Sean Convery

I’m sure most folks have probably seen this already–as Bruce Schneier blogged about it–but I’ll post it here just the same; it is just too darn funny: Matt Blaze has a new game.

OK, last post today…I think:

Speaking of hard computing problems, according to Wired’s Danger Room blog, robots with machine guns have now been deployed in Iraq. These robots (dubbed special weapons observation remote reconnaissance direct action system [SWORDS]) have not fired yet but:

Michael Zecca, the SWORDS program manager, tells DANGER ROOM. “But that’ll be happening soon.”

Speaking as someone whose seen commercial security systems fail repeatedly during my time in the industry, I certainly hope their software is better than our software. Something tells me that there isn’t a “powered by Windows Mobile” sticker anywhere on the bot. However, with commercial OSs performing more and more functions for the government, it doesn’t seem completely outside the realm of possibility.

Setting the ethical implications aside of turning war into a game of network Doom, the repercussions of a crypto or software failure in the transmissions from the controller to the bot are enormous. I wonder what they are using and what sort of testing they underwent. I wouldn’t be surprised to see some security through obscurity in there somewhere. On a related note, Steven Murdoch over at Cambridge has an interesting post explaining why software problems are as big or bigger than crypto problems in e-voting systems. The same applies here as well (note his mention of rocket launches):

Good software engineering is necessary but, in the case of voting systems, may be especially difficult to achieve. In fact, such systems have more similarities to the software behind rocket launches than more conventional business productivity software. We should thus expect the consequential high costs and, despite all this extra effort, that the occasional catastrophe will be inevitable.

Technorati Tags: biometrics, security

Since my last two posts have been about biometrics how about one related concerning crowd facial recognition? Bruce Schneier points to German test results (in German):

Two hundred frequent travellers volunteered to have their faces recorded and three different systems tried to recognize the faces in the crowds of a train station. Results (in German): 60% recognition at best, 30% on average (depending on light and other factors).

Facial recognition in a crowded public place seems like an extraordinarily hard computing problem to solve. Oditogre, an early commenter to Bruce’s original post raises an interesting question:

Google translator mangled it pretty badly, but I got the gist enough that it didn’t seem to say how many false positives there were. That would be the biggest issue, to me. If they can achieve 30% recognition rate with 0% false positive rate, that could well be a very effective system for catching fugitives, but otherwise, it’s just going to be a bad waste of money.

I personally don’t see how you can have a 30% success rate with zero false positives. Network IDS systems can’t prevent false positives and they’re working with binary data. Later on in the comments it appears that the false positive rate was .1%. While this may seem good, imagine how many folks will walk past a particular point in Times Square today or the Otemachi metro station in Tokyo.

Technorati Tags: biometrics

Apologies for the sensationalist title, I couldn’t help myself. I’m writing this blog post using voice recognition software as my left arm is broken. I broke it snowboarding in a half-pipe at Squaw Valley this past weekend. Given my day job, there was only one bone in my arm that I could have possibly broken–that’s right, my radius. Feel free to insert your own joke about the robustness, scalability, and reliability of radius. I, for one, have a new-found respect for the importance your radius plays in daily life.

Just a quick note to remind folks that next week is the RSA Conference in San Francisco. I’ll be up in the city much of the week and would love to chat with anyone who reads this blog. My company is in booth 430 and I’ll be around there much of the time. If you’d like to chat, drop me a line or swing by the booth.

On another note, sorry about the lack of posts of late. I was working against a publishing deadline which I’ve now met. I’m sure RSA will provide plenty of fodder for future posts. Last year’s RSA was all about NAC, this year it will be interesting to see what the buzz-leader is.

Technorati Tags: RSA Conference

Happy New Year everyone! I hope that folks had a great holiday. I thought I’d start off 2007 with a bit of an off-topic post.

Back in 2004 Darrin Miller and I did some work looking into IPv6 security. The major result was a paper describing the various security considerations in IPv6, setting aside IPsec. At the time, the majority of the research we saw was looking at IPsec as the principle means of securing IPv6. Since IPsec support is a “standard” feature of IPv6, this was a reasonable assumption. As it turns out, for various reasons outlined in the paper, this wasn’t such a good idea. The paper was well received and even found its way into some US-CERT recommendations, and was largely reused as chapter nine of Deploying IPv6 Networks.

