Shostack + Friends Blog Archive


Election 2016

This election has been hard to take on all sorts of levels, and I’m not going to write about the crap. Everything to be said has been said, along which much that never should have been said, and much that should disqualify those who said it from running for President. I thought about endorsing Jill […]


Happy Independence Day!

Since 2005, this blog has had a holiday tradition of posting “The unanimous Declaration of the thirteen united States of America.” Never in our wildest, most chaotic dreams, did we imagine that the British would one day quote these opening words: When in the Course of human events, it becomes necessary for one people to […]


An Infosec lesson from the "Worst Play Call Ever"

It didn’t take long for the Seahawk’s game-losing pass to get a label. But as Ed Felten explains, there’s actually some logic to it, and one of his commenters (Chris) points out that Marshawn Lynch scored in only one of his 5 runs from the one yard line this season. So, perhaps in a game […]


Thoughts on the Tragedies of December 14th

I started this post on December 14th, and couldn’t finish it. I’m going to leave the opening as I wrote it then: By now, everyone has heard of the tragic school shooting in Connecticut. My heart goes out to everyone touched by the events. But this isn’t the first school shooting on a December 14th. […]


Paul Ryan open thread

Oh, what the heck, it hasn’t been chaotic enough around here. So, I’ll give you a topic: Paul Ryan. Commentary from The Economist starts: IN THE polarised world of American politics, achieving bipartisan agreement on any topic is a rare feat nowadays. So perhaps it’s worth celebrating the fact that, had it been put to […]


A quick pointer

I wrote a blog post regarding the BSidesSF/RSA conf dust-up. (If I knew how to work Adam’s twitter integration thingy, you’d have been spared this)


Seattle in the Snow

(From The Oatmeal.) It’s widely understood that Seattle needs a better way to measure snowfall. However, what’s lacking is a solid proposal for how to measure snowfall around here. And so I have a proposal. We should create a new unit of measurement: The Nickels. Named after Greg Nickels, who lost the mayorship of Seattle […]


Niels Bohr was right about predictions

There’s been much talk of predictions lately, for some reason. Since I don’t sell anything, I almost never make them, but I did offer two predictions early in 2010, during the germination phase of a project a colleague was working on. Since these sort of meet Adam’s criteria by having both numbers and dates, I […]


Outrage of the Day: Police Violence

When the LAPD finally began arresting those of us interlocked around the symbolic tent, we were all ordered by the LAPD to unlink from each other (in order to facilitate the arrests). Each seated, nonviolent protester beside me who refused to cooperate by unlinking his arms had the following done to him: an LAPD officer […]


What's Wrong and What To Do About It?

Let me start with an extended quote from “Why I Feel Bad for the Pepper-Spraying Policeman, Lt. John Pike“: They are described in one July 2011 paper by sociologist Patrick Gillham called, “Securitizing America.” During the 1960s, police used what was called “escalated force” to stop protesters. “Police sought to maintain law and order often […]


Slow Thoughts on Occupy Seattle

I headed down to Occupy Seattle before a recent vacation, and have been mulling a bit on what I saw, because the lack of a coherent message or leadership or press make it easy to project our own opinions or simply mis-understand what the “Occupy” protests mean, and I wanted to avoid making that mistake. […]


Email chaos: How to reach Adam Shostack

The servers that host my personal email have been taken offline by a surprise attack by the evil forces of snow and ice, and my email is likely to start bouncing soon. If you need to reach me, you can use nameofthisblog @ google, or first.last @ microsoft. You can also ask me to follow […]


Sleepless in Seattle?

Reportedly, Seattle police have begun issuing tickets to drivers who honk their horns after 10 PM in support of the Occupy protest there. To the extent that the police are only doing this to those expressing a specific point of view, there seems to be a legitimate issue. I am certain that the police would […]


Egypt and Information Security

Yesterday, I said on Twitter that “If you work in information security, what’s happening in Egypt is a trove of metaphors and lessons for your work. Please pay attention.” My goal is not to say that what’s happening in Egypt is about information security, but rather to say that we can be both professional and […]


A few thoughts on chaos in Tunisia

The people of Tunisia have long been living under an oppressive dictator who’s an ally of the US in our ‘war on terror.’ Yesterday, after substantial loss of life, street protests drove the dictator to abdicate. There’s lots of silly technologists claiming it was twitter. A slightly more nuanced comment is in “Sans URL” Others, […]


Quantum Crypto is Quantum Backdoored, But It's Not a Problem

Nature reports that Quantum Cryptography has been completely broken in “Hackers blind quantum cryptographers.” Researcher Vadim Makarov of the Norwegian University of Science and Technology constructed an attack on a quantum cryptography system that “gave 100% knowledge of the key, with zero disturbance to the system,” as Makarov put it. There have been other attacks […]


Some Chaotic Thoughts on Healthcare

Passage of this bill is too big for my little brain, and therefore I’ll share some small comments. I’m going to leave out the many anecdotes which orient me around stupid red tape conflicts in the US, how much better my health care was in Canada (and how some Canadian friends flew to the US […]



Courtesy of the BBC.


