CAT | National Security
8
FBI: Anonymity implies terrorist
No comments · Posted by lance in Anonymity, Anonymizer, Cryptography, Internet, legal, National Security, Online Privacy, Physical Security, Stupidity
The FBI in conjunction with the Bureau of Justice Assistance and Joint Regional Intelligence Center have produced a number of fliers to help the public identify possible terrorists. While some of the points have merit, it is very likely that this will generate an extremely high proportion of false alerts based on perfectly reasonable and legal behaviors.
A big red flag for me were the fliers for cyber cafes and electronics stores. These suggest that the use of privacy protecting services, like Anonymizer, should be deemed suspicious. They also call out Encryption, VoIP, and communicating through video games.
In almost all of the fliers they suggest that wanting to pay cash (legal tender for all debts public and private) is suspicious.
Thanks to Public Intelligence for pulling together PDFs of the documents.
19
Schneier on Security: Domain-in-the-Middle Attacks
No comments · Posted by lance in Email Security, hacking, International, Internet, National Security, Personal Privacy, Security Breaches, Surveillance
Schneier on Security: Domain-in-the-Middle Attacks
Bruce Schneier on the real world effectiveness of a very simple domain name based man in the middle attack.
Here is a Wired article on the same issue showing how it was used to steal 20 GB of email from a Fortune 500 company.
dns · hacking · man-in-the-middle · security · security breaches · surveillance
28
Matt Blaze: Wiretapping and Cryptography Today
No comments · Posted by lance in Cryptography, Internet, National Security, Surveillance
Matt Blaze analyzes why the widespread use of cryptography has had almsost no impact on our practical ability to do wiretaps and gather information under legitimate court orders. Not too technical and absolutely worth a read.
31
A Very Nice Analysis of the Lockheed Martin Network Breach
No comments · Posted by lance in Computer Security, National Security, Security Breaches
Here is a really nice analysis of the recent security breach at Lockheed Martin. The short version is that is looks like their SecureID tokens got duplicated. This is almost certainly related to the security breach at EMC / RSA.
Digital Dao: An Open Source Analysis Of The Lockheed Martin Network Breach
computer security · internet · national security · security · security breaches
21
Excellent EFF post on failures of Cryptography regulation
3 Comments · Posted by lance in Computer Security, Cryptography, First Amendment, Innovation, Internet, legal, Legislation, National Security, Online Privacy, Personal Privacy, Security Breaches, Surveillance
The EFF has an excellent article on eight reasons why government regulation of cryptography is a bad idea.
The short answer is: the bad guys can easily get it and use it anyway, and it will make security for the rest of us much worse (not including the big brother surveillance and constitutional issues).
clipper chip · cryptography · eff · fbi · law enforcement · Privacy · regulation · security
