I have written a paper with Orin Kerr on encryption workarounds. Our goal wasn’t to make any policy recommendations. (That was a good thing, since we probably don’t agree on any.) Our goal was to present a taxonomy of different workarounds, and discuss their technical and legal characteristics and complications.
Privacy is for paedos. Google knows what you’re looking for. Facebook knows what you like. The CIA knows how to use your TV/Smartphone to spy on you. Your communications are being monitored 24X7. Still think you have privacy? If you still think you have privacy, 21-year-old Russian photographer Egor Tsvetkov will convince you to think […]
There’s an old mantra in the security world that anything can be hacked. And the more complex our devices become, the more methods hackers dream up to break into them. Case in point: A team of researchers can use sound waves to control anything from a smartphone (seriously) to a car (theoretically).
Two weeks ago I tried to encrypt a tax document for archival and noticed my PGP keys had just expired. GnuPG had (correctly) forbidden the action, requiring that I first edit the key and extend the expiration date. Rather than do so, I decided to take this opportunity to retire my PGP keys for good. […]
Shadow IT is the use by employees of unauthorised cloud applications and services, such as Dropbox, Google Docs and OneDrive. This definition does not imply these apps and services are inherently dangerous or insecure, simply that they have not been authorised for use by the IT department and so are often invisible to security controls. This […]
Researchers devised a new attack method that can be leveraged to track mobile devices that rely on MAC address randomization mechanism. The MAC address is a unique and an hard coded identifier assigned to a device’s network interface. This characteristic makes it an excellent tool for the tracking of the devices.
There’s been one particularly misleading claim today: That the CIA’s in-house hackers “bypassed” the encryption used by popular secure-chat software Signal [and WhatsApp, but who uses that?] By specifically mentioning these apps, news outlets implied that the agency has a means of getting through the protections built into the chat systems. It doesn’t. Instead, it […]
Android devices dominate the market, making them a target for crime. But just how secure are Android smartphones in 2017? Generally speaking, when it comes to being as secure as possible (and, just as importantly, staying as secure as possible) newer is better. This is certainly the case if we are talking mobile operating systems […]
Major tech companies like Google Dropbox and, more recently, Facebook have begun allowing users to log in with security keys. These security keys implement an open standard called Universal 2nd Factor, or U2F. So What is U2F? U2F Explained U2F is a new standard for universal two-factor authentication tokens. These tokens can use USB, NFC, […]
For many of us, our smartphones carry our whole world — contacts, messages, payment information, eclectic music collection — so it’s hard to understate the importance of keeping everything safe and secure. Certain apps can make a big difference — protecting your data and securing your communications. Here are five well worth installing.
A group of security researchers called TeamSIK from the Fraunhofer Institute for Secure Information Technology (SIT) in Darmstadt, Germany, on Tuesday published its security assessment of nine popular password management applications on Android devices and found them all wanting. TeamSIK looked at My Passwords, Informaticore Password Manager, LastPass, Keeper, F-Secure KEY, Dashlane, Hide Pictures Keep […]