Abdulmutallab/Flight 253 Airline Terror links

Air Canada is canceling US flights because of security. (Thanks, @nselby!) The New York Times reports that “Britain Rejected Visa Renewal for Suspect.” NPR reported that the State Department may have raised some sort of flag, but I don’t have a link. ABC is reporting that two of the “al Qaeda Leaders Behind Northwest Flight […]


Abdulmutallab/Flight 253 Airline Terror links

The Economist “The latest on Northwest flight 253:” “the people who run America’s airport security apparatus appear to have gone insane” and “This is the absolute worst sort of security theatre: inconvenient, absurd, and, crucially, ineffective.” Business Travel Coalition, via Dave Farber and Esther Dyson, “Aviation Security After Detroit:” “It is welcome news that President […]


New Restrictions: No Using Electronic Devices for the Last Hour

Apparently, in the wake of thousands of deaths from idiots paying more attention to GPS, cell phones, GameBoys, iPods and other such electronic devices, TSA has announced a ban on all use of such devices for the last hour of your commute. No, just kidding. Apparently, they may be imposing new secret restrictions on use […]


In the Proudest Traditions of the Royal Navy

The Royal Fleet Auxiliary ship Wave Knight watched a yacht be hijacked for fear of harming its passengers. All stand for a rousing round of “Ain’t gonna study war no more.”


Seattle: Pete Holmes for City Attorney

I don’t usually say a lot about local issues, but as readers know, I’m concerned about how arbitrary ID checking is seeping into our society. It turns out my friend Eric Rachner is also concerned about this, and was excited when a Washington “Judge said showing ID to cops not required.” So when Eric was […]


Another Long Time Fugitive Arrested

Yesterday, Luis Armando Peña Soltren was arrested after forty years on run for hijacking a plane to Cuba. Soltren “will finally face the American justice system that he has been evading for more than four decades,” said U.S. Attorney Preet Bharara. I understand that Woody Allen, Martin Scorsese and David Lynch are already circulating a […]


Caster Semenya, Alan Turing and "ID Management" products

South African runner Caster Semenya won the womens 800-meter, and the attention raised questions about her gender. Most of us tend to think of gender as pretty simple. You’re male or you’re female, and that’s all there is to it. The issue is black and white, if you’ll excuse the irony. There are reports that: […]


The Arrest of Gates

A couple of good articles are John McWhorter’s “Gates is Right–and We’re Not Post-Racial Until He’s Wrong,” and Lowry Heussler’s “Nightmare on Ware Street.” The full police report is at “Gates police report.” I think PHB’s comment on Michael Froomkin’s post is quite interesting: You are all missing a rather significant fact, this is the […]


July 20, 1969

The Apollo program took place at just about the right time for me. I was six (or, as I would quickly have pointed out at the time, six *and a half*) when the first lunar landing occurred, and barely ten when Apollo 17 splashed down. This was old enough to be fascinated by the technology […]


Thoughts on Iran

Our love affair with the Iranian Tweetolution has worn off. The thugs declared their election valid, told their armed representatives to Sorry, next tweet: go impose some law or order or something, and it was done. Well, as it often turns out, there was more to it than fits in 140 characters, and the real […]


Iran Links

The Economist’s Bagehot writes about his idea of “The chemistry of revolution,” while admitting he’s generalizing from two. Ethan Zuckerman on “Iran, citizen media and media attention.” “Unfortunately, unlike positive online gestures of solidarity (retweeting reports from Iran, turning Twitter or Facebook pictures green), this one does little more than piss off sysadmins, helps Iranian […]


My Wolfram Alpha Demo

I got the opportunity a couple days ago to get a demo of Wolfram Alpha from Stephen Wolfram himself. It’s an impressive thing, and I can sympathize a bit with them on the overblown publicity. Wolfram said that they didn’t expect the press reaction, which I both empathize with and cast a raised eyebrow at. […]


Brad DeLong on the bailout

Brad DeLong has a FAQ up about Geithner’s plan to purchase toxic assets on the theory that the market has undervalued them, and will in time price them properly. Among the items: Q: What if markets never recover, the assets are not fundamentally undervalued, and even when held to maturity the government doesn’t make back […]


What you talkin' 'bout?

The 110-story Sears Tower, tallest office building in the Western Hemisphere, will be renamed the Willis Tower, global insurance broker Willis Group Holdings said on Thursday. Willis said it was leasing multiple floors in the 1,451-foot (442-meter) structure in downtown Chicago to consolidate offices. As part of the deal, it will become the Willis Tower […]


A nudge in the right direction?

I am surprised I hadn’t heard about the book Nudge, by Cass Sunstein and Richard Thaler. I haven’t read it yet, but from the web page it seems to be about how policymakers can take into account the heuristics and biases characteristic of human decision-makers and create a choice architecture which yields “proper” decision-making. I […]


The New Openness?

