Policy Makers Likely Even More Ignorant Than the Public on Tech Security Matters

The other day, we poked some fun at the US public for ignorance of basic tech-related terminology.  Much more serious, however, is the depth of ignorance and incompetence common among public officials who hold sway over cyber-policy decisions.  Whether it is a "cybersecurity" official who doesn't know what an ISP is, a judge who doesn't understand  email or a technophobic luddite who controls the Department of Homeland Security . . .  these people's ignorance actually puts the public at large in danger, and represent real threats to our security not to mention our civil liberties.  Of course, one would not expect anything less from the Democrats and Republicans.  From the Guardian:
One of the world’s leading cyberwarfare experts has warned of the damaging lack of government literacy in cybersecurity issues, pointing out that some senior officials don’t know how to use email, and that one US representative about to negotiate cybersecurity with China asked him what an “ISP” was. . . .

Yet former head of US homeland security Janet Napolitano once told Singer. “Don’t laugh, but I just don’t use email at all,” Singer recalled. “It wasn’t a fear of privacy or security - it’s because she just didn’t think it was useful. A supreme court justice also told me ‘I haven’t got round to email yet’ - and this is someone who will get to vote on everything from net neutrality to the NSA negotiations.”

Obama himself, Singer said, had expressed concern that the complexity of the issue was overwhelming policy makers.
Ignorance hiding behind complexity.  I'm sure they'll find a way to simply it for themselves while making the rest of us less secure and less free at the same time.  Win/win from their end, I suppose.  
Posted by on No comments:
Labels: ,

Critical Linux Vulnerability Discovered

From Ars Technica:
Hundreds of open source packages, including the Red Hat, Ubuntu, and Debian
distributions of Linux, are susceptible to attacks that circumvent the most widely used technology to prevent eavesdropping on the Internet, thanks to an extremely critical vulnerability in a widely used cryptographic code library.
The bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites that depend on the open source package. Initial estimates included in Internet discussions such as this one indicate that more than 200 different operating systems or applications rely on GnuTLS to implement crucial SSL and TLS operations, but it wouldn't be surprising if the actual number is much higher. Web applications, e-mail programs, and other code that use the library are vulnerable to exploits that allow attackers monitoring connections to silently decode encrypted traffic passing between end users and servers.
The bug is the result of commands in a section of the GnuTLS code that verify the authenticity of TLS certificates, which are often known simply as X509 certificates.
Posted by on No comments:
Labels: ,

How Many Americans Think They Can Catch an STD from their Computer?

If only there were a place where people had access to vast troves of information, and could seek it out to inform themselves about things they do not understand . . . From the LA Times:
A recent study found that many Americans are lost when it comes to tech-related terms, with 11% saying that they thought HTML — a language that is used to create websites — was a sexually transmitted disease.  The study was conducted by Vouchercloud.net, a coupons website, as a way to determine how knowledgeable users are when it comes to tech terms . . . Besides HTML, there were some other amusing findings:
  • 77% of respondents could not identify what SEO means. SEO stands for "Search-Engine Optimization"
  • 27% identified "gigabyte" as an insect commonly found in South America. A gigabyte is a measurement unit for the storage capacity of an electronic device.
  • 42% said they believed a "motherboard" was "the deck of a cruise ship." A motherboard is usually a circuit board that holds many of the key components of a computer.
  • 23% thought an "MP3" was a "Star Wars" robot. It is actually an audio file.
  • 18% identified "Blu-ray" as a marine animal. It is a disc format typically used to store high-definition videos.
  • 15% said they believed "software" is comfortable clothing. Software is a general term for computer programs.
  • 12% said "USB" is the acronym for a European country. In fact, USB is a type of connector.
Despite the incorrect answers, 61% of the respondents said it is important to have a good knowledge of technology in this day and age.
Yes, the majority think it is important to have a good understanding of technology, but many apparently do not think it is important enough to, you know, actually go and inform themselves about it.  These are, of course, the same people who continue to vote for Democrats and Republicans year after year.  One wonders how many people think they can catch a virus from their computer. 

Posted by on No comments:
Labels:

Florida: Big Business and Big Government Collude to Further Undermine the Constitution of the United States

The government of the United States honors its illegal commitments to corporations over its supposed commitment to upholding the Constitution of the United States.  If this doesn't make your blood boil, you are probably a fascist.  From Ars Technica:
A police department in Florida failed to tell judges about its use of a cell phone tracking tool "because the department got the device on loan and promised the manufacturer to keep it all under wraps," the American Civil Liberties Union said in a blog post today.
The device was likely a "Stingray," which is made by the Florida-based Harris Corporation. Stingrays impersonate cell phone towers in order to compel phones to "reveal their precise locations and information about all of the calls and text messages they send and receive," the ACLU noted. "When in use, stingrays sweep up information about innocent people and criminal suspects alike."

