Bruce Schneier is an internationally renowned security technologist and author. Described by The Economist as a "security guru," Schneier is best known as a refreshingly candid and lucid security critic and commentator. When people want to know how security really works, they turn to Schneier.
His first bestseller, Applied Cryptography , explained how the arcane science of secret codes actually works, and was described by Wired as "the book the National Security Agency wanted never to be published." His book on computer and network security, Secrets and Lies , was called by Fortune "[a] jewel box of little surprises you can actually use." His current book, Beyond Fear , tackles the problems of security from the small to the large: personal safety, crime, corporate security, national security.
Schneier also publishes a free monthly newsletter, Crypto-Gram , with over 100,000 readers. In its seven years of regular publication, Crypto-Gram has become one of the most widely read forums for free-wheeling discussions, pointed critiques, and serious debate about security. As head curmudgeon at the table, Schneier explains, debunks, and draws lessons from security stories that make the news. Regularly quoted in the media, Schneier has written op ed pieces for several major newspapers, and has testified on security before the United States Congress on many occasions.
The VeriSign attacks were revealed in a quarterly U.S. Securities and Exchange Commission filing in October that followed new guidelines on reporting security breaches to investors. It was the most striking disclosure to emerge in a review by Reuters of more than 2,000 documents mentioning breach risks since the SEC guidance was published.
The company, unsurprisingly, is saying nothing.
VeriSign declined multiple interview requests, and senior employees said privately that they had not been given any more details than were in the filing. One said it was impossible to tell if the breach was the result of a concerted effort by a national power, though that was a possibility. "It's an ugly, slim sliver of facts. It's not enough," he said.
The problem for all of us, naturally, is if the certificate system was hacked, allowing the bad guys to forge certificates. (This has, of course, happenedbefore.)
Are we finally ready to accept that the certificate system is completely broken?
Really good article on the huge incarceration rate in the U.S., its causes, its effects, and its value:
Over all, there are now more people under "correctional supervision" in America -- more than six million -- than were in the Gulag Archipelago under Stalin at its height. That city of the confined and the controlled, Lockuptown, is now the second largest in the United States.
The accelerating rate of incarceration over the past few decades is just as startling as the number of people jailed: in 1980, there were about two hundred and twenty people incarcerated for every hundred thousand Americans; by 2010, the number had more than tripled, to seven hundred and thirty-one. No other country even approaches that. In the past two decades, the money that states spend on prisons has risen at six times the rate of spending on higher education.
[...]
The trouble with the Bill of Rights, he argues, is that it emphasizes process and procedure rather than principles. The Declaration of the Rights of Man says, Be just! The Bill of Rights says, Be fair! Instead of announcing general principles -- no one should be accused of something that wasn't a crime when he did it; cruel punishments are always wrong; the goal of justice is, above all, that justice be done -- it talks procedurally. You can't search someone without a reason; you can't accuse him without allowing him to see the evidence; and so on. This emphasis, Stuntz thinks, has led to the current mess, where accused criminals get laboriously articulated protection against procedural errors and no protection at all against outrageous and obvious violations of simple justice. You can get off if the cops looked in the wrong car with the wrong warrant when they found your joint, but you have no recourse if owning the joint gets you locked up for life. You may be spared the death penalty if you can show a problem with your appointed defender, but it is much harder if there is merely enormous accumulated evidence that you weren't guilty in the first place and the jury got it wrong. Even clauses that Americans are taught to revere are, Stuntz maintains, unworthy of reverence: the ban on "cruel and unusual punishment" was designed to protect cruel punishments -- flogging and branding -- that were not at that time unusual.
The author mentions the rise of for-profit businesses increasingly running prisons in the U.S., but I don't think he makes the point strongly enough. There is now a corporate interest in the U.S. lobbying for such things as mandatory minimum sentencing.
Brian C. Kalt (2005), "The Perfect Crime," Georgetown Law Journal, Vol. 93, No. 2.
Abstract:
This article argues that there is a 50-square-mile swath of Idaho in which one can commit felonies with impunity. This is because of the intersection of a poorly drafted statute with a clear but neglected constitutional provision: the Sixth Amendment's Vicinage Clause. Although lesser criminal charges and civil liability still loom, the remaining possibility of criminals going free over a needless technical failure by Congress is difficult to stomach. No criminal defendant has ever broached the subject, let alone faced the numerous (though unconvincing) counterarguments. This shows that vicinage is not taken seriously by lawyers or judges. Still, Congress should close the Idaho loophole, not pretend it does not exist.
Screener confiscates them anyway, because of their "material and appearance."
Because they're not actually a threat, screener leaves them at the checkpoint.
Everyone forgets about them.
Six hours later, the next shift of TSA screeners notices the pipes and -- not being able to explain how they got there and, presumably, because of their "material and appearance" -- calls the police bomb squad to remove the pipes.
TSA does not evacuate the airport, or even close the checkpoint, because -- well, we don't know why.
Some errors in forensic science may be the result of the biases of the examiners:
Though they cannot prove it, Dr Dror and Dr Hampikian suspect the difference in contextual information given to the examiners was the cause of the different results. The original pair may have subliminally interpreted ambiguous information in a way helpful to the prosecution, even though they did not consciously realise what they were doing.
[...]
This one example does not prove the existence of a systematic problem. But it does point to a sloppy approach to science. According to Norah Rudin, a forensic-DNA consultant in Mountain View, California, forensic scientists are beginning to accept that cognitive bias exists, but there is still a lot of resistance to the idea, because examiners take the criticism personally and feel they are being accused of doing bad science. According to Dr Rudin, the attitude that cognitive bias can somehow be willed away, by education, training or good intentions, is still pervasive.
Complete list of Bloggers featured by Compliance and Privacy:
Please note: Blogs contain items that are the responsibility of the author and are presented "as is" with no endorsement from, nor editing by, nor approval from complianceandprivacy.com. The copyright owner for the blog items is that of the originator of the item. Each blog item is reproduced from the relevant feed from the originating blog, either in full or in part as that feed itself determines. All blog item header links lead directly to those items on the original blog. Blogs are dynamic. We offer them in good faith, but, where the content is outside our control we cannot be responsible for their errors, omissions or other conduct. Some of the links on this page remain on this site, others go to other sites; that is the nature of a blog. When you leave this site you are encouraged to be aware of the privacy policy of the new site before leaving personal data there.
This site is independent of all its sources
The contents of the site are sourced from across the industry. All copyrights are acknowledged.
Bruce Schneier is an internationally renowned security technologist and author. Described by The Economist as a "security guru," Schneier is best known as a refreshingly candid and lucid security critic and commentator. When people want to know how security really works, they turn to Schneier. 