Browsed by
Month: April 2016

Complete Privacy and Security

Complete Privacy and Security

It is my pleasure to make a few announcements today.  First, The Complete Privacy and Security Desk Reference has been released and is finally available on Amazon!  This is huge – Michael and I had hoped to have this work out by January but things happened that were beyond our control.  Thousands of Wickr messages, hundreds of ProtonMail emails, scores of Signal calls, and four personal meets later (one in a foreign country), here we finally are!  From the description:…

Read More Read More

Real World Example: Physical Insecurity

Real World Example: Physical Insecurity

I recently ran across this door and lockset in the industrial district of a major US city.  Seeing an old, ramshackle (or abandoned) commercial building with a padlock hasp on the door is not all that uncommon.  However, I was close enough to notice something interesting.  Look at the photo.  This door presents an excellent example of physical insecurity – but why? In case you have trouble seeing the mortise cylinder, below is a close-up shot.  It’s a Medeco mortise…

Read More Read More

International Travel Security Tips

International Travel Security Tips

Over the past few years I’ve been fortunate enough to do a bit of international travel.  I’m also fascinated with personal security.  The following are some minor “best practices” for international travel security.  If you have any suggestions, post them so we can all benefit. Additionally, If I’m being foolish, please call me out. Primer:  I fly with a US passport, often through countries where I prefer not to advertise my citizenship.  I worry about my general privacy being violated by…

Read More Read More

Identity Theft & Data Breach Response

Identity Theft & Data Breach Response

Data breaches occur with shocking regularity.  The news is full of reports of data being spilled by companies and individuals being targeted for identity theft.  Few of these stories contain much useful information on appropriate data breach response, however.  Once your information has been spilled it is impossible to fully recover it.  However, there are some meaningful data breach response steps you can take if you do fall victim to this type of crime. Contact your financial institutions immediately. If…

Read More Read More

Lock Safari Vancouver, BC – Part II

Lock Safari Vancouver, BC – Part II

In Part I of my “Lock Safari Vancouver, BC” I covered the common (but very secure) Abloy and ASSA offerings, as well as the Medeco locks I saw.  All three of these brands are owned by the ASSA-Abloy conglomerate, and  I will lead off again with another ASSA-Abloy product: the Israeli Mul-T-Lock.  I saw several of these in mortise cylinder form-factor.  I also saw a handful of switch and cam locks, none of which I was able to adequately photograph. …

Read More Read More

Lock Safari Vancouver, BC: Part I

Lock Safari Vancouver, BC: Part I

I recently had the opportunity to spend an extended weekend in Vancouver, BC.  While there, I indulged my desire to run around the city and its seedier parts to look for interesting locks.  “Lock Safari Vancouver” was a success – I found some very interesting stuff!  This post will be divided into two parts.  This first half will cover the more “pedestrian” Abloy, ASSA, and Medeco products.  Part II will cover the more odd and interesting. Abloy: I found quite…

Read More Read More

Threat Modeling: Profile Elevation

Threat Modeling: Profile Elevation

A couple of weeks ago I posted my introduction to threat modeling.  Several times in that post I mentioned the concept of profile elevation, and it will certainly be coming up more as I flesh out my thoughts on threat modeling.  It has occured to me that this topic should be explored more fully. Profile elevation is a fairly intuitive concept.  For our purposes we can describe it as† “the generally-undesirable condition of: becoming more visible to one’s adversary, and/or…

Read More Read More

Thirty Day Security Challenge Follow-Up

Thirty Day Security Challenge Follow-Up

Two weeks after the conclusion of the Thirty Day Security Challenge, it’s probably a good time to follow up on what we did.  I heard from several of you and would like to share some of the feedback that I got.  To quickly re-cap what we covered: Week 1 was heavily focused on local system security and covered the following: OS and app udpates, creating standard user accounts, reviewing basic privacy settings, and scanning our machines with antivirus and antimalware…

Read More Read More

Codebook Password Manager Mobile App

Codebook Password Manager Mobile App

I have written about Codebook Secure Notebook and the STRIP Password Manager, both here and in Your Ultimate Security Guide: iOS.  Due to some major recent changes to these systems they merit a revisit.  Zetetic, the company that publishes both of these applications, has merged them into a single app.  At first this concerned me greatly.  Though I loved STRIP and think it is one of the more secure password managers on the market, acceptable replacements exist.  What really concerned…

Read More Read More

Threat Modeling: An Introduction

Threat Modeling: An Introduction

I have previously written about categorizing attackers based on their levels of skill and focus.  I have also written about categorizing security measures to defeat attackers with a given level of skill or focus.  Both of these posts tie in closely with (and were early attempts at) a topic that I want to explore more fully in coming months: threat modeling.  Threat modeling is the examination of two things as they relate to each other: an adversary and a security…

Read More Read More