The tracking technology was used by the Tallahassee Police Department in September 2008 to locate a man accused of rape and the theft of a purse, which contained the alleged victim's cell phone. The man, James L. Thomas, was convicted of sexual battery and theft, but he filed an appeal "contending that evidence obtained in violation of the Fourth Amendment, and article I, section 12 of the Florida Constitution, was introduced against him at trial," according to a court ruling in November 2013 that reversed the conviction and ordered a new trial.

Police "did not want to obtain a search warrant because they did not want to reveal information about the technology they used to track the cell phone signal," the District Court of Appeal ruling said. "The prosecutor told the court that a law enforcement officer 'would tell you that there is a nondisclosure agreement that they’ve agreed with the company.'"
All government employees who participated in these despicable acts should be tried for treason.  
Posted by on No comments:
Labels:

Predictable: UK Internet Censorship Official Arrested for Child Pornography

It appears one of the higher up UK officials in charge of crafting that government's internet censorship policy and "pornography filter" is himself a pedophile and likely child pornographer.  You can't make this stuff up folks.  These people are degenerate scum.  One wonders how many other pedos there are wandering the halls of Downing Street.  From the Guardian:
A senior aide to David Cameron resigned from Downing Street last month the day before being arrested on allegations relating to child abuse images.  Patrick Rock, who was involved in drawing up the government's policy for the large internet firms on online pornography filters, resigned after No 10 was alerted to the allegations.
Rock was arrested at his west London flat the next morning. Officers from the National Crime Agency subsequently examined computers and offices used in Downing Street by Rock, the deputy director of No 10's policy unit, according to the Daily Mail, which disclosed news of his arrest.  No 10 confirmed on Monday evening that Rock had been arrested. A spokesman: "On the evening of 12 February, Downing Street was first made aware of a potential offence relating to child abuse imagery. It was immediately referred to the National Crime Agency (CEOP).
Posted by on No comments:
Labels: ,

Tennessee: Safety Hysterics Implement University Movement Tracking System

From Tennessee State University:
Tennessee State University (TSU) is implementing a new policy to keep students and staff safe. The changes come after a rash of vandalism and a shooting this school year on campus.
It's already difficult for students to get around campus without identification.
"I use it going to the cafeteria, going in and out of my dorm and driving on campus," freshman Xavier Johnson explained about the importance of his identification.

A new policy has students and staff lining the halls at the campus police department. Each one is required to get a new photo identification. Starting on March 1st  it must be prominently displayed while on campus.
The current policy requires everyone to be able to present identification only when asked.
Posted by on No comments:
Labels:

Online Learning: Free Lecture Courses on Data Communications, Networking, Cryptography and Computer Security

I've been meaning to bring these resources together into a post for some time now.  There are a ridiculous number of free university level courses on communications, networking, cryptography and computer security available online.  Here are some of the better courses, lectures and video tutorials that I've come across over the last six months, all of which are appropriate for people who are looking for in depth introductions to these fields, or more experienced folks who would like a refresher on the fundamentals.

Lecture Series


Steve Gordon's Lecture Courses
Steve Gordon is an Associate Professor at Sirindhorn International Institute of Technology (SIIT), Thammasat University, Thailand.  On his Youtube page, you can find four complete lecture series on Security and Cryptography, IT Security, Data Communications and Networks, and Internet Technologies and Applications

•  Introduction to Cryptography
Christof Paar, a Professor at Ruhr University, Bochum Germany, provides an introduction to modern cryptography in this series of 24 lectures. 

•  Cryptography and Network Security
Prof. D. Mukhopadhyay, from the Department of Computer Science and Engineering at the Indian Institute of Technology provides a broad introduction to Cryptography and Network security in this series of 41 lectures.  Production quality could be better, but the video lectures are substantive in nature.

•  Computer System Engineering
This undergraduate course, taught by Prof. Robert Morris and Prof. Samuel Madden from MIT, covers the basics of networking and computer security.  The first few lectures are not available.  But the units on networking and cryptography are available in full beginning with lecture 9.  

•  Fundamentals of Computer Networking 
This series contains over 30 lectures by Professor Parviz Kermani Department of Electrical & Computer Engineering at Manhattan College, and provides an in depth introduction to the basics of computer networking.


Miscellaneous Video

•  Whitfield Diffie on the History of Public Key Cryptography
•  Google Tech Talks on Cryptography (Assorted lectures and seminars from the Google Tech Talk series relating to cryptography and computer security)
•  Intro to Network Scanning (Basic introduction to network scanning tools)
•  Intro to Pentesting (10 short tutorials)
Posted by on No comments:
Labels: ,
Subscribe to: Posts (Atom)