What the loss of the Internet Privacy Bill means to you and I.

It's probably popped up on your television screen that the Senate and then the House of Representatives voted earlier this week, 215 to 205, to repeal an Internet privacy bill passed last year.  In case you're curious, here's a full list of every Senator and Representative that voted to repeal the bill and how much they received specifically from the telecom lobby right before voting. (local mirror)  By the way, if you would like to contact those Senators (local mirror) or Representatives (local mirror) here's how you can do so... When the bill hits Trump's desk it's a foregone conclusion …

Read more...

San Francisco Bomb Scare, 24 February 2016.

On 24 February 2016 there was a bomb scare in the Financial District of downtown San Francisco, California. As far as I have been able to determine someone found an unattended FedEx box on the street, called the police, and the police called in the bomb squad (which doesn't seem to have a homepage of its own). For reasons not entirely clear to me I seem to have been one of very few people who covered it, which is kind of odd because they shut down streets for several blocks around, trapping many of us in place. I found myself …

Read more...

DefCon 22 presentation notes

Behind the cut are the notes I took during DefCon 22, organized by name of presentation. Where appropriate I've linked to the precis of the talk. I make no guarantee that they make sense to anybody but me.

One Man Shop: Building an Effective Security Program All By Yourself - Medic

  • Integrate with environment
  • Continuous monitoring
  • People and Process -> Secure Network Architecture -> Secure Systems Design -> Continuous Monitoring -> External Validation -> Compliance
  • Compliance, per usual, means dick in the final analysis
  • Roughly five year plan w/ deliverables
  • Needs organizational supprt. Still answers to the Business.
  • Supports, !replaces Business
  • Security will not mature past …
Read more...

DefCon 22: The writeup.

The reason I've been quiet so much lately and letting my constructs handle posting things for me is because I was getting ready to attend DefCon 22, one of the largest hacker cons in the world. It's been quite a few years since I last attended DefCon (the last one was DefCon 9, back in 2001.ev) due to the fact that Vegas is, in point of fact, stupidly expensive and when you get right down to it I need to pay bills more than I need to fly to Las Vegas for most of a week. I'm also in …

Read more...

Some thoughts on Google Glass.

I feel obligated to make the following disclaimer:

Yes, I am still a privacy advocate. I still teach crypto and train people in using privacy-preserving technologies. I also still don't trust any service that I can't kick because data I produce through them is the product and not the service. That said, Google and Google Glass don't seem to be going away anytime soon. So, here are some of my thoughts on Glass.

If you've been bouncing around the consumer electronics set for a while you've undoubtedly heard of Glass, Google's foray into the red-headed stepchild of computer technology for …

Read more...

Self censorship.

How many things have you started to write and stopped because you were afraid of who or what might read them? How many blog posts have you shelved, how many files have you deleted, how many pages have you burned because you feared what might happen if the wrong person or wrong thing spotted them and decided to make an example of you?

Have you ever wondered what the criteria might be under which a message in a chat room might trigger increased scrutiny, like mysterious malfunctions of your computer?

How many fears have you not expressed or opinions have …

Read more...

Turtles all the way down: Introduction

The sum total of the Edward Snowden revelations have pretty conclusively proved one thing: That we can't trust anything. The communications networks wrapped around the globe like a blanket are surveilled so minutely that Russian President Vladimir Putin has openly stated his admiration for the US getting away with it so successfully. Much of the cryptographic infrastructure used to protect our communications and data at rest is known to be vulnerable to one or more practical attacks that, in the end they can't really be called effective if one wants to be honest. The company RSA has all but admitted …

Read more...

Some thoughts on the Seattle police's surveillance mesh network.

In the past day or two an interesting piece of news has been making the rounds. Earlier this year the police department of the city of Seattle, Washington set up its own wireless mesh network for what many people are saying is for the purpose of keeping people under surveillance. The hardware was purchased from Aruba Networks; it is unknown whether or not the company set up the gear, or if another outfit was contracted for installation and maintenance. Each of the nodes is apparently broadcasting frames containing ESSIDs that reflect its location (such as 4th Avenue and Union Street …

Read more...

Our cyberpunk dystopia is shaping up nicely.

I find it increasingly difficult these days to shake the feeling that the cyberpunk dystopia our world is becoming is shaping up to be more and more like Shadowrun. Ever since 2012 (which turned out to be a slightly less tumultous year than Terrence McKenna had always preached) things have become more and more surreal and disturbing (in a David Cronenberg and not a David Lynch kind of way). The Snowden/NSA scandal continues to bring truly frightening information to light, and the first thing that comes to mind is that ECHO MIRAGE exists as a real thing which is …

Read more...

Recovering.

Since v0.5b of Byzantium Linux hit the Net, all of us have been taking the opportunity to get a little R&R before proceeding to the fifth and final milestone, which is writing up everything that happened in the previous six months. That's going to be a lot of stuff, but we've got good notes, a bunch of blog posts, and no shortage of lessons learned through the development process. I think when we sit down and get to work, we'll get it knocked out, edited, and published in not a very much time. I'll also be in a …

Read more...