Newest posts are at the top.
Date is date posted here in Internet Salmagundi, not date originally published.
Schneier on Security, August 28, 2019
By Bruce Schneier
“The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Yet that's not possible, because there is no longer any difference between those categories of devices. Consumer devices are critical infrastructure. They affect national security. And it would be foolish to weaken them, even at the request of law enforcement.”
Permanent Record (9/30/2019) Tagged: Privacy, Surveillance - Electronic, Surveillance - Mass |
By Edward Snowden
Published by Metropolitan Books, September 17, 2019
“Edward Snowden, the man who risked everything to expose the US government’s system of mass surveillance, reveals for the first time the story of his life, including how he helped to build that system and what motivated him to try to bring it down.”
Before You Use a Password Manager (9/8/2019) Tagged: Password Managers, Passwords |
Medium.. June 5, 2019
By Stuart Schechter
“I cringe when I hear self-proclaimed experts implore everyone to “use a password manager for all your passwords” and “turn on two-factor authentication for every site that offers it.” As most of us who perform user research in security quickly learn, advice that may protect one individual may harm another. Each person uses technology differently, has a unique set of skills, and faces different risks.”
The Internet Has Made Dupes—and Cynics—of Us All (8/31/2019) Tagged: Social Control, Propaganda |
Wired, June 24, 2019
By Zeynep Tufekci
“Online fakery runs wide and deep, but you don’t need me to tell you that. New species of digital fraud and deception come to light almost every week, if not every day: Russian bots that pretend to be American humans. American bots that pretend to be human trolls. Even humans that pretend to be bots. Yep, some “intelligent assistants,” promoted as advanced conversational AIs, have turned out to be little more than digital puppets operated by poorly paid people. ”
National CyberSecurity Awareness Month – October 2019 (8/29/2019) Tagged: Internet Safety |
National Cyber Security Alliance
“Under the overarching theme of ‘Own IT. Secure IT. Protect IT.’, the 16th annual National Cybersecurity Awareness Month (NCSAM) is focused on encouraging personal accountability and proactive behavior in security best practices and digital privacy. It is also focused on drawing attention to careers in cybersecurity. ”
Fully Device Independent Quantum Key Distribution (8/15/2019) Tagged: Device-Independent Quantum Key Distribution, Quantum Cryptography |
Communications of the ACM, April 2019
Research Highlights : "Technical Perspective: Was Edgar Allan Poe Wrong After All?"
By Gilles Brassard
Research Highlights : "Fully Device Independent Quantum Key Distribution"
By Umesh Vazirani, Thomas Vidick
“Artur Ekert realized as early as 1991 that a different kind of quantum cryptography was possible by harnessing entanglement, which is arguably the most nonclassical manifestation of quantum theory. Even though Ekert's original protocol did not offer any security above and beyond my earlier invention with Bennett, he had planted the seed for a revolution. It was realized by several researchers in the mid-2000s that entanglement-based protocols could lead to unconditional security even if they are imperfectly implemented—even if the QKD apparatus is built by the eavesdropper, some argued. For a decade, these purely theoretical ideas remained elusive and seemed to require unreasonable hardware, such as an apparatus the size of the galaxy! Vazirani and Vidick's paper provides an unexpectedly simple and elegant solution, indeed one that is almost within reach of current technology. Once it becomes reality, codemakers will have won the definitive battle, Poe's prophecy notwithstanding.”
Cyber Security in the Quantum Era (8/15/2019) Tagged: Quantum Computing, Quantum CyberSecurity, Quantum Technologies, Cybersecurity Research and Development |
Communications of the ACM, April 2019
By Petros Wallden, Elham Kashefi
“The ability to communicate securely and compute efficiently is more important than ever to society. The Internet and increasingly the Internet of Things, has had a revolutionary impact on our world. Over the next 5-10 years, we will see a flux of new possibilities, as quantum technologies become part of this mainstream computing and communicating landscape. Future networks will certainly consist of both classical and quantum devices and links, some of which are expected to be dishonest, with functionalities of various sophistication, ranging from simple routers to servers executing universal quantum algorithms. The realization of such a complex network of classical and quantum communication must rely on a solid novel foundation that, nevertheless, is able to foresee and handle the intricacies of real-life implementations and novel applications.”
DoD Cyber Strategy – 2018 (4/28/2019) Tagged: Cyber Warfare, Government Policy, China, Russia, North Korea, Iran |
Cyber Strategy: Summary, 2018
U.S. Department of Defense
“American prosperity, liberty, and security depend upon open and reliable access to information. The Internet empowers us and enriches our lives by providing ever-greater access to new knowledge, businesses, and services. Computers and network technologies underpin U.S. military warfighting superiority by enabling the Joint Force to gain the information advantage, strike at long distance, and exercise global command and control.”
Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd Ed. (4/17/2019) Tagged: Cryptography, Copyright and Digital Rights Management, Electronic and Information Warfare, Multilevel Security, Network Attack & Defense, Physical Protection, Psychology and Usability, Distributed Computing / Distributed Systems, Economics, Biometrics, Security Engineering | “The world has changed radically since the first edition of this book was published in 2001. Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy and as they specialize, they get better. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable whether faced with error or malice. Here's straight talk on critical topics such as technical engineering basics, types of attack, specialized protection mechanisms, security psychology, policy, and more." The Market for Stolen Account Credentials (4/13/2019) Tagged: Cyber Crime |
Krebs on Security, December 18, 2017
By Brian Krebs
“Today’s post looks at the price of stolen credentials for just about any e-commerce, bank site or popular online service, and provides a glimpse into the fortunes that an enterprising credential thief can earn selling these accounts on consignment.”