Fast-forward almost three years from then and some things have changed and many others haven’t. The IETF v6ops working group is still churning out some new docs on the subject which is great. However, just like in 2004, the market seems to be ignoring IPv6. Not even a federal mandate to deploy v6 in the government by 2008 is enough to get things going. GCN recently reported as much, highlighting agency concern that security vendors aren’t migrating their products to IPv6 quick enough.

I’ve not done a lot of poking around in IPv6 security lately. In preparing for this blog post I went through and updated my IPv6 security links page to tag any additional dead links and add a few new ones. The fact that this links page–largely untouched since 2004–returns in the top five results of a google search for “IPv6 security” says more about the attention paid to the subject than a lengthly blog post ever could have. The top result is a presentation (from a former colleague at Cisco) that Darrin and I expanded on in our work. Eric did a great job with that presentation but given the governement’s focus on IPv6, I would have guessed research from 2003 would not be so well ranked.

Technorati Tags: ipv6, security

Bruce Schneier’s security blog alerted me to this seemingly funny, but ultimately tragic quote from an election official on their voting system:

The software developed for InkaVote is proprietary software. All the software developed by vendors is proprietary. I think it’s odd that some people don’t want it to be proprietary. If you give people the open source code, they would have the directions on how to hack into it. We think the proprietary nature of the software is good for security.

I think the lesson for those of us who work in security is this: just because a security principle is well documented, debated, and understood, does not mean that it is common knowledge. Now please excuse me while I go cry myself to sleep.

Technorati Tags: voting

Here’s my rough notes from the second session, formatting be damned. My comments / editorializing in brackets prefaced with “SJC”

Jim Harper - Director of Information Policy Studies, Cato Institute - Author of Identity Crisis

• Wanted to write a book about why we don’t want a national ID card. How do you know who
• Typical identity: Something you are, something you have, something you know
• Wants to add a fourth, something you are assigned. (Your name, your location, etc.)
• How would a national ID card work? Then you can examine the issues around it.

Threats to national ID cards

• Surveillance - easy to tie separate sets of data together.
• Power - information is power, access to data allows the government to find you and affect your life. Access to databases reverses the incentive structure: ordinary incentive is for law enforcement to learn about crime, then track down who did it. With more data it is easier to say anyone must have done something wrong, and then start mining that data to find out what it was.
• Tend towards insecurity - Identity fraud is made easier by the existence of SSN. Single key system means one error compromises multiple systems [SJC: Sounds like some of the issues with biometrics]

Need heterogeneous ID system so that consumers can select the systems they need without participating in a single system.

Think of authorization as coming first. In everything you do, you decide if something is going to go forward or not. Let’s call that authorization. Hugs, handshake, alcohol sales, network access, etc. all have authorization steps. What do I need to know about you in order to shake hands with you? What do I need to know about you in order to hug you?

What level of proof do I need that what I know about you is correct? That level of proof is authentication. Authorization: what you are allowed to do. Authentication: degree of proof provided to allow that transaction to transpire.

So many DHS programs are unwisely relying on identity. Just knowing who someone is not necessary. Don’t need to know who the person sitting next to you is, just need to know that the person on plane can’t hurt you. [SJC: This doesn’t seem to apply at all to enterprise networks. I hope he realizes this isn’t a universal constant]

RealID act was passed in May of 2005. By May of 2008 states need to issue ID cards in compliance with federal standards. Standards like no more mail-in renewals etc. Dedicated adversaries will bypass these systems (pay-off DMV folks, etc.) but it will be painful to the rest of us.

Big laugh from crowd by suggesting that Identity should be 3rd or 4th, not center. Talks about using a fake-id at all of his dealings requiring credit cards.

Phil came on at the end to suggest that this talk is all about understanding what you accomplish with a given identity check.

So yes, I’ve got a cheesy default template, and yes it looks nothing like my main site. But then my main site hardly inspires a desire for artistic consistency. So thus it will stay until the style sheet fairies bless me with both a desire and the knowledge to screw around with it.