Sapere Aude
Tag: security
a european spin-off of the americans
The industrious life of a busy, frequent-flying Spanish consultant was a front. “Henry Frith” was an alias for a Russian spy, a so-called “illegal” who lived for 20 years under a carefully constructed “legend” — a false identity, complete with a fake history and background. He is the first “illegal” to have been uncovered and publicly named in Europe since the end of the Cold War.
The ISIS Caliphate is using online fealty as a way to recruit jihadis around the world. It’s a powerful recasting of an ancient concept that goes well beyond modern expressions of loyalty. The way ISIS has constructed its brand of online fealty makes it globally scalable. The only barriers to entry are: conduct an attack and publicly pledge fealty. The most common platforms for a public pledge? Social media, 911, etc.
Climate change plus religious confusion plus a shit economy equals drone strikes.
climate change is very tightly woven with war and conflict. In one sense, this relationship isn’t news. Climate change causes resource scarcity — and resource scarcity is, historically, one brutally reliable trigger of war and strife. The US Department of Defense certainly takes it seriously; last year it released a report calling climate change “an urgent and growing threat to our national security, contributing to increased natural disasters, refugee flows, and conflicts over basic resources such as food and water.” Another nonprofit study recently argued that a massive 2006-2011 drought in Syria, by driving rural populations into the already-stressed cities, helped accelerate the country’s human-rights catastrophe. But that map above suggests an even more intriguing and subtle finding: That climate change tracks conflict with such granularity that it even tracks drone strikes.
All 15 identified attackers were on terror warning lists or “Islamist instigator” lists in at least 1 European country. In addition, most were on other lists, such as no-fly lists. All 15 had been classified as violence-prone. 14 had known contacts with other radical Islamists (one of them was apparently radicalized only via the Internet). 12 had taken trips to the “Islamic State” in Syria, or to al-Qaida in Iraq or Yemen. 10 had criminal records, most of them for violent crimes.
So it appears that the mainstage event over the DOJ’s ability to force Apple to help it get around the security features of an iPhone is ending with a whimper, rather than a bang. The DOJ has just filed an early status report saying basically that it got into Syed Farook’s work iPhone and it no longer needs the court to order Apple to help it comply by writing a modified version of iOS that disables security features.
Nice! Defanged malware.
syzkaller is a linux kernel fuzzer, and it is finding TONS of bugs. the whole “given enough eyeballs, all bugs are shallow” is clearly total bs, since there aren’t many eyeballs at all. but with this, maybe there’s some hope to get a kernel that is substantially more secure and less crashy.
Why Symantec shouldn’t be trusted with anything, certainly not “security”
In this timeline of events, it becomes obvious that many examples selected were of a specific CA’s failures. This CA was intentionally chosen to show that these concerns are not isolated one-off incidents from a variety of unrelated CAs, but a long-term pattern of behavior. Unfortunately, a number of CAs have similarly problematic histories, so these issues are by no means limited to this single CA. The most vocal critics of the SHA-1 deprecation in the CA industry, and the most vocal advocates of ways in which to extend the dates, have repeatedly abused the concessions and delays afforded in the past, to the point of causing serious and long-lasting harm to the security of the Internet.
Amid worries about the wave of asylum-seekers from Syria and elsewhere, governments in Europe and beyond will face pressure to keep making life hard for tourists and business travelers—even as other departments of those same governments spend heavily on promoting tourism and foreign investment.
They serve no “security” purpose and are pure arbitrage.
on May 12, 2006, São Paulo came under a violent and coordinated attack. The attackers moved on foot, and by car and motorbike. They were not rioters, revolutionaries, or the graduates of terrorist camps. They were anonymous young men and women, dressed in ordinary clothes, unidentifiable in advance, and indistinguishable afterward. Wielding pistols, automatic rifles, and firebombs, they emerged from within the city, struck fast, and vanished on the spot. Their acts were criminal, but the attackers did not loot, rob, or steal. They burned buses, banks, and public buildings, and went hard after the forces of order—gunning down the police in their neighborhood posts, in their homes, and on the streets.
Gregor J. Rothfuss 