Items tagged bruceschneier
Filters: bruceschneier ×
Private blockchains are completely uninteresting. (By this, I mean systems that use the blockchain data structure but don’t have the above three elements.) In general, they have some external limitation on who can interact with the blockchain and its features. These are not anything new; they’re distributed append-only data structures with a list of individuals authorized to add to it. Consensus protocols have been studied in distributed systems for more than 60 years. Append-only data structures have been similarly well covered. They’re blockchains in name only, and -- as far as I can tell -- the only reason to operate one is to ride on the blockchain hype.
Intercepting Predator Video. Bruce Schneier’s take on the unencrypted Predator UAV story. A fascinating discussion of key management and the non-technical side of cryptography. # 24th December 2009, 9:26 pm
Whenever you build a security system that relies on detection and identification, you invite the bad guys to subvert the system so it detects and identifies someone else. [...] Build a detection system, and the bad guys try to frame someone else. Build a detection system to detect framing, and the bad guys try to frame someone else framing someone else. Build a detection system to detect framing of framing, and well, there’s no end, really.
On the Anonymity of Home/Work Location Pairs. Most people can be uniquely identified by the rough location of their home combined with the rough location of their work. US Census data shows that 5% of people can be uniquely identified by this combination even at just census tract level (1,500 people). # 24th May 2009, 1:14 pm
“Digital Manners Policies” is a marketing term. Let’s call this what it really is: Selective Device Jamming. It’s not polite, it’s dangerous. It won’t make anyone more secure—or more polite.
Since 9/11, approximately three things have potentially improved airline security: reinforcing the cockpit doors, passengers realizing they have to fight back and—possibly—sky marshals. Everything else—all the security measures that affect privacy—is just security theater and a waste of effort.
I don’t understand why the NSA was so insistent about including Dual_EC_DRBG in the standard. It makes no sense as a trap door: It’s public, and rather obvious. It makes no sense from an engineering perspective: It’s too slow for anyone to willingly use it. And it makes no sense from a backwards-compatibility perspective: Swapping one random-number generator for another is easy.
A school in the UK is using RFID chips in school uniforms to track attendance. So now it’s easy to cut class; just ask someone to carry your shirt around the building while you’re elsewhere.
Global Hackers Create a New Online Crime Economy (via) Fascinating, detailed look at the evolution of the hacker service economy. Of particular interest: a web application that sells access to hacked machines to identity thieves on a timeshare basis. # 17th October 2007, 9:46 pm
The Storm Worm. Bruce Schneier describes the Storm Worm, a fantastically advanced piece of malware that’s been spreading for nearly a year and is proving almost impossible to combat. Its effects are virtually invisible but infected machines are added to a multi-million machine botnet apparently controlled by anonymous Russian hackers. # 6th October 2007, 12:25 am