This photograph was taken at 11:19 AM on January 20th. It’s very cool that we can get 1 meter resolution photographs from space. What really struck me about this photo was.. well, take a look as you scroll down… What really struck me about this is the open space. What’s up with that? Reports were […]


The New Administration and Security

Quoting first from Obama’s inaugural address: The question we ask today is not whether our government is too big or too small, but whether it works — whether it helps families find jobs at a decent wage, care they can afford, a retirement that is dignified. Where the answer is yes, we intend to move […]


President for Ten Minutes

During a chat I had this afternoon, someone brought up an interesting situation to contemplate. The Presidency of George Bush fils ended today at noon EST, but Mr. Obama wasn’t sworn in until 12:10. Who then, the question was, President during those ten minutes. One mildly unsatisfactory answer is Ms. Pelosi. If there is neither […]


Three short comments on the Inauguration

The reality that a black man is about to become President of the United States is both momentous and moving. It’s hard to say anything further on the subject that hasn’t been said and re-said, but I am simply proud that the pendulum has swung to someone like Obama. I’m excited to have an educated, […]


Look how hip I am…

Normally, this would be something for Twitter, but…well…. Officiating at the NY v. Philadelphia game has been poor. Not biased, I don’t think, but poor.


No Fun

Stooges guitarist Ron Asheton, dead at 60.


Security through obscurity

…or, antique car collectors are an honest lot. According to the Times (of London, dear chap), a recently-deceased British surgeon has left his heirs a rather significant bequest: a super-rare, super-fast, antique Bugatti which hasn’t been driven since 1960 and is expected to fetch several million at auction. This is the fabled “Imagine their surprise, […]


Happy New Year!

Our new year’s resolution is to show a sense of childlike wonder at and acceptance of everything we come across, especially this year’s leap second. Incidentally, this post is scheduled to go live at 2008-12-31 23:59:60. Let’s see what happens! Update: Movable Type complained when I tried to save the post: “Invalid date ‘2008-12-31 23:59:60’; […]


Thoughts on the Somali Pirates

Stratfor’s podcast on the seizure of that Saudi oil tanker contained a fascinating tidbit: merchant ships are no longer allowed to carry arms at all, which, of course, makes piracy far easier. This is a dramatic transformation of the rights of merchant ships. Historically, private ships carried weapons when sailing far out of their own […]


Evidence of Time Travel Found in China

According to Ananova, a Swiss watch-ring has been found covered in dirt in a four-hundred year old Ming dynasty tomb. The watch was found, covered in dirt. It was stopped at the time 10:06 and has the word, “Swiss” engraved on the back. The archaeologists on the dig have requested archaeologists from Beijing to help […]


I Was On NPR, An Unmasking of Sorts

Okay so for a long time now, I’ve been blogging as Arthur. It all started as an excuse to blog without the company I worked for at the time having to worry about anything I said being a reflection on them. Almost three years ago they were acquired by Oracle and I have long since […]


It’s Morning in America

It’s hard to know what to say after an election that feels so momentous in so many different ways. So, I’ll start from the simple: congratulations to Obama on being elected the 44th President of the United States. Next, let’s add some chaos here and see what emerges. So what’s on your mind? And please, […]


This just in!!

MSNBC’s live streaming internet election coverage looks like it was filmed from within Second Life. Yuck.


Studs Terkel, 1912-2008

No Chicagoan stood up for the common man like Studs Terkel, although Nelson Algren was probably in the running. A security-related anecdote, courtesy of the Chicago Tribune: In 1997 he went to the White House to receive the National Humanities Medal and the National Medal of Arts with a group including Jason Robards, Angela Lansbury, […]


Emergent Chaos: For McCain Palin

As we come to the close of the longest campaign in American history, it is time to make a call on who to vote for. In these turbulent and chaotic times, America needs a candidate who will cause more chaos to emerge. Now is not the time for calm and reasoned leadership. Now is not […]


Buffett Vs Paulson

I was listening to Joseph Stiglitz on NPR this morning, and he had a very interesting comparison. (Quoting from an op-ed in the Guardian): For all the show of toughness, the details suggest the US taxpayer got a raw deal. There is no comparison with the terms that Warren Buffett secured when he provided capital […]


Investing in the finance crisis

The Wall Street domino has toppled just about everything in sight: U.S. stocks large and small, within the financial industry and outside of it; foreign stocks; oil and other commodities; real-estate investment trusts; formerly booming emerging markets like India and China. Even gold, although it has inched up lately, has lost 10% from its highs […]


Death Penalty Protestors are Terrorists

The Washington Post reports upon the further cheapening of the word “terrorism” in, “Md. Police Put Activists’ Names On Terror Lists.” The fifty-three people with “no evidence whatsoever of any involvement in violent crime” who were put on a list of terrorists include anti-death-penanty protestors. It’s really hard to keep from laughing about this. Are […]


Quantum Crypto Broken Again

The New Scientist reports that researchers Vadim Makarov, Andrey Anisimov, and Sebastien Sauge have broken quantum key distribution. The attack is described in their paper, “Can Eve control PerkinElmer actively-quenched single-photon detector?” Spoiler Warning: Yes. She can. The attack is brilliant in its elegance. They essentially jam the receiver. A bright pulse of laser light […]


The Skype Issue

According to The New York Times in, “Surveillance of Skype Messages Found in China,” the Chinese provider TOM has software in place that reads Skype text messages, and blocks ones that use naughty words and terms, like “Falun Gong,” “Independent Taiwan,” and so on. A group of security people and human rights workers not only […]


This Week in Petard-Hoisting, the Palin Edition

If you are the sort of person who looks at odd legal rulings and opinions, you may remember that a few years ago the US DOJ issued an opinion that stored emails are not protected under the Stored Communications Act. The DOJ reasoning is that when you leave read email on your server, it’s not […]


Help fund historic computers at Bletchley Park

Bletchley Park, the site in the UK where WWII code-breaking was done, has a computing museum. The showpiece of that museum is Colossus, one of world’s first computers. (If you pick the right set of adjectives, you can say “first.” Those adjectives are apparently, “electronic” and “programmable.”) It has been rebuilt over the last fourteen […]


Water on Mars!

