This website does readability filtering of other pages. All styles, scripts, forms and ads are stripped. If you want your website excluded or have other feedback, use this form.

Schneier on Security: Last 100 Comments

Schneier on Security

Blog >

Recent Comments

Note: new comments may take a few minutes to appear on this page.

November 20, 2018 2:08 AM

Clive Robinson on What Happened to Cyber 9/11?:

@ wiredog,

A State actor who is willing and able to make the effort to learn the protocols may be a threat, but a terrorist? Not likely.

The problem with that is, many states are waning in power and resources in comparison to the newer International Corporations,

1, Many Corps are above state level.
2, Many States will do what Corps ask even the USG.
3, Industrial espionage is not always passive.
4, Terrorists come in all flavours.
5, Terrorists do not care who they get into bed with to further their aims.
6, Most...

Read More →

November 20, 2018 1:33 AM

olivia jackson on Security and the Internet of Things:

I am so grateful for your blog post.Really looking forward to read more. Really Great.

my stove and my stove are not on the web, and none of my companions' are. No one I know needs their ice chest and stove to be on the web. The web of things is a promotion, it's not something common individuals are clamoring for.

November 20, 2018 1:17 AM

ImWithHim on What Happened to Cyber 9/11?:

With Trump in the white house, the Terrorists don't need another 9/11, The little orange toddler is doing all their work for them. American citizens are fighting each other, the White House is in disarray, Trump is having tantrums with unsettling consistency and blaming it all on his "enemies" (journalists, Hillary, Obama, Democrats, etc).

All the Terrorists have to do is make create a news items insulting Trump and he unleashes another orange tinted jihad against anyone and everyone.

The Homegrown Violent Extremists (HVEs), ISIS, Al-Qa’ida, plus Iran, Lebanese...

Read More →

November 19, 2018 11:53 PM

Clive Robinson on Israeli Surveillance Gear:

@ vas pup,

I guess all such surveillance devices should have embedded self-destruction capability...

Self destruct devices, realy are not liked for many reasons, not least for their unreliability in various ways.

One of the reasons the so called "black box recorders" are switching over to "all solid state" is that chips are just to difficult to destroy... Likewise artillery shells woth massive G-Forces are using more and more solid state electronics for fusing systems.

Forensics personnel involved with sifting through the debris of...

Read More →

November 19, 2018 10:13 PM

echo on What Happened to Cyber 9/11?:


Though the National Cyber Security Centre arm of GCHQ was set up a couple of years ago to help counter this kind of threat, the report also warned that "there appears to be little beyond anecdotal evidence that the UK is at the forefront of international efforts on cybersecurity", suggesting that, despite its publicity, GCHQ may in fact not be able to cope with the scale of the threat if things got truly nasty.


November 19, 2018 9:55 PM

Mike Jones on Hacking Police Bodycams:

This Russian hacker, Arthur Vitali helped me gain access to a cellphone without even touching it, all he needed was number and country code. I really don't wish to go into details because was a family problem. If you need help, I advise you contact Arthur on EMAIL- [email protected] WHATSAPP- +380683017209 or KIK- Arturquickhack
I have never come across any hacker as fast and reliable as Arthur. When he hacked the phones, I had access to all the social media accounts, text messages, pictures, videos and an option to record phone calls. He offer's man other hacking services...

Read More →

November 19, 2018 8:56 PM

echo on Friday Squid Blogging: Squid Sculptures:

Here are some interesting views on curiosity and emerging public policy discussion on removing snobbery from the recruitment process and how mavericks may benefit organisations.


Tomas Chamorro-Premuzi, business psychology professor at University of London, wrote a post for Harvard Business Review in which he discussed how the curiosity quotient and having a hungry mind makes one more...

Read More →

November 19, 2018 8:31 PM

The Real Ronald J Raygun on What Happened to Cyber 9/11?:

9/11 was allowed to happen for purposes obvious and subtle. Maybe a cyber iteration is imminent? Find out soon.

November 19, 2018 6:14 PM

echo on Worst-Case Thinking Breeds Fear and Irrationality:


The new Stalking Protection Bill does not go far enough according to the Sussex police and crime commissioner (PCC), herself a victim of stalking. Katy Bourne said she was failed by the police and prosecutors when she reported her own case. She argued the issue of stalking was routinely trivialised and shrouded by...

Read More →

November 19, 2018 6:02 PM

Men in Black on What Happened to Cyber 9/11?:

"What Happened to Cyber 9/11?"

To answer the question, it's a death by a thousand cuts rather than one massive catastrophic event.

The continual onslaught of adware, malware, spyware, worms, Trojans, viruses, and keyloggers which the Microsoft / Intel / Apple / Android / Facebook cartel adamantly refuses to allow us to secure ourselves against.

For every online security measure introduced, there is an entire industry of mandated insecurity.

November 19, 2018 5:06 PM

F.J on What Happened to Cyber 9/11?:


"... why hasn't there been another 9/11 since 2001 ..."

From my point of view we haven't seen once since because USGOV hasn't found the need of another one to push terror on it's own population to strip peoples civil rights, have a pretext for invading other countries in search of chemical weapons and so on.

