Larry Hosken: New: Tag: capabilities

Book Report: Dragnet Nation

In which a reporter explores preserving privacy, trying out tools and processes to keep governments and companies from learning about her. This book could easily have devolved into tinfoil-hattery, but the writer's pretty even-keeled. (I might not agree with all her choices. But this is quibbling along the lines of "Hrm, I disagree that you should be more worried about Google spying on you than about the NSA hacking into DuckDuckGo, but we'll probably never know who was right." rather than the usual "OMG this froot-loop read about a Panopticon once and hasn't slept since".) Since she is a reporter, this is higher stakes than you or I experience when thinking about privacy. If someone peeks at my emails, they find griping about computer programming and planning around burritos; I'm not a reporter. This book's author wants to protect her sources. She (correctly) anticipates that she can't live "off the grid" unless she's willing to put unreasonable time into it. So she tries some things and lets us know which seemed to work and which just couldn't be pulled off.

E.g., it's all very well to say you should use different phones when dealing with different people so phone connection metadata-miners have a tougher time mapping out your social network. But have you actually tried the logistics of juggling multiple phones? How much "privacy juice" do you preserve by leaving your mobile phone in a faraday bag most of the time (so that folks monitoring phone metadata don't know where you've been) versus the hassle that folks can't, y'know, call you because your phone's effectively off most of the time? No easy answers here. (Well, that's not exactly true. There are some things you can do. (Have you installed WhisperSystems Signal on your phone and made it your messaging app yet?) But they won't render you invisible via magical privacy fairy dust; they hide some things but not all.) But an interesting discussion of trade-offs.

Permalink
& Comments

I'm kind of embarrassed about how long it took me to install Signal. I assumed it would take a while to set up. It's a security app written by security people. Surely there would be questions I didn'...

Permalink & Comments

Book Report: The Quantum Thief Yes it's been a few weeks since my most recent Book Report. I've been busy. Also, my shelf of New Yorkers filled up. I keep around old issues of the New Yorker to read on occasions it doesn't make se...

Permalink & Comments

Book Report: Countdown to Zero Day The story of Stuxnet, the little virus that crept into Iranian control systems and convinced them to destroy some centrifuges. I already knew the basics, but I learned from this book. Over time, ther...

Permalink & Comments

Book Report: No Place to Hide It's reporter Glenn Greenwald's perspective on the Edward Snowden story. As such, it's pretty scary. Most reporters don't know how to communicate using encryption. Thus, if you're a whistleblower han...

Permalink & Comments

Book Report: Threat Modeling There are unhelpful ways to fret over computer security. This book shows ways to channel those tendencies towards something useful. It also points out the Elevation of Privelege card game, an excuse ...

Permalink & Comments

If you lost count of the recent NSA citizen-snooping outrages but figure there are enough to justify nudging your legislators, The Day We Fight Back is a web site to guide you through that. ...

Permalink & Comments

Book Report: Exploding the Phone There are plenty of little articles about phreaking floating around; this book does a good job of pulling lots of little bits together into a flow of history. Along the way, I learned some things. E....

Permalink & Comments

Book Report: Liars and Outliers It's a book about security. It's a book about how to think your way through security problems. Not just thinking about where to throw up barriers—also about how to think up policies that won't ...

Permalink & Comments

Book Report: Broken Ballots A few people want to steal elections. A few billion people want fair elections. How do you make an election un-stealable? It's not easy. Elections do't run themselves; we need election officials. Fol...

Permalink & Comments

Book Report: The Tangled Web The Tangled Web talks about why web programming is doomed to be insecure for a long time to come. Nothing works quite right: networks, name servers, OSs, browsers, web servers, headers, cookies, form...

Permalink & Comments

Link: Cosmo, the Hacker "God" Who Fell to Earth This article about an identy thief is pretty amazing. Perhaps 25% of its amazing-ness comes from the story itself: how on earth does a 15-year old kid get so good at navigating bureaucracy that he ca...

Permalink & Comments

Book Report: Digital Forensics with Open Source Tools It's a book about how to look over a hard drive and find out "what happened here?" This is a useful skill for computer security—you might want to figure out how a virus or hacker took over a ma...

