Use of Secret Communications is an "Ancient Liberty"

July 21, 2015 by Marc Handelman in All is Information, Communications, Communications Governance, Critical Thinking, Cryptography, Encryption, Intelligence, Information Security, Secrets

Presented for your consideration - a 1997 paper entitled The Use of Encrypted, Coded and Secret Communications is an "Ancient Liberty" Protected by the United States Constitution, published by the University of Virginia Journal of Law and Technology]*.

John Fraser III the author of this superlative screed (now an attorney in Washington, DC) presents his fascinating argument on encryption, and the 'ancient right' to utilize cryptographic artifacts in the course of communications, protected, of course, by our nations' Constitution. Today's Must Read.

WWII Hackers →

June 23, 2015 by Marc Handelman in Cryptography, Secrets, History, World Wide War, Mathematics

Presentation by Anja Drephal detailing a Сою́з Сове́тских Социалисти́ческих Респу́блик (also known as the CCCP) or the Union of Soviet Socialist Republics (USSR) espionage cell, operating within the national boundaries of Nippon in the 1930s and 1940s along with it's success in crypto. Whilst nearly two years old and delivered to the assembled at the Chaos Communication Congress 2013 (30C3), Drephal's presentation is assuredly worth directing your attention to (the math in the second half of the presentation is chock full of Import & Intrigue); Tuesday's Must View documentary...

Steganography, In the Round →

June 10, 2015 by Marc Handelman in All is Information, Information Security, Steganography, Cryptography

A more complete explanation, via Sophos security blog Naked Security author Paul Ducklin, of steganography in-the-round, as it were...

Cryptologists, Gaggle of →

April 28, 2015 by Marc Handelman in All is Information, Cryptography, Encryption, RSA Conference

Certainly an eponymous panel of cryptographic scientists, inclusive of Paul Kocher (Moderator) , Adi Shamir, Whitfield Diffie, Ed Giorgio, Ronald Rivest holding forth, as it were...

Good News for TrueCrypt →

April 07, 2015 by Marc Handelman in All is Information, Cruft, Cryptography, Encryption, Information Security, TLDR

Good news for TrueCrypt, via the inimitable Dan Goodin, writing at Ars Technica, of the apparent clean bill of cryptographic health, as it were...

"The TL;DR is that based on this audit, TrueCrypt appears to be a relatively well-designed piece of crypto software," Matt Green, a Johns Hopkins University professor specializing in cryptography and an audit organizer, wrote in a blog post accompanying Thursday's report. "The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances." via Dan Goodin at Ars Technica

Ladar's Next Big Thing →

March 16, 2015 by Marc Handelman in All is Information, Cryptography, Information Security, Identity Theft

Old, still relevant, and the reasons' why... Wouldn't you say?

Verne, Cryptologist →

March 03, 2015 by Marc Handelman in All is Information, Cryptography, Encryption, Ciphers, Stuff of Genius

In which, we are enthralled by Le Bon Professeur Jules Verne. Via a typically superb post - crafted by Nick Pelling at his Tremendous Cipher Mysteries site; further, by way of a fascinating article in the United States Army Signal Corps Bulletin of April to June 1940 detailing Monsieur Verne's prediliction for both transpositional and Vigenère ciphers. Outstanding.

Mythos of IPv6, It's Too New to be Attacked... →

February 21, 2015 by Marc Handelman in All is Information, Common Sense, Communications, Compute Infrastructure, Cryptography, Data Security, Encryption, ICANN, IANA, Information Security, Internet Governance, IPSec, Network Security, Network Protocols, Networks, Signals

More IPV6 myths exposed by ISOC's Deploy360 Director Chris Grundemann. This time focusing on the myth that IPv6 is too new to be attacked. Today's MustRead!

Box Crypto, Key Conveyance →

February 13, 2015 by Marc Handelman in All is Information, Compute Infrastructure, Cryptography, Data Security, Encryption, Enterprise Management, Information Security, Infosec Policy, Cloud Security

Well now, this is good news [of coursepurely dependent upon where your place is within the transaction, and future issues of both key management and governance related challenges] as Box has commenced with provisioning customers with their encryption keys. Gotta admire the transfer of risk in this action, all under the guide of enterprise key management...

'Today, Box says it has a new product that gets the job done. Called “Enterprise Key Management (EKM),” the service puts encryption keys inside a customer’s own data center and in a special security module stored in an Amazon data center. The Box service still must access customer’s data in order to enable sharing and collaboration, but EKM makes sure that only happens when the customer wants it to, Box says.' ArsTechnica's Jon Brodkin

Turing's Bletchley Notes Discovered

February 09, 2015 by Marc Handelman in All is Information, Computation, Cryptography, Espionage, Encryption, United Kingdom, Stuff of Genius

In an astonishing turn of luck, Alan Turing's Banbury Notes have turned up as roof insulation, at Beltchley Park's Hut 6. Reportedly, the notes were discovered during the renovation of the Hut in 2013.

