Pages: 1 2 4 ...6 ...7 8 9 10 11 12 ... 14

  2014-10-11

Snapchat leak -- who is to blame?

  10:52, by Hagai Bar-El   , 242 words
Categories: IT Security, Security Engineering

Snapchat is in the headlines again for allegedly leaking out nude photos of users. They strictly deny that there was any breach of their servers, and blame third party applications for leaking this data. This might be the case, but it is not enough to take them off the hook, especially given that their product is mostly about confidence. There are more and better instant-messaging apps out there, and whoever uses Snapchat uses it exactly so such events do not happen, whatever the excuse is.

I have no idea what exactly happened, if at all, but if a third party app got to access Snapchat data, then this Snapchat data was either

  • obtained by the third-party app on the user device, or
  • obtained by the third party app by impersonating the legitimate Snapchat app against the Snapchat server.

On a typical (i.e., un-rooted) Android or iOS device, apps can store their data so it is not readily available to other, unauthorized, apps; it would have been careless to leave such photos behind for the asking. On the other hand, Snapchat were accused several months ago for improperly authenticating their clients by the server, allowing easy impersonation of Snapchat client apps. I was quoted in USA Today yesterday addressing the need to properly authenticate clients.

Lastly I will add that there is also the possibility that no breach has ever occurred, and that the entire image dump is a hoax. Time will tell.

 PermalinkLeave a comment »

  2014-09-23

A gift from Snowden to the European economy

  21:48, by Hagai Bar-El   , 463 words
Categories: Security Policies

The revelations made by Edward Snowden did not show us anything that we never thought possible. It did reveal, however, that many of the things that were possible in theory found their way to reality. Those revelations also gave opportunity for many of the chronic paranoids and conspiracy-theorists to say "I told you". Fact is, digital life causes us to rely on more and more service providers, in the shape of government agencies and private organizations, and those providers were now caught violating our trust. When we buy products and services, we trust their provider to follow the norms we believe it follows. When such trust breaks, we need to think what next. In my opinion, this situation forms an opportunity for Europe to catch up.

Full story »

  2014-09-06

Book review: "No place to hide" by Glenn Greenwald

  21:14, by Hagai Bar-El   , 411 words
Categories: Sources

I just finished reading the book "No Place to Hide", by the journalist Glenn Greenwald. The book talks about the revelations from Edward Snowden on the actions taken by the NSA, as well as about their implications. It is not the  book you can't take your hands off, but it is certainly a worthy read and conveys a very well elaborated message.

Full story »

  2014-09-05

Capturing PINs using an IR camera

  16:40, by Hagai Bar-El   , 97 words
Categories: Security

This video demonstrates how an IR camera, of the type that can be bought for a reasonable price and attached to a smart-phone, can be used to capture a PIN that was previously entered on a PIN pad, by analyzing a thermal image of the pad after the fact. When the human finger presses a non-metallic button, it leaves a thermal residue that can be detected on a thermal image, even if taken many seconds later.

The video refers to the article: Heat of the Moment: Characterizing the Efficacy of Thermal Camera-Based Attacks, written in UC San-Diego.

  2014-08-19

Protecting network neutrality: both important and hard

  06:14, by Hagai Bar-El   , 2362 words
Categories: Security Policies

The term "network neutrality" is mentioned very often lately; also in the context of FCC ruling, such as here, and here. Since the definition of net neutrality is not always clear, this topic is not subject to as much public debate as it probably should. Here is my take of what network neutrality is, and why it is difficult to regulate and enforce. I will start with my proposed technical and service-related definition of "network neutrality", and will follow with a brief explanation of why this is both difficult and important.

Full story »

Pages: 1· 2· 3

  2014-07-24

TrueCrypt alternatives?

  22:23, by Hagai Bar-El   , 660 words
Categories: IT Security, Products

It has been a while since the announcement of the demise of TrueCrypt (which I reported), and an equivalent replacement for all those people who rely on it is not yet evident. TrueCrypt did not revive yet, but the situation is not time-wise critical as it may have seemed. There are a few options, for the time being.

Full story »

  2014-05-30

The status of TrueCrypt

  07:40, by Hagai Bar-El   , 564 words
Categories: IT Security, Products

I wish I knew where TrueCrypt stands now, but I don't. I follow TrueCrypt and regularly endorse it  ever since I discovered it and wrote this post nine years ago. TrueCrypt was, and may still be, the most sensible and presumably-secure volume and full-disk encryption software for Windows; also supporting Linux and Mac. A few days ago the project discontinued, and users were directed to alternative, non-open-source solutions.

Full story »

1 2 4 ...6 ...7 8 9 10 11 12 ... 14