Posted on 2016-05-24Categories Uncategorized

Breach Fatigue

So: you get a letter or email telling you some of your personal data has been handled carelessly by yet another provider, and squirted into the darknet.  Yours and 112 million others’.  How do you feel when you see that?  Are you enveloped in a sense of urgency… do you spring into action implementing all the corrective measures suggested? Me neither. I mean, we know we should.  But look at it this way.  Our lives and records, the core that matters, … Continue reading “Breach Fatigue”

Posted on 2016-05-10Categories Uncategorized

The CIA Wants Us to Investigate Flying Saucers

…but to do it correctly!  Don’t just randomly start running around the Sonora Desert snapping pictures of ball lightning or lenticular clouds.  No, no, you should go read the CIA’s guide, How to Investigate a Flying Saucer. “My tax dollars at work!”, I hear you thinking.  But I have just listened to a fairly convincing talk whose thesis is, That is really a very usable framework for computer security incident response.  I see the point, but I am going to have to investigate it … Continue reading “The CIA Wants Us to Investigate Flying Saucers”

Posted on 2016-05-09Categories Uncategorized 3 Comments on Liberty and Security

Liberty and Security

Yesterday I wrote about why there will always be strong encryption.  Encryption is only a technology – it can enhance both security and liberty, and it can damage both.  The more potential it has to enable criminals and terrorists the more it also serves to protect privacy, necessary military secrets and financial transactions and assets. If you believe that criminals and terrorists outweigh the lawful military, corporations and private citizens who benefit from strong encryption, I feel sorry for the … Continue reading “Liberty and Security”

Posted on 2016-05-08Categories Uncategorized 1 Comment on There Will Always be Strong Encryption

There Will Always be Strong Encryption

Pretty optimistic for me, you might think.  But I think it’s inevitable. In the constant information-security arms race between attackers and defenders, attackers are said to have the upper hand.  After all, attackers only need to be right (or get lucky) once, while defenders have to be perfect, every time.  The probabilities favor the attackers there, obviously. But in the case of strong encryption as a thing that is available to ordinary people, the defender/attacker equation flips.  Every successful or … Continue reading “There Will Always be Strong Encryption”

Posted on 2016-05-05Categories Uncategorized

Mint->Debian Migration

Once I decided I was quitting Mint, I saw no reason to get sentimental about it or procrastinate.  I did the heavy lifting this past Sunday, and now I am in the yak-shaving stage.  AKA the fun part.  It’s revelatory, how so many of the things I thought were just a part of any desktop Linux, are actually Mint- or Ubuntu-specific. I would be remiss if I did not pay a huge shout out Aptik by TeeJee, without which I would have … Continue reading “Mint->Debian Migration”

Posted on 2016-05-03Categories Uncategorized

Data Breaches Happen to Everyone

The question is, how will you respond? Verizon just released its annual, much anticipated Data Breach Report (at least peruse the executive summary if not the full report).  This year they had a close-to-home item for their report: their own data breach, which resulted in the leak of some 1.5 million of their own customers’ records. There’s one thing that does not surprise me, and it’s because I make my living in Information Security and don’t watch CSI:Cyber.  It’s that most attacks — most … Continue reading “Data Breaches Happen to Everyone”