If people still think two airplanes can melt the steal structure of entire buildings to the point of colapse in free fall then I would advise studying some basic physics and doing some math. Ah...and don't forget the third building...

Read More →

November 19, 2018 4:49 PM

AJWM on What Happened to Cyber 9/11?:

Attacking power substations with bombs or hand-grenades is unnecessary and fraught with risk to the attacker.

It's amazing the damage to infrastructure someone who is a good shot with a .50 cal sniper rifle could do without the messiness of dealing with explosives. No, I'm not going to elaborate. But certain pieces of infrastructure equipment have long lead times to replace and don't work well with half-inch holes in them. (Although the situation has improved somewhat since the late 80s when this first came to my attention.)

November 19, 2018 4:12 PM

Impossibly Stupid on What Happened to Cyber 9/11?:


Why should a cyber attack resemble physical attacks?

I don't think anyone is saying they must, just like nobody is dismissive of terrorist attacks on scales smaller than that experienced on 9/11. It's just that script kiddies doing other, lesser cyber crimes isn't going to be big enough to capture headlines globally.

Killing people, or terrorizing them in other ways, are simply means to achieve various goals. Why would a state actor (or would-be state actor) bother with that messy stuff if they can find more...

Read More →

November 19, 2018 3:54 PM

Joe on Ebook Fraud:

Thanks for publishing this.... It's more prevalent 7 years later than you'd imagine! People are truly that lazy that they'd do anything for a quick buck!

I was recently the victim of an individual who took a liking to my search engine optimisation (SEO) training e-book. They used what I guess is a content 'spinning' tool to try and get uniqueness from my original, most likely used a good designer who is good with illustrations etc, and now it's a few spots below me in Amazon! grrrr!

November 19, 2018 3:50 PM

Men in Black on Friday Squid Blogging: Squid Sculptures:


When people talk about sex, they are charging money for it. Remember which the EFF's lawyers were plugging for?

Some sort of blacklist for male personae non gratae, not quite a registered sex offenders list, but the same general sort of "list" or "database" of social undesirables or mental defectives.

A bunch of girls getting together to pursue a Nazi-like Holocaust vendetta against their ex-boyfriends, over and above all legal means of action in court.

The kind of girls who have an online dating profile, because they...

Read More →

November 19, 2018 3:34 PM

Timothy on Worst-Case Thinking Breeds Fear and Irrationality:


I appreciate that you found value in the links. Having effective care is so important.

Yes, it does seem to have a little bit of a military flair. Interesting thing is that he has a bachelor’s degree in English and often reads and talks about military history books and interviews a variety of interesting people on his podcast. He has also written a few books, including some kids books. Thank you for taking the time to listen and respond. I’m so glad it helped you.

November 19, 2018 3:30 PM

PeaceHead on Friday Squid Blogging: Squid Sculptures:

The previous comment after the parenthesis "(" was supposed to read as:

I'm not promoting this site; I'm providing it for reference as a cultural phenomenon".

By the way, data holes seem to be the norm between web browsers co-installed within the same home computer system.

November 19, 2018 1:49 PM

JohnnyS on What Happened to Cyber 9/11?:


Sorry, you don't need to know the exact protocol definitions to cause havoc. A buddy of mine once watched a security survey of a wireless network on a manufacturing floor where they had a large robot: There were carefully painted lines on the floor all around the robot to show workers where they were safe, keeping the workers outside of the arm's *normal* operating range.

The surveyor had connected to the open wireless network with no authentication, then figured out the robot's IP on the network and sent it a packet with random content. At that point, the robot...

Read More →

November 19, 2018 1:08 PM

Faustus on Worst-Case Thinking Breeds Fear and Irrationality:

@ Timothy

Thank you for the sweet link about the paramedic who diverts people with frequent issues away from Emergency Services so the services can do their work, while still providing the sufferers appropriate, in fact MORE appropriate, care.

It's no fun going to Emergency or the clinic and I am sure these people are authentically distressed, if not literally ill. A punitive reaction towards them is just mean. It really does my heart good to read of someone modeling a caring and effective response to their troubles.

I also liked the Jocko pep talk. It has a...

Read More →

November 19, 2018 1:08 PM

Reziac on What Happened to Cyber 9/11?:

I can think of a dozen major power stations just in my old neighborhood where a drive-by, a decent throwing arm, and a hand grenade would do a LOT of damage, with zero risk of being seen or caught. Why bother with hacks to cause shutdowns or lockups that may only require a reboot to fix, when you can both knock out a big chunk of the system for days and maybe start a brushfire into the bargain?

November 19, 2018 12:20 PM

Dogen on What Happened to Cyber 9/11?:

This seems too obvious, but no one else has mentioned it, so here goes.

Why should a cyber attack resemble physical attacks? I don’t think they do, in general.

Russia’s takeover of the US’s Commander-in-Chief position has to rank as the most successful cyber attack in history, and also one of the most successful accomplishments of all kinds of warfare in history.

I’d argue that cyber terrorism is happening basically all the time. We now know that a large number of Internet trolls are foreign provacateurs, and they seem to be quite effective. The nazis and their...

