From: Bruce Schneier [mailto:[log in to unmask]] 
Sent: 15 September 2005 09:06
To: [log in to unmask]
Subject: CRYPTO-GRAM, September 15, 2005

                  CRYPTO-GRAM

               September 15, 2005

               by Bruce Schneier
                Founder and CTO
       Counterpane Internet Security, Inc.
            [log in to unmask]
            <http://www.schneier.com>
           <http://www.counterpane.com>


A free monthly newsletter providing summaries, analyses, insights, and 
commentaries on security: computer and otherwise.

For back issues, or to subscribe, visit 
<http://www.schneier.com/crypto-gram.html>.

You can read this issue on the web at 
<http://www.schneier.com/crypto-gram-0509.html>.  These same essays 
appear in the "Schneier on Security" blog: 
<http://www.schneier.com/blog>.  An RSS feed is available.


** *** ***** ******* *********** *************

In this issue:

      Movie-Plot Threats
      Katrina and Security
      The Keys to the Sydney Subway
      Crypto-Gram Reprints
      New Cryptanalytic Results Against SHA-1
      Zotob
      News
      Airline Security, Trade-offs, and Agenda
      Cameras in the New York City Subways
      Counterpane News
      Lance Armstrong Accused of Doping
      Peggy Noonan and Movie-Plot Terrorist Threats
      Trusted Computing Best Practices
      Comments from Readers


** *** ***** ******* *********** *************

              Movie-Plot Threats



Sometimes it seems like the people in charge of homeland security spend 
too much time watching action movies. They defend against specific 
movie plots instead of against the broad threats of terrorism.

We all do it. Our imaginations run wild with detailed and specific 
threats. We imagine anthrax spread from crop dusters. Or a contaminated 
milk supply. Or terrorist scuba divers armed with almanacs. Before 
long, we're envisioning an entire movie plot, without Bruce Willis 
saving the day. And we're scared.

Psychologically, this all makes sense. Humans have good imaginations. 
Box cutters and shoe bombs conjure vivid mental images. "We must 
protect the Super Bowl" packs more emotional punch than the vague "we 
should defend ourselves against terrorism."

The 9/11 terrorists used small pointy things to take over airplanes, so 
we ban small pointy things from airplanes. Richard Reid tried to hide a 
bomb in his shoes, so now we all have to take off our shoes. Recently, 
the Department of Homeland Security said that it might relax airplane 
security rules. It's not that there's a lessened risk of shoes, or that 
small pointy things are suddenly less dangerous. It's that those movie 
plots no longer capture the imagination like they did in the months 
after 9/11, and everyone is beginning to see how silly (or pointless) 
they always were.

Commuter terrorism is the new movie plot. The London bombers carried 
bombs into the subway, so now we search people entering the subways. 
They used cell phones, so we're talking about ways to shut down the 
cell-phone network.

It's too early to tell if hurricanes are the next movie-plot threat 
that captures the imagination.

The problem with movie plot security is that it only works if we guess 
right. If we spend billions defending our subways, and the terrorists 
bomb a bus, we've wasted our money. To be sure, defending the subways 
makes commuting safer. But focusing on subways also has the effect of 
shifting attacks toward less-defended targets, and the result is that 
we're no safer overall.

Terrorists don't care if they blow up subways, buses, stadiums, 
theaters, restaurants, nightclubs, schools, churches, crowded markets 
or busy intersections. Reasonable arguments can be made that some 
targets are more attractive than others: airplanes because a small bomb 
can result in the death of everyone aboard, monuments because of their 
national significance, national events because of television coverage, 
and transportation because most people commute daily. But the United 
States is a big country; we can't defend everything.

One problem is that our nation's leaders are giving us what we want. 
Party affiliation notwithstanding, appearing tough on terrorism is 
important. Voting for missile defense makes for better campaigning than 
increasing intelligence funding. Elected officials want to do something 
visible, even if it turns out to be ineffective.

The other problem is that many security decisions are made at too low a 
level. The decision to turn off cell phones in some tunnels was made by 
those in charge of the tunnels. Even if terrorists then bomb a 
different tunnel elsewhere in the country, that person did his job.

And anyone in charge of security knows that he'll be judged in 
hindsight. If the next terrorist attack targets a chemical plant, we'll 
demand to know why more wasn't done to protect chemical plants. If it 
targets schoolchildren, we'll demand to know why that threat was 
ignored. We won't accept "we didn't know the target" as an answer. 
Defending particular targets protects reputations and careers.

We need to defend against the broad threat of terrorism, not against 
specific movie plots. Security is most effective when it doesn't make 
arbitrary assumptions about the next terrorist act. We need to spend 
more money on intelligence and investigation: identifying the 
terrorists themselves, cutting off their funding, and stopping them 
regardless of what their plans are. We need to spend more money on 
emergency response: lessening the impact of a terrorist attack, 
regardless of what it is. And we need to face the geopolitical 
consequences of our foreign policy and how it helps or hinders terrorism.

These vague things are less visible, and don't make for good political 
grandstanding. But they will make us safer. Throwing money at this 
year's movie plot threat won't.


This essay was originally published in Wired:
<http://www.wired.com/news/business/0,1367,68789,00.html>

I am now doing a biweekly column for them.  You can read the essays at 
Wired.com, or you can wait until I reprint them in Crypto-Gram.


** *** ***** ******* *********** *************

               Katrina and Security



Leaving aside the political posturing and the finger-pointing, how did 
our nation mishandle Katrina so badly? After spending tens of billions 
of dollars on homeland security (hundreds of billions, if you include 
the war in Iraq) in the four years after 9/11, what did we do wrong? 
Why were there so many failures at the local, state and federal levels?

These are reasonable questions. Katrina was a natural disaster and not 
a terrorist attack, but that only matters before the event. Large-scale 
terrorist attacks and natural disasters differ in cause, but they're 
very similar in aftermath. And one can easily imagine a Katrina-like 
aftermath to a terrorist attack, especially one involving nuclear, 
biological or chemical weapons.

