Schneier on Security

A blog covering security and security technology.

Me at TED

Okay, it's not TED. It's one of the independent regional TED events: TEDxPSU. My talk was "Reconceptualizing Security," a condensation of the hour-long talk into 18 minutes.

Posted on October 29, 2010 at 2:31 PM • 2 Comments

The Militarization of the Internet

Good blog post.

Posted on October 29, 2010 at 6:48 AM • 15 Comments

New Orleans Scrapping Surveillance Cameras

They're not worth it:

In seven years, New Orleans' crime camera program has yielded six indictments: three for crimes caught on video and three for bribes and kickbacks a vendor is accused of paying a former city official to sell the cameras to City Hall.

Posted on October 28, 2010 at 6:09 AM • 27 Comments

FBI Bugging Embassies in 1940

Old -- but recently released -- document discussing the bugging of the Russian embassy in 1940. The document also mentions bugging the embassies of France, Germany, Italy, and Japan.

Posted on October 27, 2010 at 3:24 PM • 25 Comments

Firesheep

Firesheep is a new Firefox plugin that makes it easy for you to hijack other people's social network connections. Basically, Facebook authenticates clients with cookies. If someone is using a public WiFi connection, the cookies are sniffable. Firesheep uses wincap to capture and display the authentication information for accounts it sees, allowing you to hijack the connection.

Slides from the Toorcon talk.

Protect yourself by forcing the authentication to happen over TLS. Or stop logging in to Facebook from public networks.

EDITED TO ADD (10/27): TO protect against this attack, you have to encrypt the entire session -- not just the initial authentication.

Posted on October 27, 2010 at 7:53 AM • 58 Comments

Seymour Hersh on Cyberwar

Excellent article from The New Yorker.

Posted on October 26, 2010 at 6:40 AM • 43 Comments

Declassified NSA Documents

It's a long list. These items are not online; they're at the National Archives and Records Administration in College Park, MD. You can either ask for copies by mail under FOIA (at a 75 cents per page) or come in in person. There, you can read and scan them for free, or photocopy them for about 20 cents a page.

Posted on October 25, 2010 at 6:21 AM • 43 Comments

Friday Squid Blogging: Steganography in the Longfin Inshore Squid

Really:

While the notion that a few animals produce polarization signals and use them in communication is not new, Mäthger and Hanlon’s findings present the first anatomical evidence for a “hidden communication channel” that can remain masked by typical camouflage patterns. Their results suggest that it might be possible for squid to send concealed polarized signals to one another while staying camouflaged to fish or mammalian predators, most of which do not have polarization vision.

Mäthger notes that these messages could contain information regarding the whereabouts of other squid, for example. “Whether signals could also contain information regarding the presence of predators (i.e., a warning signal) is speculation, but it may be possible,” she adds.

Posted on October 22, 2010 at 4:31 PM • 12 Comments

Video Interview with Me from RSA Europe

I was interviewed last week at RSA Europe.

Posted on October 22, 2010 at 2:29 PM • 0 Comments

FaceTime for Mac Security Hole

Once a user has logged into FaceTime, anyone with access to the machine can change the user's Apple ID password without knowing the old password.

Of course, it's just as easy to change it back, if the victim notices.

Posted on October 22, 2010 at 5:45 AM • 15 Comments

Electronic Car Lock Denial-of-Service Attack

Clever:

Inspector Richard Haycock told local newspapers that the possible use of the car lock jammers would help explain a recent spate of thefts from vehicles that have occurred without leaving any signs of forced entry.

"We do get quite a lot of car crime in the borough where there's no sign of a break-in and items have been taken from an owner's car," Inspector Haycock said. "It's difficult to get in to a modern car without causing damage and we get a reasonable amount of people who do not report any.

"It is a possibility that central locking jamming is being used," he added.

Devices that block the frequency used by a car owner's key fob might be used to thwart an owner's attempts to lock a car, leaving it open for waiting thieves. A quick search of the internet shows that devices offering to jam car locks are easily available for around $100. Effectiveness at up to 100m is claimed.

I thought car door locks weren't much of a deterrent to a professional car thief.

EDITED TO ADD (10/22): The thieves are not stealing cars, they're stealing things left inside the cars.

Posted on October 21, 2010 at 2:07 PM • 47 Comments

Workshop on the Economics of Information Security

I am the program chair for WEIS 2011, which is to be held next June in Washington, DC.

Submissions are due at the end of February.

Please forward and repost the call for papers.

Posted on October 20, 2010 at 7:11 PM • 7 Comments

Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.