to protect against the attack that detects links you've visited by styling them differently and then detecting it.
security  via:BruceSchneier  firefox  browsers  privacy  webdevelopment 
june 2010 by mcherm
Schneier on Security: Worst-Case Thinking
Bruce Schneier: my worse case scenario is that that we keep talking about worst case scenarios, because they distort the assessments and behaviors in unhelpful ways.
security  risk  fear  BruceSchneier  via:BruceSchneier 
may 2010 by mcherm
Side-Channel Leaks in Web Applications | Freedom to Tinker
An eavesdropper to an SSL connection can observe number of requests, timing of them, and size of request and response. This leaks LOTS of info. Eg: the "options" that pop down for search results have characteristic sizes. An attacker can tell EXACTLY what you searched for by watching what is obtained for each letter. Will soon be a serious problem.
security  webdevelopment  ssl  cryptography  cloudcomputing  privacy  via:BruceSchneier  blogworthy 
may 2010 by mcherm
Hardly Existential | Foreign Affairs
Evaluating the risk due to terrorism and comparing it to other risks. Conclusion: we're spending far too much on terrorism.
via:BruceSchneier  risk  terrorism  personal_net 
april 2010 by mcherm
Veried by Visa and MasterCard SecureCode: or, How Not to Design Authentication
The most widely used authentication system for credit cards is UNBELIEVABLY INSECURE. It succeeds because it pushes liability onto the consumer so merchants and banks like it.
banking  security  BruceSchneier  via:BruceSchneier  creditcard 
february 2010 by mcherm
Schneier on Security: Beyond Security Theater
A particularly nice summary of Bruce Schneier's view on security theater.
BruceSchneier  via:BruceSchneier  security  securitytheater  terrorism  TSA 
january 2010 by mcherm
Schneier on Security: Quantum Cryptography Cracked
An example of a "secure" quantum cryptography system being cracked by inducing the detectors at the ends to reveal information.
via:BruceSchneier  BruceSchneier  quantummechanics  security  cryptography 
january 2010 by mcherm
Intercepting Predator Video: Schneier on Security
Bruce Schneier defends the lack of encryption on the video channel for predator drones. He says the key management would be horrible, and the risk of NOT giving the data to someone in the field who needs it is greater than the risk that bad guys can benefit from it. He proposes perhaps the military needs a new protocol that is less stringent for applications like this - perhaps you would be allowed to say keys over the telephone, for instance.
BruceSchneier  via:BruceSchneier  security  usability  encryption  cryptography 
december 2009 by mcherm
SoLongAndNoThanks.pdf (application/pdf Object)
Research paper shows that users who reject security advice are quite often behaving rationally -- the cost of complying is high compared to the benefits.
security  via:BruceSchneier 
november 2009 by mcherm
Schneier on Security: A Useful Side-Effect of Misplaced Fear
Use unreasoned fear as a way of inducing sensible behavior in areas where people are otherwise irrational. Eg: use the (unfounded) fear of date-rape-drug spiking of drinks to encourage people to drink less without having to confront them about their drinking.
via:BruceSchneier  BruceSchneier  philosophy  fear 
november 2009 by mcherm
It’s a Fork, It’s a Spoon, It’s a ... Weapon? - NYTimes.com
Another writeup of some of the excesses of zero tolerance rules at schools. My favorite (there were few details) sounds like someone was suspended because someone else "dropped a pocket knife in his lap".
via:BruceSchneier  zerotolerance  kidsrights  nytimes 
october 2009 by mcherm
Schneier on Security: Nice Use of Diversion During a Robbery
Robbers use security overreaction to cover their trail. They disabled the police helicopter by putting a bag near it with the word "Bomb" on it.
security  via:BruceSchneier 
october 2009 by mcherm
New Malware Re-Writes Online Bank Statements to Cover Fraud | Threat Level | Wired.com
Malware hacks the browser to prevent customers from seeing the money that was stolen on their online statements. Just one piece of a very sophisticated scheme.
banking  fraud  security  antivirus  via:BruceSchneier 
october 2009 by mcherm
On Influenza A (H1N1) « bunnie's blog
An analysis of the "swine flu" virus which looks at like a computer virus: how many bits long is it, what "clever hacks" does it use, etc.
via:BruceSchneier  programming  genetics  biology  hack  medicine 
september 2009 by mcherm
YouTube - Don't Take a Breath Test!!!
Breathalyzer results can be manipulated (by covering the exhaust port).
via:BruceSchneier  police  personal_net 
august 2009 by mcherm
Schneier on Security: Self-Enforcing Protocols
Divide-and-cut for cakes is an example of setting up the protocol for interaction in such a way that you don't need trusted 3rd parties to keep it fair. Such protocols are an interesting study; a couple of other examples are given.
via:BruceSchneier  BruceSchneier  protocols 
august 2009 by mcherm
Privacy Salience and Social Networking Sites: Schneier on Security
Interesting: talking about privacy or security makes people nervous about privacy or security... even if you're talking about what a good job you do. Perhaps banks, for instance, should just have a link on the front page labeled "security" (and one labeled "privacy") instead of bragging about what a good job they do.
brain  psychology  security  banking  via:BruceSchneier  BruceSchneier  privacy 
july 2009 by mcherm
« earlier      
per page:    204080120160

Copy this bookmark:





to read