Improving our disaster response was discussed in the months after 9/11. 
We were going to give money to local governments to fund first 
responders. We established the Department of Homeland Security to 
streamline the chains of command and facilitate efficient and effective 
response.

The problem is that we all got caught up in "movie-plot threats," 
specific attack scenarios that capture the imagination and then the 
dollars. Whether it's terrorists with box cutters or bombs in their 
shoes, we fear what we can imagine. We're searching backpacks in the 
subways of New York, because this year's movie plot is based on a 
terrorist bombing in the London subways.

Funding security based on movie plots looks good on television, and 
gets people reelected. But there are millions of possible scenarios, 
and we're going to guess wrong. The billions spent defending airlines 
are wasted if the terrorists bomb crowded shopping malls instead.

Our nation needs to spend its homeland security dollars on two things: 
intelligence-gathering and emergency response. These two things will 
help us regardless of what the terrorists are plotting, and the second 
helps both against terrorist attacks and national disasters.

Katrina demonstrated that we haven't invested enough in emergency 
response. New Orleans police officers couldn't talk with each other 
after power outages shut down their primary communications system -- 
and there was no backup. The Department of Homeland Security, which was 
established in order to centralize federal response in a situation like 
this, couldn't figure out who was in charge or what to do, and actively 
obstructed aid by others. FEMA did no better, and thousands died while 
turf battles were being fought.

Our government's ineptitude in the aftermath of Katrina demonstrates 
how little we're getting for all our security spending. It's 
unconscionable that we're wasting our money fingerprinting foreigners, 
profiling airline passengers, and invading foreign countries while 
emergency response at home goes underfunded.

Money spent on emergency response makes us safer, regardless of what 
the next disaster is, whether terrorist-made or natural.

This includes good communications on the ground, good coordination up 
the command chain, and resources -- people and supplies -- that can be 
quickly deployed wherever they're needed.

Similarly, money spent on intelligence-gathering makes us safer, 
regardless of what the next disaster is. Against terrorism, that 
includes the NSA and the CIA. Against natural disasters, that includes 
the National Weather Service and the National Earthquake Information 
Center.

Katrina deftly illustrated homeland security's biggest challenge: 
guessing correctly. The solution is to fund security that doesn't rely 
on guessing. Defending against movie plots doesn't make us appreciably 
safer. Emergency response does. It lessens the damage and suffering 
caused by disasters, whether man-made, like 9/11, or nature-made, like 
Katrina.


This essay was originally published in the Minneapolis Star Tribune:
<http://www.startribune.com/stories/562/5606306.html>

My preliminary thoughts are here:
<http://www.schneier.com/blog/archives/2005/09/security_lesson.html>


** *** ***** ******* *********** *************

          The Keys to the Sydney Subway



Global secrets are generally considered poor security.  The problems 
are twofold.  One, you cannot apply any granularity to the security 
system; someone either knows the secret or does not.  And two, global 
secrets are brittle.  They fail badly; if the secret gets out, then the 
bad guys have a pretty powerful secret.

This is the situation right now in Sydney, where someone stole the 
master key that gives access to every train in the metropolitan area, 
and also starts them.

Unfortunately, this isn't a thief who got lucky.  It happened twice in 
Sydney, and it's possible that the keys were the target

So, what can someone do with the master key to the Sydney subway?  It's 
more likely a criminal than a terrorist, but even so it's definitely a 
serious issue

I don't know if RailCorp should change the locks.  I don't know the 
risk: whether that "range of security measures" only protects against 
train theft -- an unlikely scenario, if you ask me -- or other 
potential scenarios as well.  And I don't know how expensive it would 
be to change the locks.

Another problem with global secrets is that it's expensive to recover 
from a security failure.

And this certainly isn't the first time a master key fell into the 
wrong hands:  "[RailCorp chief executive Vince] Graham said there was 
no point changing any of the metropolitan railway key locks.

"'We could change locks once a week but I don't think it reduces in any 
way the security threat as such because there are 2000 of these 
particular keys on issue to operational staff across the network and 
that is always going to be, I think, an issue.'"

A final problem with global secrets is that it's simply too easy to 
lose control of them.

Moral: Don't rely on global secrets.

<http://www.schneier.com/blog/archives/2005/09/the_keys_to_the.html>
<http://smh.com.au/news/national/two-sets-of-keys-to-sydneys-trains-stol 
en/2005/08/30/1125302547374.html> or <http://tinyurl.com/bpk4a>
<http://news.ninemsn.com.au/article.aspx?id=15096


** *** ***** ******* *********** *************

              Crypto-Gram Reprints



Crypto-Gram is currently in its seventh year of publication.  Back 
issues cover a variety of security-related topics, and can all be found 
on <http://www.schneier.com/crypto-gram.html>.  These are a selection 
of articles that appeared in this calendar month in other years.

Security at the Olympics:
<http://www.schneier.com/crypto-gram-0409.html#2>

Trusted Traveler program:
<http://www.schneier.com/crypto-gram-0409.html#5>

No-fly list:
<http://www.schneier.com/crypto-gram-0409.html#10>

Accidents and security incidents:
<http://www.schneier.com/crypto-gram-0309.html#1>

Benevolent worms:
<http://www.schneier.com/crypto-gram-0309.html#8>

Special issue on 9/11, including articles on airport security, 
biometrics, cryptography, steganography, intelligence failures, and 
protecting liberty:
<http://www.schneier.com/crypto-gram-0109a.html>

Full Disclosure and the Window of Exposure:
<http://www.schneier.com/crypto-gram-0009.html#1>

Open Source and Security:
<http://www.schneier.com/crypto-gram-9909.html#OpenSourceandSecurity> 
or <http://makeashorterlink.com/?U25716849>

Factoring a 512-bit Number:
<http://www.schneier.com/crypto-gram-9909.html#Factoringa512-bitNumber> 
or <http://makeashorterlink.com/?J17752849>


** *** ***** ******* *********** *************

    New Cryptanalytic Results Against SHA-1



Xiaoyun Wang, one of the team of Chinese cryptographers that 
successfully broke SHA-0 and SHA-1, along with Andrew Yao and Frances 
Yao, announced new results against SHA-1 at Crypto's rump 
session.  (Actually, Adi Shamir announced the results in their name, 
since she and her student did not receive U.S. visas in time to attend 
the conference.)

