Schneier was allowed to board his plane with little difficulty, even though the airline had no idea who he was. In so doing, Schneier demonstrated why the so-called “No Fly” list—the backbone of the airport security system—is, as he puts it, “a complete waste of time.” There’s more in this article.
Tag: security
Report on Data breaches in the UK
In the wake of massive data breaches at businesses, educational institutions and medical facilities, consumers are modifying their purchasing behaviour, including online buying, out of concern for the security of their personal information, according to the 2007 Consumer Survey on Data Security.
The survey from Vontu, a Data Loss Prevention solutions firm, and the Ponemon Institute, a privacy and information management researcher, found that 62% of respondents have been notified that their confidential data has been lost.
A new biometric – vein pattern recognition
Just came across this: vein pattern recognition as a form of biometric authentication… much more reliable than finger-print biometrics according to the article linked into Bruce’s blog.
How do you get a password out of an IRS agent? Just ask:
lol, look what I found on Bruce Schneier’s blog!
Sixty-one of the 102 people who got the test calls, including managers and a contractor, complied with a request that the employee provide his or her user name and temporarily change his or her password to one the caller suggested, according to the Treasury Inspector General for Tax Administration, an office that does oversight of Internal Revenue Service.
Airport security and KISS
So you thought airport security was getting better? Here is some thoughts from a US pilot who says that the airport administration just don’t listen to those on the job. Practical advice that doesn’t cost the earth, Keep it Simple, Stupid (KISS).
Interesting reading. I found through Bruce Schneier’s blog.
250,000 customer names of Astroglide go public!
Opps, I hope you are not one of the unlucky 250,000 who bought a popular sexual lubricant between 2003-7 called Astroglide? Seems that a Californian company exposed these names and addresses and Google ‘in good form’ indexed them all!
Results are that a search on an individual’s name now reveals that person’s home address and the product they requested or ordered….. nice 😉
There is much more information on this ‘slip’ on privacy on the Wired Blog Network!
SOA approach to manage Identity
You know I joined HP only 6 months ago and before that worked for Novell for 6 years. I have only in the last couple of weeks started to appreciate the beauty of HP’s identity offering. It is quite revolutionary as it is SOA integrated. This means that nothing is bolted on, e.g. workflow, RBAC, that the other traditional X.500 directory vendors are having to do today in order to meet the strong requirements for regulatory compliance. HP’s Select Identity is a Service Orientated architecture.
With many years experience with directories, I am a hardened X.500 expert, so was quite shocked when I first looked at the HP products for identity management. However, now I’ve got it! It is extremely cool. It reminds me of what Novell did about 15 years ago when they turned the ‘bindery’ login (NetWare) into a directory login (with NDS), was quite revolutionary at that time and didn’t take off to start with because people just didn’t get it. Of course once people did ‘get it’ other vendors jumped on the X.500 bandwagon too include MS with AD. Anyone wishing to dispute which was the first x.500 directory vendor on the market -maybe it was Sun with their LDAP directory?.. you are welcome to comment 😉
If you will be at InfoSec Europe next week be sure to visit the HP stand and ask them about their identity offering. You maybe surprised to find that HP has become such a key player in identity management over the last couple of years. That is why they employed me!
Death By 1000 Cutts Case Study
Take a look at this really well described hack on one user -Matt Cutts the search guru behind Google- that I found on ha.ckers.org.
WoW players are being targeted by hackers….
….exploiting flaws in how Windows handles animated cursors. Are you a World of Warcraft player? Microsoft has issued a patch for the flaw early to combat the rising number of attacks.