Read More →

November 19, 2018 12:12 PM

Timothy on What Happened to Cyber 9/11?:

The National Counterterrorism Center’s Acting Director shed some light on the terrorist landscape at a Senate hearing in October.

He identified the most significant threat groups being Homegrown Violent Extremists (HVEs), ISIS, Al-Qa’ida, plus Iran, Lebanese Hizballah, and other Shia Extremist Groups.

He says that the National Counterterrorism Center processes 10,000 terrorism-related messages every day, a five-fold increase since the Center’s early days. Their terrorist identities...

Read More →

November 19, 2018 11:51 AM

de la Boetie on Worst-Case Thinking Breeds Fear and Irrationality:


"once one has been reported by a credible witness, the risk of harm to a child arising from it is very high" - that simply isn't true. The witness was nominally credible, and not apparently malicious. But the base rate for this is tiny. It virtually never happens. What scenario would realistically lead this to happen in this way? It doesn't happen.

And then, we're comparing conflicting demands on resources, where you might have somebody stabbed because the police were off responding to this absurd eventuality Because of the Kids. The police cannot take a rational...

Read More →

November 19, 2018 11:19 AM

vas pup on Israeli Surveillance Gear:

I guess all such surveillance devices should have embedded self-destruction capability in a case of similar unsuccessful operation or/and unauthorized access.
Moreover, as I recall some electronics (many years ago in ussr) was placed in kind of epoxy cover around making unit as a brick difficult to do reverse engineering without destruction.

November 19, 2018 11:13 AM

Robin on Worst-Case Thinking Breeds Fear and Irrationality:

@Men in Black

"In any case, a man cannot appear in public with a little girl in Britain"

I have a two and a half year old daughter, who I took everywhere with me for the first couple of years of her life and I can say that from my own experience, that statement is not true.

@de la Boetie
I'm pretty sure that the police are perfectly aware that the threat of child abduction from a shopping centre is not a common one. However once one has been reported by a credible witness, the risk of harm to a child arising from it is very high and merits an urgent...

Read More →

November 19, 2018 10:59 AM

vas pup on Worst-Case Thinking Breeds Fear and Irrationality:

"Some fathers told me that they think and look around before they kiss their kids in public. Society is all too ready to interpret the most innocent of gestures as a prelude to abusing a child."
Yeah, same in US. Many years ago I've been with my sister and her daughter (she was 6 years old). I was with them standing in a registration line for their departure to Continental European country of their residency. When their turn was up for registration, I kissed my sister, an my nice was asking: why you are not kissing ME as you kissed my mom? You don't like me or what? I show her...

Read More →

November 19, 2018 10:34 AM

wiredog on What Happened to Cyber 9/11?:

As I said "the specific knowledge of the protocols may not be widely known and may require a fair amount of training to pull off".

I worked in industrial automation a couple of decades ago when the primary security was to unplug the network cable connecting the machine to the network. Which is very effective against remote attackers. But even if the system were connected you still would have to know the various protocols needed to control things, and your average attacker won't have that knowledge. A State actor who is willing and able to make the effort to...

Read More →

November 19, 2018 10:31 AM

Impossibly Stupid on What Happened to Cyber 9/11?:

Terrorists aren't all that different from anyone else when it comes to planning operations. The resource usage logistics are always going to favor actions that get the most bang for the buck. There is still a lot more lower hanging fruit out there than cyberattacks. Yeah, if there were some easy to exploit vulnerability that would make headlines and screw with millions of people for months or years, I'm sure they'd be all over it. But, absent that, it's best to plan actions around whatever conventional resources you have that can effectively target whatever infrastructure your enemy...

Read More →

November 19, 2018 10:29 AM

wumpus on What Happened to Cyber 9/11?:

I'm guessing the Morris Worm was it. And that a presumable "Cyber 9/11" in the future would look a lot like it. Mostly the idea that it would try to take over critical parts of the net without crashing the whole thing (it did) while any attacker would be unlikely to be able to simulate it well enough to prevent obvious damage (which gave away the attack).

The thing about the Morris Worm that the only reason we know about it is that it was a failure. Crashing the Internet not only put Morris in jail (and possibly disowned), it also exposed that he had nearly taken entire control...

Read More →

November 19, 2018 10:26 AM

Men in Black on Worst-Case Thinking Breeds Fear and Irrationality:

a man and a little girl ... obviously a case of child abduction

There is a certain "child molestation" culture in Britain, especially in large cities like London, which is heavily propagandized by the tabloid papers and enforced by Mob rule.

It's a base human female desire to mate with a male, and then have him tortured, mutilated, and locked up in prison away from her and her kids as soon as she has found a new mate. Like Delilah with Samson in the Bible.

The men at the top of the British social hierarchy use this "child molester" trope and...

Read More →

November 19, 2018 10:12 AM

maus on Mailing Tech Support a Bomb:

@Hotshot: "The problem with this is twofold – 1) The passwords are retrievable which means that they are either being stored in the site’s database as plaintext or encrypted with a reversible algorithm 2) Those passwords are sent without encryption so hackers sniffing network traffic could steal them. What make matters worse is that users are likely to reuse the same passwords and usernames on other websites or systems which opens doors for many other attacks."

