Archive for June, 2010

Russian spycraft ain’t what it used to be

June 30th 2010

A wise note written by Johannes Ulrich of SANS Institute outlines cyber security lessons from the recent russian spy arrests. Clearly, information security tradecraft has not made its way into spy schools, at least not in Russia.

A lot of their failures trace back to a stealth search warrant a few years back that netted an encrypted drive. One of the agents fortunately noticed the slip of paper with an obscure set of letters and numbers: the written password. So it was a crackproof password, but they didn’t take the trouble to memorize it.

Posted under Security | No Comments »

More puzzles from the Puzzle Palace

June 21st 2010

A reader pointed me to an apparently dull collection of NSA documents recently posted by that useful source, GovernmentAttic.org. One of the hidden gems is a “CMI Newsletter” containing a eight pages of crypto puzzles.

I’ve taken the liberty of posting the CMI Newsletter separately (PDF, click this link), but kudos go to GovernmentAttic for dredging up this diamond in the rough. If you work out answers, feel free to post them here, or at least provide a pingback so interested people can find them.

Continue Reading »

Posted under Security | No Comments »

More on the Internet Kill Switch

June 18th 2010

OK, I’ve calmed down and looked at recent news reports. First, I’m relieved to see that the Obama administration is not in fact behind this nonsense – it’s a cadre of clueless US Senators. Second, the Administration is not supporting this nonsense.

Continue Reading »

Posted under Security | No Comments »

The Internet “Kill Switch” is Nonsense

June 18th 2010

ARE THEY KIDDING ME? DON’T THEY HAVE ANY REMOTELY INTELLIGENT ADVISORS IN THE WHITE HOUSE THESE DAYS? I THOUGHT PRESIDENT OBAMA WAS TECH SAVVY!

Okay, I got that off my chest. [see later post]

For those who came late to the party, here’s how to think of the “Internet Kill Switch.” Substitute “Internet” for any of these:

  • National highway system
  • National airspace
  • Nationwide broadcast system
  • Starbucks

You can’t have an “Internet Kill Switch” for the same reason you can’t have a “Starbucks Kill Switch.” The things being controlled are thoroughly distributed and they operate independently.

Yes, the President can always declare a “Starbucks Emergency” and demand shutdown of all Starbucks (and Caribou and Dunn Brothers and other caffiene chains, to be fair). But there’s no real control over such things. Someone won’t get the word, or they’ll ignore it.

Continue Reading »

Posted under Security | No Comments »

Next »