The error is on OSI Layer 8, and even the best technology won’t help you if you use it wrong. In this article about the Darknet (Heise I’X, in German) I demystify many “given” assumptions. No NSA, no police, nobody needs to crack your cryptography if you do the same silly mistakes like so many others before you.
Update: Early in February I was interviewed by Radio Berlin Brandenburg about the my opinion on the darknet.
In this article for Heise I’X (in German) I present statistical and empirical evidence why it usually is a bad idea to force your users to change their password regularly. In fact, you’ll maybe push users to use patterns for their passwords that are cracked much easier than their password. What is a good password, and why you should only change it when you have reason for doubt. “You will need good reason to push your users into regularly changing their passwords – and only in few cases or insecure environments this may make sense at all…”
How to find secret army bases via health trackers… (German article)
Soldiers using their fitness trackers tell the world where their army bases are located. #sigh.
Security Theater. When feeling and reality don’t match it will become very likely that someone shows up to either sell some of his magic snake oil to you or try to convince you to that you need new laws or rules. #Sigh.
Here’s an old but great video at TED: Bruce Schneier on the feeling of Security. BIAS, Feeling and our nature prevent true security. Awesome, also the section on “news”. And of course about Security Theater.
Good intentions and their real life effects – that’s sometimes a whole other story.
In Germany NetzDG, a new law, passed the legislative process with best intentions: against cyber bullying, against hate speech, against fake news. Website owners and companies such as Twitter and Facebook are to be held responsible for what is published under their watch. At least, that was the idea.
Only three weeks into its existence the law, however, has had several severe impacts on free speech. Afraid of being punished social media platforms started to delete numerous postings and content..
At the 34th CCC meeting – the legendary Chaos Communication Congress – Ingo Dachwitz held an interesting speech about a highly controversial topic: We all want our data to be safe. But what is really necessary for a well informed understanding of data security of individual users? Can we declutter ePrivacy?
Watch here: https://netzpolitik.org/2018/34c3-eprivacy-macht-der-datenschutz-das-internet-kaputt/
A recent Intercept post once more shows great insight into history and state of NSA technologies. This time it’s about voice recognition and recognizing “who’s speaking” within very little time. Things have changed since the cold war, but I was not aware of secret services creating so-called voiceprints of all of us – including and focusing on non-US citizens. There’s an NSA program called Voice RT (link), but also China and Europe are involved:
In November, a major international speaker recognition effort funded by the European Union passed its final test, according to an Interpol press release. More than 100 intelligence analysts, researchers, and law enforcement agents from over 50 countries — among them, Interpol, the U.K.’s Metropolitan Police Service, and the Portuguese Polícia Judiciária — attended the demonstration, in which researchers proved that their program could identify “unknown speakers talking in different languages … through social media or lawfully intercepted audios.”
NSA documents reviewed by The Intercept outline the contours of a similarly expansive system — one that, in the years following 9/11, grew to allow “language analysts to sift through hundreds of hours of voice cuts in a matter of seconds and selects items of potential interest based on keywords or speaker voice recognition.”
Last week the US senate agreed on extending these surveillance measures, and the NSA’s goal is clear, not only since the 2010 conference where its directors clarified:
“It is all about locating, tracking, and maintaining continuity on individuals across space and time. It’s not just the traditional communications we’re after — It’s taking a ‘full arsenal’ approach.”
Here is a study from 1995 which was paid for by the NSA (I guess that is what “under the auspices” means?) and that comes to very frightening findings. Well, at least if you’re in security and IT:
“An in-depth analysis of the 80×86 processor families identifes architectural properties that may have unexpected, and undesirable, results in secure com-
puter systems. In addition, reported implementation errors in some processor versions render them undesirable for secure systems because of potential security and reliability problems.”
“This analysis is being performed under the auspices of the National Security Agency’s Trusted Product Evaluation Program (TPEP).”
I think this study sheds a strange light on the following quote from the Washington post:
“Rob Joyce, White House cybersecurity coordinator, said, “NSA did not know about the flaw, has not exploited it and certainly the U.S. government would
never put a major company like Intel in a position of risk like this to try to hold open a vulnerability.”