Posts Categorized: Bruce Schneier

I am optimistic about President Obama’s new cybersecurity policy and the appointment of a new “cybersecurity coordinator,” though much depends on the details. What we do know is that the threats are real, from identity theft to Chinese hacking to cyberwar. His principles were all welcome — securing government networks, coordinating responses, working to secure… Read more »

Research: Hiding Information in Retransmissions Wojciech Mazurczyk, Milosz Smolarczyk, Krzysztof Szczypiorski The paper presents a new steganographic method called RSTEG (Retransmission Steganography), which is intended for a broad class of protocols that utilises retransmission mechanisms. The main innovation of RSTEG is to not acknowledge a successfully received packet in order to intentionally invoke retransmission. The… Read more »

At least, according to a Wisconsin appeals court ruling: As the law currently stands, the court said police can mount GPS on cars to track people without violating their constitutional rights — even if the drivers aren’t suspects. Officers do not need to get warrants beforehand because GPS tracking does not involve a search or… Read more »

Here’s a tip: when walking around in public with secret government documents, put them in an envelope. A huge MI5 and police counterterrorist operation against al-Qaeda suspects had to be brought forward at short notice last night after Scotland Yard’s counter-terrorism chief accidentally revealed a briefing document. […] The operation was nearly blown when Assistant… Read more »

Fascinating history of an illegal industry: Today’s schemes are technologically very demanding and extremely complex. It starts with the renting of computer servers in several countries. First the Carders are active to obtain the credit cards and client identities wrongfully. These data are then passed to the falsifiers who manufacture wonderful official documents so that… Read more »

Here’s a clever attack, exploiting relative delays in eBay, PayPal, and UPS shipping: The buyer reported the item as “destroyed” and demanded and got a refund from Paypal. When the buyer shipped it back to Chad and he opened it, he found there was nothing wrong with it — except that the scammer had removed… Read more »

Here is the original post by Bruce Schneier (the source text of my translation): Here’s an analysis of 30,000 passwords from phpbb.com, similar to my analysis of 34,000 MySpace passwords: The striking different between the two incidents is that the phpbb passwords are simpler. MySpace requires that passwords “must be between 6 and 10 characters,… Read more »

Here is the original post by Bruce Schneier (the source text of my translation): It’s a tough security trade-off. Guests lose their hotel room keys, and the hotel staff needs to be accommodating. But at the same time, they can’t be giving out hotel room keys to anyone claiming to have lost one. Generally, hotels… Read more »

Here is the original post (the source text of my translation): Good Q&A on clickjacking: In plain English, clickjacking lets hackers and scammers hide malicious stuff under the cover of the content on a legitimate site. You know what happens when a carjacker takes a car? Well, clickjacking is like that, except that the click… Read more »

Here is the original post (the source text of my translation): Definitely interesting: Based in Europe, the Rock Phish group is a criminal collective that has been targeting banks and other financial institutions since 2004. According to RSA, they are responsible for half of the worldwide phishing attacks and have siphoned tens of millions of… Read more »