It's bad practice. Users should not be re-using the same passwords everywhere. If they can't recall them they should...

Read More →

November 19, 2018 10:10 AM

maus on Mailing Tech Support a Bomb:

@Dave: "I dunno, given the number of fruitcakes on those sites I'd say it's anything but fruitless."

Oof, yes. Some of the worst on the internet resides there, and while whack-a-mole seems fruitless, we'd still be better if they weren't stable and available for their membership to grow so cancerous.

November 19, 2018 9:56 AM

JohnnyS on What Happened to Cyber 9/11?:


as per your comment "Industrial systems may be networked, but not necessarily on the internet. And they may be "publicly accessible" but only if an attacker physically splices into a communication line."

You're whistling past the graveyard. A quick search on Shodan shows that many such systems are visible on the Internet, even if their operators *think* they are air-gapped and/or firewalled. All it takes is "Dave" to plug in a router he bought from the local TargeWalmar store and pretty soon, anyone with a browser can find them on Shodan....

Read More →

November 19, 2018 9:19 AM

name.withheld.for.obvious.reasons on What Happened to Cyber 9/11?:

I wholeheartedly concur with your observation here Bruce, I stated years ago that more people will die in their bathtubs this year than those killed by terrorists but no one has suggested that the TSA be the Toiletry Security Administration. One area that I have briefly touched on is related to the energy utility sector. As a former technician in the energy sector, a power generation facility in particular, it surprised me at the level and types of vulnerabilities and the inability of the industry to grasp the nature or types of risks.

In California as an example, the ISO is...

Read More →

November 19, 2018 9:15 AM

TimH on Worst-Case Thinking Breeds Fear and Irrationality:

If I was walking alone and saw a solitary child crying, I would not approach to assist. The scenario puts me as the predator to a casual observer. Double my risk once if the child has a different skin colour, again if under the age of about 8, again if a pretty very young girl...

And a small piece of advise from a colleague in UK who's sis is a cop: if there's a situation, always be the one who calls the cops, because you are by presumption the vic not the perp.

November 19, 2018 8:59 AM

Snarki, child of Loki on What Happened to Cyber 9/11?:

"Making Windoze crash" just doesn't seem that exceptional.

Why, it would be as if AQ staged an attack on commercial airliners that contaminated all the airline food to make it awful and give you a mild stomach bug. Would anyone notice?

November 19, 2018 8:19 AM

CallMeLateForSupper on Israeli Surveillance Gear:

So, JavaScript required? That would explain why the link ultimately coughs up a blank page here, where JS is DISabled. :-)

November 19, 2018 8:16 AM

wiredog on What Happened to Cyber 9/11?:

"why hasn't there been another 9/11 since 2001?"
That style of attack is unlikely because previous to that people were trained to co-operate with hijackers, and since then they have known not to. There have been several incidents where troublemakers on aircraft were taken down by other passengers. The only arguably useful preventative measure (in aircraft) since then has been hardening the cockpit doors. All else has been security theater.

As far as a "cyber 9/11" goes you often see people, even here, who think "networked" automatically means "publicly accessible" and "on...

Read More →

November 19, 2018 7:10 AM

jon on What Happened to Cyber 9/11?:

One of the strangest things about society is that any one of us, at any point, can just punch some one in the face for no reason, any time we feel like it, but we don't.

Some people attribute this to the after effects of punching some one in the face, the court cases, the arrests, etc... but the reality is if you hit a stranger in the face hard enough, and keep moving, unless someone is there to stop you from walking away, you will probably be able to do just that, with few lingering consequences once your hand stops hurting...

The fact that this doesn't happen regularly...

Read More →

November 19, 2018 6:54 AM

de la Boetie on Worst-Case Thinking Breeds Fear and Irrationality:

@Robin - indeed the Bulger murder is seared into peoples' memory, as is the disappearance of Madeline McCann.

Statistically, both illustrating the problems of the Salience effect, whereas such cases are extremely rare.

November 19, 2018 6:51 AM

de la Boetie on Worst-Case Thinking Breeds Fear and Irrationality:

Seems to me this is not a case of police not understanding the base rate fallacy, it's far more the SOP of CYA. They'll be criticised whatever, so if they've made a very public display of looking, then that job is done regardless of outcome.

And it's the public who's at fault because they've bought the underlying ideological narratives.

Far more pernicious in the UK has been the destruction of the presumption of innocence and common law in sexual offences prosecution, the auto-belief of the accuser, and the failure to bring timely prosecutions and the disastrous evidential...

Read More →

November 19, 2018 6:51 AM

Robin on Worst-Case Thinking Breeds Fear and Irrationality:

While I think the person who reported the abduction clearly misinterpreted what they saw and over-reacted, I can't see much wrong with the police's actions.

Assuming that the person reporting the incident came across as reliable and credible, the police's immediate priority is the safety and welfare of the child and in an abduction case any delay makes it increasingly unlikely that the victim will be recovered safely. So they did what the procedure says - kick off the whole media circus to get everyone keeping an eye out for the child while at the same time looking for...

