Feeds
13617 items (0 unread) in 75 feeds
-
Watchfire Application Security Insider
-
BlogSecurity
-
sirdarckcat
-
Google Online Security Blog
-
CGISecurity.com: Your Web Site and Application Security Resource
-
Switch/Twitch
-
mybeNi websecurity
-
cat slave diary
-
SecuriTeam Blogs
-
Curiouser and Curiouser
-
Alex's Corner
-
Billy (BK) Rios
-
Chris Shiflett
-
christian's weblog
-
funkatron.com
-
GNUCITIZEN
-
The Spanner
-
hackademix.net
-
Ruby on Rails Security Project
-
It's a shampoo world anyway
-
Web Security Blog
-
ha.ckers.org web application security lab
-
Yet Another Infosec Blog
-
PHP Security Blog
-
Security Thoughts
-
Sunnet Beskerming Security Advisories
-
Disenchant's Blog
-
Sylvan von Stuppe
-
Larholm.com
-
The Turkey Curse
-
Jeremiah Grossman
-
Anurag Agarwal - Application Security Evangelist
-
Ivan Ristic
-
deep inside | security & tools
-
omg.wtf.bbq.
-
BlueHat Security Briefings
-
Tactical Web Application Security
-
.:Computer Defense:.
-
tssci security
-
Plynt Penetration Testing Blog
-
Michael Howard's Web Log
-
Security Retentive
-
BindShell.Net
-
Dominic White's .tHE pRODUCT
-
SecurityFocus News
-
Justice League
-
Schneier on Security
-
Rational Survivability
-
terminal23
-
1 Raindrop
-
hiredhacker.com
-
Matasano Chargen
-
-
Michael on Security - Musings on Information Security
-
Fortify blog
-
The Art of Software Security Assessment
-
GDS Security Blog
-
Vodun.org
-
Robert Penz Blog
-
Mark Curphey - SecurityBuddha.com
-
Liminal states
-
Security Ripcord
-
ModSecurity Blog
-
IBM Internet Security Systems Frequency X Blog
-
Suspekt...
-
extern blog SensePost;
-
Zero in a bit
Schneier on Security
-
Possibly the Most Incompetent TSA Story Yet
Posted: January 31st, 2012, 5:03pm CST
Tags: [edit]
The storyline: TSA screener finds two pipes in passenger's bags. Screener determines that they're not a threat. Screener confiscates them anyway, because of their "material and appearance." Because they're not actually a threat, screener leaves them at the checkpoint. Everyone forgets about them. Six hours later, the next shift of TSA screeners notices the pipes and -- not being able... -
Biases in Forensic Science
Posted: January 31st, 2012, 11:13am CST
Tags: [edit]
Some errors in forensic science may be the result of the biases of the examiners: Though they cannot prove it, Dr Dror and Dr Hampikian suspect the difference in contextual information given to the examiners was the cause of the different results. The original pair may have subliminally interpreted ambiguous information in a way helpful to the prosecution, even though... -
Liars and Outliers Update
Posted: January 30th, 2012, 1:59pm CST
Tags: [edit]
According to my publisher, the book was printed last week and the warehouse is shipping orders to booksellers today. Amazon is likely to start shipping books on Thursday. (Yes, Amazon's webpage claims that the book will be published on February 21, 2012, but they'll ship copies as soon as they get them -- this ain't Harry Potter.) The Kindle edition... -
British Tourists Arrested in the U.S. for Tweeting
Posted: January 30th, 2012, 10:52am CST
Tags: [edit]
Does this story make sense to anyone? The Department of Homeland Security flagged him as a potential threat when he posted an excited tweet to his pals about his forthcoming trip to Hollywood which read: 'Free this week, for quick gossip/prep before I go and destroy America'. After making their way through passport control at Los Angeles International Airport (LAX)... -
The Nature of Cyberwar
Posted: January 30th, 2012, 6:02am CST
Tags: [edit]
This was pretty good, I thought: However, it may be difficult to write military doctrine for many aspects of cyberconflict that are truly revolutionary. Here are no fewer than 10 to consider: The Internet is an artificial environment that can be shaped in part according to national security requirements. The blinding proliferation of technology and hacker tools makes it impossible... -
Password Sharing Among American Teenagers
Posted: January 27th, 2012, 6:39am CST
Tags: [edit]
Interesting article from the New York Times on password sharing as a show of affection. "It's a sign of trust," Tiffany Carandang, a high school senior in San Francisco, said of the decision she and her boyfriend made several months ago to share passwords for e-mail and Facebook. "I have nothing to hide from him, and he has nothing to... -
Evidence on the Effectiveness of Terrorism
Posted: January 26th, 2012, 10:36am CST
Tags: [edit]
Readers of this blog will know that I like the works of Max Abrams, and regularly blog them. He has a new paper (full paper behind paywall) in Defence and Peace Economics, 22:6 (2011), 583–94, "Does Terrorism Really Work? Evolution in the Conventional Wisdom since 9/11, Defence and Peace Economics": The basic narrative of bargaining theory predicts that, all else... -
Federal Judge Orders Defendant to Decrypt Laptop
Posted: January 25th, 2012, 1:56pm CST
Tags: [edit]
A U.S. federal judge has ordered a defendent to decrypt her laptop.... -
Supreme Court Rules that GPS Tracking Requires a Warrant
Posted: January 25th, 2012, 12:54pm CST
Tags: [edit]
