Feeds
13617 items (0 unread) in 75 feeds
-
Watchfire Application Security Insider
-
BlogSecurity
-
sirdarckcat
-
Google Online Security Blog
-
CGISecurity.com: Your Web Site and Application Security Resource
-
Switch/Twitch
-
mybeNi websecurity
-
cat slave diary
-
SecuriTeam Blogs
-
Curiouser and Curiouser
-
Alex's Corner
-
Billy (BK) Rios
-
Chris Shiflett
-
christian's weblog
-
funkatron.com
-
GNUCITIZEN
-
The Spanner
-
hackademix.net
-
Ruby on Rails Security Project
-
It's a shampoo world anyway
-
Web Security Blog
-
ha.ckers.org web application security lab
-
Yet Another Infosec Blog
-
PHP Security Blog
-
Security Thoughts
-
Sunnet Beskerming Security Advisories
-
Disenchant's Blog
-
Sylvan von Stuppe
-
Larholm.com
-
The Turkey Curse
-
Jeremiah Grossman
-
Anurag Agarwal - Application Security Evangelist
-
Ivan Ristic
-
deep inside | security & tools
-
omg.wtf.bbq.
-
BlueHat Security Briefings
-
Tactical Web Application Security
-
.:Computer Defense:.
-
tssci security
-
Plynt Penetration Testing Blog
-
Michael Howard's Web Log
-
Security Retentive
-
BindShell.Net
-
Dominic White's .tHE pRODUCT
-
SecurityFocus News
-
Justice League
-
Schneier on Security
-
Rational Survivability
-
terminal23
-
1 Raindrop
-
hiredhacker.com
-
Matasano Chargen
-
-
Michael on Security - Musings on Information Security
-
Fortify blog
-
The Art of Software Security Assessment
-
GDS Security Blog
-
Vodun.org
-
Robert Penz Blog
-
Mark Curphey - SecurityBuddha.com
-
Liminal states
-
Security Ripcord
-
ModSecurity Blog
-
IBM Internet Security Systems Frequency X Blog
-
Suspekt...
-
extern blog SensePost;
-
Zero in a bit
Schneier on Security
-
FBI Special Agent and Counterterrorism Expert Criticizes the TSA
Posted: February 29th, 2012, 7:11am CST
Tags: [edit]
Good essay. Nothing I haven't said before, but it's good to hear it from someone with a widely different set of credentials than I have.... -
"Cyberwar Is the New Yellowcake"
Posted: February 28th, 2012, 6:43am CST
Tags: [edit]
Good essay on the dangers of cyberwar rhetoric -- and the cyberwar arms race.... -
Liars and Outliers: Interview on The Browser
Posted: February 27th, 2012, 12:30pm CST
Tags: [edit]
I was asked to talk about five books related to privacy. You're best known as a security expert but our theme today is "trust". How would you describe the connection between the two? Security exists to facilitate trust. Trust is the goal, and security is how we enable it. Think of it this way: As members of modern society, we... -
U.S. Federal Court Rules that it is Unconstitutional for the Police to Force Someone to Decrypt their Laptop
Posted: February 27th, 2012, 5:49am CST
Tags: [edit]
A U.S. Federal Court ruled that it is unconstitutional for the police to force someone to decrypt their laptop computer: Thursday’s decision by the 11th U.S. Circuit Court of Appeals said that an encrypted hard drive is akin to a combination to a safe, and is off limits, because compelling the unlocking of either of them is the equivalent of... -
Friday Squid Blogging: Squid Can Fly to Save Energy
Posted: February 24th, 2012, 4:08pm CST
Tags: [edit]
There's a new study that shows that squid are faster in the air than in the water. Squid of many species have been seen to 'fly' using the same jet-propulsion mechanisms that they use to swim: squirting water out of their mantles so that they rocket out of the sea and glide through the air. Until now, most researchers have... -
Liars and Outliers News
Posted: February 24th, 2012, 3:18pm CST
Tags: [edit]
The book is selling well. (Signed copies are still available on the website.) All the online stores have it, and most bookstores as well. It is available in Europe and elsewhere outside the U.S. And for those who wanted a DRM-free electronic copy, it's available on the OReilly.com bookstore for $11.99. I have collected four new reviews. And a bunch... -
Press Mentions
Posted: February 24th, 2012, 2:56pm CST
Tags: [edit]
One article on me, and a podcast about my RSA talk next week.... -
Mention of Cryptography in a Rap Song
Posted: February 24th, 2012, 1:37pm CST
Tags: [edit]
The new movie Safe House features the song "No Church in the Wild," by Kanye West, which includes this verse: I live by you, desire I stand by you, walk through the fire Your love is my scripture Let me into your encryption... -
Computer Security when Traveling to China
Posted: February 24th, 2012, 7:06am CST
Tags: [edit]
Interesting: When Kenneth G. Lieberthal, a China expert at the Brookings Institution, travels to that country, he follows a routine that seems straight from a spy film. He leaves his cellphone and laptop at home and instead brings "loaner" devices, which he erases before he leaves the United States and wipes clean the minute he returns. In China, he disables... -
Another Piece of the Stuxnet Puzzle
Posted: February 23rd, 2012, 12:29pm CST
Tags: [edit]
We can now conclusively link Stuxnet to the centrifuge structure at the Natanz nuclear enrichment lab in Iran. Watch this new video presentation from Ralph Langner, the researcher who has done the most work on Stuxnet. It's a long clip, but the good stuff is between 21:00 and 29:00. The pictures he's referring to are still up. My previous writings... -
