NSA Hawaii

NSA Hawaii Recently I’ve heard Edward Snowden talk about his working at the NSA in Hawaii as being “under a pineapple field.” CBS News recently ran a segment on that NSA listening post on Oahu. Not a whole lot of actual information. “We’re in office building, in a pineapple field, on Oahu….” And part of it is underground — we see a tunnel. We didn’t get to see any pineapples,…

May 24, 2019
Read More >>

Germany Talking about Banning End-to-End Encryption

Der Spiegel is reporting that the German Ministry for Internal Affairs is planning to require all Internet message services to provide plaintext messages on demand, basically outlawing strong end-to-end encryption. Anyone not complying will be blocked, although the article doesn’t say how. (Cory Doctorow has previously explained why this would be impossible.) The article is in German, and I would appreciate additional information from those who can speak the language….

May 24, 2019
Read More >>

German SG-41 Encryption Machine Up for Auction

Blog > German SG-41 Encryption Machine Up for Auction A German auction house is selling an SG-41. It looks beautiful. Starting price is 75,000 euros. My guess is that it will sell for around 100K euros. Tags: cryptography, encryption, Germany, history of cryptography Posted on May 23, 2019 at 2:05 PM • 0 Comments Comments Subscribe to comments on this entry Sidebar photo of Bruce Schneier by Joe MacInnis. Schneier on…

May 23, 2019
Read More >>

Thangrycat: A Serious Cisco Vulnerability

Summary: Thangrycat is caused by a series of hardware design flaws within Cisco’s Trust Anchor module. First commercially introduced in 2013, Cisco Trust Anchor module (TAm) is a proprietary hardware security module used in a wide range of Cisco products, including enterprise routers, switches and firewalls. TAm is the root of trust that underpins all other Cisco security and trustworthy computing mechanisms in these devices. Thangrycat allows an attacker to…

May 23, 2019
Read More >>

Visiting the NSA

Visiting the NSA Yesterday, I visited the NSA. It was Cyber Command’s birthday, but that’s not why I was there. I visited as part of the Berklett Cybersecurity Project, run out of the Berkman Klein Center and funded by the Hewlett Foundation. (BERKman hewLETT — get it? We have a web page, but it’s badly out of date.) It was a full day of meetings, all unclassified but under the…

May 22, 2019
Read More >>

Fingerprinting iPhones

Fingerprinting iPhones This clever attack allows someone to uniquely identify a phone when you visit a website, based on data from the accelerometer, gyroscope, and magnetometer sensors. We have developed a new type of fingerprinting attack, the calibration fingerprinting attack. Our attack uses data gathered from the accelerometer, gyroscope and magnetometer sensors found in smartphones to construct a globally unique fingerprint. Overall, our attack has the following advantages: The attack…

May 22, 2019
Read More >>

How Technology and Politics Are Changing Spycraft

Interesting article about how traditional nation-based spycraft is changing. Basically, the Internet makes it increasingly possible to generate a good cover story; cell phone and other electronic surveillance techniques make tracking people easier; and machine learning will make all of this automatic. Meanwhile, Western countries have new laws and norms that put them at a disadvantage over other countries. And finally, much of this has gone corporate. Tags: cell phones,…

May 21, 2019
Read More >>

The Concept of “Return on Data”

This law review article by Noam Kolt, titled “Return on Data,” proposes an interesting new way of thinking of privacy law. Abstract: Consumers routinely supply personal data to technology companies in exchange for services. Yet, the relationship between the utility (U) consumers gain and the data (D) they supply — “return on data” (ROD) — remains largely unexplored. Expressed as a ratio, ROD = U / D. While lawmakers strongly…

May 20, 2019
Read More >>

Why Are Cryptographers Being Denied Entry into the US?

Blog > Why Are Cryptographers Being Denied Entry into the US? In March, Adi Shamir — that’s the “S” in RSA — was denied a US visa to attend the RSA Conference. He’s Israeli. This month, British citizen Ross Anderson couldn’t attend an awards ceremony in DC because of visa issues. (You can listen to his recorded acceptance speech.) I’ve heard of at least one other prominent cryptographer who is in…

May 17, 2019
Read More >>

More Attacks against Computer Automatic Update Systems

Last month, Kaspersky discovered that Asus’s live update system was infected with malware, an operation it called Operation Shadowhammer. Now we learn that six other companies were targeted in the same operation. As we mentioned before, ASUS was not the only company used by the attackers. Studying this case, our experts found other samples that used similar algorithms. As in the ASUS case, the samples were using digitally signed binaries…

May 16, 2019
Read More >>