Interesting Email Scam I Recieved

Interesting Email Scam I Recieved

I received an impressive email scam recently. My response was to forward it to the email provider’s abuse contact (abuse@outlook.com) and file a complaint with the Internet Crime Complaint Center (ic3.gov). I’ll include the whole email later. The bottom line: Scammer has my password and will humiliate me if I ... Read More
Organizing Video Clips for an Online Course

Organizing Video Clips for an Online Course

| | Tech Teaching, video
I’ve signed on to do a Coursera course on cloud security. I’ll share more details as production progresses. This post contains a few notes on organizing video clips for a large project. The video almost always consists of two synchronized streams: one of my bearded face narrating the video and ... Read More
How to Trace an Email Message

How to Trace an Email Message

There is no way to verify an email’s contents except through cryptography. Until every email client includes encryption and reliable authentication, we should always doubt an email’s source. We can increase our confidence in an email a little, though, by tracing its path through the mail system. I use this ... Read More
HR and Phishing

HR and Phishing

| | Phishing, security, UMN
I receive thousands of emails every month. I do a lot of (for me) critical activities online. I never receive legitimate emails demanding a suspicious online action any more. Except from HR departments. IT security people know this is a problem. The upper left image comes from the University of ... Read More
The Six Types of Cyberattacks

The Six Types of Cyberattacks

My textbook talks about attacks on computers and computer networks using specific categories. A successful attack goes through many phases. These categories focus on an attack’s lasting impact: how does it affect the target’s assets and resources? Here are the categories I use right now: Denial of service – Pillage ... Read More
Quantum Skepticism

Quantum Skepticism

Quantum computing gives us a way in theory to quickly crack certain types of cryptography. Well-funded startups are working on prototype quantum circuits, as are big guns like Intel, Microsoft, and IBM. Success could render a lot of today’s encryption obsolete. In theory. Academic and industrial research labs have built ... Read More
Two Longs and a Short

Two Longs and a Short

| | Tech History, telephones
By Dick Pence This story appeared in The Washington Post in 1991, shortly after a computer glitch caused a “long-distance blackout” on the East Coast. Those big phone outages of the past couple of weeks have had me feeling a bit guilty over what’s been happening. You see, I remember ... Read More
The Big Bug in the News: the WPA2 flaw

The Big Bug in the News: the WPA2 flaw

| | Crypto, flaws, security, stream cipher
The big news this week is a protocol flaw in the Wireless Protected Access protocol, version 2 (WPA2). The Ars Technica article covers the details pretty well. This is what every Wi-Fi wireless router on the planet uses these days. The problem does not directly damage your system, but it ... Read More
Comparing Leaks: Trump vs. Hillary

Comparing Leaks: Trump vs. Hillary

As I said in an earlier post, no crime is committed if the appropriate official leaks sensitive classified information. This applies to both Secretary Clinton’s email server and President Trump’s unfortunate meeting with Russian diplomats. Both carried the authority to disclose what they disclosed. One question remains: what damage might ... Read More
Tiptoeing Through Vulnerabilities

Tiptoeing Through Vulnerabilities

I sympathize with developers who throw up their hands and say, “I don’t do security stuff.” No matter what you choose, there’s a trade off that could go wrong. It’s especially troublesome if one deploys a “security website.” I’ve deployed security education websites in many environments over the past 20 ... Read More
Loading...