m Quec.lim's republished posts.http://quec.li/~m /Payment for surrogate mothershttp://blogs.law.harvard.edu/philg/2014/09/18/payment-for-surrogate-mothers/http://blogs.law.harvard.edu/philg/?p=6280Thu, 18 Sep 2014 10:07:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2Ffeed%2F&entry=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2F%3Fp%3D6280Aerials of New York with the World Trade Centerhttp://aboutphotography-tomgrill.blogspot.com/2014/09/aerials-of-new-york-with-world-trade.htmltag:blogger.com,1999:blog-8331638045168087261.post-6962061277375973270Thu, 18 Sep 2014 08:20:00 -0400Last night I did some helicopter aerials of lower Manhattan at sunset. Haven't had time to process them yet, but decided to begin this post, and will add to it later. <br /><br /><br /><div><a href="http://1.bp.blogspot.com/-VnUatEndTOY/VBrNKklOTrI/AAAAAAAAPmw/xWu54eQWCu4/s1600/ti01077319bl.jpg" imageanchor="1"><img border="0" src="http://1.bp.blogspot.com/-VnUatEndTOY/VBrNKklOTrI/AAAAAAAAPmw/xWu54eQWCu4/s1600/ti01077319bl.jpg" /></a></div><br /><div></div><br /><div></div><div><a href="http://1.bp.blogspot.com/-NHdGql2GM-k/VBrNp2Tr_nI/AAAAAAAAPnE/zqZGXk4muP4/s1600/ti01077323bl.jpg" imageanchor="1"><img border="0" src="http://1.bp.blogspot.com/-NHdGql2GM-k/VBrNp2Tr_nI/AAAAAAAAPnE/zqZGXk4muP4/s1600/ti01077323bl.jpg" /></a></div><br />http://quec.li/EntryComments?feed=http%3A%2F%2Faboutphotography-tomgrill.blogspot.com%2Ffeeds%2Fposts%2Fdefault&entry=tag%3Ablogger.com%2C1999%3Ablog-8331638045168087261.post-6962061277375973270The Full Story of Yahoo's Fight Against PRISMhttps://www.schneier.com/blog/archives/2014/09/the_full_story_.htmltag:www.schneier.com,2014:/blog//2.5956Thu, 18 Sep 2014 08:13:00 -0400<p>In 2008 Yahoo <a href="http://gizmodo.com/the-nsa-was-going-to-fine-yahoo-250k-a-day-if-it-didnt-1633677548">fought</a> the NSA to avoid becoming part of the PRISM program. They eventually lost their court battle, and at one point were threatened with a $250,000 a day fine if they continued to resist. I am continually amazed at the extent of the government coercion.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2014%3A%2Fblog%2F%2F2.5956Prices in the Good Old Dayshttp://blogs.law.harvard.edu/philg/2014/09/18/prices-in-the-good-old-days/http://blogs.law.harvard.edu/philg/?p=6278Thu, 18 Sep 2014 01:02:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2Ffeed%2F&entry=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2F%3Fp%3D6278Identifying Dread Pirate Robertshttps://www.schneier.com/blog/archives/2014/09/identifying_dre.htmltag:www.schneier.com,2014:/blog//2.5955Wed, 17 Sep 2014 15:30:00 -0400<p>According to court documents, Dread Pirate Roberts was identified because a CAPTCHA service used on the Silk Road login page <a href="http://krebsonsecurity.com/2014/09/dread-pirate-sunk-by-leaky-captcha/">leaked</a> the users' true location.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2014%3A%2Fblog%2F%2F2.5955Tracking People From their Cellphones with an SS7 Vulnerabilityhttps://www.schneier.com/blog/archives/2014/09/tracking_people_3.htmltag:www.schneier.com,2014:/blog//2.5954Wed, 17 Sep 2014 08:15:00 -0400<p>What's interesting about <a href="http://www.washingtonpost.com/business/technology/for-sale-systems-that-can-secretly-track-where-cellphone-users-go-around-the-globe/2014/08/24/f0700e8a-f003-11e3-bf76-447a5df6411f_story.html">this story</a> is not that the cell phone system can track your location worldwide. That makes sense; the system has to know where you are. What's interesting about this story is that <i>anyone</i> can do it. Cyber-weapons arms manufacturers are selling the capability to governments worldwide, and <a href="http://berlin.ccc.de/~tobias/25c3-locating-mobile-phones.pdf">hackers</a> have demonstrated the capability.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2014%3A%2Fblog%2F%2F2.5954Monica Chew: Making decisions with limited datahttp://monica-at-mozilla.blogspot.com/2014/09/making-decisions-with-limited-data.htmltag:blogger.com,1999:blog-2365489364368097756.post-5949559424013864686Wed, 10 Sep 2014 12:05:00 -0400It is challenging but possible to make decisions with limited data. For example, take the rollout saga of <a href="http://monica-at-mozilla.blogspot.com/2014/08/firefox-32-supports-public-key-pinning.html">public key pinning</a>.<br /><br />The <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=744204">first implementation of public key pinning</a> included enforcing pinning on addons.mozilla.org. In retrospect, this was a bad decision because it <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1005364">broke the Addons Panel</a> and <a href="http://telemetry.mozilla.org/#filter=nightly/32/CERT_PINNING_EVALUATION_RESULTS&amp;aggregates=multiselect-all!Submissions&amp;evoOver=Builds&amp;locked=true&amp;sanitize=true&amp;renderhistogram=Table">generated pinning warnings 86% of the time</a>. As it turns out, the pinset was <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1005364">missing some Verisign certificates</a> used by services.addons.mozilla.org, and the pinning enforcement on addons.mozilla.org included subdomains. Having more data lets us avoid bad decisions.<br /><br />To enable safer rollouts, we implemented a <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=772756">test mode for pinning</a>. In test mode, pinning violations are counted but not enforced. With sufficient telemetry, it is possible to measure how badly sites would break without actually breaking the site.