Schneier on Security's Journal
 
 [Most Recent Entries] [Calendar View]

Wednesday, October 23rd, 2013

    Time Event
    5:35a
    Dry Ice Bombs at LAX

    The news story about the guy who left dry ice bombs in restricted areas of LAX is really weird.

    I can't get worked up over it, though. Dry ice bombs are a harmless prank. I set off a bunch of them when I was in college, although I used liquid nitrogen, because I was impatient -- and they're harmless. I know of someone who set a few off over the summer, just for fun. They do make a very satisfying boom.

    Having them set off in a secure airport area doesn't illustrate any new vulnerabilities. We already know that trusted people can subvert security systems. So what?

    I've done a bunch of press interviews on this. One radio announcer really didn't like my nonchalance. He really wanted me to complain about the lack of cameras at LAX, and was unhappy when I pointed out that we didn't need cameras to catch this guy.

    I like my kicker quote in this article</a>:

    Various people, including former Los Angeles Police Chief William Bratton, have called LAX the No. 1 terrorist target on the West Coast. But while an Algerian man discovered with a bomb at the Canadian border in 1999 was sentenced to 37 years in prison in connection with a plot to cause damage at LAX, Schneier said that assessment by Bratton is probably not true.

    "Where can you possibly get that data?" he said. "I don't think terrorists respond to opinion polls about how juicy targets are."

    10:03a
    Code Names for NSA Exploit Tools

    This is from a Snowden document released by Le Monde:

    General Term Descriptions:

    HIGHLANDS: Collection from Implants
    VAGRANT: Collection of Computer Screens
    MAGNETIC: Sensor Collection of Magnetic Emanations
    MINERALIZE: Collection from LAN Implant
    OCEAN: Optical Collection System for Raster-Based Computer Screens
    LIFESAFER: Imaging of the Hard Drive
    GENIE: Multi-stage operation: jumping the airgap etc.
    BLACKHEART: Collection from an FBI Implant
    [...]
    DROPMIRE: Passive collection of emanations using antenna
    CUSTOMS: Customs opportunities (not LIFESAVER)
    DROPMIRE: Laser printer collection, purely proximal access (***NOT*** implanted)
    DEWSWEEPER: USB (Universal Serial Bus) hardware host tap that provides COVERT link over US link into a target network. Operates w/RF relay subsystem to provide wireless Bridge into target network.
    RADON: Bi-directional host tap that can inject Ethernet packets onto the same targets. Allows bi-directional exploitation of denied networks using standard on-net tools.

    There's a lot of think about in this list. RADON and DEWSWEEPER seem particularly interesting.

    << Previous Day 2013/10/23
    [Calendar]     		Next Day >>

Schneier on Security   About LJ.Rossia.org