Thursday, October 1, 2020
Errata Security

Cliché: Security through obscurity (yet again)

Infosec is a largely non-technical field. People learn a topic only as far as they need to regurgitate the right answer on a certification test. Over time, they start to believe misconceptions about that topic that they never learned....
Errata Security

How CEOs think

Recently, Twitter was hacked. CEOs who read about this in the news ask how they can protect themselves from similar threats. The following tweet expresses our frustration with CEOs, that they don't listen to their own people, but instead...
Errata Security

In defense of open debate

Recently, Harper's published a Letter on Justice and Open Debate. It's a rather boring defense of liberalism and the norm of tolerating differing points of view. Mike Masnick wrote rebuttal on Techdirt. In this post, I'm going to rebut his rebuttal,...
Errata Security

Apple ARM Mac rumors

The latest rumor is that Apple is going to announce Macintoshes based on ARM processors at their developer conference. I thought I'd write up some perspectives on this.It's different this timeThis would be Apple's fourth transition. Their original Macintoshes...
Errata Security

What is Boolean?

My mother asks the following question, so I'm writing up a blogpost in response.I am watching a George Boole bio on Prime but still don’t get it.I started watching the first few minutes of the "Genius of George Boole"...
Errata Security

Securing work-at-home apps

In today's post, I answer the following question:Our customer's employees are now using our corporate application while working from home. They are concerned about security, protecting their trade secrets. What security feature can we add for these customers?The tl;dr...
Errata Security

CISSP is at most equivalent to a 2-year associates degree

There are few college programs for "cybersecurity". Instead, people rely upon industry "certifications", programs that attempt to certify a person has the requisite skills. The most popular is known as the "CISSP". In the news today, European authorities decided...
Errata Security

About them Zoom vulns…

Today a couple vulnerabilities were announced in Zoom, the popular work-from-home conferencing app. Hackers can possibly exploit these to do evil things to you, such as steal your password. Because of the COVID-19, these vulns have hit the mainstream...
Errata Security

Huawei backdoors explanation, explained

Today Huawei published a video explaining the concept of "backdoors" in telco equipment. Many are criticizing the video for being tone deaf. I don't understand this concept of "tone deafness". Instead, I want to explore the facts.Does the word...
Errata Security

A requirements spec for voting

In software development, we start with a "requirements specification" defining what the software is supposed to do. Voting machine security is often in the news, with suspicion the Russians are trying to subvert our elections. Would blockchain or mobile...
Errata Security

There’s no evidence the Saudis hacked Jeff Bezos’s iPhone

There's no evidence the Saudis hacked Jeff Bezos's iPhone.This is the conclusion of the all the independent experts who have reviewed the public report behind the U.N.'s accusations. That report failed to find evidence proving the theory, but instead...
Errata Security

How to decrypt WhatsApp end-to-end media files

At the center of the "Saudis hacked Bezos" story is a mysterious video file investigators couldn't decrypt, sent by Saudi Crown Prince MBS to Bezos via WhatsApp. In this blog post, I show how to decrypt it. Once decrypted,...
Errata Security

When tweets are taken out of context

I'm currently experiencing the toxic hell that is a misunderstood tweet going viral. It's a property of the social media. The more they can deliberately misunderstand you, the more they can justify the toxicity of their response.The context is...
Errata Security

This is finally the year of the ARM server

"RISC" was an important architecture from the 1980s when CPUs had fewer than 100,000 transistors. By simplifying the instruction set, they free up transistors for more registers and better pipelining. It meant executing more instructions, but more than making...
Graham Cluley

What to do first when your company suffers a ransomware attack

For many companies it would be a nightmare to discover that they are the latest unwitting victim of a ransomware attack, capable of crippling computer systems and locking up data if a payment isn’t made to cybercriminals. There’s no magic...
SecurityWeek

New RiskLens Solution Helps Organizations Optimize Cybersecurity Spending

Cyber risk management solutions provider RiskLens on Thursday announced a new capability designed to help organizations improve investment and budget decisions. read more

When Coffee Machines Demand Ransom, You Know IoT Is Screwed

A researcher reverse engineered an internet-connected coffee maker to see what kinds of hacks he could do with it. The answer: quite a lot.
Tripwire

Russian Gets 7 Years in Prison for Linkedin, Dropbox & Formspring Hacks

A Russian man received a seven-year prison sentence for having hacked into computers belonging to LinkedIn, Dropbox and Formspring. On September 30, Honorable William H. Alsup, U.S. District Judge for the Northern District of California, sentenced Yevgeniy Alexandrovich Nikulin,...
Bruce Schneier

Detecting Deep Fakes with a Heartbeat

Researchers can detect deep fakes because they don’t convincingly mimic human blood circulation in the face: In particular, video of a person’s face contains subtle shifts in color that result from pulses in blood circulation. You might imagine that these...