Ross Anderson (previously) is one of the world's top cryptographers; the British academic and practitioner was honored by having his classic, Security Engineering, inducted into The Cybersecurity Canon; however, he was not able to attend the awards gala himself because the US government sat on his visa application for months, and ultimately did not grant it in time.

A nearly 132-year-old message-in-a-bottle was found in late January (or was it?).

Here's the story: While walking around Wedge Island in Western Australia, beachcomber Tonya Illman discovered the old bottle in the dunes.

Inside was a tightly-bundled scroll with a piece of twine around it which Tonya and her husband Kym took home to dry out in their oven. — Read the rest

The New Scientist has published a good piece on Encrypted Media Extensions (previously), the World Wide Web Consortium's proposed standard for adding DRM to video streams; they're creating their first-ever standard that is encompassed by laws protecting DRM (such as the DMCA), and in so doing, they're creating new liability for security researchers, who'll face unprecedented criminal and civil liability just for reporting defects in browsers.

The Snoopers Charter, an extreme surveillance bill that passed last week, and it's the most extensive domestic spying regime that any "democratic" country has passed, and is a potential blueprint for Orwellian surveillance elsewhere in the years to come.

No one's exactly sure how fraudsters stole over $680,000 from hijacked chip-and-PIN credit cards in Belgium, because the cards are still evidence and can't be subjected to a full tear-down but based on the X-rays of the tampered cards, it's a good bet that the thieves glued a 0.3mm hobbyist FUN chip over the card's own chip, and programmed it to bypass all PIN entries.

A paper from some of the most important names in crypto/security history scorchingly condemns plans by the US and UK governments to ban "strong" (e.g. "working") crypto.

Respected cryptographer and security researcher Ross Anderson has a fascinating new paper, Privacy versus government surveillance:
where network effects meet public choice [PDF], which explores the "privacy economics" of mass surveillance, pointing out the largely overlooked impact of "network effects" on the reality of who spies, who is spied upon, and under what circumstances. — Read the rest

Just weeks after a plan to sell "anonymized" sets of British health-records collapsed in the face of massive public criticism, a new plan has emerged to sell the country's tax records to companies and researchers, prompting an even more critical response. — Read the rest

In case there was any doubt in your mind, the alleged $1T cost to America from cyberwar and the $250B cost to America from "cyber-theft of Intellectual property" are both total bullshit. Pro Publica breaks it down.

One of the figures Alexander attributed to Symantec — the $250 billion in annual losses from intellectual property theft — was indeed mentioned in a Symantec report, but it is not a Symantec number and its source remains a mystery.

Reminder: tickets are going fast for ORGCon 2012 in London on March 24: speakers include Larry Lessig, Wendy Seltzer, Ross Anderson, Tim Lowenthal and me.

Nisha from the Open Rights Group sez,

Lawrence Lessig, Cory Doctorow and Wendy Seltzer will be leading this year's Open Rights Group conference (aka ORGCon) in London on 24th March 2012.
From the government snooping on your data to default internet blocking and monitoring to the corporate capture of state and democratic institutions – we'll be covering vast regions of the digital rights sphere.

After the UK banking trade association wrote to Cambridge university to have a student's master's thesis censored because it documented a well-known flaw in the chip-and-PIN system, Cambridge's Ross Anderson sent an extremely stiff note in reply:

Second, you seem to think that we might censor a student's thesis, which is lawful and already in the
public domain, simply because a powerful interest finds it inconvenient.

Noted security researcher Ross Anderson and colleagues have published a paper showing how "Chip-and-PIN" (the European system for verifying credit- and debit-card transactions) has been thoroughly broken and cannot be considered secure any longer. I remember hearing rumbles that this attack was possible even as Chip-and-PIN was being rolled out across Europe, but that didn't stop the banks from pushing ahead with it, spending a fortune in the process. — Read the rest

Jacob sez, "I'd like to pass on a nice practical attack against the Chip and Pin system used in most of the world
Saar Drimer, Steven J. Murdoch and Ross Anderson, researchers at the University of Cambridge, have shown how to compromise supposedly tamper-proof Chip and PIN terminals. — Read the rest

The latest volume of the magazine Index on Censorship focuses on issues related to free speech online. I'm among the contributors. Here's a snip from the issue overview:

The Internet was supposed to spell the end of censorship – instead governments now have unprecedented possibilities for controlling what we do and what we read. — Read the rest

Andrei sez, "'Malaysia car thieves steal finger.' This is what security visionaries Bruce Schneier and Ross Anderson have been warning about for a long time. Protect your $75,000 Mercedes with biometrics and you risk losing whatever body part is required by the biometric mechanism." — Read the rest