leaks, Security technology, Uncategorized, whistleblowers
Neiman Lab has some good advice on how to leak a story to a journalist. Powered by WPeMatico
CALEA, cybersecurity, eavesdropping, national security policy, Security technology, telecom, Uncategorized
At a Congressional hearing earlier this week, Matt Blaze made the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in today’s threat environment and should be rethought: In other words, while the legally-mandated CALEA capability requirements have changed little over the last three decades, the infrastructure that … Read More “Arguing Against CALEA” »
national security policy, nsa, privacy, Security technology, surveillance, Uncategorized
In “Secrets and Lies” (2000), I wrote: It is poor civic hygiene to install technologies that could someday facilitate a police state. It’s something a bunch of us were saying at the time, in reference to the vast NSA’s surveillance capabilities. I have been thinking of that quote a lot as I read news stories … Read More “DIRNSA Fired” »
music, Security technology, squid, Uncategorized
The Brooklyn indie art-punk group, Two-Man Giant Squid, just released a new album. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Powered by WPeMatico
phishing, Security technology, social engineering, Uncategorized
In case you need proof that anyone, even people who do cybersecurity for a living, Troy Hunt has a long, iterative story on his webpage about how he got phished. Worth reading. Powered by WPeMatico
internet, protocols, Security technology, Uncategorized, web
If you’ve ever taken a computer security class, you’ve probably learned about the three legs of computer security—confidentiality, integrity, and availability—known as the CIA triad. When we talk about a system being secure, that’s what we’re referring to. All are important, but to different degrees in different contexts. In a world populated by artificial intelligence (AI) systems … Read More “Web 3.0 Requires Data Integrity” »
cybersecurity, psychology of security, Security technology, security theater, Uncategorized
John Kelsey and I wrote a short paper for the Rossfest Festschrift: “Rational Astrologies and Security“: There is another non-security way that designers can spend their security budget: on making their own lives easier. Many of these fall into the category of what has been called rational astrology. First identified by Randy Steve Waldman [Wal12], … Read More “Rational Astrologies and Security” »
borders, cell phones, operational security, Security technology, Uncategorized
I have heard stories of more aggressive interrogation of electronic devices at US border crossings. I know a lot about securing computers, but very little about securing phones. Are there easy ways to delete data—files, photos, etc.—on phones so it can’t be recovered? Does resetting a phone to factory defaults erase data, or is it … Read More “Cell Phone OPSEC for Border Crossings” »
defense, Department of Defense, Security technology, signal, Uncategorized, vulnerabilities
US National Security Advisor Mike Waltz, who started the now-infamous group chat coordinating a US attack against the Yemen-based Houthis on March 15, is seemingly now suggesting that the secure messaging service Signal has security vulnerabilities. “I didn’t see this loser in the group,” Waltz told Fox News about Atlantic editor in chief Jeffrey Goldberg, whom Waltz invited to the chat. … Read More “The Signal Chat Leak and the NSA” »
hacking, Security technology, squid, Uncategorized
In another rare squid/cybersecurity intersection, APT37 is also known as “Squid Werewolf.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Powered by WPeMatico