Mars Phoenix Tweets: “We Have ICE!” And yes, they really did announce on Twitter and a press release.


6/16ths of Chileans personal information leaked by hacker

A hacker in Chile calling himself the ‘Anonymous Coward’ published confidential data belonging to six million people on the internet. Authorities are investigating the theft of the leaked data, which includes identity card numbers, addresses, telephone numbers, emails and academic records. Chile has a population of about 16 million, so that’s 3/8ths of the country. […]


Edward Lorenz, 1917-2008

Edward Lorenz, most famous for research concerning the sensitivity of high-level outcomes to seemingly insubstantial variations in initial conditions (the so-called “butterfly effect“), died April 16 in Cambridge, Massachusetts. Much more information concerning Lorenz’s life and work is available via Wikipedia.


Avoid ID theft: Don’t run for President

The Washington Post reports: The State Department said last night that it had fired two contract employees and disciplined a third for accessing Sen. Barack Obama’s passport file. Obama’s presidential campaign immediately called for a “complete investigation.” State Department spokesman Tom Casey said the employees had individually looked into Obama’s passport file on Jan. 9, […]


Bear Stearns

Dan Geer is fond of saying that financial risk management works because everyone knows who owns what risks. Reports are that JPMorgan just bought Bear Stearns for $236MM, a 93% discount to Friday’s closing price, with $30BB of US taxpayer money thrown in (as guarantees) for good measure. Bloomberg also reports that the Bear Stearns […]


Obama vs. McDonalds

As he was winning contests in Iowa and South Carolina, Senator Barack Obama raised $32 million in January for his presidential bid, tapping 170,000 new contributors to rake in nearly double the highest previous one-month total for any candidate in this election cycle. The New York TImes, “Enlisting New Donors, Obama Reaped $32 Million in […]


Two brief followups to "Already donated the limit"

First, I’d like to thank everyone for keeping the comments civil and constructive. Second, I’d like to respond to Philll’s comment, “You sure do pick the strangest issues to make non-negotiable.” I picked this because it struck me that the rules in question were being accepted and treated in the various discussions as fixed and […]


"Already donated the limit"

I was listening to the radio yesterday, a show about Super Tuesday. First, a big thank you to all the Democrats who voted


Emergent Chaos Primary Endorsements

Well, Super Tuesday is here in the United States, and some millions of people will stand up and vote or caucus for the candidate of their choice. We here at Emergent Chaos have spent tremendous amounts of time watching the election, and we wanted to offer up some of the least-awaited endorsements in the bloggosphere. […]


Andy Olmsted

Andy Olmsted, who posted as G’Kar on Obsidian Wings, was killed yesterday in Iraq. I always enjoyed his posts, especially when I disagreed with them, because he was so clearly thoughtful. I find myself terribly sad for the death of a man who I only knew through his words. He asked that we not politicize […]


Citibank limiting ATM withdrawals in NYC?

Title: Citibank limits ATM cash in city Author: KERRY BURKE and LARRY McSHANE Source: DAILY NEWS Date Published:January 3rd 2008 Excerpt: The New York-based Daily News reported today that Citibank has limited the cash amount its customers can take out of ATM machines. It is being reported that the security of Citibank’s ATM machines in […]


Anarchy in the UK

“Anger as NHS patient records lost” “Patient data loss affects 168,000” “Post Office sends wrong details” “Discs ‘worth £1.5bn’ to criminals” “£20,000 reward offered for discs“* “More firms ‘admit disc failings’” * Readers are invited to comment on the contrast. Thanks to Ant, Cat and Steven Murdoch for links. Image: Teton dam, Wikipedia.


Transparency lessons from the NFL

I think the NFL’s handling of spying by the New England Patriots is poor. Of course, I expect retrograde, authoritarian, clumsy behavior from the NFL, and I haven’t been disappointed in the few decades I’ve been paying attention. The New York Times covered this issue (the spying, not the decades). In their December 16 article, […]


The Magic Phone

The “gPhone” was announced today. I put gPhone in quotes, because there was no actual phone announcement. What was announced was the “Open Handset Alliance” and their toolkit, Android. They are “…committed to commercially deploy handsets and services using the Android Platform in the second half of 2008.” and “An early look at the Android […]


Bayesian battlefield

According to court papers referenced in this VOA report, U.S. sniper teams in Iraq are using an interesting tactic: [A] so-called baiting program developed at the Pentagon by the Asymmetrical Warfare Group….the baiting was described as putting items, including plastic explosives, ammunition and detonation cords on the battlefield then killing suspected insurgents who picked up […]


How unladylike

Like most EC readers, I have been following the story of the MIT student with the breadboard and Duracell fashion accessory who nearly got ventilated at Logan airport in the most LED-hostile city in the US, Boston. The Associated Press was quick to repeat the claim that the student was wearing a “fake bomb”, when […]


Free, as in milk

What the hell are the idiots at Facebook thinking? If there’s anything stupider than banning a woman from breastfeeding in public, it is banning a picture of a woman breastfeeding on the grounds that it is “obscene”, which is what the morons at Facebook have done, as reported (for example) by the Toronto Star. Attention […]


Who Likes a Cheater?