Shamir presented few details -- and there's no paper -- but the time 
complexity of the new attack is 2^63.  (Their previous result was 2^69; 
brute force is 2^80.)  He did say that he expected Wang and her 
students to improve this result over the next few months.  The 
modifications to their published attack are still new, and more 
improvements are likely over the next several months.  There is no 
reason to believe that 2^63 is anything like a lower limit.

But an attack that's faster than 2^64 is a significant 
milestone.  We've already done massive computations with complexity 
2^64.  Now that the SHA-1 collision search is squarely in the realm of 
feasibility, some research group will try to implement it.  Writing 
working software will both uncover hidden problems with the attack, and 
illuminate hidden improvements.  And while a paper describing an attack 
against SHA-1 is damaging, software that produces actual collisions is 
even more so.

The story of SHA-1 is not over.  Again, I repeat the saying I've heard 
comes from inside the NSA:  "Attacks always get better; they never get 
worse."

Details of the SHA break:
<http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html>

NIST's Hash Function Workshop, to be held in late October:
<http://www.csrc.nist.gov/pki/HashWorkshop/index.html>

Effects of the attack on S/MIME, TLS, and IPsec:
<http://www.educatedguesswork.org/movabletype/archives/2005/07/deploying 
_a_new.html> or <http://tinyurl.com/cz4lf>

Xiaoyun Wang's two papers from Crypto:
Efficient Collision Search Attacks on SHA-0
<http://202.194.5.130/admin/infosec/download.php?id=1>
Finding Collisions in the Full SHA-1
<http://202.194.5.130/admin/infosec/download.php?id=2>
The rest of her papers:
<http://www.infosec.sdu.edu.cn/people/wangxiaoyun.htm>

Story of them being denied visas to attend the conference:
<http://www.schneier.com/blog/archives/2005/08/chinese_cryptog.html>
<http://www.navyseals.com/community/articles/article.cfm?id=7757>


** *** ***** ******* *********** *************

                     Zotob



I've been reading the massive press coverage about Zotob, and can't 
figure out what the big deal is about.  Yes, it propagates in Windows 
2000 without user intervention, which is always nastier.  It uses a 
Microsoft plug-and-play vulnerability, which is somewhat 
interesting.  But the only reason I can think of that CNN did rolling 
coverage on it is that CNN was hit by it.

<http://www.theregister.co.uk/2005/08/15/zytob_worm/print.html>
<http://www.securityfocus.com/news/11281>
<http://news.ft.com/cms/s/112bcc04-0f0d-11da-8b31-00000e2511c8.html>
<http://www.theregister.co.uk/2005/08/16/irc_bot/>
<http://it.slashdot.org/it/05/08/16/2247228.shtml?tid=220&tid=188>
<http://www.computerworld.com/printthis/2005/0,4814,103929,00.html>
<http://www.newsfactor.com/story.xhtml?story_id=37727>
<http://www.pcworld.idg.com.au/index.php/id;1841567960;fp;2;fpid;1>
<http://www.securityfocus.com/news/11285>

Technical details:
<http://www.sophos.com/virusinfo/analyses/w32zotoba.html>
<http://www.f-secure.com/v-descs/zotob_a.shtml>
<http://securityresponse.symantec.com/avcenter/venc/data/w32.zotob.a.htm 
l> or <http://tinyurl.com/8so5h>

Vulnerability:
<http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx>


** *** ***** ******* *********** *************

                      News



SANS NewsBites is a weekly email digest of the computer-security news 
stories out there.  There is some commentary, but it's kept to an 
absolute minimum.  It's primarily short descriptions and links to news 
articles.  There are a lot of email newsletters, but this is one that I 
read every time.  Subscribing is free, which is a great deal for one of 
the most useful computer-security news sources on the Internet.  And, 
as an aside, I'm on the editorial board.  Past issues and sign up:
<http://www.sans.org/newsletters>

Research in behavioral risk analysis:
<https://www.fastlane.nsf.gov/servlet/showaward?award=0527598>

Interesting law-review article on crime-facilitating speech:
<http://www.law.ucla.edu/volokh/facilitating.pdf>

Privacy-enhanced computer display:
<http://www.merl.com/projects/privatedisplay/>

If you have an audio recording of somebody typing on an ordinary 
computer keyboard for fifteen minutes or so, you can figure out 
everything he typed.
<http://www.freedom-to-tinker.com/?p=893>
<http://www.cs.berkeley.edu/~tygar/papers/Keyboard_Acoustic_Emanations_R 
evisited/preprint.pdf> or <http://tinyurl.com/dzgda>

Putting aside geopolitics for a minute, it's interesting to read the 
technical security details about the barrier the Israelis built around 
Gaza:
<http://www.jpost.com/servlet/Satellite?pagename=JPost/JPArticle/ShowFul 
l&cid=1126059637154> or <http://tinyurl.com/bsjyb>
In Beyond Fear, pages 207-8, I wrote about the technical details of the 
Berlin Wall.  This is far more sophisticated.

