Category Archives: computersecurity

Lessons From the Dyn DDoS Attack

Posted on by

A week ago Friday, someone took down numerous popular websites in a massive distributed denial-of-service (DDoS) attack against the domain name provider Dyn. DDoS attacks are neither new nor sophisticated. The attacker sends a massive amount of traffic, causing the victim’s system to slow to a crawl and eventually crash. There are more or less clever variants, but basically, it’s… Continue reading Lessons From the Dyn DDoS Attack

Comparing Messaging Apps

Posted on by

Michah Lee has a nice comparison among Signal, WhatsApp, and Allo. In this article, I’m going to compare WhatsApp, Signal, and Allo from a privacy perspective. While all three apps use the same secure-messaging protocol, they differ on exactly what information is encrypted, what metadata is collected, and what, precisely, is stored in the cloud ­- and therefore available, in… Continue reading Comparing Messaging Apps

Credential Stealing as an Attack Vector

Posted on by

Traditional computer security concerns itself with vulnerabilities. We employ antivirus software to detect malware that exploits vulnerabilities. We have automatic patching systems to fix vulnerabilities. We debate whether the FBI should be permitted to introduce vulnerabilities in our software so it can get access to systems with a warrant. This is all important, but what’s missing is a recognition that… Continue reading Credential Stealing as an Attack Vector