Beautiful....

Excellent paper: "On Locational Privacy, and How to Avoid Losing it Forever." Some threats to locational privacy are overt: it's evident how cameras backed by face-recognition software could be misused to track people and record their movements. In this document, we're primarily concerned with threats to locational privacy that arise as a hidden side-effect of clearly useful location-based services. We...

Clever: For over three years the pair hacked into a Department of Transportation website called Safersys.org, which maintains a list of licensed interstate-trucking companies and brokers, according to an affidavit (.pdf) filed by a DOT investigator. There, they would temporarily change the contact information for a legitimate trucking company to an address and phone number under their control. The men...

Physical locks aren't very good. They keep the honest out, but any burglar worth his salt can pick the common door lock pretty quickly. It used to be that most people didn't know this. Sure, we all watched television criminals and private detectives pick locks with an ease only found on television and thought it realistic, but somehow we still...

August's Communications of the ACM has an interesting article: "An Ethics Code for U.S. Intelligence Officers," by former NSAers Brian Snow and Clint Brooks. The article is behind a paywall, but here's the code: Draft Statement of Ethics for the Intelligence Community Preamble: Intelligence work may present exceptional or unusual ethical dilemmas beyond those of ordinary life. Ethical thinking and...

There are several ways two people can divide a piece of cake in half. One way is to find someone impartial to do it for them. This works, but it requires another person. Another way is for one person to divide the piece, and the other person to complain (to the police, a judge, or his parents) if he doesn't...

Here's some complicated advice on securing passwords that -- I'll bet -- no one follows. DO use a password manager such as those reviewed by Scott Dunn in his Sept. 18, 2008, Insider Tips column. Although Scott focused on free programs, I really like CallPod's Keeper, a $15 utility that comes in Windows, Mac, and iPhone versions and allows you...

Contrary to my previous blog entry on the topic, Humboldt squid are really timid: Humboldt squid feed in surface waters at night, then retreat to great depths during daylight hours. "They spend the day 300 meters deep where oxygen levels are very low," Seibel said. "We wanted to know how they deal with so little oxygen." Seibel said that while...

Funny....

People have a natural intuition about risk, and in many ways it's very good. It fails at times due to a variety of cognitive biases, but for normal risks that people regularly encounter, it works surprisingly well: often better than we give it credit for. This struck me as I listened to yet another conference presenter complaining about security awareness...

A 1934 story from the International Herald Tribune: Dynamite Found On Track SPOKANE Discovery of a box of useless dynamite on the railway track two and a half miles southwest of this city led to special precautions being taken to guard the line over which President Roosevelt's train passed this morning [August 4] en route to Washington. Six deputy sheriffs...

Good essay: "When Security Gets in the Way." The numerous incidents of defeating security measures prompts my cynical slogan: The more secure you make something, the less secure it becomes. Why? Because when security gets in the way, sensible, well-meaning, dedicated people develop hacks and workarounds that defeat the security. Hence the prevalence of doors propped open by bricks and...

The New York Times has an editorial on regulating chemical plants: Since Sept. 11, 2001, experts have warned that an attack on a chemical plant could produce hundreds of thousands of deaths and injuries. Public safety and environmental advocates have fought for strong safety rules, but the chemical industry used its clout in Congress in 2006 to ensure that only...

Research that proves what we already knew: Crying Wolf: An Empirical Study of SSL Warning Effectiveness Abstract. Web users are shown an invalid certificate warning when their browser cannot validate the identity of the websites they are visiting. While these warnings often appear in benign situations, they can also signal a man-in-the-middle attack. We conducted a survey of over 400...

China is the world's most successful Internet censor. While the Great Firewall of China isn't perfect, it effectively limits information flowing in and out of the country. But now the Chinese government is taking things one step further. Under a requirement taking effect soon, every computer sold in China will have to contain the Green Dam Youth Escort software package....