Squid can communicate with each other without any other fish noticing: Squid and their relatives have eyes that are sensitive to polarised light and to them and are known to use it to signal to one another. Their predators on the other hand, like seals or whales, don't share this ability and cannot see the squids' signals. Most of all,...

Guess the year: Murderous organizations have increased in size and scope; they are more daring, they are served by the most terrible weapons offered by modern science, and the world is nowadays threatened by new forces which, if recklessly unchained, may some day wreck universal destruction. The Orsini bombs were mere children's toys compared with the later developments of infernal...

According to a massive report from the National Research Council, data mining for terrorists doesn't work. Here's a good summary: The report was written by a committee whose members include William Perry, a professor at Stanford University; Charles Vest, the former president of MIT; W. Earl Boebert, a retired senior scientist at Sandia National Laboratories; Cynthia Dwork of Microsoft Research;...

Heard about this: The Maryland State Police classified 53 nonviolent activists as terrorists and entered their names and personal information into state and federal databases that track terrorism suspects, the state police chief acknowledged yesterday. Why did they do that? Both Hutchins and Sheridan said the activists' names were entered into the state police database as terrorists partly because the...

In a blatant attempt to get some PR: In a new paper, Bernd Roellgen of Munich-based encryption outfit PMC Ciphers, explains how it is possible to compare an encrypted backup image file made with almost any commercial encryption program or algorithm to an original that has subsequently changed so that small but telling quantities of data 'leaks'. Here's the paper....

This is the best article I've read on the story....

Turns out you can add anyone's number -- or remove anyone's number -- to/from the Canadian do-not-call list. You can also add (but not remove) numbers to the U.S. do-not-call list, though only up to three at a time, and you have to provide a valid e-mail address to confirm the addition. Here's my idea. If you're a company, add...

Most counterterrorism policies fail, not because of tactical problems, but because of a fundamental misunderstanding of what motivates terrorists in the first place. If we're ever going to defeat terrorism, we need to understand what drives people to become terrorists in the first place. Conventional wisdom holds that terrorism is inherently political, and that people become terrorists for political reasons....

Good Q&A on clickjacking: In plain English, clickjacking lets hackers and scammers hide malicious stuff under the cover of the content on a legitimate site. You know what happens when a carjacker takes a car? Well, clickjacking is like that, except that the click is the car. "Clickjacking" is a stunningly sexy name, but the vulnerability is really just a...

Interesting: CSRF vulnerabilities occur when a website allows an authenticated user to perform a sensitive action but does not verify that the user herself is invoking that action. The key to understanding CSRF attacks is to recognize that websites typically don't verify that a request came from an authorized user. Instead they verify only that the request came from the...

Wow....

On Wednesday I was interviewed by the Irish Times....

This essay of mine was published in The Guardian yesterday. Nothing I haven't said before....

Nice paragraph on the limitations of risk management in this occasionally interesting interview with Nicholas Taleb: Because then you get a Maginot Line problem. [After World War I, the French erected concrete fortifications to prevent Germany from invading again -- a response to the previous war, which proved ineffective for the next one.] You know, they make sure they solve...

Now this is clever: "I came across the ad that was for a prevailing wage job for $28.50 an hour," said Mike, who saw a Craigslist ad last week looking for workers for a road maintenance project in Monroe. He said he inquired and was e-mailed back with instructions to meet near the Bank of America in Monroe at 11...

This is good: Microsoft Corp. and the state of Washington this week filed lawsuits against a slew of "scareware" purveyors, scam artists who use fake security alerts to frighten consumers into paying for worthless computer security software. The case filed by the Washington attorney general's office names Texas-based Branch Software and its owner James Reed McCreary IV, alleging that McCreary's...

I wish I'd known: A 28-year-old delivery man from the UK who bought a Nikon Coolpix camera for about $31 on eBay got more than he bargained for when the camera arrived with top secret information from the UK's MI6 organization. Allegedly sold by one of the clandestine organization's agents, the camera contained named al-Qaeda cells, names, images of suspected...

I get that this is terrorism: A 24-year-old convert to Islam has been sentenced to 35 years in prison for plotting to set off hand grenades in a crowded shopping mall during the Christmas season. But I thought "weapons of mass destruction" was reserved for nuclear, chemical, and biological weapons. He was arrested in 2006 on charges of scheming to...

The Hackers Choice has released a tool allowing people to clone and modify electronic passports. The problem is self-signed certificates. A CA is not a great solution: Using a Certification Authority (CA) could solve the attack but at the same time introduces a new set of attack vectors: The CA becomes a single point of failure. It becomes the juicy/high-value...

Another bomb scare....