Archive for the ‘Security’ Category

Wire Server Code Now 100% Open Source


(Medium::Wire) – Earlier this year, we started open sourcing Wire server code under the AGPL license. Today, the code necessary to run Wire servers is available to everyone for review. …

wireapp 88e24164309c

Wire messenger


Hacker-Proof Wireless Security


(Non Sequitur) – Wiley Miller:

Klick klick klika klik-klik ding” …

Non Sequitur 2017-08-06

Wiley Miller: Non Sequitur 2017-08-06: Hacker-Proof Wireless Security

Don’t Sweat Quantum Crypto


(FTB stderr) – Marcus Ranum:

Whenever I see the press utterly fail to “get” something to do with computer security, I assume they’re equally lazy and wrong about every other field that requires more understanding than “who made Kim Kardashian’s shoes?” (because they are labelled). …

stderr 2017/07/27 quantum-crypto

Quantum cryptography

Privacy Tools


(Julia Angwin) – In the course of writing my book, Dragnet Nation, I tried various strategies to protect my privacy. In this series of book excerpts and adaptations, I distill the lessons from my privacy experiments into tips for readers. …

juliaangwin privacy-tools

Julia Angwin: Dragnet Nation

Cyberwar Paradox


(FTB stderr) – Marcus Ranum:

I pointed this problem out during my “cyberwar is bullshit” talk at RSA conference in 2012: once you begin using your cyberweapons, they become subject to commercial pressures: and competitive analysis.

This guarantees that cyberweapons will have (relatively) short lifespans, and they’ll have the same problem that copy-protect and other digital rights management systems have: in order to work, you have to give them to the enemy, which means they are subject to examination and dissection. The cost of innovation is borne by the designer of the system, and once the system is widely fielded, it can be completely mooted by a single attacker. …

stderr 2017/06/09 security-paradox

Torpig botnet takeover

TLA Computer Security


(FTB stderr) – Marcus Ranum:

There are many agencies that have some degree of charter for computer security – but “defense” has been a bit of a hot potato. Meanwhile, the NSA (and now we know CIA, and probably every other Three Letter Agency) used to go to security conferences like DEFCON and advertise that they were hiring hackers. Of course they were.

If you know anything about how the US empire operates, you’d predict right away that the effort in computer security has been pretty much all offense and no defense – like our Department of “Defense” and you’d be pretty much right. …

stderr 2017/05/18 sounds-about-right

Marcus J. Ranum: The Myth of Homeland Security

Stories About Code Obfuscation


(FTB stderr) – Marcus Ranum:

Code Obfuscation is really neat stuff. Or, it can be.

Other than the rare programmer such as the one guy I encountered in a certain university’s database research group in 1988, most programmers write somewhat readable code. It has to be readable because the compiler/interpreter’s parser is almost always more strict than a human would be – programming languages have a specific syntax that strikes a balance between the computer’s ability to be sure what the programmer wants to do, and the programmer’s laziness about expressing it. There are fun philosophical debates among programming language proponents as to the degree to which the computer should try to figure things out. …

If I’ve got to give you a copy of my source code, why not turn “prompt” into “0x000010” or something less readable? Why not turn all my variables into unreadable crud? What if my variables look like: “01oI00”, “0I00Ioo” and so forth? And all my function names can be changed, and my strings can even be removed. …

stderr 2017/04/17 stories

Stunnix obfuscation

Using a Password Vault


(FTB stderr) – Marcus Ranum:

With passwords, there are two really important things to understand, which most people don’t remember in time:

  1. The biggest danger with passwords is using the same password in multiple places
  2. If you forget your password you can almost always recover it

The best way of dealing with 1) above is to not ever actually know any of your passwords. That’s the big secret benefit of using a password vault: you never know your password, so you’ve got zero chance of reusing it and if you’re not reusing it that prevents one of your accounts being broken from leading to all of your accounts being broken. …

stderr vault


Strong Encryption Makes us all Safer


(Guardian Comments) – Editorial:

There are many things the web giants could do to help combat terrorism, but weakening privacy protection is not one of them. …

theguardian 2017/mar/27 strong-encryption

Conspiracy Size


(FTB stderr) – Marcus Ranum:

I suspect that there is an optimal and a peak conspiracy size, beyond which it becomes nearly impossible to keep a secret.

That’s one of the reasons why I tend to disbelieve conspiracy theories that involve a lot of moving parts. I completely suck at math but if I recall how this is calculated, you take the probability that any individual will leak, and then the probability your secret remains secret is the combined probability that all the individuals don’t leak. The way I think of it (because I suck at math) is that you make a saving throw on your Leak Table every year and sooner or later you’re going to come up ’01’. …

stderr 2017/03/07 conspiracy