If you don’t follow sports news, the New England Patriots and their coach have been fined about three quarters of a million dollars and a draft pick. This is reported in articles like “Belichick given record fine for video cheating.” (Times Online, UK) That may seem like a lot, until you realize that that’s less […]


From the Advances in Aviation Desk

The Beeb reports, “Goats sacrificed to fix Nepal jet,” in which we learn that two goats were slaughtered in sacrifice to the Hindu god of sky protection, Akash Bhairab, in front of a Boeing 757. Airline official Raju KC said to Reuters, “The snag in the plane has now been fixed and the aircraft has […]


Happy Labor Day

…from Chicago. (May 1st was jettisoned as a date for reasons near and dear to EC — it was too political.)


Heresy of the Day

Riffing on Adam’s last post, it has been amusing to watch the whole problem with Senator Craig. However, as I’ve chomped my popcorn, there’s been one thing I keep thinking: what if the guy’s telling the truth? What if he was stupidly caught for not doing much of anything, and the stupidly plead guilty in […]


Trespass and Forgiveness

A man in the UK has been arrested somewhat dramatically for illegally using a WiFi connection. The BBC reports it here as “Man arrested over wi-fi ‘theft’” and El Reg as “Broadbandit nabbed in Wi-Fi bust.” Each is worth reading. The police statement is worrying. El Reg says: Despite not having secured a conviction yet […]


Steganography in the News

In Australia, Jeffrey Ismail has been convicted of “using a carriage service to menace, harass or offend” meaning using his mobile to coördinate reprisal attacks against a rival gang. Despite registering his phone under the name “John Gotti” and being careful enough to tell his “clerics” to “bring ‘ankshays’ and ‘atbays’” police recorded his calls […]


Full Disclosure debate, 2.0

A poor choice of names (I guess “best UNIX editor” was their second choice), but is doing something that seems worthwhile by launching their Full Disclosure Campaign. wants the government to review its data protection legislation and improve the reporting of information security breaches in the public and private sectors. We are calling […]


Canon Says Over 50% of Cameras Repaired in First Three Years

In the Times Online article, “Digital DNA could finger Harry Potter leaker,” we learn that the person who leaked photos of the last Harry Potter novel has yielded up the serial number of their camera, which was in the metadata of the pictures they took. From this, we lean that it was a Canon, likely […]


Pete Seeger strikes again

The New York Times Magazine with a long article about swimming the Hudson River.


Billions for Fashion Police, but Not One Cent for Tribute Bands!

Woo hoo! I feel so much safer! The TSA reports, “Transportation Security Officers SPOT Passenger in Fake Military Uniform at Florida Airport.” Picture at right is my foofification of the picture on the TSA site. Our brave protectors write: A TSA behavior detection team at a Florida airport helped catch a passenger allegedly impersonating a […]


Cutty Sark Burns

The Cutty Sark, perhaps the last sailing clipper, has burned in Greenwich. It was undergoing a £25M restoration. Details from the BBC as well as CNN. Photo courtesy yours truly. I visited it last summer. I’m going to pour myself a strong drink.


Shock Horror! Ashcroft Am Not Devil Incarnate!

In 27 B Stroke 6 Threat Level, Kevin Poulsen writes, “News from Bizzaro World: Ashcroft Opposed Taps.” Kevin, your reality tunnel is showing. There are many things that Ashcroft was (I apologize for using the past tense), starting with prig and prude. I’m not particularly a fan of his, but the Venn diagram of what […]


What, me worry?

TJX sales up, again. Via StorefrontBacktalk: …TJX reported Thursday that its April sales increased another 2 percent, to $1.28 billion…. More importantly, for the thirteen weeks ended May 5, 2007, sales reached $4.2 billion, a 7 percent increase over last year’s $3.9 billion.


Facebook Hangover

On Dave Farber’s list, Brock Meeks pointed us to a delightful Facebook Smackdown. Brock says, What do Facebook, the CIA and your magazine subscription list have in common? Maybe more than you think… Trust me, it’s worth the look. And indeed it is worth looking at, along with Patrick Schitt’s contribution of the background […]


Daft Bloggers’ Code of Conduct

Tim O’Reilly with the help of others has posted a “Draft Blogger’s Code of Conduct” in reaction to l’affaire Sierra. Forgive me the pedantry, but I’ve corrected the plural in my derivative topic line above. There have been other comments about this in many other places. I’m not a friend of Sierra’s, but I have […]


Responsible Disclosure and Months of Bugs

I had promised myself that I wasn’t going to post about any of the Month of Bugs projects and that everything that needed saying had been said by people far more eloquent than I. But then Michael over at MCW Research came at it from a different angle saying: I whole-heartedly back these projects as […]


DST is Coming, Run For Your Lives!

