Tag: Security
-
U.S. Citizenship and N.S.A. Surveillance – Legal Safeguard or Practical Backdoor?
The main takeaway of two recent disclosures around N.S.A. surveillance practices, is that Americans must re-think ‘U.S. citizenship’ as the guiding legal principle to protect against untargeted surveillance of their communications. Currently, U.S. citizens may get some comfort through the usual political discourse that ‘ordinary Americans’ are protected, and this is all about foreigners. In…
-
The Linux Backdoor Attempt of 2003
Josh wrote recently about a serious security bug that appeared in Debian Linux back in 2006, and whether it was really a backdoor inserted by the NSA. (He concluded that it probably was not.) Today I want to write about another incident, in 2003, in which someone tried to backdoor the Linux kernel. This one…
-
Silk Road, Lavabit, and the Limits of Crypto
Yesterday we saw two stories that illustrate the limits of cryptography as a shield against government. In San Francisco, police arrested a man alleged to be Dread Pirate Roberts (DPR), the operator of online drug market Silk Road. And in Alexandria, Virginia, a court unsealed documents revealing the tussle between the government and secure email…
-
On Security Backdoors
I wrote Monday about revelations that the NSA might have been inserting backdoors into security standards. Today I want to talk through two cases where the NSA has been accused of backdooring standards, and use these cases to differentiate between two types of backdoors.
-
NSA Apparently Undermining Standards, Security, Confidence
The big NSA revelation of last week was that the agency’s multifaceted strategy to read encrypted Internet traffic is generally successful. The story, from the New York Times and ProPublica, described NSA strategies ranging from the predictable—exploiting implementation flaws in some popular crypto products; to the widely-suspected but disappointing—inducing companies to insert backdoors into products;…
-
British Court Blocks Publication of Car Security Paper
Recently a British court ordered researchers to withdraw a paper, “Dismantling Megamos Security: Wirelessly Lockpicking a Vehicle Immobiliser” from next week’s USENIX Security Symposium. This is a blow not only to academic freedom but also to progress in vehicle security. And for those of us who have worked in security for a long time, it…
-
The low-transaction-fee argument for Bitcoin is silly
A common argument advanced by Bitcoin proponents is that unlike banks and credit cards, Bitcoin has low (or even zero) transaction fees. The claim is a complete red herring, and in this post I’ll explain why. Let’s assume for the purposes of argument that Bitcoin transaction fees are, in fact, zero. There are small mining-related…
-
Revisiting the potential hazards of the 'Protect America' act
In light of recent news reports about NSA wiretapping of U.S. Internet communications, folks may be interested in some background on the ‘warrantless wiretapping’ provisions of the Protect America act, and the potential security risks such wiretapping systems can introduce. Here’s a 2007 article a group of us wrote entitled “Risking Communications Security: Potential Hazards…
-
How Consensus Drives Bitcoin
Josh Kroll, Ian Davey and I have a new paper on the dynamics of Bitcoin, which we’re going to release in a few days. This post is the first in a series exploring our paper’s analysis of why Bitcoin works and what could derail it. Consensus drives Bitcoin. Like any fiat currency (a currency not…
-
Internet Voting Snafu at USRowing
USRowing, the governing body for the sport of rowing in the U.S., recently announced the discovery of likely fraud in one of its leadership elections. Further investigation into this region’s voting resulted in the determination that fraudulent ballots were cast in the Mid-Atlantic election that directly affected the outcome of the Mid-Atlantic Regional Director of…