Look at this a global dashboard on botnets!
Tag: security
Bruce at INFOSec Europe
I was lucky enough to listen to Bruce Schneier speaking at INFOSec Europe on Wednesday last week. He spoke about the mismatch between ‘security’ and ‘feelings’. In that often how we feel does not equate to the reality. For example at the airports they remove liquids during the security check, it makes us feel more secure, but in reality doesn’t make much -if any- difference to how secure we actually are. In effect we make security trade-offs based upon how safe we feel. The ability to make this trade-off accurately is can be distorted by media hype. The fact is the ‘feeling’ comes from the instinctive part of our brain, and the ability to be able to rationalize distinguishes us from animals as human beings.
This brings us onto ‘models’. You know society models that we have grown up with and accepted as fact. Models are created by human beings and are based on facts. These facts can actually become an integrital part of how we feel. For example one model created by the tobacco companies in former times was that smoking was healthy, this model has changed over the last 30 years to the converse. Changing this model took time, and was painful for many, especially the tobacco companies 🙂
The unknown is scarey, and it seems to be we have a tendency to overestimate the impact of involuntary risks (e.g. earthquakes, airplane crashes), and to the converse, underestimate voluntary risks (e.g. smoking that is a choice).
Security Theatre (snake oil) is the name given to those products that make you feel more secure, even though in reality they don’t do anything. Although we need these sometimes. One example in the US was the introduction of the safety cap on over-the-counter drugs. There was an incident whereby one bottle became contaminated by some (mentally sick) person. The consequence was a death. This type of incident happening is extremely rare, however over-the-counter drugs would have never made it further without the introduction of the safety cap as consumer confidence had been lost.
So to summerise: the most successful security products manipulate ‘models’ and ‘feelings’ even though they may not necessarily match ‘reality’.
All for a bar of chocolate…..
Having just got back from INFOSec Europe myself, I was intrigued to find this bogus survey carried out again, it was just an exercise of social engineering. So here we are a chocolate bar in exchange for your password, and just for good measure we shared our personal details, you know there was a draw, enticement was the chance of a big prize. The ladies came out quite badly in this survey, seems that we value chocolate more then our passwords. We -the fairer sex- really need to do better next year…..
Are you a patient at the University of Miami?
Just look at what popped up in my mailbox this morning!
An article stating that computer tapes containing confidential information of 2.1 million University of Miami patients was stolen last month when thieves took a case out of a van used by a private off-site storage company…
” Anyone who has been a patient of a University of Miami physician or visited a UM facility since Jan. 1, 1999, is likely included on the tapes,” the university said in a news release. “The data included names, addresses, Social Security numbers or health information. The university will be notifying by mail the 47,000 patients whose data may have included credit card or other financial information regarding bill payment.”
I wonder what sort of sensitive data disclosures will be in the news once databases of these hospitals are connected up?
New passport RFID hack
Security researchers say they’ve found a way to crack the encryption used to protect a widely-used smartcard in a matter of minutes, making it possible for them to quickly and cheaply clone the cards that are used to secure office buildings and automate the collection of mass transportation fares.
The attack works against the Mifare Classic, a wireless card made by Netherlands-based NXP Semiconductors. It is used by transit operators in London, Boston and the Netherlands and by organizations in the public and private sectors to control access to sensitive areas, according to Karsten Nohl, a PhD candidate at the University of Virginia and one of the cryptographers who discovered the weakness. NXP says it’s sold 1 billion to 2 billion of the cards.
Schneier has a post on this. Here is the research paper that describes this flaw.
Thanks to Jakob Peter for sending me this paper!
Facial recognition for driving licenses
After a driver sits for a photo at the Illinois Secretary of State office to renew a license, officials use facial-recognition technology to give the resulting image a close look.
First, state officials verify that the face matches the images portrayed on previous licenses issued under the driver’s name. The second, more extensive run-through determines if the same face appears on other Illinois driver’s licenses with different names.
Since starting the program in 1999, the state has uncovered more than 5,000 cases of multiple identity fraud, said Beth Langen, policy and program division administrator at the Illinois Secretary of State office. The state pays Digimarc Corp. about 25 cents per license for the service, she said. Read more…
Encrypted government data sold on eBay
oh oh oh, just take a look at this. OK the title to this post is a bit misleading, but still encryped disk in laptop only discovered when taken for a repair and bought on eBay. Confidential government data!
Get Safe Online
I like this Get Safe Online. Gives some pretty good simple practical advice for all of us online and with PCs in our home.
Oppsadaisy……
Two computer discs holding the personal details of all families in the UK with a child under 16 have gone missing. Read more….
What about a synthetic identity for a change?
What about something new? Synthetic identity theft, although I would call it just an evolution on the original ‘identity theft’ scam. I still can’t convince myself that it should be called ‘identity theft’ at all. After all to steal something is never to give it back (at least in British legislation), with identity theft your identity is just borrowed, isn’t it? Identity fraud as coined by Jim Harper (i think ;-)) is much more accurate.