Bruce Schneier is a well respected author and critic on topics of security. His primary research and writings are on the topic of cryptology, but he is considered a “guru” of security in general. Click Here for Bruce's full bio page.

Schneier's Blog - Here is Schneier's full blog

Bruce Schneier's personal blog contains a myriad of articles pertaining to current security issues. Articles vary from internet security issues such as fraud and theft, to topics of airport security and other physical security issues (keys, safes, etc.)

Perusing Schneier's blog, it will not take you long to find articles that relate directly to some of the things discussed in class, but for convenience, here are a few that I found particularly interesting.

Full Article

Researchers found a way to exploit credit cards. Their system allows them to use stolen credit cards without knowing the PIN! This article demonstrates the importance of researches actually BREAKING security protocols on purpose as if they were criminals themselves. Notice the way the researches recorded the exploit on camera for all to see:

“…We did so, on camera, using various journalists' cards. The transactions went through fine and the receipts say “Verified by PIN.” The following video (watch 2:01 - 3:30) shows the exploit in action. Note that these guys prove that they can break the system forcing banks and card issuers to fix the problem, but since this aired on BBC (as opposed to a privately hosted internet video), the exact details could not be divulged.

Now read the following response to this article (as posted on Schneier's blog):

“Of course its been known for a long time that Chip and Pin does not provide any real security, and is all about shifting the liability onto the customers – but its nice to see these researchers demonstrate it so blatantly. When criminals can steal your money without even knowing the pin, surely the banks will be forced to acknowledge that its not secure and to accept back the liability that they would much rather foist off on their customers?”

In short, banks/card issues may realize that there is a gaping hole in swipe-card security, but the amount of money it would cost to fix the problem may be monstrous, and they would rather deal with a few people who have had large sums of money stolen due to this exploit than plug the hole. However, when researches purposefully break the system and then make the hack public, suddenly the banks are forced to fix the exploit, because the weak spot is no longer a secret known to few. The result? The world becomes just a little bit more secure.