Anonymizer just released the results of a new survey of people's use of privacy protecting technologies. The short answer is that the old standards, anti-virus and firewalls, are widely used. Unfortunately they don't actually do much to protect your privacy. They are more about security.
For full details, read the article.
This time it is of intelligence community use of Facebook.
Schneier on Security: Domain-in-the-Middle Attacks
Bruce Schneier on the real world effectiveness of a very simple domain name based man in the middle attack.
Here is a Wired article on the same issue showing how it was used to steal 20 GB of email from a Fortune 500 company.
Schneier has a post on a paper about discovering the identity of a speaker even when using encrypted VoIP.
Another argument for rationality in the face of terrorism. This time from Spencer Ackerman of Wired.
A very thoughtful essay on 10 lessons to take and teach from the events of 9/11.
While coming off a bit partisan, the article makes some good points.
This statistic really reinforces a point that I keep making. We are putting effort and treasure into fighting terrorism orders of magnitude out of proportion to its impact.
Why Is It So Hard to Find a Suicide Bomber These Days? - By Charles Kurzman | Foreign Policy:
Out of more than 150,000 murders in the United States since 9/11 -- currently more than 14,000 each year -- Islamist terrorists accounted for fewer than three dozen deaths by the end of 2010. Part of the credit for this is surely due to the law-enforcement officers and community members who have worked to uncover plots before they could be carried out. But fewer than 200 Muslim Americans have been involved in violent plots since 9/11, most of them overseas, so credit for the low level of violence must be due primarily to the millions of Muslims who have refrained from answering the call to terrorism.
I posted this as a comment over on LinkedIn, but thought it was worth reposting on its own.
Privacy professionals can haggle over whether any given situation requires overwrite, multi-pass overwrite, degaussing, physical destruction or whatever else. The 99% issue is that people treat the trashcan icon on their computers as though it really and completely disposed of the file.
Closely related is the fallacy that your login password will protect your hard drive if your computer is sold / stolen.
I heard something recently at a conference which really struck a chord with me. It was about USB drives as attack vectors, but the argument applies very broadly.
We have spent many years trying to educate our way to computer security. It is very clear that is a failed strategy and given the relative immutability of human nature it is highly unlikely to ever be a successful strategy.
At this point, if I sell my password protected computer and that leads to my identity being stolen, shame on us as engineers who designed such a fragile system with such a huge and foreseeable failure mode.
We can argue about whether it should be a password or pass phrase, if there should be biometrics or other multi-factor authentication schemes, but lets at least make sure there is a door on the house and ensure that it is closed before debating tumbler lock vs. keypad.
Here is the article debunking the story.
Here is a nice article on how our reaction to terrorism is unconnected to the probability of an event, or the impact thereof.
Somethings I have been ranting about for some time.
Wow, a policy that taking pictures of unaesthetic things is grounds to be questioned!
I just have to geek out on this as a former physicist.
Following the attack which killed Osama bin Laden I saw this humorous article about the killing of the known terrorist Obi-Wan Kenobi. It really shows it is all about your perspective.