Marcus Ranum's "The Six Dumbest Ideas in Computer Security":
<http://www.ranum.com/security/computer_security/editorials/dumb/>

Criminals are learning forensic science, and juries are getting 
unrealistic expectations of forensic science, both from television 
shows like CSI.
<http://www.newscientist.com/channel/opinion/mg18725163.800>

Fascinating article on A.G. Tolkachev, a Russian who spied for the CIA 
for almost ten years.  I was particularly interested in reading the 
tradecraft descriptions.
<http://www.cia.gov/csi/studies/vol47no3/article02.html>

An awful essay suggesting a U.S. national firewall:
<http://www.pcmag.com/article2/0,1895,1831969,00.asp>

Here's a criminal who videotaped keys as they were being used and then 
duplicated them:
<http://www.philly.com/mld/philly/news/local/12554094.htm?template=conte 
ntModules/printstory.jsp> or <http://tinyurl.com/7pd2n>

A researcher writes about how criminals adapt to security features of 
identity cards, like chip and pin:
<http://www.schneier.com/blog/archives/2005/09/identity_cards.html>
<http://www.guardian.co.uk/crime/article/0,2763,1562681,00.html>
<http://smh.com.au/news/World/New-tech-may-increase-ID-theft-expert/2005 
/09/05/1125772436375.html> or <http://tinyurl.com/7759a>
<http://news.bbc.co.uk/1/hi/sci/tech/4213848.stm>
<http://software.silicon.com/security/0,39024655,39151961,00.htm>

The Digital-ER mailing list is dedicated to discussing technical 
solutions to emergency and crisis management.
<http://lists.networkcommand.com/mailman/listinfo/digital-er>

A fun, and ultimately tragic, story about a bad game-show random-number 
generator.
<http://www.rotten.com/library/conspiracy/Press_Your_Luck/>

Security at Hogwarts
<http://www.schneier.com/blog/archives/2005/09/hogwarts_securi.html>
<http://ritestuff.blogspot.com/2005/08/harry-potter-and-half-assed-secur 
ity.html> or <http://tinyurl.com/9smud>
<http://www.veryard.com/trust/potter.htm>

There's a discussion on SlashDot about the security of code signing, 
and particularly my comments on the topic in the book Secrets and Lies.
<http://ask.slashdot.org/askslashdot/05/08/31/2045201.shtml?tid=172&tid= 
156&tid=4> or <http://tinyurl.com/bsbd7>

Cryptome has a list of 276 MI6 agents:
<http://cryptome.org/mi6-list-276.htm>
Debate the security, legality, ethics, and wisdom of this here:
<http://www.schneier.com/blog/archives/2005/08/276_british_spi.html>

Here's a new Internet data-mining research program with a cool name: 
Unintended Information Revelation
<http://www.contractoruk.com/news/002194.html>

The security of tamper-evident paper mailings, the kind used by banks 
and credit-card companies to send PIN numbers and passwords:
<http://www.schneier.com/blog/archives/2005/08/tamper-evident.html>
<http://news.bbc.co.uk/1/hi/technology/4183330.stm>
<http://www.cl.cam.ac.uk/~mkb23/research/PIN-Mailer.pdf>

Good article on security at Visa in light of the CardSystems incident.
<http://www.nytimes.com/2005/08/25/business/25visa.html>
The article echoes some of the security arguments I made here:
<http://www.schneier.com/blog/archives/2005/07/visa_and_amex_d.html>

Identity thief steals house:
<http://www.plastic.com/article.html;sid=05/08/23/19205287;cmt=60>

Cingular employee sells used cell phones with personal information 
still on them:
<http://www.schneier.com/blog/archives/2005/08/privacy_risks_o.html>
<http://www.wfmynews2.com/watercooler/watercooler_article.aspx?storyid=4 
7473> or <http://tinyurl.com/dggys>
Risks of losing small portable devices:
<http://www.schneier.com/blog/archives/2005/07/risks_of_losing.html>

U.S. government computers attacked from China:
<http://www.washingtonpost.com/wp-dyn/content/article/2005/08/24/AR20050 
82402318.html> or <http://tinyurl.com/bup8w>

Did you know you could be arrested for carrying a police uniform in New 
York City?  Even if you're an actor playing the part of a policeman in 
a play?
<http://www.schneier.com/blog/archives/2005/08/actors_playing.html>
<http://www.usatoday.com/life/television/news/2005-08-22-sag-warning_x.h 
tm> or <http://tinyurl.com/a8f5w>

Interesting research grant from the NSF: A Socio-Technical Approach to 
Internet Security.
<https://www.fastlane.nsf.gov/servlet/showaward?award=0550008>

Here's a piece of interesting research out of Ohio State: it's a 
passive sensor that could be cheaper, better, and less intrusive than 
technologies like backscatter x-rays.
<http://www.schneier.com/blog/archives/2005/08/ambient_radiati.html>
<http://www.sciencedaily.com/releases/2005/08/050814172841.htm>

Advertisers are beaming unwanted content to Bluetooth phones at a 
distance of 100 meters.
<http://www.schneier.com/blog/archives/2005/08/bluetooth_spam.html>
<http://www.newscientist.com/article.ns?id=dn7883>

RFID in British license plates:
<http://www.wired.com/news/privacy/0,1848,68429,00.html>

Thieves are using Bluetooth phones to find Bluetooth-enabled laptops in 
parked cars, which they then steal.
<http://www.cambridge-news.co.uk/news/region_wide/2005/08/17/06967453-80 
02-45f8-b520-66b9bed6f29f.lpf> or <http://tinyurl.com/ey9zw>
Nice example of unintended security consequences of a new 
technology.  And more evidence that new features need to be turned off 
by default.

