Uncategorized – Page 7 – SSL and internet security news

Arguing Against CALEA

April 8, 2025 infossl

CALEA, cybersecurity, eavesdropping, national security policy, Security technology, telecom, Uncategorized

At a Congressional hearing earlier this week, Matt Blaze made the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in today’s threat environment and should be rethought: In other words, while the legally-mandated CALEA capability requirements have changed little over the last three decades, the infrastructure that … Read More “Arguing Against CALEA” »

DIRNSA Fired

April 7, 2025 infossl

national security policy, nsa, privacy, Security technology, surveillance, Uncategorized

In “Secrets and Lies” (2000), I wrote: It is poor civic hygiene to install technologies that could someday facilitate a police state. It’s something a bunch of us were saying at the time, in reference to the vast NSA’s surveillance capabilities. I have been thinking of that quote a lot as I read news stories … Read More “DIRNSA Fired” »

Friday Squid Blogging: Two-Man Giant Squid

April 4, 2025 infossl

music, Security technology, squid, Uncategorized

The Brooklyn indie art-punk group, Two-Man Giant Squid, just released a new album. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Powered by WPeMatico

Web 3.0 Requires Data Integrity

April 3, 2025 infossl

internet, protocols, Security technology, Uncategorized, web

If you’ve ever taken a computer security class, you’ve probably learned about the three legs of computer security—confidentiality, integrity, and availability—known as the CIA triad. When we talk about a system being secure, that’s what we’re referring to. All are important, but to different degrees in different contexts. In a world populated by artificial intelligence (AI) systems … Read More “Web 3.0 Requires Data Integrity” »

Rational Astrologies and Security

April 2, 2025 infossl

cybersecurity, psychology of security, Security technology, security theater, Uncategorized

John Kelsey and I wrote a short paper for the Rossfest Festschrift: “Rational Astrologies and Security“: There is another non-security way that designers can spend their security budget: on making their own lives easier. Many of these fall into the category of what has been called rational astrology. First identified by Randy Steve Waldman [Wal12], … Read More “Rational Astrologies and Security” »

Cell Phone OPSEC for Border Crossings

April 1, 2025 infossl

borders, cell phones, operational security, Security technology, Uncategorized

I have heard stories of more aggressive interrogation of electronic devices at US border crossings. I know a lot about securing computers, but very little about securing phones. Are there easy ways to delete data—files, photos, etc.—on phones so it can’t be recovered? Does resetting a phone to factory defaults erase data, or is it … Read More “Cell Phone OPSEC for Border Crossings” »

The Signal Chat Leak and the NSA

March 31, 2025 infossl

defense, Department of Defense, Security technology, signal, Uncategorized, vulnerabilities

US National Security Advisor Mike Waltz, who started the now-infamous group chat coordinating a US attack against the Yemen-based Houthis on March 15, is seemingly now suggesting that the secure messaging service Signal has security vulnerabilities. “I didn’t see this loser in the group,” Waltz told Fox News about Atlantic editor in chief Jeffrey Goldberg, whom Waltz invited to the chat. … Read More “The Signal Chat Leak and the NSA” »

Friday Squid Blogging: Squid Werewolf Hacking Group

March 28, 2025 infossl

hacking, Security technology, squid, Uncategorized

In another rare squid/cybersecurity intersection, APT37 is also known as “Squid Werewolf.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Powered by WPeMatico

AIs as Trusted Third Parties

March 28, 2025 infossl

academic papers, AI, cryptography, machine learning, Security technology, trust, Uncategorized

This is a truly fascinating paper: “Trusted Machine Learning Models Unlock Private Inference for Problems Currently Infeasible with Cryptography.” The basic idea is that AIs can act as trusted third parties: Abstract: We often interact with untrusted parties. Prioritization of privacy can limit the effectiveness of these interactions, as achieving certain goals necessitates sharing private … Read More “AIs as Trusted Third Parties” »