Doug Bedell — September 19, 2014, 11:40 am

Surveillance Over Security: A Fateful Choice

Bruce Schneier is tired of electronic surveillance – he’s a security guy, and bemoans the fact that the NSA and its like have opened the world to pervasive eavesdropping.

“We have one infrastructure,” Schneier writes. “We can’t choose a world where the US gets to spy and the Chinese don’t. We get to choose a world where everyone can spy, or a world where no one can spy. We can be secure from everyone, or vulnerable to anyone. And I’m tired of us choosing surveillance over security.” He likely has lots of company.

Doug Bedell — September 16, 2014, 12:06 pm

Social Theory Behind Security

businessman finger pressing enter button

Time to get a little sociological in security terms. Want to get a sharper idea of who might be approaching your entry points? Maybe not, but maybe some methodology is worth considering. Like Social Identity Theory, as explained and promoted in this post on Homeland Security Watch.

Christopher Bellavita writes that “Two of my colleagues – David Brannan and Anders Strindberg – argue in their book A Practitioner’s Way Forward: Terrorism Analysis that terrorism research has been conducted without much attention to analytical rigor. They believe SIT can help provide that rigor.” So add some “rigor” to the protection of your gates.

Doug Bedell — September 11, 2014, 9:12 am

Keeping the Internet on the Same Basis for All

loading_170-1

Yesterday, you may have noticed, was “Internet Slowdown Day,” a day when prime Internet companies banded together to show what a slowed down Internet might be like if proposals to have different classes of Internet use – the end of “net neutrality” – prevail. May they not. Among its functions, the Internet is a key security tool and ought to remain available to users on the same “classless” basis that has brought it, and us all, this far.

Naked Security has an informative post on yesterday’s slowdown demonstration. We don’t need any more of them. The benefits of an equal access Internet are, as they say, self-evident.

Another, less enamored, view of net neutrality is presented by Joshua Steimle on Forbes.

Doug Bedell — September 8, 2014, 11:03 am

Strong Passwords a Security Must

password_manager_slideshow_01_full

The strength of Internet passwords is getting renewed attention, Bruce Schneier notes, because of the hacking of celebrity accounts on Apple’s iCloud servers. “The attack didn’t exploit a flaw in iCloud,” he writes, “the attack exploited weak passwords.”

Schneier, thereby, reenforces his longstanding advice to computer users: Rely on a well-regarded password manager to create and store your passwords. He’s been developing one himself, but there are others out there. Here, for instance, is Information Week’s listing of “10 Top Password Managers.” You can find more by Googling “password manager”. (The illustration shown above is from Information Week.)

Doug Bedell — September 5, 2014, 11:06 am

Our Vulnerable World’s Not a ‘PlayStation’

Gamepad

A barrier world friend of ours thinks there’s “Sure a lot of doom and gloom” in our posts and suggests, “Every now and then post a cute kitty photo for a little psychic relief.”  Well, there aren’t enough kitties to ward off the gloom when you see a post reporting that “Sony’s PlayStation Network was disabled by an online attack…”

“What often surfaces from the Internet’s underbelly,” says Yuri Kageyama of the Associated Press on In Homeland Security, “are acts that verge on pranks, and the culprits who get caught are the amateurs, such as a teenager in the Netherlands who tweeted a threat to an airline, saying she was part of al-Qaida and was planning to do ‘something really big.’” Sadly, there are those with bigger aims and capacities who may not get caught, at least in time.

Doug Bedell — September 3, 2014, 8:31 am

‘Electromagnetic’ Security Risks at Hand

09OLEMAttacksMaster-1408026393649

Time to start getting – and staying – jittery over the security of electronic networks. IEEE Spectrum advises that “a briefcase-size radio weapon could wreak havoc in our networked world.” “Electromagnetic (EM) attacks, it adds, “are not only possible – they are happening.”

“Our infrastructure increasingly depends on closely integrated, high-speed electronic systems operating at low internal voltages. That means they can be laid low by short, sharp pulses high in voltage but low in energy – output that can now be generated by a machine the size of a suitcase, batteries included.”

Doug Bedell — September 2, 2014, 3:31 pm

Possibly Hacked: Now It’s Home Depot

Another day, another hacking story. Krebs on Security reports that “Multiple banks say they are seeing evidence that Home Depot stores may be the source of a massive new batch of stolen credit and debit carts that went on sale this morning in the cybercrime underground.” Would that it isn’t so. But the current IT security scene, with all its good and bad guys, makes it all too possible.

Doug Bedell — August 29, 2014, 10:25 am

A World of Mounting Threats

Under pressure

Feeling uneasy in a world beset by security threats? Welcome to the worriers – the worrying is justified. Philip J. Palin discusses on Homeland Security Watch the vexation of a reality beset by random threats.  “Is there an epidemiology of evil?,” he asks, after listing todays depredations, both natural and man-made. “Is there a target-zero? Some sort of pump-handle to remove and thereby mitigate or prevent unnecessary death, injury and destruction?”

Perhaps, Palin says. But the reality is more a random one. “There are many more of us interacting in many more ways and our connections are increasingly interdependent. The potentialities are as logarithmic as the Richter. Reality is robustly random. Extremes are not anomalies, they ought to be expected. But they cannot be precisely predicted.

“Plenty of opportunities for October surprises.” Geez – enjoy the weekend.

Doug Bedell — August 27, 2014, 3:23 pm

Security With a Green Thumb

newplanting3

The folks at Advanced Perimeter Systems drove into their site recently and decided there was something missing – greenery! Yes, security protection needs to be effective, but it doesn’t need to be stark and lifeless. A little landscaping can help make well-protected sites livable as well.

“We knew where we could plant in such a way as to not interfere with the technology, but we didn’t know what to plant,” says an APS blog post. “So we set about making a plan.” The plan included help from a local landscaper, and the APS perimeter is now graced with a bit of greenery. Can’t but help a safe and secure image!

Doug Bedell — August 25, 2014, 10:52 am

Photo IDs Aren’t Assuredly Reliable

From Bruce Schneier, here’s something to remember if you rely on checking photo IDs as a security routine. Human perceptions are, of course, pretty much universal, but here’s the result of a test of face-matching passport checks in Australia. It was done by the Universities of Aberdeen, York and New South Wales to check the ability of Australian passport officers to match photos on a computer screen with the faces of people standing in front of their desks.

“It was found,” Schneier reports, “that on 15 percent of trials the officers decided that the photograph on their screen matched the face of the person standing in front of them, when in fact, the photograph showed an entirely different person.” Oh dear.