The embargo has been lifted on the newest research on growing internet infrastructure insecurity. Using an army of Playstations, researchers have managed to forge a RapidSSL (owned by Verisign) CA certificate in a couple hours due to known flaws in MD5.
The National Security Agency is building a data center in San Antonio that’s the size of the Alamodome. Microsoft has opened an 11-acre data center a few miles away. Coincidence? Not according to author James Bamford, who probably knows more about the NSA than any outsider. Bamford's new book reports that the biggest U.S. spy agency wanted assurances that Microsoft would be in San Antonio before it moved ahead with the Texas Cryptology Center. Bamford notes that under current law, the NSA could legally tap into Microsoft’s data without a court order. Whatever you do, don't take pictures of it the spy building unless you want to be taken in for questioning.
Culture Of Fear. An interesting look at the security concerns National Football League players harbour in the wake of the death of Sean Taylor, who was robbed and shot within his own home. Previously. [more inside]
Trolling the Head of the TSA: Bruce Schneier [previously], consummate voice of sanity on all issues of security, co-authors an article in The Atlantic [previously] demonstrating how weak and ultimately pointless most of the new security practices put in place at airports since 9/11 are by, among other things, boarding airplanes with large amounts of liquid, using fake boarding passes he printed off his computer, and wearing an "I <3 Hezbollah" t-shirt. TSA head Kip Hawley then responds on the TSA's blog. Schneier then responds to the response on his blog. Hawley then leaves a comment to that post. Schneier fires back again in his monthly newsletter. Quite an interesting and intelligent debate, despite both men humorously falling victim to the idioms of the medium and getting increasingly snarky with each passing post. [via this month's crypto-gram, a good read all the way around.]
The latest paper-based video from the folks at Common Craft. This video explains the ins and outs of phishing scams. Show it to your less web-savvy brethren.
The Things He Carried. "Airport security in America is a sham—'security theater' designed to make travelers feel better and catch stupid terrorists. Smart ones can get through security with fake boarding passes and all manner of prohibited items—as our correspondent did with ease."
Psych Securities LLC. "With future forecasts declaring ultimate doom from all components of the man-altered world, it seems there is a clog in the conduit of information transmitted between those in control and the public at large. Black Ops, psychological torture, acoustic weapons, Project Starfire, and a multitude of other state sponsored programs exist, well-hidden in plain sight, shrouded in a stigma of conspiracy and diluting any significant public inquiry. Psych Securities LLC is an ongoing exploration of this aforementioned covert reality, most clearly seen while in an alternative psychological state. By compiling declassified documents, historical narratives, and psychedelic conjecture, a visual world is pieced together; undermining strategies of deception and concealed truths." [Via]
Clear passenger data stolen. A unencrypted laptop with the personal data, including name, address, SSi number, passport number, date of birth, etc. of every one of the 33,000+ users of the the Clear system has been stolen. The Clear system allows travelers who register and pay an annual fee to bypass airport security lines by using a smart card in some airports. TSA has suspended new registrations until Verified Identity Pass, Inc., a subsidiary of GE, figures out how to install PGP. VIP is the only private contractor allowed to register users to the Clear system. Via
The Department of Homeland Security has expressed interest [PDFs] in forcing all commercial airline passengers to wear a taser bracelet that can be used to incapacitate anyone on an airline. This video, from the company that will produce the bracelets, explains how the bracelet would be put on the passenger at the point that they clear security, and would not be removed until they leave secure areas. It would take the place of boarding passes, carry personal and biometric information about the passengers, track and monitor every passenger via GPS and shock the wearer on command, immobilizing him or her for several minutes. DHS official, Paul S. Ruwaldt of the Science and Technology Directorate, office of Research and Development is also excited about the possiblility of using it as an interrogation tool at airports. Ah freedom, who knew it smelled like burning flesh?
Scanners that see through clothing installed in US airports. Good news! No more testing. Time to roll these puppies out. It's OK though, seriously guys. See we're gonna blur the faces when we look at their sexual organs, so everything's cool. K? Prev.
Theives bypassed all security systems by simply posing as the security company on the phone These days as a robber dealing with high-tech security systems it seems that it's not about being a hacker or having loads of money to pull off a heist, its about making a phone call, having bear spray, and waiting for a guard to go on smoke break. [more inside]
The AI-Box Experiments. The hypothesis: "A transhuman can take over a human mind through a text-only terminal." Does Artifical Intelligence create moral monsters (PDF) ? Can we create friendly AI?
