cryptosmith

Cryptosmith

I was poking around declassified documents from the National Reconnaissance Office (NRO) and found a reference to “Eyes Only” from when they reorganized their BYEMAN control channel in 1993. They seemed to use it to indicate material “above Top Secret.” In an earlier post I argued that “Eyes Only” meant ... Read More

There’s a particular mindset we call security thinking. I’ve also seen it called ‘reasoned paranoia.’ The National Security Agency (NSA) recently published a survey of Internet conferencing products that’s interesting for its evaluations. More interesting for me were its recommendations on conducting a secure conference at the endpoints. They discuss ... Read More

Cryptosmith Institute is a retirement-time enterprise of Dr. Rick Smith, author of Elementary Information Security (Jones and Bartlett, 2011, 2015), Internet Cryptography (Addison-Wesley, 1997) and Authentication: From Passwords to Public Keys (Addison-Wesley, 2002). Rick currently teaches in the MSSE program at the University of Minnesota. Previously he taught at the ... Read More

In their obsession with simplifying the phone interface, the iPhone designers make it a bit harder to detect dangerous emails. Here is an email claiming to be from “Humana Health” asking me to pay for my COVID-19 insurance, whatever that might be. The structure, layout, and English are convincing. The ... Read More

I now offer an online course on Cloud Security Basics under the auspices of the University of Minnesota and hosted by Coursera. I am still working on three subsequent courses to fill out a 4-part specialization in Cloud Security. I’m looking at online courses as an alternative to writing books ... Read More

Unlike members of the insect family, computer software bugs live forever. Software security bugs (well, flaws) are especially troubling since they demand respect from every software developer now and forever. We want to believe we can “eradicate” software flaws through reviews, testing, and vigilance. Eradication is a myth. A flaw’s ... Read More

Occasionally in the news (and more often in spy fiction) people toss around super-secret documents marked “Eyes Only.” The United Kingdom and Canada use “Eyes Only” to indicate specific countries with whom a particular document may be shared. “UK Eyes Only,” for example, means that the document is only distributed ... Read More

Wireless Protected Access, Version 2 (WPA2) is the version of Wi-Fi security used in most cases today. This diagram illustrates the general layout of the security data used by WPA2. There’s a new version coming out, WPA3, but it doesn’t seem to be in any products yet. I put this ... Read More

I was online chatting at a web site to repair my lawn tractor. Once I finished, I said, “So you’re a chatbot. Cool.” I’m sure I was talking to a chatbot program and not a human. The reply was a brief but emphatic “No!” I’m not sure how to interpret ... Read More

Thanks to my former publisher, Addison-Wesley nee-Pearson Education, I can post several chapters of my favorite writing project: Authentication: From Passwords to Public Keys. I’m including these chapters as material for the Cloud Cybersecurity course I’m doing at the University of Minnesota for Coursera. The book was published in 2001, ... Read More