I’m a fan of Boak’s Lectures – they cover the fundamentals of military cryptography just before the information revolution.David Boak developed the lectures for the National Security Agency’s Cryptologic School.
Even though the lectures are from the ’60s and ’70s, they remain relevant to today’s cybersecurity threats. Cryptographic techniques that were classified Secret in Boak’s work are prominent in modern commercial cryptosystems. A sanitized version of Boak’s Lectures (Vol 1, Vol 2) was released in 2008.
I’m happy to report that the Interagency Security Classification Appeals Panel has released a more complete (less redacted) version. It’s available from the Government Attic.
Continue reading NSA re-releases Boak’s Lectures
I’m upgrading my iPhone and trading in the old one. I had to erase the old one completely and unhook “Find my iPhone” from it.
I’d seen headlines hinting that recycled iPhones aren’t often erased. Some headlines suggest that the erasing operation itself doesn’t really work.
It works. It’s just time consuming. I turned off TouchID and the lock code. I disabled “Find my iPhone” and all the iCloud connections. Then I went on line and made sure the old phone wasn’t listed on my Apple account. Finally, I hit the “Erase All Contents and Settings” option.
The phone restarted with the Hello setup screen. I went through guided setup without hooking up iCloud or anything personal. I looked through the phone to make sure nothing was there. It was clean. I looked on Find My iPhone, and the old phone didn’t appear.
Continue reading Recycling an iPhone – not a picnic
If you have the technical interest to read this, you probably do a lot of your finances with your personal computer. Taxes, monthly budgets, check printing (on those rare occasions), and tracking numerous accounts – computers are far better than people at handling such details. A typical personal computer, or smart phone for that matter, contains company names, account numbers, login credentials, and everything else an identity thief might need. This is reasonably safe as long as you don’t lose your device and/or its hard drive.
But when you replace your computer or hard drive, or (God forbid) someone steals it, your intimate financial details are “out there” unless your drive is encrypted.
Continue reading Encrypt All Hard Drives!
Early last month, Edward Snowden criticized former Secretary of State Hillary Clinton for obviously and intentionally mishandling classified information by using a private email server. A recent Huffington post argues that, if true, Snowden’s comments could cost Clinton the Democratic Presidential nomination.
This rests on technical questions of security and classified information. Based on the information I have seen, Clinton committed no crime. Her security mistakes are typical of politicians of her (my) generation. She was exercising the authority and discretion (or lack thereof) belonging to her role as Secretary of State. I will explain why.
DISCLAIMER: I personally neither support nor oppose Hillary Clinton’s bid for a Presidential nomination.
Continue reading Clinton’s Email Server Isn’t Her Scandal
I have shut down my online school. It was an interesting experience, but not a cost-effective one. Aside from not getting rich from this, it was really boring to administer a testing program.
On the other hand, I now know an incredible amount about Moodle, the internationally-popular web service for education. I also know how to host an online testing program for much less that commercial vendors charge.
Continue reading Adieu, Online School
The service provider has informed us that the testing site crysm.com must be shut down at the end of September. Students still interested in completing the program after that date should contact the Institute. We can make alternate arrangements for you to complete your requirements.
September 29, at 11:59 PM, GMT, is the cutoff time for taking and completing tests. In the continental US, that time falls in the evening of September 29: on the east coast, it falls at 6:59 PM.
Cryptosmith Institute now offers a second option for earning an NSTISSI 4011 training certificate:
- The original option: Complete exams on the 17 chapters in Elementary Information Security plus a final exam covering all material in the textbook.
- Students who have already taken a college-level cybersecurity course may skip the separate chapter exams and earn the certificate by taking the final exam.
Students interested in the second “streamlined” option must upload a college transcript showing the relevant course before they take the exam.
Continue reading Streamlined NSTISSI 4011 Training Certificate
I am offering a Cybersecurity elective for students registered in the University of Minnesota’s Master of Science in Software Engineering program. As I described in the class on Friday, the course uses the textbook I wrote and does a lot of lab work with security tools, including Wireshark, nmap, Gnu Privacy Guard, and vulnerability scanning.
Here is a link to the 2015 syllabus.
The text attached to this post was submitted as a web site comment. No doubt some spambot was supposed to select randomly from the text to produce a unique-looking spam message. I know I’ve received lots of spam comments that this script might have generated: personal-sounding messages that are content-free.
I’ve used similar scripts to show how one could generate several different texts that all mean the same thing but contain different digital content.
Continue reading A Script to Generate Spam Comments
Matthew Green published an entertaining rundown on the cryptographic back door in ANSI and NIST standards. He focuses on how it got there and why it’s still there, as opposed to its technical details.