This data squid was seen at the big demonstration against surveillance that took place in Berlin on October 11, as part of the international privacy action day "Freedom not Fear." The German is Datenkrake, which has a bad connotation to it, like sucking in everything it can get....

Here's one....

Interesting: In a nutshell, the guide advocates that organizations calculate cyber security risks and costs by asking questions of every organizational discipline that might be affected: legal, compliance, business operations, IT, external communications, crisis management, and risk management/insurance. The idea is to involve everyone who might be affected by a security breach and collect data on the potential risks and...

Clever work: The researchers from the Security and Cryptography Laboratory at Ecole Polytechnique Federale de Lausanne are able to capture keystrokes by monitoring the electromagnetic radiation of PS/2, universal serial bus, or laptop keyboards. They've outline four separate attack methods, some that work at a distance of as much as 65 feet from the target. In one video demonstration, researchers...

Kip Hawley, head of the TSA, has responded to my airport security penetration testing, published in The Atlantic. Unfortunately, there's not really anything to his response. It's obvious he doesn't want to admit that they've been checking ID's all this time to no purpose whatsoever, so he just emits vague generalities like a frightened squid filling the water with ink....

It's the ultimate movie-plot threat: terrorists using child porn: It is thought Islamist extremists are concealing messages in digital images and audio, video or other files. Police are now investigating the link between terrorists and paedophilia in an attempt to unravel the system. It could lead to the training of child welfare experts to identify signs of terrorist involvement as...

Last week I wrote about a story that indicated that terrorist fear mongering is working less well. Here's another story, this one from Canada: two pipeline bombings in Northern British Columbia: Investigators are treating the explosions as acts of vandalism, not terrorism, Shields said. "Under the Criminal Code, it would be characterized as mischief, which is an intentional vandalism. We...

While I am strongly opposed to a national ID, I have consistently said that giving strongly secured ID cards to groups like port workers is a good idea. It's happening in New England: The scannable card serves as proof that a background check has been performed and it contains features aimed at preventing misuse. In addition to a photograph, the...

Quantum cryptography is back in the news, and the basic idea is still unbelievably cool, in theory, and nearly useless in real life. The idea behind quantum crypto is that two people communicating using a quantum channel can be absolutely sure no one is eavesdropping. Heisenberg's uncertainty principle requires anyone measuring a quantum system to disturb it, and that disturbance...

Warning poster....

Interesting: My all-time favourite [short con] only makes the con artist a few dollars every time he does it, but I absolutely love it. These guys used to go door-to-door in the 1970s selling lightbulbs and they would offer to replace every single lightbulb in your house, so all your old lightbulbs would be replaced with a brand new lightbulb,...

Funny stuff....

BART, the San Francisco subway authority, has been debating allowing passengers to bring drinks on trains. There are all sorts of good reasons why or why not -- convenience, problems with spills, and so on -- but one reason that makes no sense is that terrorists may bring flammable liquids on board. Yet that is exactly what BART managers said....

The readers were hacked when they were built, "either during the manufacturing process at a factory in China, or shortly after they came off the production line." It's being called a "supply chain hack." Sophisticated stuff, and yet another demonstration that these all-computer security systems are full of risks. BTW, what's it worth to rig an election?...

We engage in risk management all the time, but it only makes sense if we do it right. "Risk management" is just a fancy term for the cost-benefit tradeoff associated with any security decision. It's what we do when we react to fear, or try to make ourselves feel secure. It's the fight-or-flight reflex that evolved in primitive fish and...

Elcomsoft is claiming that the WPA protocol is dead, just because they can speed up brute-force cracking by 100 times using a hardware accelerator. Why exactly is this news? Yes, weak passwords are weak -- we already know that. And strong WPA passwords are still strong. This seems like yet another blatant attempt to grab some press attention with a...

Used against the IRA: One of the most interesting operations was the laundry mat [sic]. Having lost many troops and civilians to bombings, the Brits decided they needed to determine who was making the bombs and where they were being manufactured. One bright fellow recommended they operate a laundry and when asked "what the hell he was talking about," he...

Interesting paper by Adam Shostack: Abstract. Describes a decade of experience threat modeling products and services at Microsoft. Describes the current threat modeling methodology used in the Security Development Lifecycle. The methodology is a practical approach, usable by non-experts, centered on data ow diagrams and a threat enumeration technique of 'STRIDE per element.' The paper covers some lessons learned which...

Squid can communicate with each other without any other fish noticing: Squid and their relatives have eyes that are sensitive to polarised light and to them and are known to use it to signal to one another. Their predators on the other hand, like seals or whales, don't share this ability and cannot see the squids' signals. Most of all,...

Guess the year: Murderous organizations have increased in size and scope; they are more daring, they are served by the most terrible weapons offered by modern science, and the world is nowadays threatened by new forces which, if recklessly unchained, may some day wreck universal destruction. The Orsini bombs were mere children's toys compared with the later developments of infernal...