Posts Categorized: Bruce Schneier

The video is worth watching, even if you don’t speak German. The scanner caught a subject’s cell phone and Swiss Army knife — and the microphone he was wearing — but missed all the components to make a bomb that he hid on his body. Admittedly, he only faced the scanner from the front and… Read more »

Reproducing keys from distant and angled photographs: Abstract: The access control provided by a physical lock is based on the assumption that the information content of the corresponding key is private — that duplication should require either possession of the key or a priori knowledge of how it was cut. However, the ever-increasing capabilities and… Read more »

Back in 2005, I wrote about the failure of two-factor authentication to mitigate banking fraud: Here are two new active attacks we’re starting to see: Man-in-the-Middle attack. An attacker puts up a fake bank website and entices user to that website. User types in his password, and the attacker in turn uses it to access… Read more »

File deletion is all about control. This used to not be an issue. Your data was on your computer, and you decided when and how to delete a file. You could use the delete function if you didn’t care about whether the file could be recovered or not, and a file erase program — I… Read more »

Flash has the equivalent of cookies, and they’re hard to delete: Unlike traditional browser cookies, Flash cookies are relatively unknown to web users, and they are not controlled through the cookie privacy controls in a browser. That means even if a user thinks they have cleared their computer of tracking objects, they most likely have… Read more »

This is funny: Tips for Staying Safe OnlineAll citizens can follow a few simple guidelines to keep themselves safe in cyberspace. In doing so, they not only protect their personal information but also contribute to the security of cyberspace. Install anti-virus software, a firewall, and anti-spyware software to your computer, and update as necessary. Create… Read more »

There’s a new cryptanalytic attack on AES that is better than brute force: Abstract. In this paper we present two related-key attacks on the full AES. For AES-256 we show the first key recovery attack that works for all the keys and has complexity 2119, while the recent attack by Biryukov-Khovratovich-Nikolic works for a weak… Read more »

From the press release: Unlike existing computer forensics solutions, EnCase Portable runs on a USB drive, rather than a laptop, and enables the user to easily and rapidly boot a target computer to the USB drive, and run a pre-configured data search and collection job. The ease-of-use and ultra-portability of EnCase Portable creates exciting new… Read more »

One of the risks of using a commercial OS for embedded systems like ATM machines: it’s easier to write malware against it: The report does not detail how the ATMs are infected, but it seems likely that the malware is encoded on a card that can be inserted in an ATM card reader to mount… Read more »

I’m selling my laptop on eBay. It’s basically new, although the box has been opened. I wanted to downgrade the OS, but learned that one of the key drivers — it controls the camera and the hibernate function — was only available for Vista. So it’s up for sale, at a good price. ETA: It’s… Read more »