Collaborate Disseminate
There is a side-channel attack against YubiKey access tokens that allows someone to clone a device. It’s a complicated attack, requiring the victim’s username and password, and physical access to their YubiKey—as well as some technica… Continue reading YubiKey Side-Channel Attack
Really interesting analysis of the American M-209 encryption device and its security.
Continue reading Long Analysis of the M-209
This story seems straightforward. A city is the victim of a ransomware attack. They repeatedly lie to the media about the severity of the breach. A security researcher repeatedly proves their statements to be lies. The city gets mad and sues the resear… Continue reading Security Researcher Sued for Disproving Government Statements
The NSA’s “National Cryptographic School Television Catalogue” from 1991 lists about 600 COMSEC and SIGINT training videos.
There are a bunch explaining the operations of various cryptographic equipment, and a few code words I have ne… Continue reading List of Old NSA Training Videos
Interesting vulnerability:
…a special lane at airport security called Known Crewmember (KCM). KCM is a TSA program that allows pilots and flight attendants to bypass security screening, even when flying on domestic personal trips.
The KCM process is fairly simple: the employee uses the dedicated lane and presents their KCM barcode or provides the TSA agent their employee number and airline. Various forms of ID need to be presented while the TSA agent’s laptop verifies the employment status with the airline. If successful, the employee can access the sterile area without any screening at all…
Details.
Blog moderation policy.
Continue reading Friday Squid Blogging: Economic Fallout from Falklands Halting Squid Fishing
The “long lost lecture” by Adm. Grace Hopper has been published by the NSA. (Note that there are two parts.)
It’s a wonderful talk: funny, engaging, wise, prescient. Remember that talk was given in 1982, less than a year before the ARPANET switched to TCP/IP and the internet went operational. She was a remarkable person.
Listening to it, and thinking about the audience of NSA engineers, I wonder how much of what she’s talking about as the future of computing—miniaturization, parallelization—was being done in the present and in secret.
… Continue reading Adm. Grace Hopper’s 1982 NSA Lecture Has Been Published
Matthew Green wrote a really good blog post on what Telegram’s encryption is and is not.
EDITED TO ADD (8/28): Another good explainer from Kaspersky.
Continue reading Matthew Green on Telegram’s Encryption
Ars Technica has a good article on what’s happening in the world of television surveillance. More than even I realized.
Continue reading The Present and Future of TV Surveillance
This is a big deal. A US Appeals Court ruled that geofence warrants—these are general warrants demanding information about all people within a geographical boundary—are unconstitutional.
The decision seems obvious to me, but you can’t… Continue reading US Federal Court Rules Against Geofence Warrants