Mobile Malware Is Increasing
Posted: February 23rd, 2012, 6:27am CST
Tags: [edit]
According to a report by Juniper, mobile malware is increasing dramatically. In 2011, we saw unprecedented growth of mobile malware attacks with a 155 percent increase across all platforms. Most noteworthy was the dramatic growth in Android Malware from roughly 400 samples in June to over 13,000 samples by the end of 2011. This amounts to a cumulative increase of... -
John Nash's 1955 Letter to the NSA
Posted: February 22nd, 2012, 6:53am CST
Tags: [edit]
Fascinating.... -
"1234" and Birthdays Are the Most Common PINs
Posted: February 21st, 2012, 7:36am CST
Tags: [edit]
Research paper: "A birthday present every eleven wallets? The security of customer-chosen banking PINs," by Joseph Bonneau, Sören Preibusch, and Ross Anderson: Abstract: We provide the first published estimates of the difficulty of guessing a human-chosen 4-digit PIN. We begin with two large sets of 4-digit sequences chosen outside banking for online passwords and smartphone unlock-codes. We use a regression... -
Covert Communications Channel in Tarsiers
Posted: February 20th, 2012, 6:30am CST
Tags: [edit]
Marissa A. Ramsier, Andrew J. Cunningham, Gillian L. Moritz, James J. Finneran, Cathy V. Williams, Perry S. Ong, Sharon L. Gursky-Doyen, and Nathaniel J. Dominy (2012), "Primate communication in the pure ultrasound," Biology Letters. Abstract: Few mammals -- cetaceans, domestic cats and select bats and rodents -- can send and receive vocal signals contained within the ultrasonic domain, or pure... -
Friday Squid Blogging: Squid Desk Lamp
Posted: February 17th, 2012, 4:37pm CST
Tags: [edit]
Beautiful sculpture. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.... -
What Is a Suspicious-Looking Package, Anyway?
Posted: February 17th, 2012, 1:45pm CST
Tags: [edit]
Funny comic.... -
Self-Domestication in Bonobos and Other Animals
Posted: February 17th, 2012, 6:25am CST
Tags: [edit]
Self-domestication happens when the benefits of cooperation outweigh the costs: But why and how could natural selection tame the bonobo? One possible narrative begins about 2.5 million years ago, when the last common ancestor of bonobos and chimpanzees lived both north and south of the Zaire River, as did gorillas, their ecological rivals. A massive drought drove gorillas from the... -
Cryptanalysis of Satellite Phone Encryption Algorithms
Posted: February 16th, 2012, 12:22pm CST
Tags: [edit]
From the abstract of the paper: In this paper, we analyze the encryption systems used in the two existing (and competing) satphone standards, GMR-1 and GMR-2. The first main contribution is that we were able to completely reverse engineer the encryption algorithms employed. Both ciphers had not been publicly known previously. We describe the details of the recovery of the... -
Lousy Random Numbers Cause Insecure Public Keys
Posted: February 16th, 2012, 6:51am CST
Tags: [edit]
There's some excellent research (paper, news articles) surveying public keys in the wild. Basically, the researchers found that a small fraction of them (27,000 out of 7.1 million, or 0.38%) share a common factor and are inherently weak. The researchers can break those public keys, and anyone who duplicates their research can as well. The cause of this is almost... -
Dumb Risk of the Day
Posted: February 15th, 2012, 1:11pm CST
Tags: [edit]
Geotagged images of children: Joanne Kuzma of the University of Worcester, England, has analyzed photos that clearly show children's faces on the photo sharing site Flickr. She found that a significant proportion of those analyzed were geotagged and a large number of those were associated with 50 of the more expensive residential zip codes in the USA. The location information... -
The Sudafed Security Trade-Off
Posted: February 15th, 2012, 7:09am CST
Tags: [edit]
This writer wrestles with the costs and benefits of tighter controls on pseudoephedrine, a key chemical used to make methamphetamine: Now, personally, I sincerely doubt that the pharmaceutical industry has reliable estimates of how many of their purchasers actually have colds--or that they would share data indicating that half of their revenues came from meth cooks. But let's say this... -
SSL Traffic Analysis on Google Maps
Posted: February 14th, 2012, 12:36pm CST
Tags: [edit]
Interesting.... -
Trust Requires Transparency
Posted: February 14th, 2012, 7:12am CST
Tags: [edit]
Adam Shostack explains to VeriSign that trust requires transparency. This is a lesson Path should have learned.... -
Liars and Outliers Update
Posted: February 13th, 2012, 2:53pm CST
Tags: [edit]
Liars and Outliers is available. Amazon and Barnes & Noble have been shipping the book since the beginning of the month. Both the Kindle and the Nook versions are available for download. I have received 250 books myself. Everyone who read and commented on a draft will get a copy in the mail. And as of today, I have shipped... -
What Happens When the Court Demands You Decrypt a Document and You Forget the Key?
