“Eyes Only” Security Marking

[This post has been UPDATED three times since first published, most recently on Nov 14, 2019] Occasionally in the news (and more often in spy fiction) people pass around super-secret documents marked "Eyes Only." The United Kingdom and Canada use "Eyes Only" to indicate specific countries with whom a document may be shared. "UK Eyes... Continue Reading →

This photo should not exist

pin.it/fnnc4j6fjamugy Once we get past the creep factor of Nazi army uniforms, we see a communications team sending a secret message. They are using the legendary Enigma machine to encrypt the message. But why, why did that officer allow a photographer to record this highly sensitive activity? A failure of operational security (OPSEC). Allies in... Continue Reading →

Comparing Leaks: Trump vs. Hillary

As I said in an earlier post, no crime is committed if the appropriate official leaks sensitive classified information. This applies to both Secretary Clinton's email server and President Trump's unfortunate meeting with Russian diplomats. Both carried the authority to disclose what they disclosed. One question remains: what damage might have ensued from each leak? I would argue... Continue Reading →

A Yank at Bletchley Park

A friend and colleague introduced me to a 94-year-old gentleman with a rare tale to tell. John McCallister was recruited during World War II to be a US Army liaison officer at "Station X," the UK's highly secret codebreaking operation at Bletchley Park. Station X collected intercepted German radio messages, all encrypted with the supposedly-unbreakable Enigma cipher,... Continue Reading →

NSA re-releases Boak’s Lectures

I'm a fan of Boak's Lectures - they cover the fundamentals of military cryptography just before the information revolution.David Boak developed the lectures for the National Security Agency's Cryptologic School. Even though the lectures are from the '60s and '70s, they remain relevant to today's cybersecurity threats. Cryptographic techniques that were classified Secret in Boak's... Continue Reading →

Clinton’s Email Server Isn’t Her Scandal

Early last month, Edward Snowden criticized former Secretary of State Hillary Clinton for obviously and intentionally mishandling classified information by using a private email server. A recent Huffington post argues that, if true, Snowden's comments could cost Clinton the Democratic Presidential nomination. This rests on technical questions of security and classified information. Based on the information I have seen, Clinton... Continue Reading →

Security Design Principles

This is an extended, less-edited version of an article appearing in IEEE Security and Privacy in December 2012. This version specifically identifies all of the textbooks I reviewed while looking at information security design principles. Here is the citation for the published article: Smith, R.E.; , "A Contemporary Look at Saltzer and Schroeder's 1975 Design Principles," Security &... Continue Reading →

Boak’s Puzzle: Disposing of Classified Trash

Recently I was skimming through the NSA's "classified history of COMSEC" (Volume 1 and Volume 2).  This "history" is a transcription of lectures by David G. Boak, who liked to explain NSA-related topics from a historical perspective. He clearly inspired a generation of NSA's employees. The last "real" page of the document contains a humorous story... Continue Reading →

Create a website or blog at WordPress.com

Up ↑