Infants on the terrorist watch list:
<http://www.schneier.com/blog/archives/2005/08/infants_on_the.html>
<http://www.cnn.com/2005/TRAVEL/08/15/no.fly.babies.ap/index.html>

The Kutztown 13: Thirteen high-school kids were charged with felonies 
for bypassing the security of their school-issued laptops.
<http://www.schneier.com/blog/archives/2005/08/computer_crime.html>
<http://www.theregister.co.uk/2005/08/10/kutztown_13/>
<http://www.wired.com/news/technology/0,1282,68480,00.html>
<http://www.usatoday.com/tech/columnist/andrewkantor/2005-08-18-kutztown 
-kids_x.htm> or <http://tinyurl.com/9a8ql>
Charges were eventually dropped:
<http://it.slashdot.org/article.pl?sid=05/09/02/0712237>

Looks like the DHS and TSA are finally beginning to realize that small 
pointy things are not a terrorist threat to aviation.
<http://www.sfgate.com/cgi-bin/article.cgi?f=/n/a/2005/08/13/national/w2 
34140D88.DTL> or <http://tinyurl.com/d6wr4>

Privacy implications of unmanned planes patrolling borders:
<http://www.epic.org/privacy/surveillance/spotlight/0805/>


** *** ***** ******* *********** *************

    Airline Security, Trade-offs, and Agenda



All security decisions are trade-offs, and smart security trade-offs 
are ones where the security you get is worth what you have to give 
up.   This sounds simple, but it isn't.  There are differences between 
perceived risk and actual risk, differences between perceived security 
and actual security, and differences between perceived cost and actual 
cost.  And beyond that, there are legitimate differences in trade-off 
analysis.  Any complicated security decision affects multiple players, 
and each player evaluates the trade-off from his or her own perspective.

I call this "agenda," and it is one of the central themes of Beyond 
Fear.  It is clearly illustrated in the current debate about rescinding 
the prohibition against small pointy things on airplanes.  The flight 
attendants are against the change.  Reading their comments, you can 
clearly see their subjective agenda:

"'As the front-line personnel with little or no effective security 
training or means of self defense, such weapons could prove fatal to 
our members,' Patricia A. Friend, international president of the 
Association of Flight Attendants, said in a letter to Edmund S. 'Kip' 
Hawley, the new leader of the Transportation Security Administration. 
'They may not assist in breaking through a flightdeck door, but they 
could definitely lead to the deaths of flight attendants and 
passengers'....

"The flight attendants, whose union represents 46,000 members, said 
that easing the ban on some prohibited items could pose a safety risk 
on board the aircraft and lead to incidents that terrorize passengers 
even if they do not involve a hijacking.

"'Even a plane that is attacked and results in only a few deaths would 
seriously jeopardize the progress we have all made in restoring 
confidence of the flying public,' Friend said in her letter. 'We urge 
you to reconsider allowing such dangerous items -- which have no place 
in the cabin of an aircraft in the first place -- to be introduced into 
our workplace.'"

The flight attendants are not evaluating the security countermeasure 
from a global perspective.  They're not trying to figure out what the 
optimal level of risk is, what sort of trade-offs are acceptable, and 
what security countermeasures most efficiently achieve that 
trade-off.  They're looking at the trade-off from their perspective: 
they get more benefit from the countermeasure than the average flier 
because it's their workplace, and the cost of the countermeasure is 
borne largely by the passengers.

There is nothing wrong with flight attendants evaluating airline 
security from their own agenda.  I'd be surprised if they didn't.  But 
understanding agenda is essential to understanding how security 
decisions are made.

<http://www.washingtonpost.com/wp-dyn/content/article/2005/08/16/AR20050 
81601467.html> or <http://tinyurl.com/8fepc>


** *** ***** ******* *********** *************

      Cameras in the New York City Subways



New York City is spending $212 million on surveillance technology: 
1,000 video cameras and 3,000 motion sensors for the city's subways, 
bridges, and tunnels.

Why?  Why, given that cameras didn't stop the London train 
bombings?  Why, when there is no evidence that cameras are effective at 
reducing either terrorism and crime, and every reason to believe that 
they are ineffective?

One reason is that it's the "movie plot threat" of the moment.  (You 
can hear the echoes of the movie plots when you read the various quotes 
in the news stories.)  The terrorists bombed a subway in London, so we 
need to defend our subways.  The other reason is that New York City 
officials are erring on the side of caution.  If nothing happens, then 
it was only money.  But if something does happen, they won't keep their 
jobs unless they can show they did everything possible.  And 
technological solutions just make everyone feel better.

If I had $212 million to spend to defend against terrorism in the U.S., 
I would not spend it on cameras in the New York City subways.  If I had 
$212 million to defend New York City against terrorism, I would not 
spend it on cameras in the subways.  This is nothing more than security 
theater against a movie plot threat.

On the plus side, the money will also go for a new radio communications 
system for subway police, and will enable cell phone service in 
underground stations, but not tunnels.

<http://www.nytimes.com/2005/08/23/nyregion/23cnd-mta.html>
<http://www.washingtonpost.com/wp-dyn/content/article/2005/08/23/AR20050 
82301488.html?nav=rss_technology> or <http://tinyurl.com/ckdst>
<http://news.yahoo.com/s/nm/20050823/us_nm/security_new_york_dc_2&printe 
r=1;_%20%20ylt=Aij95wnkz9LkKve4ql_VU8EXIr0F;_ylu=X3oDMTA3MXN1bHE0BHNlYwN 
0bWE-> or <http://tinyurl.com/9h9q9>
<http://it.slashdot.org/it/05/08/23/2237220.shtml?tid=172&tid=215>

Effectiveness of cameras:
<http://www.schneier.com/blog/archives/2005/07/surveillance_ca.html>
<http://www.schneier.com/blog/archives/2005/05/surveillance_ca_1.html>


** *** ***** ******* *********** *************

                Counterpane News



Counterpane Joins Sourcefire Certified Snort Integrator Program
<http://www.counterpane.com/pr-20050824.html>

Teleware is Counterpane's new partner and reseller in Scandinavia and 
the Baltic.
<http://www.counterpane.com/pr-20050822.html>

WilTel Communications announces an alliance with Counterpane.
<http://www.counterpane.com/pr-20050912.html>

Countermeasures is a quarterly newsletter covering techniques to combat 
threats and protect the integrity of networked systems.  The first 
issue will go out on the 19th, but you can view a partial preview here:
<http://www.counterpane.com/countermeasures.html>

Schneier is speaking at the Texas Regional Infrastructure Security 
Conference in Austin, TX on September 19th.
<http://www.trisc.org/>

Schneier is speaking at ACLU events in Columbus and Dayton on September 
20-21.
<http://www.acluohio.org/schneier.htm>

Schneier is speaking at the ACLU Hawaii Awards Dinner on September 25th.
<http://www.acluhawaii.org/>

Schneier is speaking at the Information Security Forum in Munich on 
October 10th.
<http://www.securityforum.org/html/frameset.htm>


** *** ***** ******* *********** *************

        Lance Armstrong Accused of Doping



Lance Armstrong has been accused of using a banned substance while 
racing the Tour de France.  From a security perspective, this isn't 
very interesting.  Blood and urine tests are used to detect banned 
substances all the time.  But what is interesting is that the urine 
sample was from 1999, and the test was done in 2005.