Posted: February 13th, 2012, 5:20am CST
Tags: [edit]
Last month, a U.S. court demanded that a defendent surrender the encryption key to a laptop so the police could examine it. Now it seems that she's forgotten the key. What happens now? It seems as if this excuse would always be available to someone who doesn't want the police to decrypt her files. On the other hand, it might... -
Friday Squid Blogging: Squid's Beard
Posted: February 10th, 2012, 4:04pm CST
Tags: [edit]
It's an acoustic bluegrass band. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.... -
Captchas
Posted: February 10th, 2012, 2:08pm CST
Tags: [edit]
Funny.... -
Securing iPads for Exams
Posted: February 10th, 2012, 6:21am CST
Tags: [edit]
Interesting blog post about locking down an iPad so students can take exams on them.... -
Security Implications of "Lower-Risk Aircraft"
Posted: February 9th, 2012, 6:10am CST
Tags: [edit]
Interesting paper: Paul J. Freitas (2012), "Passenger aviation security, risk management, and simple physics," Journal of Transportation Security. Abstract: Since the September 11, 2001 suicide hijacking attacks on the United States, preventing similar attacks from recurring has been perhaps the most important goal of aviation security. In addition to other measures, the US government has increased passenger screening requirements to... -
Solving the Underlying Economic Problem of Internet Piracy
Posted: February 8th, 2012, 6:46am CST
Tags: [edit]
This essay is definitely thinking along the correct directions.... -
Error Rates of Hand-Counted Voting Systems
Posted: February 7th, 2012, 5:53am CST
Tags: [edit]
The error rate for hand-counted ballots is about two percent. All voting systems have nonzero error rates. This doesn't surprise technologists, but does surprise the general public. There's a myth out there that elections are perfectly accurate, down to the single vote. They're not. If the vote is within a few percentage points, they're likely a statistical tie. (The problem,... -
The Failure of Two-Factor Authentication
Posted: February 6th, 2012, 1:23pm CST
Tags: [edit]
In 2005, I wrote an essay called "The Failure of Two-Factor Authentication," where I predicted that attackers would get around multi-factor authentication systems with tools that attack the transactions in real time: man-in-the-middle attacks and Trojan attacks against the client endpoint. This BBC article describes exactly that: After logging in to the bank's real site, account holders are being tricked... -
Friday Squid Blogging: Clothing that Keeps an Exercise Journal
Posted: February 3rd, 2012, 4:18pm CST
Tags: [edit]
It's called Squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.... -
The Problems of Too Much Information Sharing
Posted: February 3rd, 2012, 2:49pm CST
Tags: [edit]
Funny. Fake, but funny. Edited to add (2/3): The rest of the story.... -
VeriSign Hacked, Successfully and Repeatedly, in 2010
Posted: February 3rd, 2012, 10:49am CST
Tags: [edit]
Reuters discovered the information: The VeriSign attacks were revealed in a quarterly U.S. Securities and Exchange Commission filing in October that followed new guidelines on reporting security breaches to investors. It was the most striking disclosure to emerge in a review by Reuters of more than 2,000 documents mentioning breach risks since the SEC guidance was published. The company, unsurprisingly,... -
Prisons in the U.S.
Posted: February 2nd, 2012, 9:04am CST
Tags: [edit]
Really good article on the huge incarceration rate in the U.S., its causes, its effects, and its value: Over all, there are now more people under "correctional supervision" in America -- more than six million -- than were in the Gulag Archipelago under Stalin at its height. That city of the confined and the controlled, Lockuptown, is now the second... -
The Idaho Loophole
Posted: February 1st, 2012, 6:05am CST
Tags: [edit]
Brian C. Kalt (2005), "The Perfect Crime," Georgetown Law Journal, Vol. 93, No. 2. Abstract: This article argues that there is a 50-square-mile swath of Idaho in which one can commit felonies with impunity. This is because of the intersection of a poorly drafted statute with a clear but neglected constitutional provision: the Sixth Amendment's Vicinage Clause. Although lesser criminal...