Spiting Your Face

Posted on January 30, 2009 by swansont

Terrorists may use Google Earth, but fear is no reason to ban it

Criminals have used telephones and mobile phones since they were invented. Drug smugglers use airplanes and boats, radios and satellite phones. Bank robbers have long used cars and motorcycles as getaway vehicles, and horses before then. I haven’t seen it talked about yet, but the Mumbai terrorists used boats as well. They also wore boots. They ate lunch at restaurants, drank bottled water, and breathed the air. Society survives all of this because the good uses of infrastructure far outweigh the bad uses, even though the good uses are – by and large – small and pedestrian and the bad uses are rare and spectacular. And while terrorism turns society’s very infrastructure against itself, we only harm ourselves by dismantling that infrastructure in response – just as we would if we banned cars because bank robbers used them too.

I Know Where You Live

Posted on January 29, 2009 by swansont

I Am Here: One Man’s Experiment With the Location-Aware Lifestyle

To test whether I was being paranoid, I ran a little experiment. On a sunny Saturday, I spotted a woman in Golden Gate Park taking a photo with a 3G iPhone. Because iPhones embed geodata into photos that users upload to Flickr or Picasa, iPhone shots can be automatically placed on a map. At home I searched the Flickr map, and score—a shot from today. I clicked through to the user’s photostream and determined it was the woman I had seen earlier. After adjusting the settings so that only her shots appeared on the map, I saw a cluster of images in one location. Clicking on them revealed photos of an apartment interior—a bedroom, a kitchen, a filthy living room. Now I know where she lives.

Let's Get Cracking!

Posted on January 16, 2009 by swansont

FBI’s code-cracking challenge

The basics: Analysis of Criminal Codes and Ciphers

More 'I'm Not Making This Up'

Posted on January 15, 2009 by swansont

Playmobil Security Check Point

As with the BIC ballpoint pen, the true gold is in the reviews.

I will never need to buy toothpaste again thanks to Playmobil. Not realizing this was a toy I purchased it to prepare for my interview as a TSA agent. Needless to say I aced it and have been happily viewing xrays of carry-on luggage and shoes ever since. As noted above, the free toothpaste is just icing on the cake – never expected a free lifetime supply, but who’s complaining. This is a “must-have” for any aspiring TSA agent out there.

See also Safe Crackers (Thieves). Unfortunately Playmobil Police Station with Jail Cell has no customer reviews … yet.

The Other Three Were Stolen

Posted on January 10, 2009 by swansont

The Seven Best Capers of 2008

This Place is Full of Vultures. Vultures Everywhere!

Posted on December 14, 2008 by swansont

Tourist scams

After reading the whole list, one might get the impression that everyone in Europe is a thief.

My wife and I were ready to leave Rome after a great 10-day visit. We were picked up at our hotel by a cab and asked to be taken to the train station. The cab driver asked if we were leaving to fly home, and we said yes. He then proceeded to tell us that there were major problems with the train to Fiumicino Airport, the line was down, etc…but he would be glad to take us to the airport for €80! Thank God I had built enough time into our schedule so that I could investigate the train situation myself. I told him no thanks and asked him to take us to the train station anyway. There was no problem with the train and we made it home sans difficulty.

via Schneier

All the Internet's a Stage

Posted on December 1, 2008 by swansont

Here Comes Everybody Review at Bruce Schneier’s blog.

Economists have long understood the corollary concept of Coase’s ceiling, a point above which organizations collapse under their own weight — where hiring someone, however competent, means more work for everyone else than the new hire contributes. Software projects often bump their heads against Coase’s ceiling: recall Frederick P. Brooks Jr.’s seminal study, The Mythical Man-Month (Addison-Wesley, 1975), which showed how adding another person onto a project can slow progress and increase errors.

What’s new is something consultant and social technologist Clay Shirky calls “Coase’s Floor,” below which we find projects and activities that aren’t worth their organizational costs — things so esoteric, so frivolous, so nonsensical, or just so thoroughly unimportant that no organization, large or small, would ever bother with them. Things that you shake your head at when you see them and think, “That’s ridiculous.”

Sounds a lot like the Internet, doesn’t it?

The review goes on to highlight a few implications of the low organizational cost of the internet. Crackpots having a wide audience is one of them.

Smells Like … a Keyboard

Posted on October 28, 2008 by swansont

Compromising your keyboard by sniffing the EM radiation signature.

We found 4 different ways (including the Kuhn attack) to fully or partially recover keystrokes from wired keyboards at a distance up to 20 meters, even through walls. We tested 11 different wired keyboard models bought between 2001 and 2008 (PS/2, USB and laptop). They are all vulnerable to at least one of our 4 attacks.

Neal Stephenson did this in Cryptonomicon. Of course, fictional events are trumped by actual results.

Embracing the Meshugganah

Posted on October 14, 2008 by swansont

Because if the plan is crazy, the enemy won’t have installed countermeasures.

Via Schneier, a bit of crazy-like-a-fox counterintelligence

Having lost many troops and civilians to bombings, the Brits decided they needed to determine who was making the bombs and where they were being manufactured. One bright fellow recommended they operate a laundry and when asked “what the hell he was talking about,” he explained the plan and it was incorporated — to much success.

The plan was simple: Build a laundry and staff it with locals and a few of their own. The laundry would then send out “color coded” special discount tickets, to the effect of “get two loads for the price of one,” etc. The color coding was matched to specific streets and thus when someone brought in their laundry, it was easy to determine the general location from which a city map was coded.

While the laundry was indeed being washed, pressed and dry cleaned, it had one additional cycle — every garment, sheet, glove, pair of pants, was first sent through an analyzer, located in the basement, that checked for bomb-making residue.

I am reminded of another story; I can’t recall if I read this somewhere or heard it as an Nth-hand retelling. Some spooks were trying to bug a building, which required drilling into a wall and depositing the eavesdropping device, but such an act would set off a motion/sound sensor. Someone came up with an idea: during every thunderstorm, when thunder was rattling the windows a bit, shoot mints at the windows of the targeted room and set the sensors off. Eventually, security would get tired of checking out the alarm and notice the correlation of thunder and alarm, and just shut the system down during a storm. Mints were used because they would quickly dissolve in the rain, in case anyone came around to check the possibility of an outside instigator. Once the spooks noticed that the sensors were no longer tripping and provoking a response, they planted the bug.

It Won't Be an "Open" Marriage

Posted on September 12, 2008 by swansont

Cory Doctorow’s Cipher Wheel Wedding Rings

Cory Doctorow wanted a secret decoder wedding ring, and he asked me to help design it.
[…]
[N]ow it’s time to create some cryptographic applications for the rings. Cory and I are holding an open contest for the cleverest application.

Be sure to drink your Ovaltine.

swans on tea

Just another SFN Blogs site

Category Archives: Security