Month: May 2016

So: you get a letter or email telling you some of your personal data has been handled carelessly by yet another provider, and squirted into the darknet.  Yours and 112 million others’.  How do you feel when you see that?  Are you enveloped in a sense of urgency… do you spring into action implementing all the corrective measures suggested? Me neither. I mean, we know we should.  But look at it this way.  Our lives and records, the core that matters, … Continue reading “Breach Fatigue”

…but to do it correctly!  Don’t just randomly start running around the Sonora Desert snapping pictures of ball lightning or lenticular clouds.  No, no, you should go read the CIA’s guide, How to Investigate a Flying Saucer. “My tax dollars at work!”, I hear you thinking.  But I have just listened to a fairly convincing talk whose thesis is, That is really a very usable framework for computer security incident response.  I see the point, but I am going to have to investigate it … Continue reading “The CIA Wants Us to Investigate Flying Saucers”

Yesterday I wrote about why there will always be strong encryption.  Encryption is only a technology – it can enhance both security and liberty, and it can damage both.  The more potential it has to enable criminals and terrorists the more it also serves to protect privacy, necessary military secrets and financial transactions and assets. If you believe that criminals and terrorists outweigh the lawful military, corporations and private citizens who benefit from strong encryption, I feel sorry for the … Continue reading “Liberty and Security”

Pretty optimistic for me, you might think.  But I think it’s inevitable. In the constant information-security arms race between attackers and defenders, attackers are said to have the upper hand.  After all, attackers only need to be right (or get lucky) once, while defenders have to be perfect, every time.  The probabilities favor the attackers there, obviously. But in the case of strong encryption as a thing that is available to ordinary people, the defender/attacker equation flips.  Every successful or … Continue reading “There Will Always be Strong Encryption”

Once I decided I was quitting Mint, I saw no reason to get sentimental about it or procrastinate.  I did the heavy lifting this past Sunday, and now I am in the yak-shaving stage.  AKA the fun part.  It’s revelatory, how so many of the things I thought were just a part of any desktop Linux, are actually Mint- or Ubuntu-specific. I would be remiss if I did not pay a huge shout out Aptik by TeeJee, without which I would have … Continue reading “Mint->Debian Migration”

The question is, how will you respond? Verizon just released its annual, much anticipated Data Breach Report (at least peruse the executive summary if not the full report).  This year they had a close-to-home item for their report: their own data breach, which resulted in the leak of some 1.5 million of their own customers’ records. There’s one thing that does not surprise me, and it’s because I make my living in Information Security and don’t watch CSI:Cyber.  It’s that most attacks — most … Continue reading “Data Breaches Happen to Everyone”