Basic Encryption, In Small(ish) Words →
Ed Felten, Ph.D., has written a superb encryption primer - specifically targeting the politicians and policy wonks amongst us - in it's utility of small words. We really like those small words... H/T
Ed Felten, Ph.D., has written a superb encryption primer - specifically targeting the politicians and policy wonks amongst us - in it's utility of small words. We really like those small words... H/T
Michael Rogers ADM USN, Director of the National Security Agency and Commander of the United States Cyber Command sums up 'cyber' quite nicely, indeed:
"Cyber is an operational domain in which we do a variety of missions and functions, many of which are very traditional,” Adm. Rogers said. “We do reconnaissance, we do fires, we do maneuvers. The same things I was used to as a surface [warfare] officer … I’m constantly going back to that.”
"Don’t make this thing so specialized, so unique, so different that it just gets pushed to the side. That will sub-optimize our ability to execute cyber operations, and quite frankly it will minimize or at least negatively impact, in my view, the operational outcomes, which is the whole reason we’re doing this in the first place.”
via the eponymous Phoneboy, comes his take on the latest security foible of a major backend provider (in this case Cloudflare), entitled 'Cloudflares with a Chance of Goatse', Mr. Welch-Abernathy explains it all, in imitiable form. Today's MustRead.
Meanwhile, in cruft news...
First discovered by security researcher Alexander Klink, and discussed on his shift or die blog, the leakage documentation he has amassed is a tour de force in correct handling of the discovery. Mozilla's response has been a tad lackadaisical and (disappointlingly) still in telemetry data gathering mode as of this post.
Superb work by Alexander; nonetheless, he does suggest regular cleansing your browser user profile (if you are so unlucky as to be using the browser under scrutiny, yet most likely, a good idea on any browser). There are many tools available that deal with the cache cleaning task (both scripted and manual, GUI-based and not, both in-built and otherwise). Enjoy the cruft. H/T
IARPA's doing it, the Neuromongers did it, why not You? Well crafted report on the methodology behind applying the power behind the ignorance and widom of the crowd... Known as the Crowdsourcing Evidence, Argumentation, Thinking and Evaluation (CREATE), IARPA's new program ostensibly may enhance intelligence anlayst's capability levels by leveraging the behavior of crowdsourced resources. Today's Must Read.
Screed of the Week, via Aeon, discussing the hard fork of Ethereum, and the Fall of Trust (at least in cryptocurrency). Certainly today's MustRead.
Meanwhile - admist all the foo-fa-raw of last weeks' RSAC 2017 - came very good physical security new's of a fascinating kevlar and aluminum origami-based ballistic shield (developed by Engineers at Brigham Young University) that stops .44 calibre magnum slugs. Very good news for law enforcement, and other organizations (think schools, other civilian government organizations, military, businesses)
The design is able to protect multiple people at one time and folds down to a compact shape. Utilizing the Yosimura Origami Crease Pattern, it currently tips the scales at a paltry 55 lbs. (25 kg).
Simply Outstanding.
The NCCoE has announced a new NIST Cybersecurity Practice Guide (currently in draft mode - for your commenting pleasure...) and entitled - "SP 1800-7 Situational Awareness for Electric Utilities. Enjoy.