6 January 2021 was a security clusterfuck.

  uspol coup capital infosec opsec physical_security espionage wtf government

Note the first: I started working on this article last week, but didn't post it until now because I wanted to let all of the (usually astoundingly bad) hot takes die down. While I realize that the Internet has given everyone an attention span rivalled only by the lifespan of the adult mayfly, I think it might be useful to have something laying around that can be pointed to later if need be.

Note the second: A reminder that I do not speak from an official position. I do not speak for or represent my employers, past, present, or future …

Read more...

Security nihilism: Never good enough.

  burnout crypto frustration information_security nihilism physical_security perfection hardware_security_modules catastrophic_failure victory_conditions failure_modes degrees

In the last couple of years, a meme that's come to be known as security nihilism has appeared in the security community.  In a nutshell, because there is no such thing as perfect security, there is no security at all, so why bother?  Talking about layered security controls that reinforce each other is pointless because they always skip right to the end, which is the circumvention of the nth countermeasure and final defeat.  In the crypto community, cries of "Quantum computer!" are the equivalent of invoking Godwin's Law, leading to the end of all discourse, nevermind trying to separate …

Read more...

Coming to you very much live and direct (though undercaffeinated), this is the Doctor.

  bitching california catching_up dancing dulles goth palo_alto physical_security random_commentary spellbound threat_models travel weekend

I've been sent on the road again for work, this time to the west coast, and the lovely region of California called Palo Alto. It's 0606 EST as I begin writing this from my increasingly infirm partner in crime Windbringer from one of the Z gates of Dulles International. Security was a nightmare this morning - not only does everyone and their backup seem to be hitting the friendly skies this morning, but the physical security detail seems to have changed its strategies once again. Now they are inspecting boarding passes and presented identification with both ultraviolet lamps and magnifying monocles …

Read more...

Either their physical security sucks, or someone planned a hardcore black op.

  break_in burglary ci_host leaked_information physical_security police_reports

CI Host, a professional colocation facility based out of Chicago, Illinois, is ostensibly paid by many small businesses to host servers for them, or provide managed hosting space for websites, e-commerce sites, and what have you. What they don't tell you on the Flash-enhanced frontpage of their website is that they've been broken into four times in two years, and I don't mean that someone cracked their network, I mean that a team of burglars broke into the facility, took out members of the on-site staff, and stole thousands of dollars of equipment. A team of physical intruders cut its …

Read more...