security-theater – WindowsTechs.com

Rational Astrologies and Security

Posted on April 2, 2025 by Bruce Schneier

John Kelsey and I wrote a short paper for the Rossfest Festschrift: “Rational Astrologies and Security“:

There is another non-security way that designers can spend their security budget: on making their own lives easier. Many of these fall into the category of what has been called rational astrology. First identified by Randy Steve Waldman [Wal12], the term refers to something people treat as though it works, generally for social or institutional reasons, even when there’s little evidence that it works—and sometimes despite substantial evidence that it does not…

Continue reading Rational Astrologies and Security→

What is ‘security theater’ and how can we move beyond it?

Posted on January 10, 2025 by Greg Otto

Too many companies are caught up in security theatrics, overlooking the real cause.

The post What is ‘security theater’ and how can we move beyond it? appeared first on CyberScoop.

Continue reading What is ‘security theater’ and how can we move beyond it?→

What is a term for ineffective security measures that don’t prevent any realistic attack?

Posted on January 16, 2024 by tau

Is there a term for when you a particular system design might prove to have some advantages, but doesn’t actually qualitatively change the potential attacks on the system and thus ends up as redundant, excessive, misleading, costly, and/or… Continue reading What is a term for ineffective security measures that don’t prevent any realistic attack?→

Do `Signature` headers have real benefits?

Posted on September 30, 2023 by hangyas

I’m working with an HTTPS API that requires me to include a Signature header, the signature is calculated as codeBase64(hmacWithSha384(key, body)). I’m wondering if it provides any real-life benefits or if it’s just security theatre, as op… Continue reading Do `Signature` headers have real benefits?→

Security in depth vs security theatre

Posted on April 1, 2023 by benjimin

If some security measure serves only to add an extremely small barrier to an attack, are there generally accepted principles for deciding whether that measure should be retained?
Does defence in depth advocate that any hurdle (no matter ho… Continue reading Security in depth vs security theatre→

What is header ? and what is the different Between header attacks. And other normal attacks?

Posted on April 22, 2022 by Imran Niaz

I was looking for the answer of this question what is header and what is header Attack. And I want to know that how powerful is header attack and is the best way to perform header attacks. If anyone here who can guide me regarding to the h… Continue reading What is header ? and what is the different Between header attacks. And other normal attacks?→

Why Vaccine Cards Are So Easily Forged

Posted on March 18, 2022 by Bruce Schneier

My proof of COVID-19 vaccination is recorded on an easy-to-forge paper card. With little trouble, I could print a blank form, fill it out, and snap a photo. Small imperfections wouldn’t pose any problem; you can’t see whether the paper’s weight is right in a digital image. When I fly internationally, I have to show a negative COVID-19 test result. That, too, would be easy to fake. I could change the date on an old test, or put my name on someone else’s test, or even just make something up on my computer. After all, there’s no standard format for test results; airlines accept anything that looks plausible…

Continue reading Why Vaccine Cards Are So Easily Forged→

How can I, as an enduser, put pressure on corporations and discourage password strength theater? [duplicate]

Posted on December 1, 2021 by Artimithe55

For work and other official matters, I am often forced to use websites and apps which clearly have some kind of cargo cult going on in their security department, given that they impose extremely foolish requirements on passwords:

Characte… Continue reading How can I, as an enduser, put pressure on corporations and discourage password strength theater? [duplicate]→

Airline Passenger Mistakes Vintage Camera for a Bomb

Posted on October 12, 2021 by Bruce Schneier

I feel sorry for the accused:

The “security incident” that forced a New-York bound flight to make an emergency landing at LaGuardia Airport on Saturday turned out to be a misunderstanding — after an airline passenger mistook another traveler’s camera for a bomb, sources said Sunday.

American Airlines Flight 4817 from Indianapolis — operated by Republic Airways — made an emergency landing at LaGuardia just after 3 p.m., and authorities took a suspicious passenger into custody for several hours.

It turns out the would-be “bomber” was just a vintage camera aficionado and the woman who reported him made a mistake, sources said…

Continue reading Airline Passenger Mistakes Vintage Camera for a Bomb→

Why would searchlights in a prison or similar setting use a set pattern? [closed]

Posted on February 16, 2021 by Jaydrien Mckensie

In numerous action/stealth movies, video games, cartoons, etc., they are escaping from a prison or similar setting, in the middle of the night when it’s dark, with the guards moving the searchlights in a predictable, set-in-stone pattern.
… Continue reading Why would searchlights in a prison or similar setting use a set pattern? [closed]→