Wednesday, July 15, 2009

Podcast: Crypto-Gram 15 July 2008:

from the Jul 15, 2008 Crypto-Gram Newsletter
by Bruce Schneier

* CCTV Cameras

Pervasive security cameras don't substantially reduce crime. There are exceptions, of course, and that's what gets the press.

The question really isn't whether cameras reduce crime; the question is whether they're worth it.

* Kill Switches and Remote Control

Who has the authority to limit functionality of my devices, and how do they get that authority? What prevents them from abusing that power? Do I get the ability to override their limitations? In what circumstances, and how? Can they override my override?

How do we prevent this from being abused? Can the police enforce the same rule to avoid another Rodney King incident? Do the police get "superuser" devices that cannot be limited, and do they get "supercontroller" devices that can limit anything? How do we ensure that only they get them, and what do we do when the devices inevitably fall into the wrong hands?

* LifeLock and Identity Theft

May be someday Congress will do the right thing and put LifeLock out of business by forcing lenders to verify identity every time they issue credit in someone's name.

* The First Interdisciplinary Workshop on Security and Human Behavior

In order to be effective, security must be usable -- not just by geeks, but by ordinary people. Research into usable security invariably has a psychological component.

* The Truth About Chinese Hackers

The popular media conception is that there is a coordinated attempt by the Chinese government to hack into U.S. computers.

These hacker groups seem not to be working for the Chinese government. They don't seem to be coordinated by the Chinese military. They're basically young, male, patriotic Chinese citizens, trying to demonstrate that they're just as good as everyone else.

The hackers are in this for two reasons:
1) fame and glory
2) an attempt to make a living.

Some of the hackers are good:
- become more sophisticated in both tools and techniques.
- stealthy.
- do good network reconnaissance.
- discover their own vulnerabilities.

* Man-in-the-Middle Attacks

Man-in-the-middle is defeated by context.

There are cryptographic solutions to MITM attacks, and there are secure web protocols that implement them. Many of them require shared secrets, though, making them useful only in situations where people already know and trust one another.

length: 27:45m
PS: this is my cheat sheet of Bruce Schneier's Podcast:

Labels: ,


Post a Comment

<< Home