cyberattack, france, hacking, internet, Security technology, voting
Some good election security news for a change: France is dropping its plans for remote Internet voting, because it’s concerned about hacking. Powered by WPeMatico
privacy, risks, Security technology, securityengineering, surveillance, tor
I am part of this very interesting project: For many users, blog posts on how to install Signal, massive guides to protecting your digital privacy, and broad statements like “use Tor” — all offered in good faith and with the best of intentions — can be hard to understand or act upon. If we want … Read More “Digital Security Exchange: Security for High-Risk Communities” »
ransomware, Security technology
Brian Krebs posts a video advertisement for Philadelphia, a ransomware package that you can purchase. Powered by WPeMatico
cia, cryptography, encryption, hacking, malware, Security technology, tradecraft
Useful best practices for malware writers, courtesy of the CIA. Seems like a lot of good advice. General: DO obfuscate or encrypt all strings and configuration data that directly relate to tool functionality. Consideration should be made to also only de-obfuscating strings in-memory at the moment the data is needed. When a previously de-obfuscated value … Read More “The CIA's “Development Tradecraft DOs and DON'Ts”” »
childpornography, courts, exploits, fbi, hacking, pornography, Security technology, tor
The Department of Justice is dropping all charges in a child-porn case rather than release the details of a hack against Tor. Powered by WPeMatico
Security technology, squid
Here are some squid cooking tips. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Powered by WPeMatico
audio, internetofthings, interviews, nationalsecuritypolicy, rsa, schneiernews, Security technology
Here’s a video interview I did at RSA on the Internet of Things and security. Powered by WPeMatico
doxing, essays, google, googleglass, hacking, passwords, privacy, Security technology, surveillance
A decade ago, I wrote about the death of ephemeral conversation. As computers were becoming ubiquitous, some unintended changes happened, too. Before computers, what we said disappeared once we’d said it. Neither face-to-face conversations nor telephone conversations were routinely recorded. A permanent communication was something different and special; we called it correspondence. The Internet changed … Read More “Defense Against Doxing” »
browsers, google, microsoft, patching, Security technology, vulnerabilities
Google’s Project Zero is serious about releasing the details of security vulnerabilities 90 days after they alert the vendors, even if they’re unpatched. It just exposed a nasty vulnerability in Microsoft’s browsers. This is the second unpatched Microsoft vulnerability it exposed last week. I’m a big fan of responsible disclosure. The threat to publish vulnerabilities … Read More “Google Discloses Details of an Unpatched Microsoft Vulnerability” »
cia, cryptography, leaks, malware, russia, Security technology, wikileaks
If I had to guess right now, I’d say the documents came from an outsider and not an insider. My reasoning: One, there is absolutely nothing illegal in the contents of any of this stuff. It’s exactly what you’d expect the CIA to be doing in cyberspace. That makes the whistleblower motive less likely. And … Read More “More on the CIA Document Leak” »