Autoturning headlights
We just bought a new car, and it has headlights that turn to the left or the right when the steering wheel has turned in that direction. It's a pretty neat feature, although I discovered an interesting...
View ArticleDisclosure Laws
At a conference recently, one of the panelists asserted that the California Disclosure Law (SB-1386) was the worst information security law in memory. I disagree. I think it is the best regulation...
View ArticleFalse Positives
Driving in to work this morning, I discovered a wonderful failure mode of an alerting system. My car has a weight sensor in the passenger seat; if it detects a possible passenger in the seat, without a...
View ArticleInfosec - Failing or Succeeding?
Noam Eppel at Vivica asserts that Information Security is a total failure:Today we have forth and fifth generation firewalls, behavior-based anti-malware software, host and network intrusion detection...
View ArticleInvisibility Cloak
Invisibility gets closer.It's a cool concept. But once the price comes down, this is one of those potentially disruptive technologies (it reminds me a lot of Shield, by Poul Anderson). I think there...
View ArticlePseudonymity
Pseudonymity, for those new to it, is the use of a semi-permanent, but incomplete or false identity. For instance, in many online communities, I'll just go by my first name, with a specific Gmail...
View ArticleSledgehammers
How do you perfectly secure data on a system? The hard drive should be encrypted, of course. Logging onto the system should use a one time password, as well as an asymmetric identifier. You put the...
View ArticleThe enemy's gate is down
In hi-tech business, it's worth tracking the money to look at where the future of our technologies will take us. And often, you can at least look at where VCs are thinking about their money:Mark...
View ArticleUsenix Security Symposium
The first week of August, you'll find the USENIX security symposium in Vancouver. The invited talks this year look great, but I'm not sure I'll be able to make it. If you go, don't miss Matt Blaze's...
View ArticleZipcar
Zipcar just showed up in the new parking garage at work. Interesting to note that they've now added the Scions (xA and XB), Element, and Matrix to their line-up.I assume that means they're seeing...
View ArticleSocial Engineering Self-training
Most security systems have the annoying side effect that increasing attack volumes can degrade them, usually through tuning of defenses, or desensitization (Yes, this is a generalization). Social...
View ArticlePolicy and Practice - a Talmudic distinction
It's hip, of course, to be able to use Talmudic in a description of regulatory environment - but this is actually going to use the Talmud as a source. Policy is what we write down; practice is what we...
View ArticlePhishing
We're all so paranoid about phishing, but it seems like we only really care about banking. I wonder, if the banking industry ever gets its game on, if identity thieves will start going after other...
View ArticleSecurity and Obscurity
Everyone has heard the mantra, "Security through obscurity is no security at all." I hope that people remember where it came from - when companies were announcing proprietary cryptographic algorithms,...
View ArticleSanitization vs. crypto
Bruce Schneier opines on NIST's proposed non-use of encryption as sanitization:Encryption is not a generally accepted means of sanitization. The increasing power of computers decreases the time needed...
View ArticleEmbedded bluetooth systems
I have a bluetooth handsfree device, which occasionally gets into an annoying error mode, where my phone thinks the device is connected, and the device disagrees. Modifications to the phone's state -...
View ArticleThe Problem with Password Unmasking
I disagree with this:It's time to show most passwords in clear text as users type them. Providing feedback and visualizing the system's status have always been among the most basic usability...
View ArticleSecurity and hairdressing
I've become an amateur hairdresser in the past couple of years, thanks to my three year old (I suspect that, had I been unwilling to do so, her hair would be quite short right now). Along the way, I've...
View ArticleCompliance, Security, and the relations therein
Last week, Anton Chuvakin shared his latest in the "compliance is not security" discussion:Blabbing "compliance does not equal security" is a secret rite of passage into the League of High Priests of...
View ArticleH1N1 and telework
The nervousness around H1N1 has pretty much permeated every aspect of our lives. Remember a year or two ago, the hysteria around hand sanitizers and alcohol poisoning? Gone; in its place, we have...
View Article
More Pages to Explore .....