Archive for the ‘Security’ Category

Sunder, a New Way to Share Secrets


(FPF) – Conor Schaefer:

The moment a news organization is given access to highly sensitive materials—such as the Panama Papers, the NSA disclosures or the Drone Papers—the journalist and their source may be targeted by state and non-state actors, with the goal of preventing disclosures. How can whistleblowers and news organizations prepare for the worst?

The Freedom of the Press Foundation is requesting public comments and testing of a new open source tool that may help with this and similar use cases: Sunder, a desktop application for dividing access to secret information between multiple participants. … sunder

Sunder: Create Secret Shares


Unlocking Encrypted Phones


(ZDNet) – Zack Whittaker:

It’s 2018, and we’re still talking about cryptographic backdoors. It’s the bad idea that just won’t die.

But don’t worry: Ray Ozzie, a former Microsoft executive thinks he can beat a dead horse with a not-so-new idea that took about a day for everyone else to rip apart. …

zdnet ripped-apart

Henri Vidal: Caïn (Facepalm)

Bitcoin Snafus


(FTB stderr) – Marcus Ranum:

There are so many things about bitcoin that are wrong.

Because there is no central brokerage, there’s no input validation process that prevents someone from just injecting their own garbage. From a security design perspective that is a “newb mistake” of the first water.

What a stupid design. The stupidity is an unavoidable consequence of not having a central authority: nobody exists to say “this transaction is a bunch of encrypted garbage that doesn’t look like one of our things.” …

What happens to bitcoin if someone finds a flaw in SHA-256? Go on, think that one through. All the people who have bitcoin appear not to have.

You’d think that someone who was creating the next big currency would think about operational details like that. You’d think that someone who was creating the next big currency would think about security models. Nah. Bitcoin are worth a lot of money, though, so who cares?! …

stderr 2018/03/28 bitcoin

Bitcoin bugs

Secure Your Android Phone


(ZDNet) – Steven J. Vaughan-Nichols:

Malware makers, phishers, they really are all out to get you. Here’s how to stop them in their tracks. …

zdnet secure android-phone

Android locked

Just Add Blockchain


(FTB stderr) – Marcus Ranum:

Back when I was doing road-shows to raise money for the start-up that didn’t happen, several of the venture capitalists we met with said things like, “right now, we’re investing in blockchain.” As far as I am concerned, they could just have easily said “quantum.”

Over here, it seems to be “tactical” is another cool word to add to anything, to make it sound better than it is. Do you want a tactical quantum blockchain, as used by special forces operators?

Briefly: blockchain is an open ledger. That’s it. It’s an open ledger that is maintained with successive checksums to make alteration obvious to anyone who cares to check. When those VCs were saying they were investing in blockchain, they were saying that they were investing in tamper-resistant data – hey, that is a good idea, but it gets filed under “duh.” …

stderr 2018/02/05 blockchain

Blockchain formation

The Thick Gets Plottier


(FTB stderr) – Marcus Ranum:

The Russia election interference inquiry appears now to me to be more or less a complete charade, intended to get the various Trumpistas to lie to the FBI – and that’s about it. Because, it becomes increasingly apparent that Obama knew, the FBI knew, the CIA knew, and the NSA knew that the Russians were interfering or seeking to interfere with the 2016 elections. At the time, since the government’s attribution was terrible (I do not accept “we are the FBI, trust us, the CIA told us stuff” as attribution) I was withholding judgement; now that it’s all safely too late a whole bunch of other stuff is starting to bubble to the surface. …

stderr 2018/01/30 plottier


Meltdown and Spectre


(xkcd) – Randall Munroe:

The Meltdown and Spectre exploits use ‘speculative execution?’ What’s that?” …

xkcd 1938

Randall Munroe: xkcd 1938: Meltdown and Spectre

It’s Worse Than You Think: Tracking Apps


(FTB stderr) – Marcus Ranum:

There is a vast infrastructure of sneaky, nasty, deceptive code that is deployed by marketers to infect your browser so they can track everything you are doing. This reduces your ability to trust your browser tremendously, since you (naturally!) have no idea what it’s doing: it is not your browser. And, there is a similar vast infrastructure of evil running on your smartphone, sucking your battery life, tracking your location, monitoring the sounds around you, and eating your bandwidth and performance to transmit all that to dozens of companies: it is not your smartphone.

You’re just paying for it. …

stderr 2017/11/30 tracking-apps

Big-Brother mobile Phones

German Hardware Giant’s Ultra-Secure IoT


(Economist) –

Bosch is to position itself as a trusted custodian of data. “Orwell’s 1984 is kindergarten compared to the IoT-world. When it comes, and people re-evaluate privacy, Bosch will be prepared,” says Peter Schnaebele, its head of smart homes. …

economist 21731196


Intel’s Hidden In-Chip Operating System


(ZDNet) – Steven J. Vaughan-Nichols:

Buried deep inside your computer’s Intel chip is the MINIX operating system and a software stack, which includes networking and a web server. It’s slow, hard to get at, and insecure as insecure can be. …

zdnet intels-hidden

Big Brother bug