Author: Ed Felten

The recent security breach at Sony Pictures is one of the most embarrassing breaches ever, though not the most technically sophisticated. The incident raises lots of interesting questions about the current state of security and public policy.

The FBI recently issued a warning to U.S. businesses about the possibility of foreign-based malware attacks. According to a Reuters story by Jim Finkle: The five-page, confidential “flash” FBI warning issued to businesses late on Monday provided some technical details about the malicious software used in the attack. It provided advice on how to respond…

This morning I’m testifying at a hearing of the Privacy and Civil Liberties Oversight Board, on the topic of “Defining Privacy”. Here is the text of my oral testimony. (This is the text as prepared; there might be minor deviations when I deliver it.) [Update (Nov. 16): video stream of my panel is now available.]

This is a true story. Yesterday my phone crashed, and it wouldn’t reboot. Actually it would do nothing but reboot, over and over, with a seemingly different error message every time. I tried all of the tricks available to a technically handy person, and nothing worked—I couldn’t get it out of the crash-reboot cycle. So…

Debates about privacy and security tend to assume that the two are in opposition, so that improving privacy tends to degrade security, and vice versa. But often the two go hand in hand so that privacy enhances security. A good example comes from the airport scanner study I wrote about yesterday.

Today at the Usenix Security Symposium a group of researchers from UC San Diego and the University of Michigan will present a paper demonstrating flaws in a full-body scaning machine that was used at many U.S. airports. In this post I’ll summarize their findings and discuss the security and policy implications.

Yesterday the Tor Project issued an advisory describing a large-scale identification attack on Tor hidden services. The attack started on January 30 and ended when Tor ejected the attackers on July 4. It appears that this attack was the subject of a Black Hat talk that was canceled abruptly. These attacks raise serious questions about…