18 February 2008
Add another privacy threat to the list of things you can do nothing about:
A technical glitch gave the F.B.I. access to the e-mail messages from an entire computer network â€” perhaps hundreds of accounts or more â€” instead of simply the lone e-mail address that was approved by a secret intelligence court as part of a national security investigation, according to an internal report of the 2006 episode.
The episode is an unusual example of what has become a regular if little-noticed occurrence, as American officials have expanded their technological tools: government officials, or the private companies they rely on for surveillance operations, sometimes foul up their instructions about what they can and cannot collect.
7 February 2008
Going through old Bruce Schneier essays, I came across one that downplays the danger of cyberterrorism:
The worry is that a terrorist would cause a problem more serious than a natural disaster, but this kind of thing is surprisingly hard to do. Worms and viruses have caused all sorts of network disruptions, but it happened by accident. In January 2003, the SQL Slammer worm disrupted 13,000 ATMs on the Bank of America’s network. But before it happened, you couldn’t have found a security expert who understood that those systems were dependent on that vulnerability. We simply don’t understand the interactions well enough to predict which kinds of attacks could cause catastrophic results, and terrorist organizations don’t have that sort of knowledge either — even if they tried to hire experts.
But Schneier says that worrying about cyberterrorism can have useful side-effects:
Luckily, the same countermeasures aimed at cyberterrorists will also prevent hackers and criminals. If organizations secure their computer networks for the wrong reasons, it will still be the right thing to do.
2 December 2007
In May 2007, I commented on the Consumer Reports 2006 State of the Net assessment. Here are the results of the 2007 State of the Net report:
Your chances: 1 in 2
Your chances: 1 in 5, with a typical cost of $100.
Your chances: 1 in 11, with a typical cost of $100.
Your chances of losing money from an account: 1 in 81, with a typical cost of $200.
Encouragingly, the odds of getting nicked by each one of these threats fell since 2006, except in the case of phishing (formerly 1 in 115, meaning phishing attacks are becoming cleverer and more widespread). The cost for each malady stayed roughly the same, with phishing the exception once again. Last year, phishing victims typically lost $850, so the number has fallen considerably.
14 May 2007
Every so often, it helps to remind ourselves why security and privacy are important. In late 2006, Consumer Reports published its third annual State of the Net, which I think is an excellent summary and forceful reminder of why, exactly, security and privacy should be high priorities for everyone.
22 January 2007
It would be nice if there existed a straightforward security solution for every security problem in the world. Unfortunately, security is not that simple. Managing your security requires that you recognize an important point: security is not a switch