In a week, the US and Canada are changing when they go to Daylight Savings Time. It must also be a slow news time, as well, because I’ve read several articles like this, “Daylight-Saving Time Change: Bigger than Y2K?” When Y2K came around, a number of us quoted Marvin the Martian (now of the Boston […]


No RFID In Real ID

So DHS finally released the proposed new standard for drivers licenses as mandated under the Real ID Act. It’s a rather long document (over 150 pages) so I haven’t had a chance to read the whole thing but 27B Stroke 6 has some highlights, including: While some expected Homeland Security to require the licenses to […]


HIDing At Blackhat

Now HID is claiming that they did not demand that Chris or IOActive cancel their talk. As a result the talk is now back on, but with the details about the device and the demo expurgated. As Chris has repeatedly said, this attack is completely generic and works against any passive RFID tag. Additionally, Nicole […]


Blackhat Do It Again

Looks like HID hasn’t learned anything from Cisco’s experience two years ago. One of these years more vendors will learn how to manage vulnerability disclosure and follow the lead of companies like Microsoft and Cisco rather than sticking their foot in it. Chris Paget a well respected researcher is going to present at Blackhat Federal […]


Department of Pre-Blogging: Waziristan

Back in September, we covered how Pakistan and Waziristan had a peace deal, essentially, a deal with al Qaeda. In it, I commented on how people would get medals for “convincing al Qaeda to get a territorial base which we can bomb.” Now, in “Al Qaeda Chiefs are seen to regain power,” the Times reports: […]


Best Sign at RSA?

Ryan Russell shows his loyalty by claiming this is only the second-best ad at RSA. The words beneath the sign read “Beware of false positives:” Incidentally, this is an advertisement, trafficking in stolen property, referring to another ad campaign which caused mass hysteria, and flipping off its audience. What’s not to love? Kudos to Cyberdefender […]


Defend Traditional Marriage In Washington

The Washington Defense of Marriage Alliance seeks to defend equal marriage in this state by challenging the Washington Supreme Court’s ruling on Andersen v. King County. This decision, given in July 2006, declared that a “legitimate state interest” allows the Legislature to limit marriage to those couples able to have and raise children together. Because […]


Jim Gray Missing, please help

[Updated: This has somehow come to #3 on Google. The best place for up to date news is the Tenacious Search blog.] On Sunday, January 28th, 2007, Jim Gray, a renowned computer scientist was reported missing at sea. As of Thursday, Feb. 1st, the US Coast Guard has called off the search, having found no […]


Department of Pre-blogging

Make sure to check out the blog posts Bruce Schneier and a host of others will soon make regarding the paralyzing effect that silly Blinkenlights ads for Aqua Teen Hunger Force had in Boston. The coordinated response by all departments proves the system we have in place works. Boston Mayor Thomas Menino Behold the power […]


Non-Tangible Security

eBay is stopping all sales of “virtual artifacts.” Maybe. This story comes from a Slashdot article in which Zonk talks to Hani Durzy, of eBay about it. They are handling this by merely enforcing an existing policy which says: “The seller must be the owner of the underlying intellectual property, or authorized to distribute it […]


I'm Glad I'm a Beta!

27B Stroke 6 tells us of a story. The domain was removed from the net by GoDaddy, its registrar. Why? Because MySpace complained. He’s got a mailing list archive and it has some stuff in it that pissed MySpace off — security information about phishing attacks. That’s well and good, but GoDaddy yanked the […]


Quotable quotes

History teaches you that dictators never end up well. Augusto Pinochet, November 25, 1915 – December 10, 2006


New Zealand to literacy: "l8r!"

Via CNN: WELLINGTON, New Zealand (AP) — New Zealand’s high school students will be able to use “text-speak” — the mobile phone text message language beloved of teenagers — in national exams this year, officials said. Text-speak, a second language for thousands of teens, uses abbreviated words and phrases such as “txt” for “text”, “lol” […]


Popping pills

Breach disclosure foes say that notifying those whose personal information may have been revealed in many breaches is costly, and often not commensurate with actual risk to consumers. A well-written example [pdf] can be had from the Political and Economic Research Council, which reports that direct notification costs are about $2.00 per notified person. So, […]


"Mission Accomplished"

The White House has been gloriously editing history for the edification of the people. Or, as Roger Bakel points out: Remember Bush’s speech on the aircraft carrier three and a half years ago, in which he declared an end to major combat in Iraq while standing under that instantly notorious ‘Mission Accomplished’ banner? Well, the […]


On Elections

I heard on the radio last night that these are the most expensive elections in US history. (It was not clear if that was accounting for inflation, or considering Presidential elections as well.) They also said that only about 50 of the 454 Congressional seats are considered to be in play. This years after McCain-Fiengold […]


BOOM, there it is

If, as is being suggested, North Korea has tested a nuke, things will be getting mighty interesting. I don’t know what to make of it, frankly. Update, 2350 CDT: Looks increasingly like there was, indeed, a test.


No Expectation of Privacy

Here in the U.S., one of our Old Order Amish communities has recently suffered an infamous crime — the murder of several schoolchildren.  Interest in this case has been high.  Naturally, the public’s right to know has been ably served, as journalists took plenty of funeral photographs, despite the fact that the Amish, on strict […]


Information Warfare

As long as I have been lecturing on security I have used the “Threat Hierarchy” that lists threats in ascending order of seriousness. It goes like this: 1. Exploratory hacking 2. Vandalism 3. Hactivism 4. Cyber crime 5. Information Warfare It turns out that this hierarchy is also a predictive time line. Obviously we are […]


Words to live by

No free man shall be seized or imprisoned, or stripped of his rights or possessions, or outlawed or exiled, or deprived of his standing in any other way, nor will we proceed with force against him, or send others to do so, except by the lawful judgement of his equals or by the law of […]


Ed Felten's Testimony

Ed Felten, who has been doing research into security issues with Diebold’s voting machines, is testifying today at a House Administration Committee hearing. He’s posted his written testimony on his website. Check it out. [Edit: Corrected the spelling of Ed’s name.]


