Today’s Revolution: Cybersecurity and the International Order

This is a review of Lucas Kello’s The Virtual Weapon and International Order (Yale University Press, 2017):

The questions that Kello’s proposals raise simply prove his point about the need for interdisciplinary discussions to tackle the multifaceted challenges that cybersecurity poses. The book’s three-part typology of technological revolution will be particularly helpful in framing future discussions of cybersecurity both within and outside of international relations. And it can also be deployed to assess future technological developments. As Kello notes, “the distinguishing feature of security affairs in the current epoch is not the existence of a revolution condition but the prospect that it may never end” (257). Cyberweapons are today’s revolution, but tomorrow will surely bring another.

More of a political science perspective.

Don’t Panic: Hackers Can Now Steal Data Even From Faraday Cage Air-Gapped Computers

From Hacker News:

A team of security researchers—which majorly focuses on finding clever ways to get into air-gapped computers by exploiting little-noticed emissions of a computer’s components like light, sound and heat—have published another research showcasing that they can steal data not only from an air gap computer but also from a computer inside a Faraday cage.

Fascinating research for sure. If you happen to be one of the few working in an environment where air-gapping and Faraday cages are common, this highlights that they are not 100% effective in isolation (no pun intended). This is a reminder of the value of good security hygiene, physical and analog and digital, and occasional validation of assumptions.

For the other 99.999% of security professionals, there are more practical and pragmatic risks requiring addressing with a higher return on investment. This is a reminder of the value of good security hygiene, physical and analog and digital, and occasional validation of assumptions.

See what I did there?

See Also:



Another Take on Engineering Notebooks

Another Take on Engineering Notebooks:

Kleiman’s post can be useful for a wide range of users. The main takeaway, for me at least, is that your tools and specific procedures are not as important as organizing your data and scripts and keeping careful notes on what problem you’re trying to solve and the steps you’ve taken to solve it.

(Via Emacs – Irreal)

Here is the original article that kicked this off. As I’ve been trying to simplify my workflows to better manage my data my thinking has informally been tending toward what Dan Kleiman wrote. I don’t have code any more, replaced by the constant flood of documentation coming my way for various projects. Something like this could would for me with a few small changes.

Social Engineering for the Blue Team

Social Engineering for the Blue Team:

After I read, Chris Hadnagy’s book, Social Engineering: The Art of Human Hacking I realized that it’s more than just a red team activity. In fact Wikipedia has multiple entries on the topic. It’s not just security focused. It’s also political. Reading the book it’s even more than that. Sales and marketing people use social engineering. In fact, we all do it, to varying degrees. Some better than others. The book is focused on red teaming for social engineering. A lot of those concepts, though, I could easily apply and even provide examples of doing on a day-to-day basis.

(Via Timothy De Block)

This is the gist of Tim’s upcoming workshop, Social Engineering for the Blue Team, at Converge & Bsides Detroit May 10-12 2018. Give his post a read and provide him with your feedback. Tim’s a great presenter and speaker, so it is worth your time.

The Shallowness of Google Translate

Despite my negativism, Google Translate offers a service many people value highly: It effects quick-and-dirty conversions of meaningful passages written in language A into not necessarily meaningful strings of words in language B. As long as the text in language B is somewhat comprehensible, many people feel perfectly satisfied with the end product. If they can “get the basic idea” of a passage in a language they don’t know, they’re happy. This isn’t what I personally think the word “translation” means, but to some people it’s a great service, and to them it qualifies as translation. Well, I can see what they want, and I understand that they’re happy. Lucky them!

Douglass Hofstadter, as quoted above, gets the gist of my use of Google Translate though it is clearly not the thesis of the piece. My value in Google Translate lies in its very shallowness: give me the key points quickly so I can best judge how to proceed. It works much better for me and is more respectful of my friends’ & colleagues’ time if I can pose salient specific questions instead of shoving an email in their face asking “What does this say?”, only to discover that it is yet another Nigerian Prince.

By the way, Hofstadter has a book, “Gödel, Escher, Bach“, of which I am a particular fan. Get it here: 🇯🇵 Japan Kindle and 🇺🇸 US Kindle

Photo by Drew Collins on Unsplash

OpSec Fail Indeed

From …

All the encryption in the world is not going to help if someone can read over your shoulder

Using a secure messaging app to communicate with your political allies is a great idea in this day and age, where government hackers actively try to break into the email accounts of high-profile politicians and staffers in order to plaster them online. But all the unbreakable encryption in the world isn’t going to save you if you read the supposedly secret messages in front of a camera.

Sometimes you can’t make this stuff up.

[Preparing for the Pink] Building a Smart Job Loss Plan

Building a Smart Job Loss Plan:

Imagine that tomorrow – or your next day at work – you go into your workplace only to find a pink slip waiting for you. You’re done. Your employer heard some horrible rumor about you, or maybe your organization is downsizing, or maybe you made a big mistake recently and it’s caught up to you. Whatever it is, your job is no longer yours. You have 15 minutes to clean out your desk and half an hour at HR to sign some papers and then you’re out on the street.

What now? What do you do?

(Via The Simple Dollar The Simple Dollar)

Way back in 2013 (was it that long ago?) I wrote about being laid off from the company where I worked for twelve years. I called my posts “Preparing for the Pink” as in a Pink Slip. This is the traditional American notice of termination of employment though the physical pice of paper is not often used any more.

Anyway, here is an updated version of the same idea. While very focused on people in the United States the general principles should be useful to workers everywhere even where the labor laws are much more liberal.

  1. Keep your resume updated all the time.
  2. Keep your training and education current, preferably using current workplace resources.
  3. Have a set of strong professional contacts in place; do favors and make sure those relationships are strong.
  4. Have a very healthy emergency fund.
  5. Know exactly what benefits you’re due if you were to lose your job and how to get those benefits.
  6. Have a list of people to contact immediately to start finding another job.

This whole article and my earlier ones are a great example of the Stoic idea of Negative Visualization, which the ending of the article sums this up spectacularly:

The key lesson is that thinking about life’s potential problems now and coming up with solutions in a rational and calm way, then taking steps to make those solutions easy to execute in a crisis, goes a long way toward making any and all crises in life much easier to handle.

The little steps you take now, handled with rational thought and just a little effort and a little money, can save you enormous headaches and a great deal of money down the road when an unfortunate event does occur. Preparing for a job loss is just one example of this powerful life strategy.

Trent Hamm’s articles in the Simple Dollar are great. If you’re not reading it on a regular basis, you should.