<br /><br />Due to privacy restrictions in telemetry, we do not collect per-organization pinning violations except for Mozilla sites that are operationally critical to Firefox. This means that it is not possible to distinguish pinning violations for Google domains from Twitter domains, for example. I do not believe that collecting the aggregated number of pinning violations for sites on the Alexa top 10 list constitutes a privacy violation, but I look forward to the day when technologies such as <a href="http://arxiv.org/abs/1407.6981?context=cs">RAPPOR</a> make it easier to collect actionable data in a privacy-preserving way. <br /><br />Fortunately for us, Chrome has already implemented pinning on many high-traffic sites. This is fantastic news, because it means we can import Chrome?s pin list in test mode with relatively high assurance that the pin list won?t break Firefox, since it is already in production in Chrome.<br /><br />Given sufficient test mode telemetry, we can decide whether to enforce pins instead of just counting violations. If the pinning violation rate is sufficiently low, it is probably safe to promote the pinned domain from test mode to production mode. The screenshot below shows a 3 week period where we promoted cdn.mozilla.com and media.mozilla.com and Google domains to production, as well as expand coverage on Twitter to include all subdomains.<br /><br /><img height="425" src="https://lh4.googleusercontent.com/WWGa1hbHo7fOeu_b7H-ehlQ2QlTdZ1a092xb6KN3c75rxjPX--co1u3WRhG8JjjRzUKqjoN-XsMolisa8F_o_aa_W2gcPVkmpp0YmZtJvZbE3CUmCwatsiH27JjNW4pcYw" width="640" /><br /><br />Because the current implementation of pinning in Firefox relies on built-in static pinsets and we are unable to count violations per-pinset, it is important to track changes to the pinset file in the <a href="https://github.com/monicachew/pinning-dashboard">dashboard</a>. Fortunately <a href="http://www.highcharts.com/products/highstock">HighStock</a> supports <a href="http://www.highcharts.com/stock/demo/flags-general/grid">event markers</a> which somewhat alleviates this problem, and David Keeler also contributed some tooltip code to roughly associate dates with Mercurial revisions. Armed with the timeseries of pinning violation rates, event markers for dates that we promoted organizations to production mode (or high-traffic organizations like Dropbox were added in test mode due to a new import from Chromium) we can see whether pinning is working or not.<br /><br />Telemetry is useful for forensics, but in our case, it is not useful for catching problems as they occur. This limitation is due to several difficulties, which I hope will be overcome by more generalized, comprehensive SSL error-reporting and HPKP:<div><ul><li>Because pinsets are static and built-in, there is sometimes a 24-hour lag between making a change to a pinset and reaching the next Nightly build.</li><li>Telemetry information is only sent back once per day, so we are looking at a 2-day delay between making a change and receiving any data back at all.</li><li>Telemetry dashboards (as accessible from <a href="http://telemetry.mozilla.org/docs.html">telemetry.js</a> and <a href="http://telemetry.mozilla.org/">telemetry.mozilla.org</a>) need about a day to aggregate, which adds another day.</li><li>Update uptake rates are slow. The <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1017269#c4">median time to update Nightly</a> is around 3 days, getting to 80% takes 10 days or longer.</li></ul><div>Due to these latency issues, pinning violation rates take at least a week to stabilize. Thankfully, <a href="https://groups.google.com/d/msg/mozilla.dev.planning/2ScJSX0QTOs/XSZbWEyN0ggJ">telemetry is on by default in all pre-release channels</a> as of Firefox 31, which gives us a lot more confidence that the pinning violation rates are representative.<br /><br />Despite all the caveats and limitations, using these simple tools we were able to successfully roll out pinning pretty much all sites that we?ve attempted (including AMO, our unlucky canary) as of Firefox 34 and look forward to expanding coverage.<br /><br />Thanks for reading, and don?t forget to update your Nightly if you love Mozilla! :)</div></div>http://quec.li/EntryComments?feed=http%3A%2F%2Fplanet.mozilla.org%2Frss20.xml&entry=tag%3Ablogger.com%2C1999%3Ablog-2365489364368097756.post-5949559424013864686Security Audit of Safeplug ?Tor in a Box?https://freedom-to-tinker.com/blog/annee/security-audit-of-safeplug-tor-in-a-box/https://freedom-to-tinker.com/?p=10368Mon, 08 Sep 2014 08:16:00 -0400<strong>m</strong>: <em>This was always a neat idea, although from the audit, it sounds like a) it should only be run by the same sort of person who would know to actively search-out such a thing (lacking informative documentaiton); and b) you'd need to be very careful and deliberate in how you design your network to guard against the lax security inherent in the device.<br /> </em>Last month at the FOCI workshop, we presented a security analysis of the Safeplug, a $49 box which promised users &#8220;complete security and anonymity&#8221; online by sending all of their web traffic through the Tor onion routing network. Safeplug claims to offer greater usability, particularly for non-technical customers, than the state-of-the-art in anonymous Internet browsing: [&#8230;]http://quec.li/EntryComments?feed=https%3A%2F%2Ffreedom-to-tinker.com%2Frss.xml%3Ffeed%3Drss2&entry=https%3A%2F%2Ffreedom-to-tinker.com%2F%3Fp%3D10368TIME Special Preview: A Guide to the Best Fall Photo Bookshttp://lightbox.time.com/2014/09/08/fall-photo-book-guide/http://lightbox.time.com/?p=101056Mon, 08 Sep 2014 04:00:00 -0400<p>LightBox presents a special preview of the season?s best photography books, featuring new titles from legendary photographers Stephen Shore and Bruce Davidson, as well as inspired work by contemporary photographers Michael Light, Julie Blackmon and LaToya Ruby Frazier.