Archive for July, 2011


New Airport Security Scanners


The security systems at airports are an interesting example of security “theatre”, where much of what goes on is about re-assurance rather than being particularly effective. I’ve blogged before about this and had some interesting responses, especially around the intrusiveness of current processes versus their effectiveness and where vulnerabilities lie. For obvious reasons, I won’t go in to this.

However, the TSA in the United States is rolling out a new version of their full-body scanner, apparently in response to the criticism that the old-versions were a step too far: the TSA initially denied, for example, that pictures of people’s naked bodies could be stored until several incidents emerged of security staff doing exactly that. Apparently this will be available as a software upgrade. The question is, will the UK do the same?

The new scanner overlays identified potential threats from scans over a generic diagram representing the human form and so masking who the subject is. This has to be a good thing, but like I said in my earlier post, a reliance on technology rather than using intelligence-led investigations will always lead to vulnerabilities while inconveniencing that majority of people.

I’d rather the people who would do me harm never made it to the airport.

Advertisements

Targeted Trojans


A very particular problem that we face is around customised malware, aka targeted Trojans. These malicious programs are written specifically to avoid detection by our current anti-virus systems and are sent to carefully selected people within the institution. The purpose of these programs can only be inferred by the recipients.

LSE uses MessageLabs to protect our inbound email, primarily to reduceĀ  the flood of spam to as small a trickle as possible. One of the systems that MessageLabs use is something called skeptic, that tries to identify previously unseen malicious software and to block it.

We think that this has been quite successful, although it is impossible to know how many attacks have managed to get through. Using the information we get from this system, we can discuss the implications of being on the list with the people being targeted.

The uncomfortable facts are that:

  1. LSE is a major target
  2. academia is being systemically attacked by a number of groups
  3. the threat is growing all of the time

There is no foolproof way of blocking every attack, but the intelligence gained from knowing the areas of interest of the attackers allows us to focus our efforts of the people at highest risk.

If you want more information on this or are at LSE and want specific advice, please contact me.

UPDATE: Martin Lee and I are proposing doing a talk about this at the RSA Conference 2012 in San Francisco. See the teaser trailer here.

%d bloggers like this: