News from CCC: NSA can access your iPhone

“… a secret NSA program code named DROPOUTJEEP has nearly total access to the Apple’s iPhones ….” This includes access to cameras and microphones. http://thehackernews.com/2014/01/DROPOUTJEEP-NSA-Apple-iPhone-hacking-tool.html

Fun with flash memory

Multiple posts covered a presentation at the CCC outlined how they could write programs onto flash memory like SD cards. A quote from the ThreatPost article referenced below:“In other words, the maker of these particular chips, and likely a whole slew of others, is not adequately securing the firmware update process. From this point, the… Continue reading Fun with flash memory

Security isn’t just about keeping bad people out

Responsible risk management should assume breaches are inevitable and while effort must be put towards securing boundaries efforts should also be directed to ensuring proper authentication (AuthN) and appropriate authorization (AuthZ) within the system(s). Trust must be extended to employees and authorized parties but stakeholders in a system should regularly review access to ensure that… Continue reading Security isn’t just about keeping bad people out

Kevin Bacon & the NSA

Members of Stanford Law School’s Center for Internet and Society has published some blogs recently (Nov 13 & Dec 12, 2013) regarding phone metadata and connectedness of individuals via phone calls based upon NSA standards for searching/parsing data about phone calls (from declassified NSA documents). The blogs do not assert that the NSA bypassed legal requirements… Continue reading Kevin Bacon & the NSA

Password Managers

Password Managers