The Value of a Hacked Email Account (4/13/2019) Tagged: Cyber Crime, Krebs-The Value of Series |
Krebs on Security, July 10, 2013
By Brian Krebs
“This post aims to raise awareness about the street value of a hacked email account, as well as all of the people, personal data, and resources that are put at risk when users neglect to properly safeguard their inboxes. ”
The Value of a Hacked Company (4/13/2019) Tagged: Cyber Crime, Krebs-The Value of Series |
Krebs on Security, July 14, 2016
By Brian Krebs
“If you help run an organization, consider whether the leadership is investing enough to secure everything that’s riding on top of all that technology powering your mission: Chances are there’s a great deal more at stake than you realize.”
The Big Picture (4/5/2019) Tagged: Secure Systems, Trustworthy Systems |
Communications of the ACM, November 2018
By Steven M. Bellovin, Peter G. Neumann
"Cryptography is an enormously useful concept for achieving trustworthy systems and networks; unfortunately, its effectiveness can be severely limited if it is not implemented in systems with sufficient trustworthiness.
It is time to get serious about the dearth of trustworthy systems and the lack of deeper understanding of the risks that result from continuing on a business-as-usual course.”
Deception, Identity, and Security: The Game Theory of Sybil Attacks (4/4/2019) Tagged: Privacy, Cyber Identity, Cyber-Social Systems, Game Theory |
Communications of the ACM, January 2019
By William Casey, Ansgar Kellner, et al.
"Along with the low cost of minting and maintaining identities, a lack of constraints on using identities is a primary factor that facilitates adversarial innovations that rely on deception. With these factors in mind, we study the following problem: Will it be possible to engineer a decentralized system that can enforce honest usage of identity via mutual challenges and costly consequences when challenges fail?"
The End of Encryption? NSA & FBI Seek New Backdoors Against Advice from Leading Security Experts (4/4/2019) Tagged: Privacy, Encryption, National Security (US) |
Democracy Now!, July 8, 2015
By Juan González & Amy Goodman
Guest: Bruce Schneier
"FBI Director James Comey is set to testify against encryption before the Senate Intelligence Committee today, as the United States and Britain push for “exceptional access” to encrypted communications. Encryption refers to the scrambling of communications so they cannot be read without the correct key or password. The FBI and GCHQ have said they need access to encrypted communications to track criminals and terrorists. Fourteen of the world’s pre-eminent cryptographers, computer scientists and security specialists have issued a paper arguing there is no way to allow the government such access without endangering all confidential data, as well as the broader communications infrastructure. We speak with one of the authors of the paper, leading security technologist Bruce Schneier.."
The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age (3/6/2019) Tagged: Cyber Warfare, China, National Security (US), Cyber Weapons, Russia, North Korea, Iran |
Published by Penguin Random House, June 19, 2018
By David E. Sanger
"The Perfect Weapon is the startling inside story of how the rise of cyberweapons transformed geopolitics like nothing since the invention of the atomic bomb. Cheap to acquire, easy to deny, and usable for a variety of malicious purposes—from crippling infrastructure to sowing discord and doubt—cyber is now the weapon of choice for democracies, dictators, and terrorists."
Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice (3/1/2019) Tagged: Cryptography, Internet Security |
Communications of the ACM, January 2019, Vol. 62 No. 1, Pages 106-114
Research Highlights: “Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice”
By David Adrian, Karthikeyan Bhargavan, et al.
"We investigate the security of Diffie-Hellman key exchange as used in popular Internet protocols and find it to be less secure than widely believed."
Zucked: Waking Up to the Facebook Catastrophe (2/24/2019) Tagged: Privacy, Security, Disinformation (Coordinated Inauthentic Behavior), Propaganda, Facebook, Online Social Networks, United States - Politics & Government, Zuckerberg (Mark) - Influence |
"The New York Times bestseller about a noted tech venture capitalist, early mentor to Mark Zuckerberg, and Facebook investor, who wakes up to the serious damage Facebook is doing to our society – and sets out to try to stop it. "
Roger McNamee has been a Silicon Valley investor for 35 years. He co-founded successful funds in venture, crossover and private equity. His most recent fund, Elevation, included U2’s Bono as a co-founder. He holds a B.A. from Yale University and…
Secrets & Lies: Digital Security in a Networked World (2/23/2019) Tagged: Computer Security, Computer Networks - Security |
Welcome to the businessworld.com. It's digital: Information is more readily accessible than ever. It's inescapably connected: businesses are increasingly--if not totally--dependent on digital communications. But our passion for technology has a price: increased exposure to security threats. Companies around the world need to understand the risks associated with doing business electronically. The answer starts here.
Applied Cryptography: Protocols, Algorithms, and Source Code in C (2/23/2019) |
This second edition of the cryptography classic provides you with a comprehensive survey of modern cryptography. The book details how programmers and electronic communications professionals can use cryptography -- the technique of enciphering and deciphering messages -- to maintain the privacy of computer data. It describes dozens of cryptography algorithms, gives practical advice on how to implement them in cryptographic software, and shows how they can be used to solve security problems. Covering the latest developments in practical cryptographic techniques, this new edition shows programmers who design computer applications, networks, and storage systems how they can build security into their software and systems.