Cryptosmith

Cyber and security architecture, not bitcoins

Powered by
WordPress

  • #PodestaEmails are NOT obvious fakes

    Emails are notoriously hard to validate. Emails are like typed, signed contracts with no section or page numbers: you can take out or add whatever pages you want as long as you keep the signatures. Intelligence expert Malcom Nance has tweeted that Wikileaks’ recent collection of Podesta emails contain “obvious forgeries.” It is hard to detect emails forgeries…

  • Election Crypto Conspiracy Theory

    I’m not often a fan of conspiracy theories, except for entertainment value. This one is interesting because it combines international intrigue, the elections, and our world of notoriously poor email security. The conspiracy arises from foreigners trying to influence the United States election. They spy on unprotected emails and leak the contents to influence US…

  • A Yank at Bletchley Park

    A friend and colleague introduced me to a 94-year-old gentleman with a rare tale to tell. John McCallister was recruited during World War II to be a US Army liaison officer at “Station X,” the UK’s highly secret codebreaking operation at Bletchley Park. Station X collected intercepted German radio messages, all encrypted with the supposedly-unbreakable Enigma cipher,…

  • Symantec Breaks Trust with the Internet?

    Symantec is one of the companies that holds the keys to the Internet: they are a trusted certificate authority for authenticating major web sites. All major browsers recognize Symantec as a trustworthy source of SSL/TLS authentication certificates. Symantec (also known by its subsidiary name Verisign) is part of a chain of trust that keeps our Internet traffic safe.…

  • Update on the Apple Music Mess

    The trouble reported earlier with Apple Music seems to have attracted high level attention. James Pinkstone had reported that Apple Music deleted countless unique tracks he had stored in iTunes, and that an Apple service rep assured him this was correct behavior. As he describes in a later blog post, Apple contacted him promptly. They…

  • Which cables to keep, which to discard?

    CNET recently published a list of cables to keep and cables to discard. I like to keep things for historical interest as well as for practical reasons. Historical examples allow me to show students different ways of doing the same thing. The picture on the left illustrates “serial vs parallel” and I use a similar…

  • MSSE Cybersecurity Course 2017

    Members of the University of Minnesota’s MSSE Class of 2017: the cybersecurity course (titled “Data and Network Security” or something like that) is one of your options for next spring. After talking with students in the class right now, I’m posting more information about the class.

  • Apple Music Deletes Personal Content

    [UPDATE: Apple now claims this was a bug; see the updated post] This is perhaps the worst example of entertainment engineering I’ve ever heard. Blogger and musician jamespinkstone claims that Apple Music deleted countless unusual tracks in his music collection. It “matched” the tracks with entries in its library. Then it deleted the matched ones from his…

  • University: Anti-phishing not really a “policy”

    UMN will never ask for personal info via email, except when they can’t help it.

  • The Apple case isn’t “privacy” versus “safety”

    The current fight is about whether we will impose a technological infrastructure which will be exceptionally vulnerable to attackers in order to provide nothing more useful than some very, very short-term advantages to people investigating crimes. Perry Metzger, commentary on the Cryptography mailing list last Friday Let me say it differently: We put everyone in…

  • Backing Up OS X with Mirrored Encrypted RAID

    Computing technology is insanely reliable when you look at statistical error rates. Hard drives read and write trillions of bits while rarely producing a reportable error. But when you want some data to live forever (like family photos or critical business records), even an occasional error is a problem. I’ve been using OS X and…

  • Threat Agents

    A threat agent is an active entity motivated to attack our mobile devices and activities. We may identify threat agents as specific organizations or individuals, like Anonymous, or we may classify them by goals or methods of operation (MOs). For example, shoplifters are a class of threat agent that attacks retail stores. [This post is…

  • Communication is Hard

    [This post contains text I’m trying out for a new writing project on cybersecurity in the mobile age. I might be posting more such stuff in the future] In an ideal world, we share with other people directly. We speak quietly face-to-face, gesture, and draw occasional images. In the real world, most people are too…

  • NSA re-releases Boak’s Lectures

    I’m a fan of Boak’s Lectures – they cover the fundamentals of military cryptography just before the information revolution.David Boak developed the lectures for the National Security Agency’s Cryptologic School. Even though the lectures are from the ’60s and ’70s, they remain relevant to today’s cybersecurity threats. Cryptographic techniques that were classified Secret in Boak’s…

  • Recycling an iPhone – not a picnic

    I’m upgrading my iPhone and trading in the old one. I had to erase the old one completely and unhook “Find my iPhone” from it. I’d seen headlines hinting that recycled iPhones aren’t often erased. Some headlines suggest that the erasing operation itself doesn’t really work. It works. It’s just time consuming. I turned off TouchID and…

  • Encrypt All Hard Drives!

    If you have the technical interest to read this, you probably do a lot of your finances with your personal computer. Taxes, monthly budgets, check printing (on those rare occasions), and tracking numerous accounts – computers are far better than people at handling such details. A typical personal computer, or smart phone for that matter, contains company names,…

  • Clinton’s Email Server Isn’t Her Scandal

    Early last month, Edward Snowden criticized former Secretary of State Hillary Clinton for obviously and intentionally mishandling classified information by using a private email server. A recent Huffington post argues that, if true, Snowden’s comments could cost Clinton the Democratic Presidential nomination. This rests on technical questions of security and classified information. Based on the information I have seen, Clinton…

  • Adieu, Online School

    I have shut down my online school. It was an interesting experience, but not a cost-effective one. Aside from not getting rich from this, it was really boring to administer a testing program. On the other hand, I now know an incredible amount about Moodle, the internationally-popular web service for education. I also know how…

  • Reviewer Links for Cloud Computing

    Thank you for reviewing Cloud Computing videos! I’m posting draft videos on my Vimeo site. Here is the link to my Vimeo album: Course 1 Videos – Cloud Computing Basics Try using the following links to watch recently posted videos and interactively review them. Vimeo has kindly let me use their ‘advanced features’ during the month…

  • Streamlined NSTISSI 4011 Training Certificate

    Cryptosmith Institute now offers a second option for earning an NSTISSI 4011 training certificate: The original option: Complete exams on the 17 chapters in Elementary Information Security plus a final exam covering all material in the textbook. Students who have already taken a college-level cybersecurity course may skip the separate chapter exams and earn the certificate by taking…

  • MSSE Cybersecurity Elective 2016

    I am offering a Cybersecurity elective for students registered in the University of Minnesota’s Master of Science in Software Engineering program. As I described in the class on Friday, the course uses the textbook I wrote and does a lot of lab work with security tools, including Wireshark, nmap, Gnu Privacy Guard, and vulnerability scanning. Here is…

  • A Script to Generate Spam Comments

    The text attached to this post was submitted as a web site comment. No doubt some spambot was supposed to select randomly from the text to produce a unique-looking spam message. I know I’ve received lots of spam comments that this script might have generated: personal-sounding messages that are content-free. I’ve used similar scripts to…

  • Free NSTISSI 4011 Certificate

    [SORRY – This is posted for historical purposes only! The free certificate is no longer available] If you have studied the textbook Elementary Information Security as part of a class, or on your own, and did not earn a formal certificate for NSTISSI 4011 training, here is your chance. As part of our final testing and release, Cryptosmith…

  • Standardized Back Door

    Matthew Green published an entertaining rundown on the cryptographic back door in ANSI and NIST standards. He focuses on how it got there and why it’s still there, as opposed to its technical details.