Read More →

November 19, 2018 6:31 AM

LinLiu on The Effectiveness of Plagiarism Detection Software:

I disagree with the author's statement that "Turnitin is playing both sides of the fence, helping instructors identify plagiarists while helping plagiarists avoid detection". Plagiarism checkers such as Turnitin and others is not just helping plagiarists to avoid plagiarism. It should train people not to copy, make their texts unique and to cite correctly. Because some students sometimes can get in trouble just because of missed punctuation mark which shows the citation. It is not so good when plagiarism checker does not show what is wrong exactly, but I have been using...

Read More →

November 19, 2018 6:26 AM

Gary Stevens on Worst-Case Thinking Breeds Fear and Irrationality:

While I 100% agree with your topic it reminds me of a quote by Daniel Kahneman where he says that after studying cognitive biases for the last twenty years he's no more able to avoid them then before he started.

At the end of the day awareness is vital, but there are some aspects of our cognition that are just too human to overcome!

November 19, 2018 5:16 AM

Rj Brown on Worst-Case Thinking Breeds Fear and Irrationality:

Several years ago, I was working out of town and not too far from where my daughter lived at the time. On a Friday evening, we decided to get together for dinner. She chose a nice restaurant, as we both love good food. We had a good dinner and a good time. Out in the parking lot, she kissed me goodbye. Since we knew we wouldn't see each other for months after that, we hugged each other. About that time, an elderly couple walked thru the parking lot. The woman saw us an assumed I was with a young mistress. She elbowed her companion and said "Look at that!" and made the kind of...

Read More →

November 19, 2018 12:18 AM

Clive Robinson on Friday Squid Blogging: Squid Sculptures:

@ tyr,

I also think of the guy who saw WW2 coming scanned the world for a place to avoid it and moved to Guadalcanal based on his own forecast.

I get reminded of him every timr I see something about Silicon Valley types buying land in "the last bus stop to the Antarctic" AKA NZ.

Foresight in one domain does not give by necessity foresight in another domain. Thus he saw the movment in political positions but not the changing in military tactics.

Which is yet another thing I get reminded of every time I get told of the money being put into...

Read More →

November 19, 2018 12:04 AM

Jon (fD) on Worst-Case Thinking Breeds Fear and Irrationality:

The laws of nature permit you to flip a coin and have it not land at all. The random action of gases in the atmosphere could accelerate it to escape velocity before it hit the ground. Not jolly likely, though, and I think we know enough about the laws of nature not to worry too much about it.

Jon (fD)

PS - Stop flipping thick coins with flat sides. ;-)

November 18, 2018 11:20 PM

Clive Robinson on Worst-Case Thinking Breeds Fear and Irrationality:

@ Dr. Strangelove,

What do you think will happen if you tell someone they're fears are irrational ?

The problem with the word "irrational"[1] is its use is its self not rational.

Most fears are actually quite rational but improbable.

I'm one of those people for whom lighting has indeed struck, so I know very personally it can happen. The odd thing was it happened in one of the least likely places, compared to other places I have frequented in stormy weather. That is it happened just under fourty years ago in a down poor in the middle of a...

Read More →

November 18, 2018 11:12 PM

gordo on Friday Squid Blogging: Squid Sculptures:

TOTH to Paul Rosenzweig (As noted, the entire text is worth a read - here’s my slice):

IGF 2018 Speech by French President Emmanuel Macron

Lastly, for the reasons I just mentioned, I deeply believe regulation is needed. That is the condition for the success of a free, open and safe Internet – the vision of its founding fathers. And France is the first state to sign up to the “Contract for the Web” initiated by Tim Berners-Lee, to save this original vision. It is also the...

Read More →

November 18, 2018 10:05 PM

Jon (fD) on Israeli Surveillance Gear:

@ obs :

"The tires in the last photo are half hidden in the dirt. Park your car, set it on fire and look if it digs itself in by 10" just by burning."

They can and they do. Look, if you choose to, at some of the plethora of pictures from the recent California wildfires. You will find cars in all sorts of interesting ways, and yes, sometimes burnt out with happy shrubbery beside them.

Fire can do weird things.

Jon (fD)

November 18, 2018 9:58 PM

Jon (fD) on Worst-Case Thinking Breeds Fear and Irrationality:

This is, of course, from a very similar psychological reason to those (typically in the USA) who call the cops (or start a confrontation) because black people are nearby.

The US police have problems with this as well.

Jon (fD)

November 18, 2018 7:57 PM

Mark on Worst-Case Thinking Breeds Fear and Irrationality:

Pity no one -- politicians, councillors, the press, social workers -- managed to say something over the ten years during which a Pakistani-Muslim rape gang did indescribable things to 1400 girls in Telford and Rotherham.

But let's scramble the helicopters over a father with his daughter.

November 18, 2018 7:38 PM

Timothy on Worst-Case Thinking Breeds Fear and Irrationality:


I am impressed at all the steps you are taking to audit and investigate NHS practices. You sound well-informed and very aware of the realities of the agencies mechanics, for better or worse. I sincerely hope that your persistent and dedicated efforts advance patient-care safety and raise standards for the community. Sometimes it’s been the simple things like hand-washing, vaccines, and proper record-keeping that have made all the differences for thousands of lives.

