Tag: information security

  1. Security nihilism: Never good enough.

    17 March 2017

    In the last couple of years, a meme that's come to be known as security nihilism has appeared in the security community.  In a nutshell, because there is no such thing as perfect security, there is no security at all, so why bother?  Talking about layered security controls that reinforce each other is pointless because they always skip right to the end, which is the circumvention of the nth countermeasure and final defeat.  In the crypto community, cries of "Quantum computer!" are the equivalent of invoking Godwin's Law, leading to the end of all discourse, nevermind trying to separate …

    Read more...

  2. My Postmodern Openings paper went live.

    08 July 2016

    My paper on threats to emerging financial entities went live a couple of weeks ago. It's in volume VII, issue 1 of the journal Postmodern Openings and can be read in its entirity here as a downloadable PDF file. I've taken the liberty of uploading a second copy here for archival purposes.

    The paper is published under a Creative Commons By Attribution/Noncommercial/No Derivatives license.

    Read more...

  3. My paper about threats to emerging financial entities passed peer review and will be published.

    31 May 2016

    As you may or may not remember, late last year I presented via telepresence at the Nigeria ICT Fest, where I gave a talk about security threats to emerging financial entities. Following the conference I was invited to turn my presentation into an academic paper for an open-access, peer-reviewed journal called Postmodern Openings which is published on a biannual basis. Postmodern Openings seems to publish a little bit about everything, from the ethics of advertising to children to lessons learned from studying the economic systems of entire countries to the anthropological ins and outs of caring for children with chronic …

    Read more...

  4. Turtles All the Way Down: Bootstrapping an operating system.

    10 March 2014

    Now we need an operating system for the trusted, open source computer. As previously mentioned, Windows and MacOSX are out because we can't audit the code, and it is known that weaponized 0-days are stockpiled by some agencies for the purpose of exploitation and remote manipulation of systems, and are also sold on the black and grey markets for varying amounts of money (hundreds to multiple thousands of dollars). It has been observed by experts many a time that software being open source is not a panacea for security. It does, however, mean that the code can be audited for …

    Read more...

  5. Turtles all the way down: Introduction

    03 January 2014

    The sum total of the Edward Snowden revelations have pretty conclusively proved one thing: That we can't trust anything. The communications networks wrapped around the globe like a blanket are surveilled so minutely that Russian President Vladimir Putin has openly stated his admiration for the US getting away with it so successfully. Much of the cryptographic infrastructure used to protect our communications and data at rest is known to be vulnerable to one or more practical attacks that, in the end they can't really be called effective if one wants to be honest. The company RSA has all but admitted …

    Read more...

  6. Dominant discourse.

    18 August 2013

    Since the NSA revelations began coming a couple of times a week for the past month, an all too common set of dialogues has been cropping up again and again and again in practically every forum that one would care to visit. While the discussion itself isn't perfectly replicated the overall pattern is. It goes something like this:


    • Brief description of vulnerability. Mitigating tactic.
    • Mention of a vulnerability elsewhere in the user's system.
    • Description of a slightly more esoteric vulnerability.
    • Use another system.
    • Encrypt everything.
    • Quantum computer.
    • Use Tor.
    • Tor can't protect against country-level surveillance.
    • NSA backdoor.
    • The NSA has …

    Read more...

  7. ISOC-DC: A White Hat Perspective on Cyber Security & Other Internet Issues

    09 October 2012

    From the Internet Society of Washington, DC's official announcement:

    The term "hacker" is often used pejoratively. In reality, a hacker is someone who finds a clever and creative solution to a programming problem. Hacker culture typically advocates free and open source software and community based thinking. Malevolent hackers or "crackers" or "black hats," are the ones that we need to worry about. Thus, the distinction between white hat and black hat hackers.

    HacDC is a community organization in DC dedicated to the collaborative use of technology. HacDC is part of a global trend in amateur engineering clubs that have come …

    Read more...