The U.S Supreme Court has ruled that the police cannot attach a GPS tracking device to a car without a warrant. EDITED TO ADD (1/26): It seems I was wrong when I said that the ruling forces the police to get a warrant before placing a GPS tracking device on a car. The ruling is much more complicated and nuanced.... -
Research into an Information Security Risk Rating
Posted: January 25th, 2012, 6:44am CST
Tags: [edit]
The NSF is funding research on giving organizations information-security risk ratings, similar to credit ratings for individuals: Existing risk management techniques are based on annual audits and only provide a snapshot of a partner's security posture. However, new vulnerabilities are discovered everyday and the industry needs a solution that enables a business to continuously monitor changing risk posture of all... -
Using Plant DNA for Authentication
Posted: January 24th, 2012, 6:46am CST
Tags: [edit]
Turns out you can create unique signatures from plant DNA. The idea is to spray this stuff on military components in order to verify authentic items and detect counterfeits, similar to SmartWater. It's a good idea in theory, but my guess is that the security is not going to center around counterfeiting the plant DNA, but rather in subverting the... -
Authentication by "Cognitive Footprint"
Posted: January 23rd, 2012, 11:49am CST
Tags: [edit]
DARPA is funding research into new forms of biometrics that authenticate people as they use their computer: things like keystroke patterns, eye movements, mouse behavior, reading speed, and surfing and e-mail response behavior. The idea -- and I think this is a good one -- is that the computer can continuously authenticate people, and not just authenticate them once when... -
The Continued Militarization of the U.S. Police
Posted: January 20th, 2012, 6:39am CST
Tags: [edit]
The state of Texas gets an armed patrol boat. I guess armed drones weren't enough for them.... -
The Onion on Facebook
Posted: January 19th, 2012, 1:02pm CST
Tags: [edit]
Funny news video on Facebook and the CIA.... -
Using False Alarms to Disable Security
Posted: January 19th, 2012, 6:36am CST
Tags: [edit]
I wrote about this technique in Beyond Fear: Beginning Sunday evening, the robbers intentionally set off the gallery's alarm system several times without entering the building, according to police. The security staffers on duty, who investigated and found no disturbances, subsequently disabled at least one alarm. The burglars then entered through a balcony door.... -
Going Dark to Protest SOPA/PIPA
Posted: January 17th, 2012, 4:10pm CST
Tags: [edit]
Tomorrow, from 8 am to 8 pm EST, this site, Schneier on Security, is going on strike to protest SOPA and PIPA. In doing so, I'll be joining Wikipedia (in English), BoingBoing, WordPress, and many others. A list of participants, and HTML and JavaScript code for anyone who wants to participate, can be found here.... -
Tor Opsec
Posted: January 17th, 2012, 12:29pm CST
Tags: [edit]
Good operational security guide to Tor.... -
The Importance of Good Backups
Posted: January 17th, 2012, 7:31am CST
Tags: [edit]
Thankfully, this doesn't happen very often: A US man who had been convicted on a second-degree murder charge will get a new trial after a computer virus destroyed transcripts of court proceedings.... -
PCI Lawsuit
Posted: January 16th, 2012, 9:58am CST
Tags: [edit]
This is a first: ...the McCombs allege that the bank, and the payment card industry (PCI) in general, force merchants to sign one-sided contracts that are based on information that arbitrarily changes without notice, and that they impose random fines on merchants without providing proof of a breach or of fraudulent losses and without allowing merchants a meaningful opportunity to... -
Friday Squid Blogging: Argentina Attempts a Squid Blockage against the Falkland Islands
Posted: January 13th, 2012, 4:19pm CST
Tags: [edit]
Yet another story that combines squid and security. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.... -
Recovering a Hacked Gmail Account
Posted: January 13th, 2012, 12:58pm CST
Tags: [edit]
Long (but well-written and interesting) story of someone whose Gmail account was hacked and erased, and eventually restored. Many interesting lessons about the security of largely support-free cloud services.... -
"Going Dark" vs. a "Golden Age of Surveillance"
Posted: January 13th, 2012, 6:58am CST
Tags: [edit]
It's a policy debate that's been going on since the crypto wars of the early 1990s. The FBI, NSA, and other agencies continue to claim they're losing their ability to engage in surveillance: that it's "going dark." Whether the cause of the problem is encrypted e-mail, digital telephony, or Skype, the bad guys use it to communicate, so we need... -
Abolish the Department of Homeland Security
Posted: January 12th, 2012, 3:04pm CST
Tags: [edit]
I have a love/hate relationship with the Cato Institute. Most of their analysis I strongly disagree with, but some of it I equally strongly agree with. Last September 11 -- the tenth anniversary of 9/11 -- Cato's David Rittgers published "Abolish the Department of Homeland Security": DHS has too many subdivisions in too many disparate fields to operate effectively. Agencies... -
TSA Cupcake Update
Posted: January 12th, 2012, 2:39pm CST
Tags: [edit]
