Browsed by
Month: July 2016

Sighthound Video Surveillance App

Sighthound Video Surveillance App

Physical security is an inherent part of information security. If an attacker can achieve physical access to your devices, you are already behind the power curve.  Maintaining physical control of your devices is maybe the most important step you can take to protect your data-at-rest.  However, there are some occasions when maintaining physical control is not possible or practical.  One of these occasions is during hotel stays.  Hotel rooms – and even their safes – are incredibly insecure (I’ll talk…

Read More Read More

Tattoos, Tattoo Recognition, and Privacy

Tattoos, Tattoo Recognition, and Privacy

When I was a kid, people with tattoos were pretty few and far between.  If you had ink there was a good chance you’d been in the military or jail.  If you had tattoos on your hands, head, or neck you had almost certainly been to jail, or were, at very least, somone people didn’t want to mess with. These days a guy (or girl) with knuckle tattoos is just as likely to be a barista or art major as…

Read More Read More

OS Updates: What They’re REALLY For

OS Updates: What They’re REALLY For

I recently read an article that made me realize there is a fundamental rift in how I, and many of the readers here, look at computers, and how the general population does.  It is only a very small subset of the population that considers security, even secondarily.  And if they do, many don’t understand enough about it to implement it properly.  The article in question asks if users should upgrade to the newly released iOS, version 9.3.3.  Hold off on…

Read More Read More

iOS Encrypted Notes

iOS Encrypted Notes

In the past I have recommended Codebook Secure Notebook as an alternative to iOS’s native notes application.  I even went so far as to recommend NOT using the native Notes app.  However, I have recently completely reversed my position on this.  A third-party app is no longer needed to secure your notes.  Beginning in iOS 9.3.2, notes in the native Notes application can be secured with a password.  When password protected, notes are encrypted with AES-128.  This eliminates the need…

Read More Read More

PrivNote Self-Destructing Messages

PrivNote Self-Destructing Messages

I recently found a service that I enjoy using.  It is called PrivNote and it allows you to transmit small bits of encrypted text via a URL.  Here is how it works.  First navigate to https://privnote.com.  The very simple interface offers you a compose pane and prompts you to “Write your note here…”  You enter your message and click “Create Note”.  Your note is encrypted and you are given a URL that you can share with the intended recipient.  Privnote…

Read More Read More

Cyber Security Awareness Month

Cyber Security Awareness Month

NATIONAL CYBER SECURITY AWARENESS MONTH October is National Cyber Security Awareness Month.  In honor of this month, I will be posting daily blog posts, much like I did during the Thirty Day Security Challenge.  Unlike the Thirty Day Security challenge, I am looking to make this a bit more interactive.  There will be giveaways and prizes in return for your participation and feedback.  I have not totally decided on what topics and themes I will cover during this month.  If…

Read More Read More

Puck Locks vs High Explosives

Puck Locks vs High Explosives

I was recently aboard a military training facility that is used for a variety of training techniques, like close-quarters battle (CQB) and explosive breaching.  On one of the breaching lanes I saw something interesting: a puck lock breached with high explosives.  Puck locks do not have a visible hasp.  They are one of the most mechanically secure padlock designs available.  Since everyone loves explosives, I thought this would be an interesting pictorial post: puck locks vs high explosives.

Redundant Secure Messengers

Redundant Secure Messengers

I have previously written about multiple secure messaging systems.  On the text/IM front I have covered Signal, Silent Circle, Wickr, and Threema.  For voice communication I have talked about Signal and Silent Phone.  Email options I have covered include ProtonMail, Tutanota, and old-fashioned PGP.  I am sometimes asked why I cover so many different systems.  Even I have recommended picking one or two and sticking with them. From a blogging standpoint, I want to give the reader as many options…

Read More Read More

My Ultra-Private iPod Phone 5: Use Cases

My Ultra-Private iPod Phone 5: Use Cases

At this point, my ultra-private iPod phone is setup and ready to use.  If you choose to follow a similar course, it is important to define how you will actually employ the device before you start to use it.  This will also dictate the tradecraft you should undertake to support your use case.  As I see it, there are essentially two ways this device can be used. Both will make you more private and secure.  It is up to you…

Read More Read More

Threat-Model Based Padlock Selection

Threat-Model Based Padlock Selection

Today I will cover some padlocks that I use and personally recommend.  Padlock selection should occur based on the threats they are likely to face.  There are two basic threat models I use when selecting padlocks.  The first is low-to-medium security applications.  These locks will be robust enough against forced entry and offer some light protection against picking and other surreptitious defeat.  The other is high security.  The cost of a high security lock is justified in several instances: if…

Read More Read More