iOS 9.3 to fix serious iMessages encryption flaw

For some time, Apple has forcefully pushed a message to consumers that it takes privacy seriously.

Here, for instance, is what Apple’s website says about its approach to privacy when it comes to iMessages:

Your iMessages and FaceTime calls are your business, not ours. Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime,

> Read More

Will Bar Mitzvah Be The Death Knell for RC4 Crypto?

RC4 is an encryption algorithm designed by RSA in 1987. It was attractive then because it could be implemented in a few lines of code, and wasn’t computationally intensive. PC’s were 8088 or MC68000 based at the time, and 64K was enough RAM, remember? Even today RC4 has advantages. It runs fast on small devices,

> Read More

Infosec Haiku

Anata no joho sekyuritei konshu no haiku

US / UK Say
National Security
Needs Crypto Backdoors


### Notes ###
* Thanks to Ms. Etsuko vdH for the translation.
* Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published.

> Read More

Modern-Day Dr. Strangelove
Or: How I Learned to Stop Worrying and Love the NSA

Unless you’ve been living under a rock for the past couple of months [1], you know about the tremendous fallout from Edward Snowden’s revelations on the extent of the NSA’s monitoring of … well … just about everything. Plenty of discussion out there – if you Google < nsa leaks > you’ll get over 80M hits in 0.22 seconds.

> Read More

Chris’ Security Cache Contemplation: Week 5

Miscellaneous interesting news/tidbits I’ve run across whilst trying to keep up with/clean out my inbox …

Twitter Propaganda Posters. Thanks to the good folks at bOING bOING, I learned about these posters. Very cool, very funny … but there’s also a serious side to it: if your organization is going to take advantage of new social media tools such as Blogs and Twitter and such (and I think in most cases you should),

> Read More

$10 Million Ransomware Demand: Brazen or Bonehead Move?

The recent incident at the State of Virginia website – where prescription records are currently being held for ransom with a demand for a payment of $10 million is not a new scammer methodology. However, historically, scammers keep the ransom payment low to fly under the radar of law enforcement officials, so the demand for $10 million clearly stands out as either brazen or perhaps simply stupid on the part of the bad guys,

> Read More

Nasty Virus / Trojan Lurking in the Wild

With Conficker still fresh on our minds, a new potential menace has emerged.  The remote access capability of a Trojan that spreads like a Virus – W32.Virut.CF (Symantec) or W32/Scribble-A (Sophos) is poised to wreak havoc on networks over the coming days.  Embedding itself deep within infected machines, the Trojan will make it difficult to clean up.  

> Read More Pwned by the FTC

Sometimes, I’m sure, folks out there think we’re in the scaremongering business. Take, for instance, the notion that failing to protect your customers’ Personally Identifiable Information (PII) can expose your organization to both direct *and* indirect costs. You can find this notion in ad copy and whitepapers from almost all security vendors,

> Read More

Adoption of Mobile Devices in the Workplace: Striking the Right Balance

Whether the economy is doing well or not, business leaders are always looking for the technological edge to bump up productivity and get more out of their workers. But new innovations always introduce new risks. The hallmark of a good C-level executive is the ability to balance the benefit of innovation with solid risk mitigation.

> Read More

To Keep or Not to Keep Barack Obama’s BlackBerry?

With the inauguration of President-elect Barack Obama just around the corner, there is a lot of debate around Obama’s plea to keep his personal BlackBerry over the concerns of his Secret Service.  Why?  Because it deals with two major concerns – public record and use of personal emails by not just any elected official but the most powerful man in the country. 

> Read More

China Seeks Control Over Encryption Products

As one site writes, here they go again. It appears that the Chinese government is planning to require foreign computer security technology be submitted for government approval by May 1, 2009. According to the Associated Press, this will require official certification of technology widely used to keep e-mail and company data networks secure,

> Read More