June 2017 – Page 2 – SSL and internet security news

The FAA Is Arguing for Security by Obscurity

June 26, 2017 infossl

airtravel, nationalsecuritypolicy, Security technology, securityengineering

In a proposed rule by the FAA, it argues that software in an Embraer S.A. Model ERJ 190-300 airplane is secure because it’s proprietary: In addition, the operating systems for current airplane systems are usually and historically proprietary. Therefore, they are not as susceptible to corruption from worms, viruses, and other malicious actions as are … Read More “The FAA Is Arguing for Security by Obscurity” »

Friday Squid Blogging: Injured Giant Squid Video

June 23, 2017 infossl

Security technology, squid, video

A paddleboarder had a run-in with an injured giant squid. Video. Here’s the real story. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico

The Secret Code of Beatrix Potter

June 23, 2017 infossl

concealment, encryption, Security technology

Interesting: As codes go, Potter’s wasn’t inordinately complicated. As Wiltshire explains, it was a “mono-alphabetic substitution cipher code,” in which each letter of the alphabet was replaced by a symbol — the kind of thing they teach you in Cub Scouts. The real trouble was Potter’s own fluency with it. She quickly learned to write … Read More “The Secret Code of Beatrix Potter” »

Amazon Patents Measures to Prevent In-Store Comparison Shopping

June 23, 2017 infossl

amazon, cellphones, patents, Security technology, wifi

Amazon has been issued a patent on security measures that prevents people from comparison shopping while in the store. It’s not a particularly sophisticated patent — it basically detects when you’re using the in-store Wi-Fi to visit a competitor’s site and then blocks access — but it is an indication of how retail has changed … Read More “Amazon Patents Measures to Prevent In-Store Comparison Shopping” »

NSA Insider Security Post-Snowden

June 22, 2017 infossl

edwardsnowden, foia, insiders, leaks, nsa, Security technology

According to a recently declassified report obtained under FOIA, the NSA’s attempts to protect itself against insider attacks aren’t going very well: The N.S.A. failed to consistently lock racks of servers storing highly classified data and to secure data center machine rooms, according to the report, an investigation by the Defense Department’s inspector general completed … Read More “NSA Insider Security Post-Snowden” »

Is Continuing to Patch Windows XP a Mistake?

June 21, 2017 infossl

internetofthings, microsoft, patching, Security technology, windows, zeroday

Last week, Microsoft issued a security patch for Windows XP, a 16-year-old operating system that Microsoft officially no longer supports. Last month, Microsoft issued a Windows XP patch for the vulnerability used in WannaCry. Is this a good idea? This 2014 essay argues that it’s not: The zero-day flaw and its exploitation is unfortunate, and … Read More “Is Continuing to Patch Windows XP a Mistake?” »

The Dangers of Secret Law

June 21, 2017 infossl

courts, eff, fisa, foia, nationalsecuritypolicy, secrecy, Security technology

Last week, the Department of Justice released 18 new FISC opinions related to Section 702 as part of an EFF FOIA lawsuit. (Of course, they don’t mention EFF or the lawsuit. They make it sound as if it was their idea.) There’s probably a lot in these opinions. In one Kafkaesque ruling, a defendant was … Read More “The Dangers of Secret Law” »

Ceramic Knife Used in Israel Stabbing

June 20, 2017 infossl

crime, israel, Security technology, weapons

I have no comment on the politics of this stabbing attack, and only note that the attacker used a ceramic knife — that will go through metal detectors. I have used a ceramic knife in the kitchen. It’s sharp. Powered by WPeMatico

New Technique to Hijack Social Media Accounts

June 19, 2017 infossl

fakenews, hacking, impersonation, phishing, Security technology, socialmedia, twitter, twofactorauthentication

Access Now has documented it being used against a Twitter user, but it also works against other social media accounts: With the Doubleswitch attack, a hijacker takes control of a victim’s account through one of several attack vectors. People who have not enabled an app-based form of multifactor authentication for their accounts are especially vulnerable. … Read More “New Technique to Hijack Social Media Accounts” »

Friday Squid Blogging: Squids from Space Video Game

June 16, 2017 infossl

games, Security technology, squid

An early preview. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico