Tagged: bruce schneier

People Are Not Very Good at Matching Photographs to People 0

People Are Not Very Good at Matching Photographs to People

We have an error rate of about 15% : Professor Mike Burton, Sixth Century Chair in Psychology at the University of Aberdeen said: “Psychologists identified around a decade ago that in general people are not very good at matching a person to an image on a security document. “Familiar faces trigger special processes in our brain — we would recognise a member of our family, a friend or a famous face within a crowd, in a multitude of guises, venues, angles or lighting conditions. But when it comes to identifying a stranger it’s another story.

Disguising Exfiltrated Data 0

Disguising Exfiltrated Data

There’s an interesting article on a data exfiltration technique. What was unique about the attackers was how they disguised traffic between the malware and command-and-control servers using Google Developers and the public Domain Name System (DNS) service of Hurricane Electric, based in Fremont, Calif

US Air Force is Focusing on Cyber Deception 0

US Air Force is Focusing on Cyber Deception

The US Air Force is focusing on cyber deception next year: Background: Deception is a deliberate act to conceal activity on our networks, create uncertainty and confusion against the adversary’s efforts to establish situational awareness and to influence and misdirect adversary perceptions and decision processes. Military deception is defined as “those actions executed to deliberately mislead adversary decision makers as to friendly military capabilities, intentions, and operations, thereby causing the adversary to take specific actions (or inactions) that will contribute to the accomplishment of the friendly mission.” Military forces have historically used techniques such as camouflage, feints, chaff, jammers, fake equipment, false messages or traffic to alter an enemy’s perception of reality. Modern day military planners need a capability that goes beyond the current state-of-the-art in cyber deception to provide a system or systems that can be employed by a commander when needed to enable deception to be inserted into defensive cyber operations.