Stick a fork in her…

..’cause she’s Dunn! What’s the over/under on how long Hurd lasts? Image credit: progodess


HP: The Kind of Security Theater We Like To Watch

This story just keeps getting more entertaining. “HP targeted reporters before they published.” They tried to install spyware on target’s computers, as CNET reported in “HP Spying More Elaborate Than Reported.” They engaged in physical surveillance of targets, as reported by the Washington Post in “Extensive Spying Found At HP.” And the Post reports that […]


Does anyone remember laughter?

Via Stupid Security, I learned of a gent whose T-shirt was deemed a security risk because it showed crossed pistols and could upset passengers. He was allowed to board the plane, but only after turning his shirt inside out. Good thing he wasn’t wearing a Zeppelin shirt. I guess Bush would be OK (ironic, given […]


Dunn Done

See “Leak Scandal Costs HP’s Dunn Her Job.” [Update: It’s only her chairwoman job. Somehow the board members at HP don’t see action that leads to criminal investigation as all that bad. See Paul Kedrosky’s “HP Splits the Boardroom Baby,” which is an awful title for a great article. Solomon’s splitting of the baby was […]


Interesting Posts on HP, Sept 10

Eric Rescorla ties HP’s use of traffic analysis to that of the NSA in “I told you traffic analysis was useful.” Apparently, HP didn’t just chase down directors and reporters, but also the father of at least one journalist. See “HP Leak Investigation Extended Beyond Reporters, Directors.” (I say HP rather than HP’s investigators because […]


I couldn't have said it better, myself

Pseudonymous contributor “DK”, of Josh Marshall’s blog expresses several worthy thoughts about national character with a brevity and nuance I envy: OK, I’ll admit to a bias here. I think the Netherlands is one of the best places on the planet. They have our entrepreneurial spirit, but with good taste. Like us, they have completely […]


HP Roundup

The best posts I’m seeing are coming from Paul Kedrosky, who has posts like “Patricia Dunn Lectures on Corporate Governance,” and Playing Truth or Dare with HP’s Patricia Dunn” and Robert Scoble, with posts like “HP Story Keeps Getting Worse,” and “HP Has Major Ethical Problem, Day 2.” I’m using Scoble’s picture here. Don’t miss […]


Ruling issued in NSA wiretap case

The Permanent Injunction of the TSP requested by Plaintiffs is granted inasmuch as each of the factors required to be met to sustain such an injunction have undisputedly been met. The irreparable injury necessary to warrant injunctive relief is clear, as the First and Fourth Amendment rights of Plaintiffs are violated by the TSP. See […]



Is that enough acronyms yet? In Adam’s previous post, Justin Mason commented: There’s another danger of this — even if the number is an opaque ID, the *presence* of the RFID chip means than an attacker can remotely detect the presence of an I-94, therefore a foreign passport, therefore a tourist ripe for a mugging […]


In every dream home, a heartache

Barry Ritholz, an NYC hedge fund manager, blogs about a WSJ story. The gist: On Sept. 21, 2001, rescuers dug through the smoldering remains of the World Trade Center. Across town, families buried two firefighters found a week earlier. At Fort Drum, on the edge of New York’s Adirondacks, soldiers readied for deployment halfway across […]


Sorry for not posting this earlier…

…but my internet tube was flooded. If you want to know what the heck that means, the good folks at 27B Stroke 6 (easily the best blog name I’ve seen this year), provide the details. The short and sweet is that U.S. senator Ted Stevens ain’t exactly Vint Cerf: I just the other day got, […]


Never say die?

I’m not sure what to expect out of this story of a guy who, left behind in a crazed state and presumed to have died, overnighted above 8000 meters on Everest and was found alive the next day, prompting a rescue effort expected to take three days. (Note that this is a different climber from […]


The Human Element

In one of the soon-to-be countless articles about the VA Incident, Network World’s Ellen Messmer writes: The sad irony in all this is that there are many at the VA who have worked hard to design and install network-based security. But in the “multiple layers of security” everyone is so fond of discussing, the human […]


Cell phone records market seemingly no longer important?

Massachusetts Congressman Ed Markey asks Dennis Hastert whether legislation protecting mobile phone users’ privacy has been sent to a “legislative ‘Guantanamo Bay’” in order to modify it so that intelligence gathering activities analogous to those affecting land lines would be unimpeded.


Slippery Slope, Gaping Chasm and Torture

In February of last year, I told you about Lester Eugene Siler, a Tennessee man who was literally tortured by five sheriff’s deputies in Campbell County, Tennessee who suspected him of selling drugs. The only reason we know Siler was tortured is because his wife had the good sense to start a recording device about […]


Perspective on Brian Doyle, Background Checks

“We try to weed out those who pose a security risk,” Chertoff said in a briefing with reporters. “I don’t know … that background checks with people hired will predict future behavior.” Well, golly, Mr. Secretary, I don’t know…that either. So will you please cancel CAPPSIII/Secure Flight/Free Wheelchairs for Paraplegic Children, rather than invading the […]


National breach list? Pinch me!

H.R. 3997, the Financial Data Protection Act, is one of the many pieces of legislation proposed in the US to deal with identity theft or notification of security breaches. It was approved by the Financial Services Committee of the House of Representatives on 3/16. I haven’t read the full text of the bill (and it […]


NJ prosecutor reports debit card ring has been busted

Story at CNET. In related news, OfficeMax says there’s no evidence they were broken into, and back it up with help of outside experts. I’m done being a Kremlinologist on this one, for now. With as little solid info as has made it into the press, it’s just not worth it. Perhaps some facts will […]


Some additional info on the debit card breach

American Banker has a useful article about the debit card/PIN breach that has been making news. Unfortunately, it is behind a paywall. After reciting the background, the article presents some additional info in Q and A form. Herewith, some fair-use excerpts. All italics emphasis is added. If you have access, I urge you to read […]


"I've turned into my mother!"

…or, more generally, “I’m now doing that weird thing I saw an influential elder do, but now it seems to make sense”. I have several examples from my own life (generally rather predictable for a balding 40-something suburbanite), but just today I found another one, and I didn’t see it coming.


Metadata strike again!

Brian Krebs wrote about a botnet and the 733t d00d who ran one, nom de hack 0x80. Well, turns out the doctored on-line photo the Washington Post ran contained metadata identifying the gentleman’s rather small home town. Coupled with information in Krebs’ article concerning businesses near 0x80’s residence, identifying the young criminal would seem a […]


Police report on Cheney shooting incident reveals license info

Yet another incident of ineffective redaction? Adam’s bookmarks alerted me to this blog entry, in which commenters describe the ease with which the drivers’ license numbers of witnesses to the VP’s recent hunting accident are revealed. If this stuff is worth blocking, it’s worth blocking properly.


Thoughts on Farris Hassan, the 'Iraq Teenager'

If you haven’t read about Farris Hassan and his trip, take a minute to do so. He flew to Iraq to learn what was going on. I’d like to start by congratulating the teachers at Pine Crest School. How often, today, are teachers so inspiring? The goal of school should be to develop both a […]


" L'état c'est moi"

Via USA Today: Days after the Sept. 11 attacks, the head of the National Security Agency met his workforce at the nation’s eavesdropping and code-breaking headquarters at Fort Meade, Md., near Washington, for a pep talk. “I told them that free people always had to decide where to draw the line between their liberty and […]


Here's to you, New York…



Investigating New Orleans Failures

In “Bush Aide Will Lead Hurricane Inquiry,” the New York Times chronicles the sort of petty bickering we’ve come to expect from kindergarteners America’s leadership. Today’s subject-of-bickering is who is to investigate the failures in New Orleans: On Capitol Hill, Congressional Republicans continued their efforts Monday to persuade Democrats to take part in a special […]


Some Good News From New Orleans

John Quarterman tells of airlines sending planes to New Orleans without contracts or guarantee of payment. And the New Orleans Times Picayune tells stories of those who stayed to man the pumps in “Pace of drainage is rare bright spot.” Incidentally, while I hate ads, the work done by the staff of the Times Picayune […]


More on Bureaucracy

This is a follow-on to “Who Will Rid Me of This Meddlesome Bureaucracy?” and the same disclaimers apply. I’ll note that Time Magazine has an article “How Reliable Is Brown’s Resume:” The White House press release from 2001 stated that Brown worked for the city of Edmond, Okla., from 1975 to 1978 “overseeing the emergency […]


Who Will Rid Me of This Meddlesome Bureaucracy?

One of the facets of the response to and analysis of Katrina is that the disaster is large enough that everyone can choose an aspect of it to look at from the comfortable heights of their favorite hobby-horse. Be it the incompetence of (state, federal, or local) government, the evils of (small or big) government, […]


Bring Back The 9/11 Commission

As historians, they did a fantastic job of gathering information. They have credibility and stature. They have the perspective to tie the destruction of New Orleans to the destruction in New York, Washington, and Pennsylvania, and to consider the failures of leadership and the failures of response in the context of massive new spending to […]


New Orleans Roundup

Michael Froomkin points to a claim that “Long before FEMA dropped the ball, local authorities decided they didn’t need one: See See LENIN’S TOMB: Everything has gone according to plan.” For more, the City of New Orleans web site is still operational, and has a section on Emergency Preparedness. Bruce Sterling, with only a small […]


Katrina Roundup

Suzette Haden Elgin has an interesting essay on the “biblical proportions” construct, and its meaning. Thomas Barnett has written “The art of the long view,” which is an interesting perspective to be able to maintain right now. Another useful perspective comes from Bill west at the Counterterrorism blog in “Katrina Response – Another Quick Observation,” […]


New Orleans Times-Picayune Open Letter To The President.

…Every official at the Federal Emergency Management Agency should be fired, Director Michael Brown especially. In a nationally televised interview Thursday night, he said his agency hadn’t known until that day that thousands of storm victims were stranded at the Ernest N. Morial Convention Center. He gave another nationally televised interview the next morning and […]