Shostack + Friends Blog Archive

Small Bits on Security

• “Security cameras certainly aren’t useless. I just don’t think they’re worth it.” So comments Bruce Schneier on the news that “Cameras Catch Dry Run of 7/7 London Terrorists.”
• Richard Beitjich comments on “Citadel Offers Product Security Warranty.” I think Richard nails it with his analysis that “There are probably enough loopholes through which one could drive a truck, but I do not recall any sort of warranty like this elsewhere. Citadel may have just pushed the bar a little higher for those who do not offer similar assurances.”
• Saar Drimer is covering a “clever ‘car-identity theft’ con uncovered in Israel,” with an interesting tie to the uselessness of checking ID: Apparently the folks who are responsible for car transfer look at the IDs of the buyer and the seller, but never look at the droids car.
• Kenneth Belva examines the question of “How It’s Difficult to Ruin a Good Name: An Analysis of
  Reputational Risk.” It seems that this is a line of research outside the Economics and Information Security community. (The question of how to get academics and practitioners to collaborate is one I’d love to see solved.)

• Richard Diamond sends news of Edmonton Cops scheming to frame a journalist who criticized photo radar program:
  

  Edmonton police deliberately used a restricted database to gather
  information on a journalist who wrote anti-camera columns. With the
  information, cops tried to set up a sting to arrest him for drunk
  driving. Except some pesky journalists happened to have police
  scanners and blew the lid off of the operation. (And this is just one
  of three photo radar scandals in the city!)

  See “Testimony Heard Regarding Edmonton Police Attempt to Arrest Journalist.” (Via Dave Farber’s IP list.)

• Finally, at the CounterTerror blog, Victor Comras comments on the “Suspicious Activity Reporting requirements” for furriners in “Tightening Up on Correspondent Accounts for Non-US Persons:” “But these rules have turned out to be a much more controversial matter than originally envisaged, and have provoked the ire of banking managers across the country.” He goes on:
  

  The number of Suspicious Activity Reports (SARs) filed in recent years has burgeoned beyond proportion. FinCen had to wade through some 14.8 million reports from financial institutions last year, including 663,655 SARs, an increase of over 250,000 in one year. Most of these are generated by computer programs and subjected to only minimal manual review. Only a very small handful of these SARs actually lead to any further investigation, giving rise to concern that the “wheat is being lost in the chafe”

Originally published by adam on 22 Sep 2005
Last modified on 22 Sep 2005
Categories:   Security   Uncategorized