On May 13, security advisories published by Debian and Ubuntu revealed that, for over a year, their OpenSSL libraries have had a major flaw in their CSPRNG, which is used by key generation functions in many widely-used applications, which caused the "random" numbers produced to be extremely predictable. [lolcat summary] [more inside]
"The United States Lacks a Comprehensive Plan to Destroy the Terrorist Threat and Close the Safe Haven in Pakistan's Federally Administered Tribal Areas" (PDF). A recent GAO report claims that the Bush administration has failed to prevent Al Qaeda's reemergence in Pakistan, and that we're basically right back where we started in 2001.
The Governmental Printing Office prints all United States passports but they decided that it was time to outsource part of the work. They claim it is secure [pdf].
NECs new biometric security cam will guess your age, gender, (and it would be nice if it could size you up according to how you dress).
NEC plans to market a system later this year that can derive someone's gender and age from images captured with a camera "The system compares the photo against a database of several thousand faces to figure gender and age based on such factors as facial shape and wrinkles. " According to Nikkei Weekly 01/28/2008 Edition. Link goes to Ubergizmo. "It's called FieldAnalyst and it's from NEC. The system homes in on faces of people who pass by the video camera. It then rapidly compares the image against samples in a database. It then spits out what it believes is your approximate age is and your gender." .."NEC scientists may next try to add clothing as a characteristic and classify people by whether they wear a suit or a T-shirt." more here
Two years ago, then NSA-chief Gen. Michael Hayden said its domestic surveillance program was "not a driftnet over Lackawanna or Fremont or Dearborn, grabbing all communications and then sifting them out." Today, a story in the Wall Street Journal alleges this is precisely what is happening. Total Information Awareness seems to not have died, but to have just been quietly absorbed into the NSA's already extensive surveillance apparatus, all without the hassle of any kind of transparency or oversight.
ACLU Watch List Counter: U.S. Terror List Now Exceeds 900,000 Names. That's an awful lot of terrorists. More Privacy and Surveillance Filter: Bruce Schneier on The Myth of the 'Transparent Society', Glenn Greenwald on The Banality of the Surveillance State, and Stephen Colbert on AT & Treason. [more inside]
"The Billboard Liberation Front today announced a major new advertising improvement campaign executed on behalf of clients AT&T and the National Security Agency. Focusing on billboards in the San Francisco area, this improvement action is designed to promote and celebrate the innovative collaboration of these two global communications giants." [Via Threat Level.]
Ready, kids! Unsatisfied with your kids slow adoption of very important homeland security adjustments? Buy them the Playmobil Security Check Point! How does this stack up against increased TSA checks of toys?
"SurveillanceSaver is an OS X screensaver that shows live images of over 400 network surveillance cameras worldwide." There is also a Windows version. Or check out the camera feeds without installing a screensaver (here are the feeds from Axis network cameras, for example). [Via.]
The Anonymity Experiment. Is it possible to hide in plain sight? Privacy-minded people have long warned of a world in which an individual’s every action leaves a trace, in which corporations and governments can peer at will into your life with a few keystrokes on a computer. Now one of the people in charge of information-gathering for the U.S. government says, essentially, that such a world has arrived.
The president of The University of Texas at Brownsville has refused to sign a right of entry request granting access to surveyors planning the U.S./Mexico border fence. This comes shortly after Cameron County landowners were forced to allow the government access to their land. Meanwhile, landowners in Hidalgo County are filing the next wave of lawsuits.
Odyssey of State Capitols and State Suspicion. "The story behind an exhibition: postcards, designs, photography, travels, history, stamps and law enforcement." [Via BB.]
Online communities to become more 'all-encompassing.' If you join the SHC community on Sears.com, all web traffic to and from your computer thereafter will be copied and sent to a third party marketing research firm - including, for example, your secure sessions with your bank! The Sears.com proxy will send your logins and passwords along with a cleartext copy of all the supposedly secure data. But wait, it gets better: you can only view the true TOS once the proxy has already been installed. [more inside]
Heckuva Job DHS! 5 Years of Corporate Cronyism. CREW and Brave New Foundation have joined forces to create this video and a report, Homeland Security for Sale, documenting five years of waste, fraud and abuse at the Department of Homeland Security. [Via Think Progress.]
This is an ironic tale of the consequences of inept application of cryptographic tools. Or is it? Dan Egerstad, a Swedish hacker, gained access to hundreds of computer network accounts around the world, belonging to various embassies, corporations and other organizations. How did he do it? Very easily: by sniffing exit traffic on his Tor nodes. [more inside]
The TSA wants you to know, dear American, that if you don't pack your bags neatly, the terrorists have already won. This busiest Thanksgiving travel week ever, why not Simplifly? [more inside]
Throw the tourist from the train. Ejected from a train for refusing to stop taking pictures from the train. Well, for not stopping anyway; the refusing part is unclear. The nation is now secure.