</p> <p>These photo books, lovingly designed and meticulously edited, are a rare treat in an time when photography is all-too-often relegated to selfies and snapshots, and offer an opportunity to truly indulge in the unfettered beauty of a well-made book.</p> <p><em>If you are a publisher and would like to submit a title for our Spring/Summer edition of the Guide, please contact lightbox@time.com.</em></p><br /> <a rel="nofollow" href="http://feeds.wordpress.com/1.0/gocomments/timethemoment.wordpress.com/101056/"><img alt="" border="0" src="http://feeds.wordpress.com/1.0/comments/timethemoment.wordpress.com/101056/" /></a> <img alt="" border="0" src="http://pixel.wp.com/b.gif?host=lightbox.time.com&amp;blog=17898441&amp;post=101056&amp;subd=timethemoment&amp;ref=&amp;feed=1" width="1" height="1" />http://quec.li/EntryComments?feed=http%3A%2F%2Flightbox.time.com%2Ffeed%2F&entry=http%3A%2F%2Flightbox.time.com%2F%3Fp%3D101056Security of Password Managershttps://www.schneier.com/blog/archives/2014/09/security_of_pas.htmltag:www.schneier.com,2014:/blog//2.5943Fri, 05 Sep 2014 06:18:00 -0400<p>At USENIX Security this year there were two papers studying the security of password managers:</p> <ul><li>David Silver, Suman Jana, and Dan Boneh, "<a href="https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/silver">Password Managers: Attacks and Defenses</a>." <p><li>Zhiwei Li, Warren He, Devdatta Akhawe, and Dawn Song, "<a href="https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/li_zhiwei">The Emperor's New Password Manager: Security Analysis of Web-based Password Managers</a>."</ul> <p>It's interesting work, especially because it looks at security problems in something that is supposed to improve security.</p> <p>I've long recommended a password manager to solve the very real problem that any password that can be easily remembered is vulnerable to a dictionary attack. The world got a visceral reminder of this earlier this week, when <a href="http://www.theverge.com/2014/9/1/6092089/nude-celebrity-hack">hackers posted</a> iCloud photos from celebrity accounts. The attack didn't exploit a flaw in iCloud; the attack <a href="http://betaboston.com/news/2014/09/02/apple-says-photo-theft-used-passwords-not-a-break-in-to-icloud-full-statement/">exploited weak passwords</a>.</p> <p>Security is often a trade-off with convenience, and most password managers automatically fill in passwords on browser pages. This turns out to be a difficult thing to do securely, and opens up the password managers to attack.</p> <p>My own password manager, <a href="https://www.schneier.com/passsafe.html">PasswordSafe</a>, wasn't mentioned in either of these papers. I specifically designed it not to automatically fill. I specifically designed it to be stand alone. The fast way to transfer a password from PasswordSafe to a browser page is using the operating system's cut and paste commands.</p> <p>I still recommend using a password manager, simply because it allows you to choose longer and stronger passwords. And for the few passwords you should remember, my scheme for generating them is <a href="https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html">here</a>.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2014%3A%2Fblog%2F%2F2.5943Milky Way Over Vogelsanghttp://www.flickr.com/photos/beezhive/15143096415/tag:flickr.com,2005:/photo/15143096415Thu, 04 Sep 2014 21:56:00 -0400<p><a href="http://www.flickr.com/people/beezhive/">beezhive</a> posted a photo:</p> <p><a href="http://www.flickr.com/photos/beezhive/15143096415/" title="Milky Way Over Vogelsang"><img src="http://farm4.staticflickr.com/3846/15143096415_7f318c736e_m.jpg" width="160" height="240" alt="Milky Way Over Vogelsang" /></a></p> <p>The Milky Way as seen from the backpacker camp near Vogelsang High Sierra Camp. Vogelsang peak is actually slightly to the right of the trees.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fapi.flickr.com%2Fservices%2Ffeeds%2Fphotos_public.gne%3Fid%3D92265804%40N00%26lang%3Den-us%26format%3Datom&entry=tag%3Aflickr.com%2C2005%3A%2Fphoto%2F15143096415Ludum Dare Compo 30 Post-Mortemhttp://www.unprompted.com/projects/blog/ld30http://www.unprompted.com/projects/blog/ld30Tue, 02 Sep 2014 19:24:00 -0400<p> <a href="http://www.unprompted.com/projects/attachment/blog/ld30/catanimation.gif"><img src="http://www.unprompted.com/projects/raw-attachment/blog/ld30/catanimation.gif" style="float:right" /></a>Recently I took the opportunity to participate in the <a href="http://www.ludumdare.com/compo/2014/08/20/welcome-to-ludum-dare-30/"><span>?