Schneier on Security

Interesting commentary: I don't think this is really a case about ISP liability at all. It is a case about the use of a person's image, without their consent, that generates commercial value for someone else. That is the essence of the Italian law at issue in this case. It is also how the right of privacy was first established...

The "Microsoft Online Services Global Criminal Compliance Handbook (U.S. Domestic Version)" (also can be found here, here, and here) outlines exactly what Microsoft will do upon police request. Here's a good summary of what's in it: The Global Criminal Compliance Handbook is a quasi-comprehensive explanatory document meant for law enforcement officials seeking access to Microsoft's stored user information. It also...

Funny: MOUNTAIN VIEW, CA—Responding to recent public outcries over its handling of private data, search giant Google offered a wide-ranging and eerily well-informed apology to its millions of users Monday. "We would like to extend our deepest apologies to each and every one of you," announced CEO Eric Schmidt, speaking from the company's Googleplex headquarters. "Clearly there have been some...

How not to destroy evidence: In a bold and bizarre attempt to destroy evidence seized during a federal raid, a New York City man grabbed a flash drive and swallowed the data storage device while in the custody of Secret Service agents, records show. The article wasn't explicit about this -- odd, as it's the main question any reader would...

Interesting paper: "A Practical Attack to De-Anonymize Social Network Users." Abstract. Social networking sites such as Facebook, LinkedIn, and Xing have been reporting exponential growth rates. These sites have millions of registered users, and they are interesting from a security and privacy point of view because they store large amounts of sensitive personal user data. In this paper, we introduce...

Squid teapot. Could be squiddier....

I gave this one two days ago, at the RSA Conference....

The Spanish police arrested three people in connection with the 13-million-computer Mariposa botnet....

On Tuesday, the White House published an unclassified summary of its Comprehensive National Cybersecurity Initiative (CNCI). Howard Schmidt made the announcement at the RSA Conference. These are the 12 initiatives in the plan: Initiative #1. Manage the Federal Enterprise Network as a single network enterprise with Trusted Internet. Initiative #2. Deploy an intrusion detection system of sensors across the Federal...

Look at this new AES-encrypted USB memory stick. You enter the key directly into the stick via the keypad, thereby bypassing any eavesdropping software on the computer. The problem is that in order to get full 256-bit entropy in the key, you need to enter 77 decimal digits using the keypad. I can't imagine anyone doing that; they'll enter an...

Nice essay. Similar sentiment from Newsweek....

Interesting essay by a former CIA field officer on the al-Mabhouh assassination: The truth is that Mr. Mabhouh's assassination was conducted according to the book -- a military operation in which the environment is completely controlled by the assassins. At least 25 people are needed to carry off something like this. You need "eyes on" the target 24 hours a...

Is this how the al-Mabhouh assassins got in?...

Squids make great examples....

My fourth essay for CNN.com, on surveillance cameras. The Al-Mabhouh assassination made a nice news hook. EDITED TO ADD (3/4): The security camera industry responds....

Funny video by Marcus Ranum and Gunnar Peterson....

A Washington Post article concludes that small planes are not the next terror threat: Pilots of private planes fly about 200,000 small and medium-size aircraft in the United States, using 19,000 airports, most of them small. The planes' owners say the aircraft have little in common with airliners. "I don't see a gaping security hole here," said Tom Walsh, an...

It's a really creepy story. A school issues laptops to students, and then remotely and surreptitiously turns on the camera. (Here's the lawsuit.) This is an excellent technical investigation of what actually happened. This investigation into the remote spying allegedly being conducted against students at Lower Merion represents an attempt to find proof of spying and a look into the...

Just declassified: "A Reference Guide to Selected Historical Documents Relating to the National Security Agency/Central Security Service, 1931–1985." Formerly "Top Secret UMBRA." From my quick scan, there are minimal redactions....

They claim to be "one of the nation's only and most respected security and intelligence providers" -- I've never heard of them -- but their blog consists entirely of entries copied from my blog since December 24. They don't even cull the ones that are obviously me: posts about interviews I've given, for example. I contacted them last week and...