The Myth of Consumer-Grade Security

Posted on By infossl
consumerization, encryption, nationalsecuritypolicy, nsa, Security technology, securityengineering, vulnerabilities

The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Yet that’s not possible, because there is no longer any difference between those categories of devices. Consumer devices are critical infrastructure. They affect national security. And it would be foolish to weaken them, even … Read More “The Myth of Consumer-Grade Security” »

Friday Squid Blogging: Vulnerabilities in Squid Server

Posted on By infossl
Security technology, squid

It’s always nice when I can combine squid and security: Multiple versions of the Squid web proxy cache server built with Basic Authentication features are currently vulnerable to code execution and denial-of-service (DoS) attacks triggered by the exploitation of a heap buffer overflow security flaw. The vulnerability present in Squid 4.0.23 through 4.7 is caused … Read More “Friday Squid Blogging: Vulnerabilities in Squid Server” »

Modifying a Tesla to Become a Surveillance Platform

Posted on By infossl
cars, privacy, Security technology, surveillance, tracking

From DefCon: At the Defcon hacker conference today, security researcher Truman Kain debuted what he calls the Surveillance Detection Scout. The DIY computer fits into the middle console of a Tesla Model S or Model 3, plugs into its dashboard USB port, and turns the car’s built-in cameras­ — the same dash and rearview cameras … Read More “Modifying a Tesla to Become a Surveillance Platform” »

Surveillance as a Condition for Humanitarian Aid

Posted on By infossl
biometrics, privacy, Security technology, surveillance

Excellent op-ed on the growing trend to tie humanitarian aid to surveillance. Despite the best intentions, the decision to deploy technology like biometrics is built on a number of unproven assumptions, such as, technology solutions can fix deeply embedded political problems. And that auditing for fraud requires entire populations to be tracked using their personal … Read More “Surveillance as a Condition for Humanitarian Aid” »

Influence Operations Kill Chain

Posted on By infossl
disinformation, essays, fakenews, nationalsecuritypolicy, propaganda, Security technology

Influence operations are elusive to define. The Rand Corp.’s definition is as good as any: “the collection of tactical information about an adversary as well as the dissemination of propaganda in pursuit of a competitive advantage over an opponent.” Basically, we know it when we see it, from bots controlled by the Russian Internet Research … Read More “Influence Operations Kill Chain” »

Friday Squid Blogging: Robot Squid Propulsion

Posted on By infossl
robotics, Security technology, squid

Interesting research: The squid robot is powered primarily by compressed air, which it stores in a cylinder in its nose (do squids have noses?). The fins and arms are controlled by pneumatic actuators. When the robot wants to move through the water, it opens a value to release a modest amount of compressed air; releasing … Read More “Friday Squid Blogging: Robot Squid Propulsion” »

Software Vulnerabilities in the Boeing 787

Posted on By infossl
airtravel, hacking, Security technology, vulnerabilities

Boeing left its software unprotected, and researchers have analyzed it for vulnerabilities: At the Black Hat security conference today in Las Vegas, Santamarta, a researcher for security firm IOActive, plans to present his findings, including the details of multiple serious security flaws in the code for a component of the 787 known as a Crew … Read More “Software Vulnerabilities in the Boeing 787” »