Browsed by
Month: February 2016

File Validation Case Study: Linux Mint

File Validation Case Study: Linux Mint

A news story broke this week about a hack against the download site of Linux Mint (the official blog post is available here).  Mint is a very popular, entry-level Linux operating system.  The attacker hacked Mint’s site and redirected the download link to a modified version of the .iso file.  The modified version had/has a backdoor installed via the Tsunami malware suite.  This hack affected Linux Mint version 17.3/Cinnamon, but the backdoored version appears to have only been available for…

Read More Read More

The Apple vs. FBI Debate: My Thoughts

The Apple vs. FBI Debate: My Thoughts

This week has been awash in coverage of a federal court ordering Apple to unlock an iPhone 5c used in the San Bernardino shooting.  This story began for me when I awoke Tuesday at 5 a.m. EST to half a dozen text messages linking me to Tim Cook’s “A Message to Our Customers.” I have had almost a week to digest the letter, follow the story, and reach some conclusions.  My thoughts and observations on the “Apple vs. FBI” debate…

Read More Read More

Thirty-Day Security Challenge Details

Thirty-Day Security Challenge Details

With just two weeks remaining before the start of the Thirty-Day Security Challenge, I am going to address a few questions I have been asked in the past week.  If you have additional questions or comments feel free to post them in the comments or contact me directly. What will the Challenge cover?  I have been somewhat (and intentionally) vague on this, but several of you have emailed in asking what the Challenge will tackle.  I’m still going to be…

Read More Read More

Book Review: Future Crimes, Marc Goodman

Book Review: Future Crimes, Marc Goodman

In an age of almost weekly hacks on various multinational corporations, banks, Hollywood movie studios, and government agencies—each more brazen or damaging than the last—it’s no surprise that a spate of books on the subject has hit the market in recent months. After all, those hacks, along with the countless others that go unrecorded every day around the world, affect us all in one way or another. Future Crimes: Everything is Connected, Everyone is Vulnerable, and What We Can Do…

Read More Read More

The Survival Podcast Interview

The Survival Podcast Interview

I was recently interviewed on The Survival Podcast. Jack and I talked at length about surveillance in the modern age, and steps you can take to avoid it.  If you want to check it out, the link is here: http://www.thesurvivalpodcast.com/personal-privacyv-v-mass-surveillance Thanks! Justin

How to Verify File Integrity using Checksums

How to Verify File Integrity using Checksums

Verifying file integrity is an important step when downloading and installing applications, especially when these applications are relied upon to perform a security function.  An application that is not downloaded completely or correctly may be weakened and fail to provide the necessary security.  Worse, users may be the victims of a watering hole attack where the download site is infected with malware, or some targeted individuals are redirected to look-alike sites.  In this instance the software in question would be modified…

Read More Read More

3DSC: The Thirty-Day Security Challenge

3DSC: The Thirty-Day Security Challenge

Over the past several months I have fielded quite a few complaints. Some were from friends, some from strangers, and many from family.  All these complaints were about how “hard” security is.  One close friend in particular says he wants to be more secure but is daunted by its complexity, and he can’t decide where to start.  To address these complaints and make security seem more approachable to the average individual, I have devised what I like to call the…

Read More Read More