Quantcast

Articles

Get all-in-one coverage of Internet security and online privacy issues brought up by the industry’s leading experts at security conferences and seminars.

Don’t Fuck It Up 6: OPSEC with Phones

Zoz underscores the immense amount of personally identifiable data that cell phones can leak and provides recommendations on using burner phones securely. Let’s move to phones. What does that little Benedict Arnold in your pocket do to give you away? So much frickin’ stuff (see right-hand image). The...

Don’t Fuck It Up 5: The Silk Road and Dread Pirate Roberts Story

Zoz contemplates on the potential weak links of using Tor hidden services, making some assumptions about OPSEC fails by the infamous Dread Pirate Roberts. Here’s some more good news: the big list and the small list. These are the recently leaked XKeyscore filter rules (see left-hand image). Basically,...

Don’t Fuck It Up 4: Use Tor the Right Way

Zoz has got some great points on the ways of using Tor securely, providing real-world fail examples and underscoring that Tor is not really for encryption. Let’s go multi-hop. Don’t fuck it up when you use Tor. Hopefully everyone here knows what Tor is and the main way you fuck it up when you use Tor,...

Don’t Fuck It Up 3: The Ins and Outs of VPNs

This part provides the analysis of whether using VPN services prevents traffic interception and gets a user on some kind of a potential suspects list. So, here’s the first tool, VPNs (see left-hand image). You are going to use an insecure network – are you safe? Two questions when it comes to tools:...

Don’t Fuck It Up 2: The 7 Deadly Sins

The things that Zoz focuses on in this part are the notions of tradecraft and OPSEC as well as the 7 critical don’ts that can get you busted unless followed. People who were trained to do sketchy shit and not fuck it up, including organized crime and the feds – two groups to which there’s not an...

Presentation by Zoz – Don’t Fuck It Up!

Technology and security enthusiast Andew ‘Zoz’ Brooks delivers a fascinating DEF CON presentation about proper OPSEC and other guidelines to stay safe online. I didn’t know that disobedience was going to be the theme of DEF CON 22 and I submitted this talk. So I guess I didn’t fuck it up....

The State of Incident Response by Bruce Schneier 5: Questions and Answers

Bruce Schneier takes questions from the Black Hat attendees about issues related to incident response such as under-investing in defense, striking back, etc. So, with that, I’m happy to take questions. Or not, but that seems odd. Alright, so, the way this works is one person has to raise their hand, and...

The State of Incident Response by Bruce Schneier 4: OODA Loops in Cybersecurity

The concept of OODA loops, which originated in the U.S. Air Force, is being explained and extrapolated to digital incident response in this entry. Alright, so, people, process, and technology. The key here is making it scale. I’m at the follow-on sentence from Lorrie Cranor, she wrote: “However,...

The State of Incident Response by Bruce Schneier 3: Effects of the Prospect Theory

The nuances covered by Bruce Schneier in this part are related to the psychological effects on IT security, namely the behavioral patterns for loss aversion. Now my one piece of psychology. I am going to try to explain security in terms of one psychological theory. And the theory is “prospect...

The State of Incident Response by Bruce Schneier 2: Security-Related IT Economics

Having highlighted the basic IT security trends, Bruce Schneier moves on to dwell on the economic facet of the contemporary cybersecurity. Now I want to give you some IT economics that’s relevant to security. I have four pieces of economics that matter for IT and matter for security, and I think the more...