The TSA claims that the cupcake they confiscated was in a jar. So this is a less obviously stupid story than I previously thought. EDITED TO ADD (1/13): The cupcake lady says the TSA is lying. EDITED TO ADD (1/17): A bakery creates a TSA-compliant cupcake.... -
A Theory of Online Jihadist Sites
Posted: January 12th, 2012, 12:37pm CST
Tags: [edit]
Very interesting: The counterterrorism community has spent years trying to determine why so many people are engaged in online jihadi communities in such a meaningful way. After all, the life of an online administrator for a hard-line Islamist forum is not as exciting as one might expect. You don't get paid, and you spend most of your time posting links... -
Apple Split-Key Patent
Posted: January 12th, 2012, 5:53am CST
Tags: [edit]
Apple has a patent on splitting a key between a portable device and its power supply. Clever idea.... -
Protecting Your Privacy at International Borders
Posted: January 11th, 2012, 7:15am CST
Tags: [edit]
The EFF has published a good guide. My own advice is here and here.... -
Collecting Expert Predictions about Terrorist Attacks
Posted: January 10th, 2012, 6:56am CST
Tags: [edit]
John Mueller has been collecting them: Some 116 of these Very People were surveyed in 2006 by Foreign Policy magazine in a joint project with the Center for America Progress. The magazine stressed that its survey drew from the "highest echelons of America’s foreign policy establishment" and included the occasional secretary of state and national security adviser, as well as... -
Stealing Source Code
Posted: January 9th, 2012, 12:55pm CST
Tags: [edit]
Hackers stole some source code to Symantec's products. We don't know what was stolen or how recent the code is -- the company is, of course, minimizing the story -- but it's hard to get worked up about this. Yes, maybe the bad guys will comb the code looking for vulnerabilities, and maybe there's some smoking gun that proves Symantec's... -
The TSA Proves its Own Irrelevance
Posted: January 9th, 2012, 6:00am CST
Tags: [edit]
Have you wondered what $1.2 billion in airport security gets you? The TSA has compiled its own "Top 10 Good Catches of 2011": 10) Snakes, turtles, and birds were found at Miami (MIA) and Los Angeles (LAX). I’m just happy there weren’t any lions, tigers, and bears… [...] 3) Over 1,200 firearms were discovered at TSA checkpoints across the nation... -
Friday Squid Blogging: Squid Skateboards
Posted: January 6th, 2012, 4:36pm CST
Tags: [edit]
Great designs.... -
Time to Patch Your HP Printers
Posted: January 6th, 2012, 1:50pm CST
Tags: [edit]
It's a serious vulnerability. Note that this is the research that was mistakenly reported as allowing hackers to set your printer on fire. Here's a list of all the printers affected.... -
Improving the Security of Four-Digit PINs on Cell Phones
Posted: January 6th, 2012, 6:30am CST
Tags: [edit]
The author of this article notices that it's often easy to guess a cell phone PIN because of smudge marks on the screen. Those smudge marks indicate the four PIN digits, so an attacker knows that the PIN is one of 24 possible permutations of those digits. Then he points out that if your PIN has only three different digits... -
Liars and Outliers News
Posted: January 5th, 2012, 1:39pm CST
Tags: [edit]
The Liars and Outliers webpage is live. On it you can find links to order both paper and e-book copies from a variety of online retailers, and signed copies directly from me. I've also posted the jacket copy, the table of contents, the first chapter, the 15 figures from the book, an image of the full wraparound cover, and all... -
Newly Released Papers from NSA Journals
Posted: January 5th, 2012, 6:28am CST
Tags: [edit]
The papers are old, but they have just been released under FOIA.... -
Sending Coded Messages with Postage Stamps
Posted: January 4th, 2012, 8:37am CST
Tags: [edit]
The history of coded messages in postage-stamp placement. I wonder how prevalent this actually was. My guess is that it was more a clever idea than an actual signaling system. And I notice that a lot of the code systems don't have a placement that indicates "no message; this is just a stamp."... -
Allocating Security Resources to Protect Critical Infrastructure
Posted: January 2nd, 2012, 12:33pm CST
Tags: [edit]
Alan T. Murray and Tony H. Grubesic, "Critical Infrastructure Protection: The Vulnerability Conundrum," Telematics & Informatics, 29 (February 2012): 5665 (full article behind paywall). Abstract: Critical infrastructure and key resources (CIKR) refer to a broad array of assets which are essential to the everyday functionality of social, economic, political and cultural systems in the United States. The interruption of CIKR... -
Applying Game Theory to Cyberattacks and Defenses
Posted: January 2nd, 2012, 6:15am CST
Tags: [edit]
Behzad Zare Moayedi, Mohammad Abdollahi Azgomi, "A Game Theoretic Framework for Evaluation of the Impacts of Hackers Diversity on Security Measures," Reliability Engineering & System Safety, 99 (2012): 45-54 (full article behind paywall). Abstract: Game theoretical methods offer new insights into quantitative evaluation of dependability and security. Currently, there is a wide range of useful game theoretic approaches to model...