Permalink & Comments

Book Report: The Art of Intrusion It's a book of hacker anecdotes. "Kevin Mitnick" is the author name on the cover, but these are stories from other hackers. They're good stories. They're not all true stories; some of them have par...

Permalink & Comments

Book Report: Zero Day Happy USA Buy Nothing Day 2011, aka #OCCUPYXMAS. To celebrate, here's a report on a book I'm glad I checked out from the library: Zero Day. Maybe it's not quite accurate to say "I'm glad I checked o...

Permalink & Comments

Book Report: Fatal System Error It's a book about the era of botnets. It doesn't go into the technical stuff, but comes at the story from the point of view of law-enforcement folks investigating things the old-fashioned way: talkin...

Permalink & Comments

Book Report: Kingpin This book was a tough read, but not for the usual reasons. It's a biography of l33t Hax0r Max Vision. It's good, it makes sense, the facts hold together (better than you can hope for in most technica...

Permalink & Comments

Book Report: Underground I've read a few books about l33t hax0rz; so far, Underground is my favorite. It has short bios of young hackers in the 90s. There were a bunch of networks; there was an Ur-internet rising up above t...

Permalink & Comments

Puzzle Hunts are Everywhere, even Meridian High School in Idaho Tonight I played in a puzzle event. The puzzles were pretty cool! They were designed by Mike Selinker, Thomas Snyder, Tyler Hinman... and maybe others? Eric Harshbarger designed the prizes; he's a ...

Permalink & Comments

Set apartment wifi to password "openopen". Put password in the SSID so neighbors can still use it. Hackers can still snoop, but they'll have to work harder. ...

Permalink & Comments

Book Report: Nmap Network Scanning I just got back from a 9-day tour of various western USA places as the Grand Tetons, Yellowstone, Kodachrome, and Zion National Park. Along the way, I busted my travel laptop, so I haven't been upda...

Permalink & Comments

Book Report: Tetraktys I read this novel because it was recommended via a computer security discussion group at work. That doesn't sound like a good way to make decisions, does it? Oh, Amazon.com recommendations, why do I ...

Permalink & Comments

Book Report: Wiring up the Big Brother Machine Google stopped censoring in China; as a result, more Google search results are censored. The Chinese people can find less stuff now. Why? Because of the "Great Firewall". The Chinese government c...

Permalink & Comments

Link: California Secretary of State on Voting Systems I'm doing taxes today. In my California tax booklet, there's a form asking me if I'm registered to vote. That's great. We citizens are supposed to get angry about taxation without representation. ...

Permalink & Comments

chris451's comment on Caja [Edited to add: If you have questions or concerns about Caja, the Google Caja Discuss group is a good place to ask them.] Since I switched blogging software, people who think they're commenting on m...

Permalink & Comments

Book Report: Between Silk and Cyanide It's the autobiography of the codemaster of the SOE an English spy organization during WWII. Wait! Dont' run away! It's not just math and cryptography and war. There's good stuff in here, too. Th...

Permalink & Comments

OpenID, OAuth, Learning by Gossip Last weekend, I did some programming. Well, not much programming. Mostly I did research preparatory to programming. Well, not exactly research. It was more un-research. I started out learning ho...

Permalink & Comments

Book Report: Security Engineering This book is humongous! It's a survey of security computer engineering. It doesn't go into depth on any one topic, but it's got plenty of breadth. In areas where I already knew something, this boo...

Permalink & Comments

Link: AllMyData I occasionally backed up my files. But it was always ad-hoc: zip up an archive of some files, upload it to my web server. Done by hand when I got around to it (not often). Then there was the time ...

Permalink & Comments

Link: Caja's HTML sanitizer for Javascript [Edited to add: If you have questions or concerns about Caja, the Google Caja Discuss group is a good place to ask them.] When you write a program that's supposed to be secure, you have to plan on ...

Permalink & Comments

Link: Some thoughts on security after ten years of qmail 1.0 This guy Hans Boehm came and gave a talk at work today about upcoming C++ support for threads. That's support built into the language. It sounds like sometime in the next few years, we will have at...

Permalink & Comments

Link: Lectures on Authorization Based Access Control If you're a programmer, you might be interested in watching some lectures about Authorization Based Access Control. Some folks from an HP research lab lectured at the GooglePlex about better & e...

Permalink & Comments

Tags