IPv6 Security Myth: No NAT Means No Security

February 04, 2015 by Marc Handelman in All is Information, Common Sense, Communications, Compute Infrastructure, Cryptography, Data Security, Encryption, ICANN, IANA, Information Security, Internet Governance, IPSec, Network Protocols, Network Security, Networks, Signals

Astoundingly, myths still arise in this epoch of science, strangely so, when dealing with new technologies [Read: new means new in the final two years of the last century as IPv4 was originally codified by the IETF in 1981, with the acceptance of RFC 791] - in this case the vaunted move to IPv6. Now, arising from the ashes of IPv4 exhaustion hysteria, comes a current popular myth surrounds the utilization NATs in IPv4 and the lack of a counterpart construct in IPv6.

⌘

Internets, Cuniculum Autem →

February 02, 2015 by Marc Handelman in All is Information, Communications, Compute Infrastructure, Cryptography, Data Security, Encryption, Governance, Information Security, Network Security, SSL / TLS

Slides, Video

Government of Canada, Data From Canada Mandated To Remain In Canada →

February 02, 2015 by Marc Handelman in All is Information, Common Sense, Commerce, Compute Infrastructure, Data Loss Prevention, Cryptography, Database Security, Data Security, Encryption, Enterprise Management, Government, Information Security, Security Governance, Canada

Dr. Michael Geist (Law Professor at the University of Ottawa, and the current holder of the Canada Research Chair in Internet and E-commerce Law) holds forth on current cloud cogitation up north (at least within the data confines of the Government of Canada / Gouvernement du Canada).

Harvard Data Privacy Symposium, Schneier and Snowden →

January 28, 2015 by Marc Handelman in Cryptography, Data Security, Espionage, Government, Information Security, Intelligence, Encryption

Kim's Big Secret →

January 26, 2015 by Marc Handelman in All is Information, Cryptography, Communications, Encryption, Security

An End-to-End Encrypted Secret, that is...

Criminalization of Cryptography →

January 21, 2015 by Marc Handelman in All is Information, Cryptography, Cybernetic Crime, Database Security, Data Security, Information Security, Intelligence, National Security, Network Security

If you read anything today about cryptography today, read the work of Stanford University's Center for Internet and Society's Jeffrey Vagle, JD [Mr. Vagle is also a Lecturer in Law and the Executive Director of the Center for Technology, Innovation and Competition [CTIC] at the University of Pennsylvania Law School]; in which, Mr. Vagle examines the criminalization of cryptography [snippet of his work appears below].

'We've heard this story from governments before, of course, from the "crypto wars" of the early 1990s to recent claims by the FBI that encryption allows networks to "go dark," and prevent legitimate law enforcement efforts. But as the leaked security memo asserts, without strong crypto and secure networks, we're all put at greater risk. It is crucial that we keep this in perspective as the world's legislative bodies rush to do something--anything--in the face of these crises.' - via Jeffrey Vagle writing at the Center for Internet and Society, at Stanford University

Silent Mail →

January 13, 2015 by Marc Handelman in All is Information, Cryptography, Information Security

New and shiny, the Dark Mail Alliance has released the company's secure mobile platform, with minimal fanfare, but tremendous functionality. Founding members of the alliance are Phil Zimmermann, John Callas, Mike Janke and Ladar Levinson; code is available for examination on GitHub. Outstanding!

Physical Access Not Required →

January 01, 2015 by Marc Handelman in All is Information, Computation, Cryptography, Data Security, Information Security, Physical Security, Security Conferences, Security Education, Security Tooling, Vulnerabilities

Physikalisch Zugriff Nicht Erforderlich

More interesting security slap and tickle at the Chaos Computer Club confab in Germany... This time, apparently the lack of physical access was not an impediment in the second well publicized defeat of Apple Inc.'s [NasdaqGS: AAPL] TouchID. Jan Krissler, holding forth at the conference has detailed the steps taken to overcome the vaunted security of TouchID via a presentation entitled 'Gefahren von Kameras für (biometrische) Authentifizierungsverfahren [31c3] '.

'Krissler said he used commercially available software called VeriFinger to pull off the feat. The main source was a close-up picture of von der Leyen’s thumb, obtained during a news conference in October, along with photographs taken from different angles to get an image of the complete fingerprint.' - via Emil Protalinski writing at VentureBeat

EFF's Secure Messaging Scorecard

December 16, 2014 by Marc Handelman in All is Information, Cryptography, Information Security, Messaging Security

The Electronic Frontier Foundations' Secure Messaging Scorecard is our Must Read. In a nutshell, the EFF has graded the anti-surveillance efficacy of an impressive number of providers and software packages. Enjoy!

Inside DHS Security Investigations Forensics Laboratories →

October 15, 2014 by Marc Handelman in All is Information, Cryptography, Data Security, Government, Information Sciences, Information Security, National Security, Physical Security, Forensics

Astonished to find this well-written investigative piece by Vince Lattanzio, writing for NBC 10, in Bala Cynwyd, Pennsylvania [covering Philadelphia and the NBC affiliate in the City of Brotherly Love]. In an effort to detail the the Department of Homeland Security's Forensics Investigation Laboratory many of the tricks of the trade - so to speak- are illustrated for all, including an EMF blocker container to examine miscreant-owned mobile devices without the possibility of remote data destruction.