Page 1 of 3

• Signal and protests

  Jun 13

  Every time that protests break out somewhere in the world, very similar discussions about the Signal application on mobile phones break out. These discussions are based on some people giving recommendations, and other people spreading reports about...

• Signal, Twitter and OpSec

  Jun 23

  A few days ago, a fairly famous journalist tweeted a string of numbers. This journalist happens to be wellknown as working in the sector of surveillance, and is likely to be developing sources that require serious operational security. Because of these...

• WhatsApp and Backdoors

  Jan 15

  A few days ago, The Guardian published a very problematic article about the existance of a backdoor in WhatsApp. However, the backdoor doesn't exist and the problematic nature of the article was more about the lack of understanding it showed, rather...

• Security Design Attractors

  Jun 4

  Traditionally applications that provide security and privacy features have a tendency to fall into two different categories. One category is what I'll call the open model. These applications are open source, federated, distributed or peer-to-peer....

• Open source is not possible

  Jan 18

  Open source and free software are based on the idea that you can inspect the source code, modify it and from a security perspective - be reasonably sure that what you're running is the same as what is in the published source code. But is that even possible? I have been ranting about this subject for a while now, and I think it's time to put it down in writing. In short, my position is that you can't really call something open source for any of the large mobile platforms. For laptops, the situation is better, although not without caveats.

• JURIST for OpSec threat modeling

  Apr 16

  I had a conversation about threat modeling needs for an organization that needs to think holistically about threats, not only the typical infosec threats we usually deal with in threat modeling. One of my colleagues mentioned it would be nice to have...

• Border Mitigations

  Apr 11

  In a previous post here, I wrote about some of the potential dangers involved in traveling in todays world, from an information security standpoint. Most of that danger has to do with crossing borders, but some also show up during regular security...

• Passwords and Entropy

  Apr 11

  This week a YouTube segment has been passed around. It depicts Ed Snowden talking to John Oliver about passwords. A lot of what is said there is quite good - however, it is important to also point out that things are a little bit more intricate than...

• The border danger

  Apr 10

  For certain types of people, crossing a border can be very problematic. The last few years have seen more and more attacks happening when crossing borders, and for people that care about the security of their information this is a huge risk. It doesn...

• Is encryption broken? REDUX

  Jan 3

  I spent the days between Christmas and New Years in Hamburg, at the Chaos Communication Congress. I had a fantastic time as usual, and there were a lot of great discussions and talks. I wanted to quickly cover the new revelations that Jake Appelbaum...

>>