To the left we see part of a malicious email. The author brags about how the From address is the same as the To address. This is supposed to mean that the author has broken into my email account. I have been waiting patiently for someone to mail one of these to me. Now I... Continue Reading →
pin.it/fnnc4j6fjamugy Once we get past the creep factor of Nazi army uniforms, we see a communications team sending a secret message. They are using the legendary Enigma machine to encrypt the message. But why, why did that officer allow a photographer to record this highly sensitive activity? A failure of operational security (OPSEC). Allies in... Continue Reading →
Golly. This one was really hard to spot. Just kidding. This is obviously a fake email. I don't think that American Express is likely to be sending email from "Steakhousetopia.com" regardless of how challenging Internet operations might get.
Here's a clever two-step attack on a Macintosh. First, the victim downloads a file - it may be enough to email it to the victim as an attachment. Second, the victim opens a file or clicks a link. This executes the downloaded file. Yipes!
Here is a phishing email I received today. These almost always land in my junk mail (hooray!). This particular one encourages me to click on a Microsoft Word file claiming to contain an invoice I should pay. I also received a couple with ".xps" attachments. These apparently make use of printer paper specification files in... Continue Reading →
While researching my next edition of Elementary Information Security I came a this posting from last January. It comes from the "netmux" web site and describes a $5,000 design for a password hash cracker. It also links to other state of the art cracking gear.
In June, 1999, Senator John McCain had started his presidential bid and was visiting companies in Silicon Valley, including Secure Computing Corporation, where I worked. He was there to discuss government policies on several tech topics, including the export of cryptographic technologies and products. I had been writing policy statements about crypto exports as part of... Continue Reading →
I received an impressive email scam recently. My response was to forward it to the email provider's abuse contact (abuse@outlook.com) and file a complaint with the Internet Crime Complaint Center (ic3.gov). I'll include the whole email later. The bottom line: Scammer has my password and will humiliate me if I don't pay $1900 in bitcoin.... Continue Reading →
I've signed on to do a Coursera online course on cloud security. I'll share more details as production progresses. This post contains a few notes on organizing video clips for a large project. The video almost always consists of two synchronized streams: one of my bearded face narrating the video and the other of animated images,... Continue Reading →