I commend you for documenting your experiences, and wonder if you will write a paper or even a book on...

Read More →

November 18, 2018 6:38 PM

echo on Friday Squid Blogging: Squid Sculptures:


“Getting back full control of our borders is an issue of great importance to the British people,” she will say, adding that EU citizens will no longer be able to “jump the queue ahead of engineers from Sydney or software developers from Delhi”.

Theresa never acknowledged that bad UK policy was the cause of issues with deporting terrorists. The...

Read More →

November 18, 2018 6:32 PM

tyr on Friday Squid Blogging: Squid Sculptures:


In digging in ancient tomes I found the
Byzantine records about Krakatoa going
off in 535.
The sun only shone for two hours a day
before and after noon. In 539 Arthur
Pendragon fell in battle against Saxons
who had crossed the channel looking for

Eventually all of the tribal migrations
had ceased enough for a reestablishment
of effete practices like writing history
to begin again around 900. The completely
wrecked previous civilizations never did
recover so what remained was...

Read More →

November 18, 2018 6:30 PM

Dr. Strangelove on Worst-Case Thinking Breeds Fear and Irrationality:

What do you think will happen if you tell someone they're fears are irrational ?

It's a drug, worst than whatever...

People are in love with their paranoia.

What was that movie

November 18, 2018 6:14 PM

mrpuck on Friday Squid Blogging: Squid Sculptures:

It's still Sunday in my TZ so I'll inject a plug for my new favorite browser, Brave. If your haven't heard of it, please take a look.

For those interested in the back story and what they're trying to accomplish here's a Changelog podcast:...

Read More →

November 18, 2018 6:09 PM

echo on Worst-Case Thinking Breeds Fear and Irrationality:


There is an NHS policy stating that where negligence or misconduct causing grave harm which reflects badly on the medical profession occurs there must be an investigation. I can assure you that even when citing this policy it goes walkies.

I have audio recordings proving A&E staff bully some patient cohorts out the door. A large part of this is their gung ho attitude. Other aspects are acting beyond their capacity, refusing to consult with the appropriate expert, and acknowledge GMC rulings and guidance on the specific medical condition let alone pick up the phone...

Read More →

November 18, 2018 5:31 PM

Timothy on Worst-Case Thinking Breeds Fear and Irrationality:

It must be a nightmare to be questioned about your relationship with your child by law enforcement based on the accusations of a total stranger. Perhaps a parent would be glad that such safety mechanisms were in place, but it would seem to be a frightening disincentive to spend time with your children or show them affection or discipline in the public sphere. I would think the presence and engagement of a parent, especially a father, would be a very strong protective factor for a child. If the man's identity was not adequately protected, the speed and publicity of such an allegation could...

Read More →

November 18, 2018 5:14 PM

echo on Israeli Surveillance Gear:

I don't have a clue enough to guess but agree they did a bad job of destroying it. I can't ask more than wonder if it's old kit and they didn't expect running into a problem? It sounds daft but what if they wanted somneone to acquire this? Is there a plausible reason why this would be so?

November 18, 2018 5:07 PM

echo on Worst-Case Thinking Breeds Fear and Irrationality:

UK police are very bad in practice. UK police have a well known discrimination problem not to mention ingrained bad habits and inability to listen. Given what I have experienced with UK police I would be surprised if they could spell "baseline" let alone know what it meant or how to apply this understanding. I would write things up differently than @Bruce and Lenore Skenazy but based on my esperiences what they say is true. The problem isn't just the police picking on innocent people but when an innocent citizen makes a complaint against establishment people all the bad habits of the...

Read More →

November 18, 2018 4:18 PM

Clive Robinson on More Spectre/Meltdown-Like Attacks:

@ john doe,

On May 8, 1995, a paper...

It was not exactly new then either. Time based side channels had been known for some time before that. If memory serves Seymour Cray made comment on the subject when talking about some of his work (though it was not called "time based side channels" back then, that terminology kind of started in the 1970's via Gus Simmons).

The supprising thing is realy how long it has taken to "exploit it".

That is few security specialists had any kind of knowledge below the ISA level in the computing stack. They...

Read More →

November 18, 2018 3:44 PM

MarkH on Friday Squid Blogging: Squid Sculptures:


I well remember that eruption of the volcano with the (for me) unpronounceable name.

I was on the point making a long journey to meet a beautiful young lady, and the plume would have disrupted any reasonable flights to her region. (In the event, the eruption subsided soon enough to allow the trip to go forward unhindered.)

In my anxiety about the situation, I finally read Verne's "Journey to the Center of the Earth", the imagined journey of which begins in an Icelandic volcano.

Your point is well taken, about real security. An elementary concept...

Read More →

November 18, 2018 3:32 PM

obs on Israeli Surveillance Gear:

I can't read Hebrew so I don't know what the article says. However, there are a couple of odd things in these photographs:

The vehicle shown in the lower three photographs is completely burnt down. There is not a single piece of plastic left on it. Such a fire usually leaves traces in the surrounding but there are no stains nor ash from the fire on the ground. Also there are bushes/twigs next to and below the vehicle which are not burnt, which I find odd.