When Ron Paul email spam started hitting inboxes in late October, UAB Computer Forensics Directory Gary Warner published findings on the spam's textual patterns and the illicit botnet used to spread it -- findings which were picked up by media outlets and tech websites like Salon, Ars Technica, and Wired Magazine's "Threat Level" blog, the latter in a set of followup posts by writer Sarah Stirland: 1, 2, 3. [more inside]
Say hello to the newest police method for human identification: iris scanning. The Alameda County Sheriff's Office is preparing to become the first public agency in the Bay Area to scan the irises of convicted sex offenders.
If Bruce Schneier, the expert voice of security moderation, is "worried" than so am I. Since the beginning of the year Storm, an advanced, distributed worm network has been growing quietly as its authors tweak its social engineering attack. Now it seems that it is in place and waiting. Schneier's article. Digital Intelligence and Strategic Operations Group has been monitoring Storm for a year. OWL.
Attention Scum! You can now catch Simon Munnery's occasionally brilliant comedy series on YouTube. If you only have three minutes to spare then make do with this fuzzy three minute clip of The Security Guard. If video is not your thing then you can enjoy Munnery's superb articles here (you could start with this one). Finally, you could treat yourself to his book How To Live which contains large chunks of all the above.
The U.S. Department of Homeland Security is proposing new rules regarding passenger pre-screening both domestically and internationally. Interestingly, this includes flights that overfly the continental US without ever touching the ground. [more inside]
This is what happens when paranoia overwhelms common sense. A high school in NY state banned backpacks and bags from the student body. The whole situation reached a critical mass when a security guard pulled a young woman out of class because she had a small purse. He asked her if she was on her period. Way to humiliate teenagers. [more inside]
Because water is a basic need for all life and good health, access to enough safe water, or water security, is defined as a human right by international law. [mostly pdfs]
Homeland Insecurity. "What happened to the recommendations of the 9/11 Commission, which Democratic leaders promised to make one of their top legislative priorities? What are the most deadly potential terrorist targets no one talks about—and who's lobbying against securing them? What's the one measure that could improve our chances of preventing an attack—without costing a penny? Why are the 2008 presidential candidates—Republicans and Democrats alike—nowhere on this issue? In this seven-part series Mother Jones' senior correspondent James Ridgeway examines how the government has let homeland security languish since September 11, 2001, with dire consequences."
What's the Big Secret? Four surveillance experts try to figure out what the NSA's superclassified wiretapping program really is (hint: it may have something to do with the filters). They don't seem to realize that this kind of reckless public discussion means some Americans are going to die. [Via Threat Level.]
Traditionally, media doesn't print names/photos of people only accused, but not yet convicted, but not always. Lots of towns have a police blotter section where arrests are listed. Here in Seattle, the FBI recently asked the public for help in identifying two men seen acting suspicious on the ferry system. The Seattle PI has decided not to publish the photos. Other local media have. The commentary on if the PI made the right choice follows predictable paths...
I now know what to do in case I ever got stuck on an airplane that's not going anywhere- organize and stage a revolt, like the passengers of Continental flight 1669.
To Catch a Reporter. NBC Dateline producer Michelle Madigan tries to go undercover at the DefCon 14 security convention - and bites off more than she can chew. Having been alerted to her presence days before the event, DefCon staff baits the trap with a fake “Spot the Fed” contest. Once she is seated, DefCon organizer Jeff Moss suggests they play “Spot the Undercover Reporter” instead. Knowing the gig’s up, Madigan bolts – and a comical parking lot chase ensues. (Not a good week for Dateline NBC – its producers are being sued for bribing local law-enforcement officials to help them arrange their stings.)
The American Society of Civil Engineers (ASCE) published their latest Infrastructure Report Card in 2005. America's infrastructure got a D. The ASCE estimate that it will cost $1.6 trillion over a five-year period to bring the nation's infrastructure to good condition. They also have a Critical Infrastructure blog. [Via Gristmill.]
How Ohio lost 800,000 Social Security numbers. The Inspector General identified Jared Ilovar as "a 22-year-old, $10.50-an-hour employee" hired just three months earlier, who received his assignment from…another intern. The intern reported to a $125-an-hour consultant, who reported to another $200-an-hour consultant… too bad for Ohio that Jared decided to speak out.
Conversation with Kip Hawley, TSA Administrator (Part 1) Part one of five, Bruce Schneier chats it up with Kip, TSA Administrator. The TSA and airport security have long been hot topics on Metafilter; here is a chance to read some hard questions put to the man himself and his answers.
The Sergeant at Arms of the US Senate, as chief law enforcement officer of the "greatest deliberative body in the world", wears many hats. Capitol security, IT support and network security, telecommunications, videography and photography, human resources, getter of you out of bed and dragger of your ass to work, and house mother for the occasional slumber party.