Back in 1999, there was no test for the drug EPO.  Now there 
is.  Someone took a old urine sample -- who knew that they stored old 
urine samples? -- and ran the new test.

This ability of a security mechanism to go back in time is interesting, 
and similar to police exhuming dead bodies for new forensic analysis, 
or a new cryptographic technique permitting decades-old encrypted 
messages to be read.

It also has some serious ramifications for athletes considering using 
banned substances.  Not only do they have to evade any tests that exist 
today, but they have to at least think about how they could evade any 
tests that might be invented in the future.  You could easily imagine 
athletes being stripped of their records, medals, and titles decades in 
the future after past transgressions are discovered.

On the other hand, athletes accused of using banned substances in the 
past have limited means by which to defend themselves.  Perhaps they 
will start storing samples of their own blood and urine in escrow, year 
after year, so they'd have well-stored and untainted bodily fluids with 
which to refute charges of past transgressions.

<http://www.timesonline.co.uk/article/0,,2094-1753419,00.html>


** *** ***** ******* *********** *************

  Peggy Noonan and Movie-Plot Terrorist Threats



Peggy Noonan is opposed to the current round of U.S. base closings 
because, well, basically because she thinks they'll be useful if the 
government ever has to declare martial law.

I don't know anything about military bases, and what should be closed 
or remain open.  What's interesting to me is that her essay is a 
perfect example of thinking based on movie-plot threats:

"Among the things we may face over the next decade, as we all know, is 
another terrorist attack on American soil. But let's imagine the next 
one has many targets, is brilliantly planned and coordinated. Imagine 
that there are already 100 serious terror cells in the U.S., two per 
state. The members of each cell have been coming over, many but not all 
crossing our borders, for five years. They're working jobs, living 
lives, quietly planning.

"Imagine they're planning that on the same day in the not-so-distant 
future, they will set off nuclear suitcase bombs in six American 
cities, including Washington, which will take the heaviest hit. 
Hundreds of thousands may die; millions will be endangered. Lines will 
go down, and to make it worse the terrorists will at the same time 
execute the cyberattack of all cyberattacks, causing massive 
communications failure and confusion. There will be no electricity; 
switching and generating stations will also have been targeted. There 
will be no word from Washington; the extent of the national damage will 
be as unknown as the extent of local damage is clear. Daily living will 
become very difficult, and for months -- food shortages, fuel shortages.

"Let's make it worse. On top of all that, on the day of the suitcase 
nukings, a half dozen designated cells will rise up and assassinate 
national, state and local leaders. There will be chaos, disorder, 
widespread want; law-enforcement personnel, or what remains of them, 
will be overwhelmed and outmatched.

"Impossibly grim? No, just grim. Novelistic? Sure. But if you'd been a 
novelist on Sept. 10, 2001, and dreamed up a plot in which two huge 
skyscrapers were leveled, the Pentagon was hit, and the wife of the 
solicitor general of the United States was desperately phoning him from 
a commercial jet that had been turned into a missile, you would have 
been writing something wild and improbable that nonetheless happened a 
day later.

"And all this of course is just one scenario. The madman who runs North 
Korea could launch a missile attack on the United States tomorrow, etc. 
There are limitless possibilities for terrible trouble."

This game of "let's imagine" really does stir up emotions, but it's not 
the way to plan national security policy.  There's a movie plot to 
justify any possible national policy, and another to render that same 
policy ineffectual.

Noonan writes: "This of course is pure guessing on my part. I can't 
prove it with data."

That's precisely the problem.

<http://www.opinionjournal.com/columnists/pnoonan/?id=110007154>


** *** ***** ******* *********** *************

        Trusted Computing Best Practices



The Trusted Computing Group (TCG) is an industry consortium that is 
trying to build more secure computers.  They have a lot of members, 
although the board of directors consists of Microsoft, Sony, AMD, 
Intel, IBM, SUN, HP, and two smaller companies who are voted on in a 
rotating basis.

The basic idea is that you build a computer from the ground up 
securely, with a core hardware "root of trust" called a Trusted 
Platform Module (TPM).  Applications can run securely on the computer, 
can communicate with other applications and their owners securely, and 
can be sure that no untrusted applications have access to their data or 
code.

This sounds great, but it's a double-edged sword.  The same system that 
prevents worms and viruses from running on your computer might also 
stop you from using any legitimate software that your hardware or 
operating system vendor simply doesn't like.  The same system that 
protects spyware from accessing your data files might also stop you 
from copying audio and video files.  The same system that ensures that 
all the patches you download are legitimate might also prevent you 
from, well, doing pretty much anything.

In May, the Trusted Computing Group published a best practices 
document: "Design, Implementation, and Usage Principles for TPM-Based 
Platforms."  Written for users and implementers of TCG technology, the 
document tries to draw a line between good uses and bad uses of this 
technology.

"The principles that TCG believes underlie the effective, useful, and 
acceptable design, implementation, and use of TCG technologies are the 
following:

"Security: TCG-enabled components should achieve controlled access to 
designated critical secured data and should reliably measure and report 
the system's security properties. The reporting mechanism should be 
fully under the owner's control.

