Informations about SSL certificates and networks security
Susan Landau has a new paper on the NSA’s increasing role in commercial cybersecurity. She argues that the NSA is the wrong organization to do this, and we need a more public and open government agency involved in commercial cybersecurity. Powered by WPeMatico
Last week, Adi Shamir gave a presentation at Black Hat Europe on using all-in-one printers to control computers on the other side of air gaps. There’s no paper yet, but two publications reported on the talk: Theoretically, if a malicious program is installed on an air-gapped computer by an unsuspecting user via, say, a USB … Read More “Jumping Air Gaps with All-in-One Printers” »
Interesting essay on the sorts of things you can learn from anonymized taxi passenger and fare data. Powered by WPeMatico
The Guardian has reported that the app Whisper tracks users, and then published a second article explaining what it knows after Whisper denied the story. Here’s Whisper’s denial; be sure to also read the first comment from Moxie Marlinspike. Slashdot thread. Hacker News thread. EDITED TO ADD (10/22): Another Whisper explanation, and another Guardian article. … Read More “Whisper Tracks Users” »
FBI Director James Comey again called for an end to secure encryption by putting in a backdoor. Here’s his speech: There is a misconception that building a lawful intercept solution into a system requires a so-called “back door,” one that foreign adversaries and hackers may try to exploit. But that isn’t true. We aren’t seeking … Read More “More Crypto Wars II” »
Last month, I wrote that the FBI identified Ross W. Ulbricht as the Silk Road’s Dread Pirate Roberts through a leaky CAPTCHA. Seems that story doesn’t hold water: The FBI claims that it found the Silk Road server by examining plain text Internet traffic to and from the Silk Road CAPTCHA, and that it visited … Read More “How Did the Feds Identity Dread Pirate Roberts?” »
Kevin Poulsen has written an interesting story about two people who successfully exploited a bug in a popular video poker machine. Powered by WPeMatico
ECI is a classification above Top Secret. It’s for things that are so sensitive they’re basically not written down, like the names of companies whose cryptography has been deliberately weakened by the NSA, or the names of agents who have infiltrated foreign IT companies. As part of the Intercept story on the NSA’s using agents … Read More “NSA Classification ECI = Exceptionally Controlled Information” »
This is a creepy story. A woman has her phone seized by the Drug Enforcement Agency and gives them permission to look at her phone. Without her knowledge or consent, they steal photos off of the phone (the article says they were “racy”) and use it to set up a fake Facebook page in her … Read More “DEA Sets Up Fake Facebook Page in Woman's Name” »
A few days ago, I saw this tweet: “Just a reminder that it is now *a full year* since Schneier cited it, and the FOXACID ops manual remains unpublished.” It’s true. The citation is this: According to a top-secret operational procedures manual provided by Edward Snowden, an exploit named Validator might be the default, but … Read More “FOXACID Operations Manual” »