The tires in the last photo are half hidden in the dirt. Park your car, set it on fire and look if it digs itself in by...

Read More →

November 18, 2018 3:20 PM

john doe on More Spectre/Meltdown-Like Attacks:

"What's surprising is that it took 20 years to discover it."

On May 8, 1995, a paper called "The Intel 80x86 Processor Architecture: Pitfalls for Secure Systems" published at the 1995 IEEE Symposium on Security and Privacy warned against a covert timing channel in the CPU cache and translation lookaside buffer (TLB).[33] This analysis was performed under the auspices of the National Security Agency's Trusted Products Evaluation Program (TPEP).

November 18, 2018 3:17 PM

Clive Robinson on Worst-Case Thinking Breeds Fear and Irrationality:

@ Bruce,

This is the problem with the "see something, say something" mentality.

Ahhh that takes me back to when the UK Met Police said carrying two mobile phones was not just suspicious, but should be reported. There was also that delightfull be aware of men with beards and bags, shortly before Xmas...

@ All in UK Midlands,

But from personal experience as a father I'd say do not take your son to play in any of the parks around Telford Town Center. The people up their working for the council are obnoxious, unpleasant and do not know or...

Read More →

November 18, 2018 3:11 PM

tz on Worst-Case Thinking Breeds Fear and Irrationality:

Except the total inaction during the Rotherham and Telford Pakastni Muslim grooming gang white slavery rackets.

They saw, they said, they were not only not merely ignored, they were victimized by the police for being islamophobe racists.

But when it came out, with the new "multicultural sensitivity", and with the police ignoring rape to worry about nasty tweets that violate hate crime statutes, maybe I can understand the insanity.

November 18, 2018 2:35 PM

John Carter on Israeli Surveillance Gear:

Hint to anyone publishing photos wanting to know "what is this thing". Use a macro lens and get close enough to see the labels on each component.

Given enough of those a knowledgeable person can pull the datasheets and infer what the rest of it is.

November 18, 2018 12:59 PM

Clive Robinson on Israeli Surveillance Gear:

@ paranoid,

With regards the photo you link to it appears to be a welded sub-chassis for a vehicle of a "standard form". What type of vehicle is not clear but at a guess I'd say for the likes of a medium sized delivery van.

If you look on the left you can see what looks like three semi-secure VHF or above radio systems of the sort that are fairly standard issue to military / police forces around the world for doing forward FATC for airstrikes.

Such kit usually runs on ~28V not the typical car and small van 13.8V. Which might account for what looks a commercial...

Read More →

November 18, 2018 12:24 PM

cmurf on Chip Cards Fail to Reduce Credit Card Fraud in the US:

About 8-10 years ago, all of my cards had contactless capability. Of course only a few merchants supported it, but that included the NYC Metro through a partnership with Citi. Then EMV chip arrived and the issuers ripped out all the RFID capabilities, and kept the 1960's magnetic stripe. We were ahead at one time, and then regression.

I wish they had skipped EMV chip for EMV RFID/contactless. And now most of the rest of the world has passed us as I seen Canadians tap to pay everywhere including even on mass transit without needing a transit specific card. It's like Americans come...

Read More →

November 18, 2018 12:24 PM

Gunter Königsmann on Friday Squid Blogging: Squid Sculptures:

To my understanding UDP is TCP without the mechanism that automatically requests a new packet if a packet gets lost or corrupted. And the new Google protocol is UDP with a new mechanism that requests a new packet if a packet gets lost ist or corrupted. But with a few detail optimizations

November 18, 2018 12:20 PM

Keren on Israeli Surveillance Gear:

I am Israeli and I can confirm that is a legit news website that is very popular here among the general population. Quite possible that the site owners are collecting and selling info about visitors, but I doubt it's an Intelligence services front. Many sites here are just horrible and obnoxious.

The photo of the guts of the device is at a resolution just low enough that nothing is really legible. I am pretty sure that the pink label furthest down and to the right is composed of two words, the second of which is "SWITCH" (upside down relative to the camera).

November 18, 2018 12:15 PM

David Gamey on Chip Cards Fail to Reduce Credit Card Fraud in the US:

Unfortunately, this study conflates a number of issues and has a number of basic facts wrong. They still have a point and it shouldn't be ignored but they would have been better to have made that point without the errors. It comes off as alarmist and undermines their credibility. The evidence from countries that have already moved to CHIP is that it does work. The US as the last major country to go to chip got hit by all the card present fraud. This was predicted.

1. The statement "The inherent security of EMV technology in chip-enabled cards provides end-to-end encryption...

Read More →

November 18, 2018 12:02 PM

Faustus on Israeli Surveillance Gear:

Maybe the devices were left as bait to a trap, that may involve browsing to these web pages as part of the exploit. Sub threshold sound communication? Or some other covert channel between devices and web pages?

November 18, 2018 11:51 AM

Wayne on Hidden Cameras in Streetlights:

@GA Resident:

I worked for a large police department for nine years back in the '90s. Yep, we had one of those, ours was for specific house surveillance. The electric utility would set it up on whatever power pole we needed it on. They gave it to us, I don't remember how or why but it was an empty transformer casing that they'd cleaned out so it was safe.