</span>Ludum Dare 48-hour Game Jam Compo #30</a>. </p> <p> I was overall pretty happy with my <a href="http://www.unprompted.com/projects/blog/ld30">last entry</a>, so I took the same basic approach with JavaScript and WebGL. When I learned that the theme was "connected worlds," I decided that Zelda games embodied that theme best in my mind, and I should do my best to riff off of that. </p> <p> I wanted to explore multiple worlds connected in multiple ways. In the end this meant two worlds which you could take rockets between that needed some sort of network connection between then uncovered and repaired. I had meant to build up the dungeon, which is what I called the area starting with the rats, into its own world, and I meant to have one or two Mario-style warp pipes as another means of connecting areas, but I ran out of steam to set up all of that. </p> <p> <strong>Play my entry <a href="http://www.ludumdare.com/compo/ludum-dare-30/?action=preview&amp;uid=34198"><span>?</span>here</a>.</strong> </p> <p> My changelog this time was only slightly less distraught than last time: </p> <pre>2014-08-23 08:08:09 Connected worlds. 2014-08-23 10:50:46 What am I doing? 2014-08-23 11:30:02 Hrm. Tiles? 2014-08-23 12:42:41 I am the worst at collision. 2014-08-23 12:43:13 Forgotten file. 2014-08-23 14:10:51 Bah, collision.h 2014-08-23 16:14:52 This is...something? 2014-08-23 16:19:49 Fix the end of the line. 2014-08-23 17:24:26 Augh, doors. 2014-08-23 18:37:19 Something about rockets? 2014-08-23 19:21:48 Stubs for lots of levels. 2014-08-23 21:03:13 Fonts and shovels? 2014-08-23 22:10:12 Push the push blocks. 2014-08-24 07:49:19 Minor fixes. 2014-08-24 09:04:29 Rats. 2014-08-24 09:30:28 Yeah, cats. 2014-08-24 09:44:12 It's almost like a puzzle. 2014-08-24 09:57:19 More puzzly. What's up with the wire now? 2014-08-24 10:22:44 Fixes. 2014-08-24 10:57:59 More bombs. 2014-08-24 11:28:55 Something about blcoks. Restarting levels. 2014-08-24 11:29:04 Forgotten file. 2014-08-24 11:29:16 Forgotten files. 2014-08-24 12:02:56 I think everything is wired up? 2014-08-24 12:56:26 More rocket. 2014-08-24 13:28:03 This is really something. 2014-08-24 13:58:28 Finally, the worlds are different. 2014-08-24 14:24:19 Ugg, digg animation. 2014-08-24 14:28:52 Oh man oh man. 2014-08-24 15:32:33 Content content content. Fix fix fix. 2014-08-24 16:00:29 Cats... 2014-08-24 16:20:36 WWW HTTP WWW HTTP 2014-08-24 16:25:57 Faster digging. Wire fix. 2014-08-24 17:28:19 What have I done? 2014-08-24 17:42:30 Some fixes. 2014-08-24 18:05:56 I'm some kind of monster. 2014-08-25 20:49:46 Ported to my arcade cabinet? 2014-08-26 18:40:39 Hide cursor for the arcade cabinet. 2014-08-29 09:11:29 Some optimizations so that I can run this thing on the arcade cabinet better. 2014-08-29 09:38:37 Faster still. </pre><p> The "some kind of monster" comment referred to adding in title music. </p> <h1>Results</h1> <p> Overall I was pretty pleased with how things turned out. I stopped a few hours early, just because I was tired of staring at it, and I didn't think there was anything dramatic I could change at that point without breaking something. </p> <h2>Things that Made Me Happy</h2> <dl><dt>Music and sound</dt><dd>I set out to use a ukulele to make all of the sound effects and music for the game. As anticipated, this was one of the last things I did, but I felt like I had enough time to give it an acceptable treatment. I ended up having to tap on my desk for more effect than I expected. </dd></dl> <dl><dt>Scale</dt><dd>It takes me about ten minutes to play through the game. It's admittedly rather tedious, and it won't help me with ratings among the 2500+ other entries, but I'm happy that I made something big enough that it can't be fully understood in 15 seconds. </dd></dl> <dl><dt>Base code</dt><dd>This time I reused some of the base code from my last entry. This might have easily saved me half a day. </dd></dl> <h2>Things that Made Me Sad</h2> <dl><dt>Collision response</dt><dd>I have written collision response code many times and have reasonable awareness of the problems that come up, but it always trips me up. Every time. This time I went down a path that wasn't working and pretty quickly switched to something naive enough to work. I could use an existing solution next time, but I'd like to come to terms with this, so I will probably continue to try doing it myself. </dd></dl> <dl><dt>Fun</dt><dd>I knew the scope of work for this project was going to be significant, but I naively left "making it fun" and "making interesting puzzles" to near the very end (or never). I'm glad I challenged myself the way I did, but it didn't work out like I had hoped it would. </dd></dl> <dl><dt>Font</dt><dd>At the end of the first night, I found myself implementing textured font rendering. This seemed like a mistake. It cost me a fair amount of time getting the math right, and I could have spent that time making something else better if I had just use HTML to display text. </dd></dl> <dl><dt>Balance</dt><dd>I said I would pay more attention to balance this time, but one of the last things I did was adjust digging speed, and I think this made the game way more tedious than I intended. </dd></dl> <h1>Conclusion</h1> <p> 10/10 would participate again. </p> <p> In <a href="http://www.ludumdare.com/compo/2014/09/01/all-ld30-games-in-this-mosaic-2/"><span>?