Tag security

There goes your airgap.

This latest leak details how the NSA accessed targets by inserting tiny circuit boards or USB cards into computers and using radio waves to transmit data without the need for the machine to be connected to a wider network. It is a significant revelation in that it undermines what was seen to be one of the simplest but most effective methods of making a system secure: isolating it from the internet.
In other words: the NSA planted tranmitters (or tranceivers) and effectively turned air-gapped machines into machines transmitting to (/receiving from) their systems. Somewhat different from actually snooping on 'offline' machines, ala Tempest, as what many 'news' organizations hinted at by using inaccurate titles (the BBC, quoted above from this article, included). Unless all your offices are room-sized Faraday cages, with physical security and extensive background checks of the machine operators, the NSA just invalidated your airgap policy. But then again, your security was probably flawed anyway, especially against an adversary that competent/determined/resourceful.

The real choice is liberty versus control

Tyranny, whether it arises under threat of foreign physical attack or under constant domestic authoritative scrutiny, is still tyranny. Liberty requires security without intrusion, security plus privacy. Widespread police surveillance is the very definition of a police state. And that's why we should champion privacy even when we have nothing to hide.

iPhone iNsecurities…

When Steve Jobs claimed that there would not be an iPhone SDK in early 2007, citing security as the main reason behind Apple's decision, a considerable part of the IT press, bloggers, and engineers dismissed his claims as ludicrous. After all, this was 2007, and Apple had Mac OS X, a relatively secure OS and had demonstrated a policy of aggressively fixing bugs in its operating system and application software in recent years. Then it became known that the iPhone software was running with superuser privileges on the device, the iPhone was very quickly hacked into and Jobs announced an upcoming SDK for February 2008. With 1.2 million iPhones sold in three months, and about 250,000 of them already 'unlocked', this is starting to look like a security nightmare. One would think that Apple knew better...

Robert Morris at Cambridge

Robert Morris Sr. (the father of Robert Morris Jr. who made the 'internet worm' back in late 1988), ex. lead scientist of the NSA, is speaking at a seminar in Cambridge this Tuesday entitled "The cryptographic role of the cleaning lady". You can get more info here I am definitely going. :) Update: The Morris seminar at Cambridge was quite interesting, but mostly from a 'historical' point of view. Nothing much on the 'cleaning lady' apart from a few (some well-known) stories here and there. Nothing much on anything really. A bit disappointed in that respect. But it was a nice trip out of London.