"Privacy: TCG-enabled components should be designed and implemented 
with privacy in mind and adhere to the letter and spirit of all 
relevant guidelines, laws, and regulations. This includes, but is not 
limited to, the OECD Guidelines, the Fair Information Practices, and 
the European Union Data Protection Directive (95/46/EC).

"Interoperability: Implementations and deployments of TCG 
specifications should facilitate interoperability. Furthermore, 
implementations and deployments of TCG specifications should not 
introduce any new interoperability obstacles that are not for the 
purpose of security.

"Portability of data: Deployment should support established principles 
and practices of data ownership.

"Controllability: Each owner should have effective choice and control 
over the use and operation of the TCG-enabled capabilities that belong 
to them; their participation must be opt-in. Subsequently, any user 
should be able to reliably disable the TCG functionality in a way that 
does not violate the owner's policy.

"Ease-of-use: The nontechnical user should find the TCG-enabled 
capabilities comprehensible and usable."

It's basically a good document, although there are some valid 
criticisms. I like that the document clearly states that coercive use 
of the technology -- forcing people to use digital rights management 
systems, for example, are inappropriate:  ">The use of coercion to 
effectively force the use of the TPM capabilities is not an appropriate 
use of the TCG technology."

I like that the document tries to protect user privacy:  "All 
implementations of TCG-enabled components should ensure that the TCG 
technology is not inappropriately used for data aggregation of personal 
information."

I wish that interoperability were more strongly enforced.  The language 
has too much wiggle room for companies to break interoperability under 
the guise of security:  "Furthermore, implementations and deployments 
of TCG specifications should not introduce any new interoperability 
obstacles that are not for the purpose of security."

That sounds good, but what does "security" mean in that 
context?  Security of the user against malicious code?  Security of big 
media against people copying music and videos?  Security of software 
vendors against competition?  The big problem with TCG technology is 
that it can be used to further all three of these "security" goals, and 
this document is where "security" should be better defined.

Complaints aside, it's a good document and we should all hope that 
companies follow it.  Compliance is totally voluntary, but it's the 
kind of document that governments and large corporations can point to 
and demand that vendors follow.

But there's something fishy going on.  Microsoft is doing its best to 
stall the document, and to ensure that it doesn't apply to Vista 
(formerly known as Longhorn), Microsoft's next-generation operating system.

The document was first written in the fall of 2003, and went through 
the standard review process in early 2004.  Microsoft delayed the 
adoption and publication of the document, demanding more 
review.  Eventually the document was published in June of this year 
(with a May date on the cover).

Meanwhile, the TCG built a purely software version of the 
specification: Trusted Network Connect (TNC).  Basically, it's a TCG 
system without a TPM.

The best practices document doesn't apply to TNC, because Microsoft (as 
a member of the TCG board of directors) blocked it.  The excuse is that 
the document hadn't been written with software-only applications in 
mind, so it shouldn't apply to software-only TCG systems.

This is absurd.  The document outlines best practices for how the 
system is used.  There's nothing in it about how the system works 
internally.  There's nothing unique to hardware-based systems, nothing 
that would be different for software-only systems.  You can go through 
the document yourself and replace all references to "TPM" or "hardware" 
with "software" (or, better yet, "hardware or software") in five 
minutes.  There are about a dozen changes, and none of them make any 
meaningful difference.

The only reason I can think of for all this Machiavellian maneuvering 
is that the TCG board of directors  is making sure that the document 
doesn't apply to Vista.  If the document isn't published until after 
Vista is released, then obviously it doesn't apply.

Near as I can tell, no one is following this story.  No one is asking 
why TCG best practices apply to hardware-based systems if they're 
writing software-only specifications.  No one is asking why the 
document doesn't apply to all TCG systems, since it's obviously written 
without any particular technology in mind.  And no one is asking why 
the TCG is delaying the adoption of any software best practices.

I believe the reason is Microsoft and Vista, but clearly there's some 
investigative reporting to be done.

<http://www.trustedcomputinggroup.org>

The document:
<https://www.trustedcomputinggroup.org/downloads/bestpractices/Best_Prac 
tices_Principles_Document_v1.0.pdf> or <http://tinyurl.com/cgphx>

Commentary on the document:
<http://cyberlaw.stanford.edu/blogs/bechtold/archives/003155.shtml>

Trusted Network Connect:
<https://www.trustedcomputinggroup.org/downloads/TNC/>

Commentary and rebuttals of my essay:
<http://blogs.zdnet.com/Ou/?p=96>
<http://it.slashdot.org/it/05/09/01/1419222.shtml?tid=172&tid=109>
<http://cyberlaw.stanford.edu/blogs/bechtold/archives/003272.shtml>

Ross Anderson on Trusted Computing:
<http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html>

Me on Trusted Computing, back when Microsoft called it Palladium:
<http://www.schneier.com/crypto-gram-0208.html#1>

A version of this essay previously appeared in several places:
<http://news.com.com/Something+fishys+going+on/2010-7350_3-5844412.html> 
  or <http://tinyurl.com/aztkd>
<http://news.zdnet.com/2100-1009_22-5844520.html>
<http://www.smh.com.au/articles/2005/09/02/1125302718391.html>
<http://www.theage.com.au/articles/2005/09/02/1125302718391.html>


** *** ***** ******* *********** *************

              Comments from Readers


From: Stephen Wilson <[log in to unmask]>
Subject: Comment on MD5 legal case in Australia

The court case -- perhaps unfortunately -- was not as technical as you 
imply in the last Crypto-Gram.  There is nothing in the newspaper 
articles you quote nor in the public domain that refers to MD5 being 
broken.  Rather, the case has been dismissed because the government 
lawyers simply could not find an expert witness in the time allotted 
who could talk sensibly about the technology.  So it's a legal 
technicality, not a crypto technicality, at work here!