</span>the mosaics</a>, my title screen appears in the middle of the parrot's tail and somewhere around Turkey. </p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.unprompted.com%2Fprojects%2Fblog%3Fformat%3Drss&entry=http%3A%2F%2Fwww.unprompted.com%2Fprojects%2Fblog%2Fld30When Amateur Photographers Make the Front Pagehttp://lightbox.time.com/2014/09/01/amateur-photographers-scapegoats-photojournalism/http://lightbox.time.com/?p=100512Mon, 01 Sep 2014 04:00:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Flightbox.time.com%2Ffeed%2F&entry=http%3A%2F%2Flightbox.time.com%2F%3Fp%3D100512Cell Phone Kill Switches Mandatory in Californiahttps://www.schneier.com/blog/archives/2014/08/cell_phone_kill.htmltag:www.schneier.com,2014:/blog//2.5939Fri, 29 Aug 2014 13:31:00 -0400<p>California <a href="http://www.washingtonpost.com/blogs/the-switch/wp/2014/08/27/the-smartphone-kill-switch-explained/">passed</a> <a href="http://www.pcworld.com/article/2598680/california-passes-law-mandating-smartphone-kill-switch.html">a</a> <a href="http://bits.blogs.nytimes.com/2014/08/25/california-governor-signs-law-requiring-a-kill-switch-on-smartphones/">kill-switch</a> law, meaning that all cell phones sold in California must have the capability to be remotely turned off. It was sold as an antitheft measure. If the phone company could remotely render a cell phone inoperative, there would be less incentive to steal one.</p> <p>I worry more about the <a href="http://www.wired.com/2014/08/how-cops-and-hackers-could-abuse-californias-new-phone-kill-switch-law/">side effects</a>: once the feature is in place, it can be used by all sorts of people for all sorts of reasons.</p> <blockquote><p>The law raises concerns about how the switch might be used or abused, because it also provides law enforcement with the authority to use the feature to kill phones. And any feature accessible to consumers and law enforcement could be accessible to hackers, who might use it to randomly kill phones for kicks or revenge, or to perpetrators of crimes who might -- depending on how the kill switch is implemented -- be able to use it to prevent someone from calling for help. <p>"It's great for the consumer, but it invites a lot of mischief," says Hanni Fakhoury, staff attorney for the Electronic Frontier Foundation, which opposes the law. "You can imagine a domestic violence situation or a stalking context where someone kills [a victim's] phone and prevents them from calling the police or reporting abuse. It will not be a surprise when you see it being used this way."</p></blockquote> <p>I <a href="https://www.schneier.com/essays/archives/2008/06/ive_seen_the_future.html">wrote about this</a> in 2008, more generally:</p> <blockquote><p>The possibilities are endless, and very dangerous. Making this work involves building a nearly flawless hierarchical system of authority. That's a difficult security problem even in its simplest form. Distributing that system among a variety of different devices -- computers, phones, PDAs, cameras, recorders -- with different firmware and manufacturers, is even more difficult. Not to mention delegating different levels of authority to various agencies, enterprises, industries and individuals, and then enforcing the necessary safeguards. <p>Once we go down this path -- giving one device authority over other devices -- the security problems start piling up. Who has the authority to limit functionality of my devices, and how do they get that authority? What prevents them from abusing that power? Do I get the ability to override their limitations? In what circumstances, and how? Can they override my override?</p></blockquote> <p>The law only affects California, but phone manufacturers won't sell two different phones. So this means that <i>all</i> cell phones will eventually have this capability. And, of course, the procedural controls and limitations written into the California law don't apply elsewhere.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2014%3A%2Fblog%2F%2F2.5939People Are Not Very Good at Matching Photographs to Peoplehttps://www.schneier.com/blog/archives/2014/08/people_are_not_.htmltag:www.schneier.com,2014:/blog//2.5931Mon, 25 Aug 2014 08:08:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2014%3A%2Fblog%2F%2F2.5931Senior Pentagon official: Marines followed a ?jackass? to find insurgentshttp://feeds.washingtonpost.com/c/34656/f/636630/s/3db9bfc3/sc/38/l/0L0Swashingtonpost0N0Csenior0Epentagon0Eofficial0Emarines0Efollowed0Ea0Ejackass0Eto0Efind0Einsurgents0C20A140C0A80C210C4c667d30A0Ef5960E4a590Ea7940Ef60A89472a91f0Istory0Bhtml0Dwprss0Frss0Inational0Esecurity/story01.htmhttp://www.washingtonpost.com/senior-pentagon-official-marines-followed-a-jackass-to-find-insurgents/2014/08/21/4c667d30-f596-4a59-a794-f6089472a91f_story.html?wprss=rss_national-securityThu, 21 Aug 2014 11:24:00 -0400<p/> <p>It?s the kind of story that gets shared around the smoke pit at military bases for years.</p> <p>Robert Work, the deputy secretary of defense, shared a ?true story? with U.S. troops while visiting Guam yesterday and it showed the spirit and ingenuity that enlisted personnel bring to the job. A retired Marine colonel, Work said that while Marines were on patrol in Afghanistan, they saw Afghan men apparently hiding improvising explosive devices.