Department of Security Theatre

Brilliant: Bruce Schneier writes about a contest for a new TSA logo:

“Let’s do it. I’m announcing the TSA Logo Contest. Rules are simple: create a TSA logo. People are welcome to give ideas in the comments, but only actual created logos are eligible to compete. (When my website administrator wakes up, I’ll ask him how we can post images in the comments.) Contest ends on February 6th. Winner receives copies of my books, copies of Patrick Smith’s book, an empty 12-ounce bottle labeled “saline” that you can refill and get through any TSA security checkpoint, and a fake boarding pass on any flight for any date.”

Here’s the first entry:

Bruce Schneier: Q&A at DefCon15

Great stuff. Some quotes:

  • Are you defending us against terrorists that are too stupid to google “fly without id”
  • Even if the cryptography sucks – it’s not worth bothering – something else sucks more.

Also available as a download for your iPod or PSP

No Hotdog for Hussein

(Crude translation of the german article)

“Kubbanys second first name Hassan, so the analysis of its credit-worthiness by the credit agency TransUnion, stands for allegedly third son of the Iraqi ex dictator on a terrorist list of the US Government – as alias for Ali Saddam Hussein aluminium-Tikriti, that.

“It was surreal”, remembers Kubbany. “Everything ran off in slow motion. I imagined: Moment times, which is nevertheless ridiculous. That is a joke.””

More fun with the “List of Specially Designated Nationals and Blocked Persons” (SDN) des Office of Foreign Assets Control (OFAC)”, it seems. Another one for Bruce’s Security Theater thread.

Wil Wheaton doesn’t like security theater

(But then again – who does). I also learned through his post that there’s now a Wikipedia entry on security theater.

But to get to the point:

“I ran into this idiotic bullshit when I flew up to San Francisco last week, when my deadly, deadly toothpaste was taken away from me, because it was “way bigger” than the three ounces our government protectors arbitrarily-designated as safe. (For those of you scoring at home, “way bigger” is .2 ounces) I didn’t mention that my relatively expensive (to its size) Crew hair goop was also taken away from me, because it was 3.4 ounces, even when I opened it up and showed them that it was less than 1/2 full, and therefore well under the deadly 3 ounce threshold.
I swear to god, if I hear one more fucking person tell me that I have to take off my shoes or give up some more privacy, or fall to my knees and worship George Bush so we don’t have “another 9/11″ I’m going to put three ounces of my foot right in their ass. Stop. Treating. Us. Like. Children.
O RLY? You mean, even though chemists said that the deadly toothpaste plot wouldn’t work, the DHS ignored them and went ahead with a bunch of bullshit propaganda (that had nothing to do with the election, I’m sure) and TSA security theater? Wow. What a shock. I hope someone increased the DHS budget so they can spend another $81,000 of taxpayer money on plaques in some stupid bullshit awards ceremony! Heckuva job, people. Heckuva job.”

Can you tell he’s pissed…? ;)

Security Myths and Passwords

Excellent article by Gene Spafford about threads regarding password policies. Best article on the topic I’ve seen yet – and lots of wisdom to use for your own security related discussions.

“From a high-level perspective, let me observe that one problem with any widespread change policy is that it fails to take into account the various threats and other defenses that may be in place. Policies should always be based on a sound understanding of risks, vulnerabilities, and defenses. “Best practice” is intended as a default policy for those who don’t have the necessary data or training to do a reasonable risk assessment.”

(Thanks Bruce)