World's oldest message in a bottle (probably) discovered

A nearly 132-year-old message-in-a-bottle was found in late January (or was it?). Here's the story: While walking around Wedge Island in Western Australia, beachcomber Tonya Illman discovered the old bottle in the dunes. Inside was a tightly-bundled scroll with a piece of twine around it which Tonya and her husband Kym took home to dry…

How Netflix is driving permanent, terrible, standards-defined insecurity for billions of browser users

The New Scientist has published a good piece on Encrypted Media Extensions (previously), the World Wide Web Consortium's proposed standard for adding DRM to video streams; they're creating their first-ever standard that is encompassed by laws protecting DRM (such as the DMCA), and in so doing, they're creating new liability for security researchers, who'll face…

Privacy vs network effects

Respected cryptographer and security researcher Ross Anderson has a fascinating new paper, Privacy versus government surveillance: where network effects meet public choice [PDF], which explores the "privacy economics" of mass surveillance, pointing out the largely overlooked impact of "network effects" on the reality of who spies, who is spied upon, and under what circumstances. My…

Cybercrime, patent-theft numbers are total bullshit

In case there was any doubt in your mind, the alleged $1T cost to America from cyberwar and the $250B cost to America from "cyber-theft of Intellectual property" are both total bullshit. Pro Publica breaks it down. One of the figures Alexander attributed to Symantec — the $250 billion in annual losses from intellectual property…

ORGCON 2012 with Lessig, Seltzer (and me)!: Mar 24, London

Nisha from the Open Rights Group sez, Lawrence Lessig, Cory Doctorow and Wendy Seltzer will be leading this year's Open Rights Group conference (aka ORGCon) in London on 24th March 2012. From the government snooping on your data to default internet blocking and monitoring to the corporate capture of state and democratic institutions – we'll…

Chip-and-PIN is broken

Noted security researcher Ross Anderson and colleagues have published a paper showing how "Chip-and-PIN" (the European system for verifying credit- and debit-card transactions) has been thoroughly broken and cannot be considered secure any longer. I remember hearing rumbles that this attack was possible even as Chip-and-PIN was being rolled out across Europe, but that didn't…

Chip and PIN terminals pwned

Jacob sez, "I'd like to pass on a nice practical attack against the Chip and Pin system used in most of the world Saar Drimer, Steven J. Murdoch and Ross Anderson, researchers at the University of Cambridge, have shown how to compromise supposedly tamper-proof Chip and PIN terminals. With a paperclip, off the shelf electronics,…

Index On Censorship's new issue on "cyberspeech"

The latest volume of the magazine Index on Censorship focuses on issues related to free speech online. I'm among the contributors. Here's a snip from the issue overview: The Internet was supposed to spell the end of censorship – instead governments now have unprecedented possibilities for controlling what we do and what we read. But…

Biometric car lock defeated by cutting off owner's finger

Andrei sez, "'Malaysia car thieves steal finger.' This is what security visionaries Bruce Schneier and Ross Anderson have been warning about for a long time. Protect your $75,000 Mercedes with biometrics and you risk losing whatever body part is required by the biometric mechanism." …[H]aving stripped the car, the thieves became frustrated when they wanted…