</p> <a href="http://www.washingtonpost.com/senior-pentagon-official-marines-followed-a-jackass-to-find-insurgents/2014/08/21/4c667d30-f596-4a59-a794-f6089472a91f_story.html?wprss=rss_national-security">Read full article &#62;&#62;</a><img width="1" height="1" src="http://feeds.washingtonpost.com/c/34656/f/636630/s/3db9bfc3/sc/38/mf.gif" border="0" /><br clear='all'/><br/><br/><a href="http://da.feedsportal.com/r/204366859093/u/197/f/636630/c/34656/s/3db9bfc3/sc/38/rc/1/rc.htm" rel="nofollow"><img src="http://da.feedsportal.com/r/204366859093/u/197/f/636630/c/34656/s/3db9bfc3/sc/38/rc/1/rc.img" border="0" /></a><br/><a href="http://da.feedsportal.com/r/204366859093/u/197/f/636630/c/34656/s/3db9bfc3/sc/38/rc/2/rc.htm" rel="nofollow"><img src="http://da.feedsportal.com/r/204366859093/u/197/f/636630/c/34656/s/3db9bfc3/sc/38/rc/2/rc.img" border="0" /></a><br/><a href="http://da.feedsportal.com/r/204366859093/u/197/f/636630/c/34656/s/3db9bfc3/sc/38/rc/3/rc.htm" rel="nofollow"><img src="http://da.feedsportal.com/r/204366859093/u/197/f/636630/c/34656/s/3db9bfc3/sc/38/rc/3/rc.img" border="0" /></a><br/><br/><a href="http://da.feedsportal.com/r/204366859093/u/197/f/636630/c/34656/s/3db9bfc3/sc/38/a2.htm"><img src="http://da.feedsportal.com/r/204366859093/u/197/f/636630/c/34656/s/3db9bfc3/sc/38/a2.img" border="0" /></a><img width="1" height="1" src="http://pi.feedsportal.com/r/204366859093/u/197/f/636630/c/34656/s/3db9bfc3/sc/38/a2t.img" border="0" />http://quec.li/EntryComments?feed=http%3A%2F%2Ffeeds.washingtonpost.com%2Frss%2Fworld%2Fnational-security&entry=http%3A%2F%2Fwww.washingtonpost.com%2Fsenior-pentagon-official-marines-followed-a-jackass-to-find-insurgents%2F2014%2F08%2F21%2F4c667d30-f596-4a59-a794-f6089472a91f_story.html%3Fwprss%3Drss_national-securityEditor's Choicehttp://www.reuters.com/article/2014/08/21/24-hours-in-pictures-idUSRTR437PS?feedType=RSS&amp;feedName=RCOMUS_24http://www.reuters.com/article/2014/08/21/24-hours-in-pictures-idUSRTR437PS?feedType=RSS&amp;feedName=RCOMUS_24Thu, 21 Aug 2014 10:05:00 -0400Our top photos from the last 24 hours.http://quec.li/EntryComments?feed=http%3A%2F%2Ffeeds.reuters.com%2FReutersPictures&entry=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2014%2F08%2F21%2F24-hours-in-pictures-idUSRTR437PS%3FfeedType%3DRSS%26amp%3BfeedName%3DRCOMUS_24Researchers Show Flaws in Airport Scannerhttps://freedom-to-tinker.com/blog/felten/researchers-show-flaws-in-airport-scanner/https://freedom-to-tinker.com/?p=10325Thu, 21 Aug 2014 09:57:00 -0400<p>Today at the <a href="https://www.usenix.org/conference/usenixsecurity14" title="" target="">Usenix Security Symposium</a> a group of researchers from UC San Diego and the University of Michigan will present a <a href="https://radsec.org/paper.html" title="" target="">paper</a> demonstrating flaws in a full-body scaning machine that was used at many U.S. airports. In this post I&#8217;ll summarize their findings and discuss the security and policy implications.<br /> <span></span><br /> (The researchers offer a <a href="https://radsec.org/" title="" target="">page</a> with images, a FAQ, etc.)</p> <p>The study looked at a Rapiscan machine, which uses backscatter technology. These machines were used in many U.S. airports, but they have been replaced by new machines that uses a different detection technology, millimeter waves. The backscatter machines have been redeployed to jails, courthouses, cruise ships, and other settings.</p> <p><strong>Detection of Guns and Explosives</strong></p> <p>The researchers confirmed that the machine would detect casual attempts to smuggle guns or explosives through a checkpoint. A gun in the pocket or a big block of plastic explosives under the shirt would show up on the scanner. </p> <p>Unfortunately it proved possible for a more clever attacker to carry a gun or explosives undetectably. To understand why, let&#8217;s review how the machines work. They produce a grayscale image of the front and rear of the subject seen from the front and rear. The background (i.e. where the body is not) is very dark, and the brightness of other materials depends on the atomic weight of the material. </p> <p>The bad news is that guns have high atomic weight, so they show up as very dark&#8212;the same color as the background. So a gun placed against the side of the body will look just like the background that one expects to see next to the body. Here&#8217;s a scan of a person with a pistol taped next to their knee.</p> <p><img src="https://radsec.org/img/pistol-tape.png" alt="Image with hidden pistol" /></p> <p>The other bad news is that plastic explosives have almost exactly the same atomic weight as flesh, which means that explosives are the same color as flesh on the scans. (The researchers actually used a commercial simulant which is designed to look just like explosives on these scans, and is used for testing detectors.) Here&#8217;s a comparison: on the left a person with no explosives, on the right with about half a pound of explosive simulant taped to the belly. (The &#8220;navel&#8221; is really a metal detonator.)</p> <p><img src="https://radsec.org/img/explosive.png" alt="" /></p> <p>After passing through the security checkpoint, an attacker could remove and reshape the explosives and detonator.</p> <p><strong>Security and Policy Implications</strong></p> <p>The backscatter machines replaced the magnetometers (metal detectors) that were used previously. Compared to magnetometers, the backscatter machines were less effective at detecting guns&#8212;able to detect casually carried guns but missing side-positioned guns. However, the backscatter machines were better at detecting explosives&#8212;detecting casually carried explosives which the magnetometers would have missed. If you had to choose one or the other, the choice would depends on which attacks seemed more likely damaging.</p> <p>A better option, from a security standpoint, would be to use both a magnetometer and a backscatter machine. Then you could detect all metal guns as well as casually carried explosives.