@Not Wayne:

Soy? Can't stand the shite myself. Winker? You're a fan of Wink Martindale? Whatever floats your boat, I'm not much of a game show guy.

November 18, 2018 11:48 AM

Spy or Sky? on Israeli Surveillance Gear:

>> There are photos

Is it a news website or Mining website? NoScript add-on blocks it.

“Three things are infinite: the universe, human stupidity and Israeli–Palestinian conflict; and I'm not sure about the universe.” ― Albert Einstein (?)

November 18, 2018 11:34 AM

Clive Robinson on Israeli Surveillance Gear:

@ Bruce,

I can not in all honesty advise anyone to look at that page.

It basically wants you to be tracked in oh so many ways it would not be sensible to do so.

I do not know what Israeli organisation is behind the web site, but it strikes me as odd that if these photographs are so sensitive to Israeli National Defence, then why would a reputable Isreali orgasnisation be putting them out there?

Something tells me there is a large rodent behind this somewhere.

November 18, 2018 10:14 AM

stine on Israeli Surveillance Gear:

The only label I can read says "TRASH". I have to assume its correct.

November 18, 2018 9:55 AM

Phaete on Israeli Surveillance Gear:

I can see some self made control boxes with 80s style switches and what looks like labelmaker labels. Other stuff is obscured, but you usually don't control computerised equipment with those switches.
Desert condition/ruggedness requirement might play a role, but even then one might expect newer tech, especially with the connections the Israeli have.

I'm not sure what kind of system that is but it looks either antique or amateurish.

November 18, 2018 8:58 AM

Amit on Israeli Surveillance Gear:

The picture itself is very odd - there are a lot of lables, none of them are legible. '
It would surprise me a bit if this actually shows the surveillance hardware, since the only parts I can actually identify look like a socket for a comm handset (Something like this [] and there are way too many output options for something that should collect information.

November 18, 2018 8:48 AM

AL on Hidden Cameras in Streetlights:

With stretched budgets, and understaffed police departments, I see technology like this extending the "cop on the beat". Police departments have shot spotter technology to detect gunfire.

Automation is coming to a lot of businesses. Law enforcement isn't going to be immune to this. There will be automation behind those cameras.

November 18, 2018 7:55 AM

Clive Robinson on Friday Squid Blogging: Squid Sculptures:

@ VRK, and others,

You might want to add this to your QUIC reading list,


Whilst TCP has ossified, it's not the fault of the protocol which had upgradability built in. It's down to people not building their boxes to alow for upgradability.

In short security became dictitorial not just at the end points but at all sorts of unexpected places inbetween. So we got the "We shall only alow XXX" mentality[1] where XXX is a limited...

Read More →

November 18, 2018 7:44 AM

ron on Israeli Surveillance Gear:

If it is intelligence-related hardware, nobody with actual knowledge will tell you anything useful.

I note that the pink labels seem to be in Hebrew (hard to see w/ the photo resolution), and I find it doubtful that a device intended to be installed in enemy territory would have labels in Hebrew.

November 18, 2018 5:47 AM

Erdem Memisyazici on More Spectre/Meltdown-Like Attacks:

Transient is a wonderful way to put it. Imagine a doctor who works on 50 heart surgeries in a row, and he makes the assumption that the 51st must also be a heart surgery operation so he operates without reading the patient's pad. Although for most cases this may provide the benefit of getting a higher performance from your CPU, that benefit comes with the risk of being exploited. There doesn't seem to be a way to gracefully exit that performance boost without always executing at least one possibly malicious instruction. Software industry can lower the risk of exploitation but not...

Read More →

November 18, 2018 1:14 AM

Dinesh on Securing Elections:

Why does the US not use Electronic Voting Machines (EVMs) like
"Electronic voting machines in India"

The EVMs have been prevalent in India for the last decade and are now being exported to many countries across the globe.

They have proven to be reliable, trust-worthy and definitely more robust and secure as compared to any similar voting machine which is presently dropped in the US.

November 17, 2018 11:30 PM

Timothy on Android Ad-Fraud Scheme:

A Russian national Alexander Zhukov was arrested on November 6 in Varna, Bulgaria where he had been living since about 2010. He is accused of affiliate fraud which involves directing fake web visitors to a website to generate higher affiliate marketing commissions or advertiser access fees. The fraud allegedly caused $7 million in damages. The Interpol warrant originated from prosecutors based in NY. Zhukov is currently being held in Bulgaria, pending extradition hearings. According to CyberScoop, the indictment is sealed and may remain so until he is extradited to the U.S. The U.S. and...

Read More →

November 17, 2018 10:56 PM

Hotshot on Mailing Tech Support a Bomb:

It is not clear to me why a password reset link is more secure then sending a secure password. Is this because of the distrust for the e-mail provider? If they sent a password in an e-mail and an adversary had access to your e-mail, then they would know the password and the link. If not, then just ensure that you delete the e-mail containing the new password. It makes sense to that it isn’t necessarily effective from the perspective that most people wouldn’t delete the e-mail with a password in it. Is that what you mean?

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.