security – Safer Computing

David Frier 2021-07-25MalwareIoT, security 1 Comment

IoT Attack, Incident Response

I missed an installment on Friday, and maybe I’m a little tired of blogging about What’s Wrong With the World. So here’s a taste of something else. About a month ago, I had what I believe was a ransomware attack on my home infrastructure. I want to lay out what happened and what I have done about it since. Preparation One of the main elements of my computing environment here had been a QNap TS-451, running the current version of … Continue reading “IoT Attack, Incident Response”

David Frier 2015-07-07Uncategorizedinfosec, right-wing, security, security culture

Back Doors are for Bad Guys

The UK Prime Minister, David Cameron, says he’s going to ban strong encryption within his country. Somehow this is going to make everyone safe from terrorists. I have some questions: Are terrorists the ones who will abide by such a law, first and foremost? Is it your intention to shut down all e-Commerce in the UK? How will it improve the welfare of British citizens to have the UK cut off from the rest of the Internet? When that notoriously … Continue reading “Back Doors are for Bad Guys”

David Frier 2015-06-16Uncategorizedinfosec, privacy, security, security culture

Spoiler Alert: Government Spy Agencies Might Be Lying

UK intelligence agencies are claiming that they are having to move agents who are endangered in the field, and according to this report the reason is… Edward Snowden! I must say, this has the stink of the barnyard. Information about the nature of surveillance programs, which is what Snowden revealed, is so far from operational info about field agents that it might as well be the 1997 Minnesota Twins’ box scores. If agencies are having their networks compromised they should look to … Continue reading “Spoiler Alert: Government Spy Agencies Might Be Lying”

David Frier 2015-06-04Uncategorizedgeeky, infosec, IT, security, security culture

Why Security on the Internet is an Afterthought

This WaPo article gives us an historical perspective on why the Internet was designed to operate mostly with no encryption. The money quote: “Back in those days, the NSA still had the ability to visit a professor and say, ‘Do not publish that paper on cryptography.’ ”As the ’70s wound down, [Vint] Cerf and [Robert] Kahn abandoned their efforts to bake cryptography into TCP/IP, bowing to what they considered insurmountable barriers. This is really a great piece on how the internet … Continue reading “Why Security on the Internet is an Afterthought”

David Frier 2015-05-26UncategorizedDRM, logic, security, security culture, snark, stupid

Do you own your car?

Or does GM? I’m not referring here to leasing vs. buying. I am referring to the fact that GM has recently declared that only mechanics they license are allowed to work on “your” car. And if you take it to another mechanic, or use less-expensive after-market parts, or connect the car’s diagnostic port to a home-brew or third-party device, the issue is not merely the possibility of voiding the warranty. The issue is, GM can more or less unilaterally declare … Continue reading “Do you own your car?”

David Frier 2015-05-09Uncategorizedgadgets, security

Convenience

Wireless Car Locks are designed for convenience. Yours, and also car thieves’. In this NYT story, the author describes why he now keeps his car keys in the freezer: He explained it like this: In a normal scenario, when you walk up to a car with a keyless entry and try the door handle, the car wirelessly calls out for your key so you don’t have to press any buttons to get inside. If the key calls back, the door … Continue reading “Convenience”

David Frier 2015-05-08Uncategorizedinfosec, Introduction, security

Exam Time!

If you’re a student and you’re reading this, I just made you clench a little with that title, didn’t I? Well, here’s some news you can use: it never really goes away. Ten years ago next month, I sat for the CISSP exam. Being a bit underemployed at the time, I had done little the preceding six weeks but study for it. I had to travel to NYC for the exam, which was a non-trivial financial risk, but lack of … Continue reading “Exam Time!”

David Frier 2015-05-06Uncategorizedcopyfight, DRM, geeky, security 1 Comment

Day Against DRM

“Digital Rights Management” is one of those things that sounds so benign. Like “Patriot Act”. In fact, DRM is a willful effort to make sure that your computer is not really your property, and that legitimate uses of it are under control of the corporations you bought media from. Oh, sorry, “bought media” is a misstatement. Under DRM, you cannot actually buy media. You can give corporations money, yes, but they retain the ownership of everything. You have only bought … Continue reading “Day Against DRM”

David Frier 2015-04-22Uncategorizedbusiness, infosec, IT, security, snark

Sony: The Gift that Keeps On Giving

As you may recall, late last fall, Sony Pictures Entertainment acknowledged that their entire IT infrastructure had been severely breached. At the time, the attackers were announced to be the North Koreans. But serious analysis absent political axes to grind has put that conclusion in doubt, to say the least. More evidence points to the actions of an unhappy employee/former employee and roughly half a dozen accomplices. One of the things that the attackers did was release a huge cache … Continue reading “Sony: The Gift that Keeps On Giving”

David Frier 2015-04-19Uncategorizedinfosec, privacy, security

The price of free games

What price do we pay to play our favorite games? Especially the “free” ones? Privacy. It’s not that we don’t value it. We do; we treat it as currency. And it’s sobering how lavishly we spend it. I just sampled the permissions requested by the following apps on my Android phone or tablet: Ingress Unblock Me FREE Pandora Slice It! Angry Birds Flow Free Bubble Blast 2 Except for Pandora, a music-streaming service, all are free games. Some support in-game … Continue reading “The price of free games”