</p> <p>Significantly, the tricks shown above (side-carried gun and body-molded explosives) were described by previous researchers based on an understanding of the physics of backscatter. The researchers&#8217; access to the machines allowed them to advance the public debate by confirming these attacks, but access was not required to figure out that the attacks were likely possible.</p> <p>Although the backscatter machines are no longer used in U.S. airports, our security did rely on them for years, so it is useful to consider the wisdom of the decision to deploy them. </p> <p>It&#8217;s possible that TSA knew about the machines&#8217; flaws but decided to deploy them in place of the previous magnetometers anyway. This seems like a questionable security decision since the machines were expensive, privacy-invasive, and worse at detecting guns. A decision to use backscatter plus magnetometers would have been defensible from a security standpoint, but that option was not taken.</p> <p>Or perhaps TSA did not know about the machines&#8217; flaws, which reflects a lack of due diligence on their part. A decision this important and expensive should not have been made without considering the efficacy of the machines. The researchers present some evidence that pre-deployment testing was not thorough enough, but there is still a lot we don&#8217;t know.</p> <p>My guess&#8212;and it&#8217;s only an educated guess&#8212;is that the truth lies somewhere in the middle, that TSA had evidence of the flaws but convinced themselves, with the help of the vendor, that they shouldn&#8217;t worry about the problems. Programs like this take on a momentum that can be difficult to stop, and TSA was under pressure to be seen changing to a higher-tech security approach.</p> <p><strong>Implications for Today&#8217;s Security</strong></p> <p>What does this mean for the security of the millimeter-wave machines used today? It&#8217;s hard to say. Some will probably argue that the deployment of millimeter-wave is evidence that it is probably better, but the same argument could have been made about backscatter&#8212;and we now know it would have been wrong.</p> <p>My guess would be that millimeter-wave machines have their own vulnerabilities that are different. The researchers argue in their paper that the computer systems that operate the machines may have signficant security vulnerabilities, and it wouldn&#8217;t surprise me to learn that was the case.</p> <p>The most important question&#8212;whether the new airport security regime makes us any safer than we were before&#8212;is still open.</p>http://quec.li/EntryComments?feed=https%3A%2F%2Ffreedom-to-tinker.com%2Frss.xml%3Ffeed%3Drss2&entry=https%3A%2F%2Ffreedom-to-tinker.com%2F%3Fp%3D10325See Inside Fukushima?s Lethal Reactorhttp://lightbox.time.com/2014/08/21/fukushima-nuclear-reactor-meltdown-lethal/http://lightbox.time.com/?p=98534Thu, 21 Aug 2014 07:00:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Flightbox.time.com%2Ffeed%2F&entry=http%3A%2F%2Flightbox.time.com%2F%3Fp%3D98534Californiahttp://xkcd.com/1410/http://xkcd.com/1410/Wed, 20 Aug 2014 00:00:00 -0400<img src="http://imgs.xkcd.com/comics/california.png" title="58% of the state has gone into plaid." alt="58% of the state has gone into plaid." />http://quec.li/EntryComments?feed=http%3A%2F%2Fxkcd.com%2Frss.xml&entry=http%3A%2F%2Fxkcd.com%2F1410%2FNight Lights: Breathtaking Photographs of Naturehttp://lightbox.time.com/2014/08/16/night-nature-photography-takehito-miyatake/http://lightbox.time.com/?p=96209Sat, 16 Aug 2014 04:00:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Flightbox.time.com%2Ffeed%2F&entry=http%3A%2F%2Flightbox.time.com%2F%3Fp%3D96209Irrational Fear of Risks Against Our Childrenhttps://www.schneier.com/blog/archives/2014/08/irrational_fear.htmltag:www.schneier.com,2014:/blog//2.5915Mon, 11 Aug 2014 10:34:00 -0400<p>There's a <a href="http://www.theatlantic.com/national/archive/2014/07/arrested-for-letting-a-9-year-old-play-at-the-park-alone/374436/">horrible story</a> of a South Carolina mother arrested for letting her 9-year-old daughter play alone at a park while she was at work. The article linked to another <a href="http://www.salon.com/2014/06/03/the_day_i_left_my_son_in_the_car/">article</a> about a woman convicted of "contributing to the delinquency of a minor" for leaving her 4-year-old son in the car for a few minutes. That article contains some excellent commentary by the very sensible <a href="http://www.freerangekids.com/">Free Range Kids</a> blogger Lenore Skenazy:</p> <blockquote><p>"Listen," she said at one point. "Let's put aside for the moment that by far, the most dangerous thing you did to your child that day was put him in a car and drive someplace with him. About 300 children are injured in traffic accidents every day -- and about two die. That?s a real risk. So if you truly wanted to protect your kid, you'd never drive anywhere with him. But let?s put that aside. So you take him, and you get to the store where you need to run in for a minute and you?re faced with a decision. Now, people will say you committed a crime because you put your kid 'at risk.' But the truth is, there?s some risk to either decision you make.? She stopped at this point to emphasize, as she does in much of her analysis, how shockingly rare the abduction or injury of children in non-moving, non-overheated vehicles really is. For example, she insists that statistically speaking, it would likely take 750,000 years for a child left alone in a public space to be snatched by a stranger. "So there is some risk to leaving your kid in a car," she argues. It might