Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/10/mapping_securit.html
This is really interesting: “A Data-Driven Reflection on 36 Years of Security and Privacy Research,” by Aniqua Baset and Tamara Denning:
Abstract: Meta-research—research about research—allows us, as a community, to examine trends in our research and make informed decisions regarding the course of our future research activities. Additionally, overviews of past research are particularly useful for researchers or conferences new to the field. In this work we use topic modeling to identify topics within the field of security and privacy research using the publications of the IEEE Symposium on Security & Privacy (1980-2015), the ACM Conference on Computer and Communications Security (1993-2015), the USENIX Security Symposium (1993-2015), and the Network and Distributed System Security Symposium (1997-2015). We analyze and present data via the perspective of topics trends and authorship. We believe our work serves to contextualize the academic field of computer security and privacy research via one of the first data-driven analyses. An interactive visualization of the topics and corresponding publications is available at https://secprivmeta.net.
I like seeing how our field has morphed over the years.
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/10/cracking_the_pa.html
Lots of them weren’t very good:
BSD co-inventor Dennis Ritchie, for instance, used “dmac” (his middle name was MacAlistair); Stephen R. Bourne, creator of the Bourne shell command line interpreter, chose “bourne”; Eric Schmidt, an early developer of Unix software and now the executive chairman of Google parent company Alphabet, relied on “wendy!!!” (the name of his wife); and Stuart Feldman, author of Unix automation tool make and the first Fortran compiler, used “axolotl” (the name of a Mexican salamander).
Weakest of all was the password for Unix contributor Brian W. Kernighan: “/.,/.,” representing a three-character string repeated twice using adjacent keys on a QWERTY keyboard. (None of the passwords included the quotation marks.)
I don’t remember any of my early passwords, but they probably weren’t much better.
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/05/locked_computer.html
This short video explains why computers regularly came with physical locks in the late 1980s and early 1990s.
The one thing the video doesn’t talk about is RAM theft. When RAM was expensive, stealing it was a problem.
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/03/first_look_medi.html
The Daily Beast is reporting that First Look Media — home of The Intercept and Glenn Greenwald — is shutting down access to the Snowden archives.
The Intercept was the home for Greenwald’s subset of Snowden’s NSA documents since 2014, after he parted ways with the Guardian the year before. I don’t know the details of how the archive was stored, but it was offline and well secured — and it was available to journalists for research purposes. Many stories were published based on those archives over the years, albeit fewer in recent years.
The article doesn’t say what “shutting down access” means, but my guess is that it means that First Look Media will no longer make the archive available to outside journalists, and probably not to staff journalists, either. Reading between the lines, I think they will delete what they have.
This doesn’t mean that we’re done with the documents. Glenn Greenwald tweeted:
Both Laura & I have full copies of the archives, as do others. The Intercept has given full access to multiple media orgs, reporters & researchers. I’ve been looking for the right partner — an academic institution or research facility — that has the funds to robustly publish.
I’m sure there are still stories in those NSA documents, but with many of them a decade or more old, they are increasingly history and decreasingly current events. Every capability discussed in the documents needs to be read with a “and then they had ten years to improve this” mentality.
Eventually it’ll all become public, but not before it is 100% history and 0% current events.
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2018/05/1834_the_first_.html
Tom Standage has a great story of the first cyberattack against a telegraph network.
The Blanc brothers traded government bonds at the exchange in the city of Bordeaux, where information about market movements took several days to arrive from Paris by mail coach. Accordingly, traders who could get the information more quickly could make money by anticipating these movements. Some tried using messengers and carrier pigeons, but the Blanc brothers found a way to use the telegraph line instead. They bribed the telegraph operator in the city of Tours to introduce deliberate errors into routine government messages being sent over the network.
The telegraph’s encoding system included a “backspace” symbol that instructed the transcriber to ignore the previous character. The addition of a spurious character indicating the direction of the previous day’s market movement, followed by a backspace, meant the text of the message being sent was unaffected when it was written out for delivery at the end of the line. But this extra character could be seen by another accomplice: a former telegraph operator who observed the telegraph tower outside Bordeaux with a telescope, and then passed on the news to the Blancs. The scam was only uncovered in 1836, when the crooked operator in Tours fell ill and revealed all to a friend, who he hoped would take his place. The Blanc brothers were put on trial, though they could not be convicted because there was no law against misuse of data networks. But the Blancs’ pioneering misuse of the French network qualifies as the world’s first cyber-attack.
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2018/03/history_of_the_2.html
Interesting history of the US Army Security Agency in the early years of Cold War Germany.
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/12/e-mail_tracking_1.html
Good article on the history and practice of e-mail tracking:
The tech is pretty simple. Tracking clients embed a line of code in the body of an email — usually in a 1×1 pixel image, so tiny it’s invisible, but also in elements like hyperlinks and custom fonts. When a recipient opens the email, the tracking client recognizes that pixel has been downloaded, as well as where and on what device. Newsletter services, marketers, and advertisers have used the technique for years, to collect data about their open rates; major tech companies like Facebook and Twitter followed suit in their ongoing quest to profile and predict our behavior online.
But lately, a surprising — and growing — number of tracked emails are being sent not from corporations, but acquaintances. “We have been in touch with users that were tracked by their spouses, business partners, competitors,” says Florian Seroussi, the founder of OMC. “It’s the wild, wild west out there.”
According to OMC’s data, a full 19 percent of all “conversational” email is now tracked. That’s one in five of the emails you get from your friends. And you probably never noticed.
I admit it’s enticing. I would very much like the statistics that adding trackers to Crypto-Gram would give me. But I still don’t do it.
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/03/nsa_documents_f_1.html
Here is a listing of all the documents that the NSA has in its archives that are dated earlier than 1930.
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/03/friedman_commen.html
This is William Friedman’s highly annotated copy of Herbert Yardley’s book, The American Black Chamber.
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2016/11/hacking_in_the_.html
New Atlas has a great three-part feature on the history of hacking as portrayed in films, including video clips. The 1980s. The 1990s. The 2000s.
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2016/05/primitive_food_.html
Economists argue that the security needs of various crops are the cause of civilization size:
The argument depends on the differences between how grains and tubers are grown. Crops like wheat are harvested once or twice a year, yielding piles of small, dry grains. These can be stored for long periods of time and are easily transported or stolen.
Root crops, on the other hand, don’t store well at all. They’re heavy, full of water, and rot quickly once taken out of the ground. Yuca, for instance, grows year-round and in ancient times, people only dug it up right before it was eaten. This provided some protection against theft in ancient times. It’s hard for bandits to make off with your harvest when most of it is in the ground, instead of stockpiled in a granary somewhere.
But the fact that grains posed a security risk may have been a blessing in disguise. The economists believe that societies cultivating crops like wheat and barley may have experienced extra pressure to protect their harvests, galvanizing the creation of warrior classes and the development of complex hierarchies and taxation schemes.