Related tags:
security + (5)


Users that often use this tag:
scalefree (2)

Today The New Yorker unveiled Strongbox, a service that allows sources to share information with TNY journalists securely and anonymously. As explained in this infographic, Strongbox relies on the Tor network, a dedicated server, PGP encryption, VPNs, and multiple laptops and thumb drives to prevent files from being intercepted or traced. The codebase, which is open source, was designed by the late Aaron Swartz (Previously). Kevin Poulsen, one of the organizers of the project, chronicles how Swartz developed the code and how the project managed to carry on after his death. TNY hopes that Strongbox will help the magazine continue its long tradition of investigative journalism.
posted by Cash4Lead on May 15, 2013 - 34 comments

Why Privacy Matters, Even If You Have Nothing To Hide, by Daniel J. Solove

The nothing-to-hide argument pervades discussions about privacy. The data-security expert Bruce Schneier calls it the "most common retort against privacy advocates." ... To evaluate the nothing-to-hide argument, we should begin by looking at how its adherents understand privacy. Nearly every law or policy involving privacy depends upon a particular understanding of what privacy is. The way problems are conceived has a tremendous impact on the legal and policy solutions used to solve them.

[more inside]
posted by the man of twists and turns on Dec 9, 2012 - 67 comments

Revolutionary hardware backdoor discovered in China-made military-grade FPGA chips. Claims were made by the intelligence agencies around the world, from MI5, NSA and IARPA, that silicon chips could be infected. We developed breakthrough silicon chip scanning technology to investigate these claims. We chose an American military chip that is highly secure with sophisticated encryption standard, manufactured in China. Our aim was to perform advanced code breaking and to see if there were any unexpected features on the chip. We scanned the silicon chip in an affordable time and found a previously unknown backdoor inserted by the manufacturer. This backdoor has a key, which we were able to extract. If you use this key you can disable the chip or reprogram it at will, even if locked by the user with their own key. This particular chip is prevalent in many systems from weapons, nuclear power plants to public transport. In other words, this backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems. The scale and range of possible attacks has huge implications for National Security and public infrastructure.
posted by scalefree on May 27, 2012 - 152 comments

He leaves his cellphone and laptop at home and instead brings "loaner" devices, which he erases before he leaves the US and wipes clean the minute he returns . In China, he disables Bluetooth and Wi-Fi , never lets his phone out of his sight and, in meetings, not only turns off his phone but also removes the battery , for fear his microphone could be turned on remotely. He connects to the Internet only through an encrypted, password-protected channel, and copies and pastes his password from a USB thumb drive. He never types in a password directly, because, he said, "Chinese are very good at installing key-logging software on your laptop." - Travel precautions in the age of digital espionage.
posted by Artw on Feb 13, 2012 - 125 comments

A year after the infrastructure-attacking Stuxnet worm was discovered in Iran, a new piece of malware using some of the same techniques (but apparently with different goals) has been found infecting systems in Europe. The new malware, dubbed “Duqu” [dü-kyü], appears to have been written by someone with direct access to the Stuxnet source code.
posted by gemmy on Oct 18, 2011 - 49 comments

Computer security vendor RSA, maker of two-factor authentication SecurID, has been hacked by unknown parties. In an open letter to it customers RSA Executive Chairman Arthur W. Coviello, Jr. calls the attack the work of an Advanced Persistent Threat, meaning a highly skilled, well-funded group acting deliberately & precisely to achieve a specific goal. RSA's clients include many Fortune 100 companies, US Government, Military & Intelligence Community organizations.
posted by scalefree on Mar 17, 2011 - 118 comments

The Wapo first reported that a security researcher Michael Lynn of ISS had discovered a critical hole in Cisco routers, was ready to present his findings at Blackhat, and then suddenly bowed out. Some began to cry "cover-up", and Cisco denied the vulnerability. Then, dramatically, Lynn resigned from ISS and gave his presentation, saying "I'm probably about to be sued to oblivion. (But) the worst thing is to keep this stuff secret."
posted by sohcahtoa on Jul 27, 2005 - 12 comments