not be statistically meaningful but it?s not nonexistent. The problem is,"she goes on, "there's some risk to every choice you make. So, say you take the kid inside with you. There?s some risk you'll both be hit by a crazy driver in the parking lot. There?s some risk someone in the store will go on a shooting spree and shoot your kid. There?s some risk he'll slip on the ice on the sidewalk outside the store and fracture his skull. There?s some risk no matter what you do. So why is one choice illegal and one is OK? Could it be because the one choice inconveniences you, makes your life a little harder, makes parenting a little harder, gives you a little less time or energy than you would have otherwise had?" <p>Later on in the conversation, Skenazy boils it down to this. "There?s been this huge cultural shift. We now live in a society where most people believe a child can not be out of your sight for one second, where people think children need constant, total adult supervision. This shift is not rooted in fact. It?s not rooted in any true change. It?s imaginary. It?s rooted in irrational fear."</blockquote"</p> <p>Skenazy has some <a href="http://reason.com/blog/2014/07/14/mom-jailed-because-she-let-her-9-year-ol">choice words</a> about the South Carolina story as well:</p> <blockquote><p>But, "What if a man would've come and snatched her?" said a woman interviewed by the TV station. <p>To which I must ask: In broad daylight? In a crowded park? Just because something happened on <a href="http://www.nbc.com/law-and-order-special-victims-unit">Law & Order</a> doesn't mean it's happening all the time in real life. Make "what if?" thinking the basis for an arrest and the cops can collar anyone. "You let your son play in the front yard? What if a man drove up and kidnapped him?" "You let your daughter sleep in her own room? What if a man climbed through the window?" etc.</p> <p>These fears pop into our brains so easily, they seem almost real. But they're not. Our crime rate today is <a href="http://www.csmonitor.com/USA/Justice/2012/0109/US-crime-rate-at-lowest-point-in-decades.-Why-America-is-safer-now">back to what it was when gas was 29 cents a gallon</a>, according to <i>The Christian Science Monitor</i>. It may feel like kids are in constant danger, but they are as safe (if not safer) than we were when our parents let us enjoy the summer outside, on our own, without fear of being arrested. </p></blockquote> <p>Yes.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2014%3A%2Fblog%2F%2F2.5915Obama and New England aviation businesses start their vacationhttp://blogs.law.harvard.edu/philg/2014/08/09/obama-and-new-england-aviation-businesses-start-their-vacation/http://blogs.law.harvard.edu/philg/?p=6228Sat, 09 Aug 2014 16:34:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2Ffeed%2F&entry=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2F%3Fp%3D6228Crypto Daddy Phil Zimmerman says surveillance society is DOOMEDhttp://go.theregister.com/feed/www.theregister.co.uk/2014/08/09/technology_and_market_forces_will_defeat_surveillance_society_claims_crypto_king/tag:theregister.co.uk,2005:story/2014/08/09/technology_and_market_forces_will_defeat_surveillance_society_claims_crypto_king/Sat, 09 Aug 2014 03:58:00 -0400<h4>We?ve been here before when we defeated slavery and the absolute monarchy</h4> <p><strong>Defcon 22</strong> A killer combination of rapidly advancing technology and a desire for greater privacy among the public should condemn current surveillance state to an historical anachronism, according to PGP creator Phil Zimmermann.?</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.theregister.co.uk%2Fheadlines.rss&entry=tag%3Atheregister.co.uk%2C2005%3Astory%2F2014%2F08%2F09%2Ftechnology_and_market_forces_will_defeat_surveillance_society_claims_crypto_king%2FU.S. judge rules against NCAA, says athletes can be paidhttp://feeds.reuters.com/~r/reuters/sportsNews/~3/VymzN5gYc_Y/story01.htmhttp://www.reuters.com/article/2014/08/09/us-ncaa-rules-decision-idUSKBN0G82AI20140809?feedType=RSS&amp;feedName=sportsNewsFri, 08 Aug 2014 21:12:00 -0400SAN FRANCISCO/NEW YORK (Reuters) - The National Collegiate Athletic Association must allow universities to offer student athletes a limited share of revenue, a U.S. judge ruled on Friday, a decision that cuts to the heart of the NCAA's mission to enforce amateurism in college sports.<img width="1" height="1" src="http://reuters.us.feedsportal.com/c/35217/f/654202/s/3d54e5ec/sc/13/mf.gif" border="0" /><br clear='all'/><div> <a href="http://feeds.reuters.com/~ff/reuters/sportsNews?a=VymzN5gYc_Y:hYUsI3U6WSM:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/reuters/sportsNews?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.reuters.com/~ff/reuters/sportsNews?a=VymzN5gYc_Y:hYUsI3U6WSM:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/reuters/sportsNews?i=VymzN5gYc_Y:hYUsI3U6WSM:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.reuters.com/~ff/reuters/sportsNews?a=VymzN5gYc_Y:hYUsI3U6WSM:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/reuters/sportsNews?i=VymzN5gYc_Y:hYUsI3U6WSM:V_sGLiPBpWU" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/reuters/sportsNews/~4/VymzN5gYc_Y" height="1" width="1" />http://quec.li/EntryComments?feed=http%3A%2F%2Ffeeds.reuters.com%2Freuters%2FsportsNews&entry=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2014%2F08%2F09%2Fus-ncaa-rules-decision-idUSKBN0G82AI20140809%3FfeedType%3DRSS%26amp%3BfeedName%3DsportsNews