Author: infossl

WannaCry and Vulnerabilities

Posted on By infossl
essays, hacking, microsoft, nsa, patching, ransomware, russia, Security technology, vulnerabilities

There is plenty of blame to go around for the WannaCry ransomware that spread throughout the Internet earlier this month, disrupting work at hospitals, factories, businesses, and universities. First, there are the writers of the malicious software, which blocks victims’ access to their computers until they pay a fee. Then there are the users who … Read More “WannaCry and Vulnerabilities” »

Passwords at the Border

Posted on By infossl
borders, eff, encryption, passwords, passwordsafe, Security technology, socialmedia

The password-manager 1Password has just implemented a travel mode that tries to protect users while crossing borders. It doesn’t make much sense. To enable it, you have to create a list of passwords you feel safe traveling with, and then you can turn on the mode that only gives you access to those passwords. But … Read More “Passwords at the Border” »

Post-Quantum RSA

Posted on By infossl
academicpapers, quantumcomputing, rsa, Security technology

Interesting research on a version of RSA that is secure against a quantum computer: Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, and Luke Valenta Abstract: This paper proposes RSA parameters for which (1) key generation, encryption, decryption, signing, and verification are feasible on today’s computers while (2) all known attacks are infeasible, even … Read More “Post-Quantum RSA” »

Inmates Secretly Build and Network Computers while in Prison

Posted on By infossl
concealment, networksecurity, prisons, searches, Security technology

This is kind of amazing: Inmates at a medium-security Ohio prison secretly assembled two functioning computers, hid them in the ceiling, and connected them to the Marion Correctional Institution’s network. The hard drives were loaded with pornography, a Windows proxy server, VPN, VOIP and anti-virus software, the Tor browser, password hacking and e-mail spamming tools, … Read More “Inmates Secretly Build and Network Computers while in Prison” »

Who Are the Shadow Brokers?

Posted on By infossl
cybersecurity, cyberweapons, hacking, leaks, nsa, Security technology, vulnerabilities, whistleblowers

In 2013, a mysterious group of hackers that calls itself the Shadow Brokers stole a few disks full of NSA secrets. Since last summer, they’ve been dumping these secrets on the Internet. They have publicly embarrassed the NSA and damaged its intelligence-gathering capabilities, while at the same time have put sophisticated cyberweapons in the hands … Read More “Who Are the Shadow Brokers?” »

Tainted Leaks

Posted on By infossl
disinformation, espionage, leaks, phishing, russia, Security technology, tamperdetection

Last year, I wrote about the potential for doxers to alter documents before they leaked them. It was a theoretical threat when I wrote it, but now Citizen Lab has documented this technique in the wild: This report describes an extensive Russia-linked phishing and disinformation campaign. It provides evidence of how documents stolen from a … Read More “Tainted Leaks” »

Security and Human Behavior (SHB 2017)

Posted on By infossl
conferences, psychologyofsecurity, schneiernews, Security technology, securityconferences

I’m in Cambridge University, at the tenth Workshop on Security and Human Behavior. SHB is a small invitational gathering of people studying various aspects of the human side of security, organized each year by Ross Anderson, Alessandro Acquisti, and myself. The 50 or so people in the room include psychologists, economists, computer security researchers, sociologists, … Read More “Security and Human Behavior (SHB 2017)” »