How Can We Help Users Improve Security?
Maybe we should rename CIA. I don’t mean the government agency by that name. I’m risking heresy by saying that the tired old acronym CIA for Confidentiality, Integrity, and Availability isn’t sacred text. We talk about CIA in Learning Tree’s System and Network Security Introduction course. Let’s take a critical look at it here. I’ve […]
Cyber Security Requires Cautious Logic
If we don’t carefully distinguish between necessary and sufficient when we are analyzing information assurance systems, we may become dangerously confident in a system that is actually quite weak. This Isn’t A New Problem Cryptography enthusiast Edgar Allan Poe wrote, in “A Few Words On Secret Writing” in Graham’s Magazine in July 1841: “Few persons […]
File System Encryption: When Is It Worthwhile?
Encryption is used to protect confidentiality. But what role should it play within your operating systems for protecting file systems? The answer often is, “it depends.” Physical Theft A laptop or detachable media such as USB-connected external disks and thumbdrives could easily be stolen or lost. Especially with smaller objects, you may not know which […]
Last week I explained why government-imposed backdoors cause more problems than they solve, and government-imposed weaknesses from the 1990s are still causing SSL/TLS security problems. Let’s see some of the other ways backdoors have spectacularly failed. This is nothing new The problem of insider abuse goes back to an era when letters and telegrams were […]
What Could Possibly Go Wrong With Backdoors?
What could possibly go wrong with back doors? Pretty much everything imaginable. You must have seen about the debate between the FBI and Apple over providing a backdoor for the Apple iPhone 5C model. I strongly agree with Michael Hayden, former head of both the Central Intelligence Agency and the National Security Agency. In an […]