Informations about SSL certificates and networks security
Last year, two Swiss artists programmed a Random Botnot Shopper, which every week would spend $100 in bitcoin to buy a random item from an anonymous Internet black market…all for an art project on display in Switzerland. It was a clever concept, except there was a problem. Most of the stuff the bot purchased was … Read More “When Thinking Machines Break the Law” »
It’s a common fraud on sites like eBay: buyers falsely claim that they never received a purchased item in the mail. Here’s a paper on defending against this fraud through basic psychological security measures. It’s preliminary research, but probably worth experimental research. We have tested a collection of possible user-interface enhancements aimed at reducing liar … Read More “Defending Against Liar Buyer Fraud” »
At a CATO surveillance event last month, Ben Wittes talked about inherent presidential powers of surveillance with this hypothetical: “What should Congress have to say about the rules when Barack Obama wants to know what Vladimir Putin is talking about?” His answer was basically that Congress should have no say: “I think most people, going … Read More “Accountability as a Security System” »
Late last year, in a criminal case involving export violations, the US government disclosed a mysterious database of telephone call records that it had queried in the case. The defendant argued that the database was the NSA’s, and that the query was unconditional and the evidence should be suppressed. The government said that the database … Read More “US Law Enforcement Also Conducting Mass Telephone Surveillance” »
Appelbaum, Poitras, and others have another NSA article with an enormous Snowden document dump on Der Spiegel, giving details on a variety of offensive NSA cyberoperations to infiltrate and exploit networks around the world. There’s a lot here: 199 pages. (Here they are in one compressed archive.) Paired with the 666 pages released in conjunction … Read More “New NSA Documents on Offensive Cyberoperations” »
Classic song written by Arthur Scammell and performed by Hank Snow. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Powered by WPeMatico
For its “Top Influencers in Security You Should Be Following in 2015” blog post, TripWire asked me: “If you could have one infosec-related superpower, what would it be?” I answered: Most superpowers are pretty lame: super strength, super speed, super sight, super stretchiness. Teleportation would probably be the most useful given my schedule, but for … Read More “My Superpower” »
I have long said that driving a car is the most dangerous thing regularly do in our lives. Turns out deaths due to automobiles are declining, while deaths due to firearms are on the rise: Guns and cars have long been among the leading causes of non-medical deaths in the U.S. By 2015, firearm fatalities … Read More “Common Risks in America: Cars and Guns” »
An excellent idea: 311 for encryption. RSA, DSA, and ECDSA must be 3.4 ounces (100bits) or less per container; must be in 1 quart-sized, clear, plastic, zip-top bag; 1 bag per message placed in screening bin. The bag limits the total data volume each traveling message can bring. Powered by WPeMatico
Thousands of articles have called the December attack against Sony Pictures a wake-up call to industry. Regardless of whether the attacker was the North Korean government, a disgruntled former employee, or a group of random hackers, the attack showed how vulnerable a large organization can be and how devastating the publication of its private correspondence, … Read More “The Security of Data Deletion” »