If you’re concerned about your privacy when browsing the internet, a virtual private network is the best way to tell any snoopers to shove off. There’s a problem though. VPNs are notoriously shady, are more complicated than they look, they’re unregulated, and can be more of a security risk than they’re worth if you don’t […]
Security firm FireEye continues to follow APT29 group and on Monday it revealed that the cyber spies have been using a technique called “domain fronting” to make hard the attribution of their attacks. In December, the Signal development team introduced the ‘domain fronting’ technique to circumvent censorship. The astonishing news is that the APT29 group […]
Even for the powers that be, telling a fib every now and then to shape public opinion is not something particularly strange or unheard of. However, the authorities seem to be over exercising this practice with cases related to the dark web, perhaps because most of these dark web busts don’t make it to the […]
Security startup Cybellum recently announced a new attack that they’re calling “DoubleAgent”. They’ve labelled this a zero day “attack for taking full control over major antiviruses and next-generation antiviruses”. There’s a lot to unpack here. When you’re assessing the risk any issue poses it’s always best to clearly define the issue. Let’s start there.
I have written a paper with Orin Kerr on encryption workarounds. Our goal wasn’t to make any policy recommendations. (That was a good thing, since we probably don’t agree on any.) Our goal was to present a taxonomy of different workarounds, and discuss their technical and legal characteristics and complications.
Privacy is for paedos. Google knows what you’re looking for. Facebook knows what you like. The CIA knows how to use your TV/Smartphone to spy on you. Your communications are being monitored 24X7. Still think you have privacy? If you still think you have privacy, 21-year-old Russian photographer Egor Tsvetkov will convince you to think […]
There’s an old mantra in the security world that anything can be hacked. And the more complex our devices become, the more methods hackers dream up to break into them. Case in point: A team of researchers can use sound waves to control anything from a smartphone (seriously) to a car (theoretically).
Two weeks ago I tried to encrypt a tax document for archival and noticed my PGP keys had just expired. GnuPG had (correctly) forbidden the action, requiring that I first edit the key and extend the expiration date. Rather than do so, I decided to take this opportunity to retire my PGP keys for good. […]
Shadow IT is the use by employees of unauthorised cloud applications and services, such as Dropbox, Google Docs and OneDrive. This definition does not imply these apps and services are inherently dangerous or insecure, simply that they have not been authorised for use by the IT department and so are often invisible to security controls. This […]