Interestingly, this speed camera hash issue has some more history. A 
year ago, another Sydney motorist succeeded in having a different 
matter thrown out of court on a really extreme technicality.  The 
relevant legislation here said at the time that the digest code 
generated by the speed cameras consisted of "letters, numerals and 
symbols" but because an MD5 hash only has letters and numerals -- and 
nothing else like &%^@#(! -- the motorist argued that the law was 
flawed and therefore the devices could not be relied upon.  The law was 
fixed almost overnight to drop vague references to "symbols".

So you see, there is a sport amongst lawyers here to tackle speed 
camera technology on a range of technicalities.  Just wait till they 
find out about the "real" problems with MD5!



From: Shachar Shemesh <[log in to unmask]>
Subject: Re: Profiling and El Al

I think your characteristics of what El Al are doing as "profiling" are 
a bit off. It's not that they do not profile (as well as all the rest 
of the Israeli defense system), it's just that they only profile those 
who deserve less attention.

In general, the El Al screening process questions EVERYONE, and to an 
amount of detail that are, quite frankly, embarrassing. However, the El 
Al screening process made a few decisions in the sake of security. 90% 
of the people flying El Al are Jewish Israeli citizens. In the history 
of aviation, this population has been responsible for zero terrorist 
attacks. An Israeli-born Jewish selector (as almost all El Al's 
security selectors are) can easily tell, without looking at a passport, 
whether someone does or does not belong to said group. Being as that is 
the case, this specific group gets a special treatment in the form of 
reduced severity questioning.

The thing to understand is that in order to bypass this profiling, one 
cannot simply pretend to be out of his/her group. If an Israeli Arab 
pretends to be an African business man, he will likely be questioned 
more, not less, due to stepping outside of his profile. He is even 
going to be questioned, in details, if he manages to pose as a 
Christian American-born business man. On the other hand, trying to pose 
as a Jewish Israeli is very highly likely to get noticed, due to the 
fact that the security screener knows how a Jewish Israeli looks, what 
his accent is like, etc. To understand just how much this is the case, 
I will note that I'm routinely approached, in Hebrew, whenever I step 
near an El Al counter anywhere in the world. This takes place before I 
take my passport or flying tickets out of my bag.

This same policy is employed in many other areas. When hot alerts for a 
terrorist attack that is supposed to come out of, say, Gaza are known, 
it is not uncommon to close down the passages between Gaza and Israel. 
Due to the huge economical pressure that such closure puts on the 
Palestinian population (most of which make their living inside Israel), 
profiles-based permission are granted. At first these were fairly wide. 
Married people over 30 who have kids, women, etc. As the terrorists 
consistently found people inside the profiled whitelists, these were 
consistently narrowed. The thing is that allowing married people 
through was not done because the Israeli security thought that it's 
impossible that someone from that group could be a terrorist, but 
because between the option of closing the passages down for EVERYONE, 
and closing them down to most, they preferred to let some through.

Don't get me wrong. I agree with you completely that profiling in the 
USA is a bad idea, when done like that. I just think that it's a bad 
idea because circumstances within America are very different, and that 
makes profiling statistically ineffective, making the democratic 
related costs far exceed the benefit. If, however, El Al were to start 
questioning EVERYONE (i.e. -- no white profiling), the prices in terms 
of time before flight and cost of ticket would mean they would have to 
provide a security level which is considerably less high.


** *** ***** ******* *********** *************

CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses, 
insights, and commentaries on security: computer and otherwise.  You 
can subscribe, unsubscribe, or change your address on the Web at 
<http://www.schneier.com/crypto-gram.html>.  Back issues are also 
available at that URL.

Comments on CRYPTO-GRAM should be sent to 
[log in to unmask]  Permission to print comments is assumed 
unless otherwise stated.  Comments may be edited for length and clarity.

Please feel free to forward CRYPTO-GRAM to colleagues and friends who 
will find it valuable.  Permission is granted to reprint CRYPTO-GRAM, 
as long as it is reprinted in its entirety.

CRYPTO-GRAM is written by Bruce Schneier.  Schneier is the author of 
the best sellers "Beyond Fear," "Secrets and Lies," and "Applied 
Cryptography,"  and an inventor of the Blowfish and Twofish 
algorithms.  He is founder and CTO of Counterpane Internet Security 
Inc., and is a member of the Advisory Board of the Electronic Privacy 
Information Center (EPIC).  He is a frequent writer and lecturer on 
security topics.  See <http://www.schneier.com>.

Counterpane is the world's leading protector of networked information - 
the inventor of outsourced security monitoring and the foremost 
authority on effective mitigation of emerging IT threats. Counterpane 
protects networks for Fortune 1000 companies and governments 
world-wide.  See <http://www.counterpane.com>.

Crypto-Gram is a personal newsletter.  Opinions expressed are not 
necessarily those of Counterpane Internet Security, Inc.

Copyright (c) 2005 by Bruce Schneier.

-- 
This message has been scanned for viruses and dangerous
content by the NorMAN MailScanner Service and is believed
to be clean.

The NorMAN MailScanner Service is operated by Information
Systems and Services, University of Newcastle upon Tyne.


====
This e-mail is intended solely for the addressee. It may contain private and
confidential information. If you are not the intended addressee, please take
no action based on it nor show a copy to anyone. Please reply to this e-mail
to highlight the error. You should also be aware that all electronic mail
from, to, or within Northumbria University may be the subject of a request
under the Freedom of Information Act 2000 and related legislation, and
therefore may be required to be disclosed to third parties.
This e-mail and attachments have been scanned for viruses prior to leaving
Northumbria University. Northumbria University will not be liable for any
losses as a result of any viruses being passed on.

************************************************************************************
Distributed through Cyber-Society-Live [CSL]: CSL is a moderated discussion
list made up of people who are interested in the interdisciplinary academic
study of Cyber Society in all its manifestations.To join the list please visit:
http://www.jiscmail.ac.uk/lists/cyber-society-live.html
*************************************************************************************