I recently received an email sporting “Wells Fargo” logos. It asked me to do a survey. It was actually sent from the domain ‘morpace.com,’ which used to belong to a product survey company. When I googled the name ‘morpace’ the first thing I found was that the company had probably ... Read More

Just because the email (or letter) directs you to a phone number doesn’t mean you aren’t being phished. The nearby image shows part of a recent phishing email. It claims that I ordered a laptop/tablet from Microsoft for delivery to an unfamiliar address in Las Vegas. I’ve warned readers in ... Read More

I’ve been recording video lectures for a Coursera specialization in cloud computing. The first of the four courses is available right now. I’ve been asked to describe how I do this, so here we go. The nearby image shows how the videos appear: I’m on the right, talking, and we ... Read More

In other posts I describe how I’m producing videos for a Coursera specialization. This is a solo operation. I don’t have someone to hold the camera or answer the phone while I’m recording. When things go well, I produce exactly two, audio-synced video streams: the slide show presentation and my ... Read More

I was poking around declassified documents from the National Reconnaissance Office (NRO) and found a reference to “Eyes Only” from when they reorganized their BYEMAN control channel in 1993. They seemed to use it to indicate material “above Top Secret.” In an earlier post I argued that “Eyes Only” meant ... Read More

There’s a particular mindset we call security thinking. I’ve also seen it called ‘reasoned paranoia.’ The National Security Agency (NSA) recently published a survey of Internet conferencing products that’s interesting for its evaluations. More interesting for me were its recommendations on conducting a secure conference at the endpoints. They discuss ... Read More

Cryptosmith Institute is a retirement-time enterprise of Dr. Rick Smith, author of Elementary Information Security (Jones and Bartlett, 2011, 2015), Internet Cryptography (Addison-Wesley, 1997) and Authentication: From Passwords to Public Keys (Addison-Wesley, 2002). Rick currently teaches in the MSSE program at the University of Minnesota. Previously he taught at the ... Read More

In their obsession with simplifying the phone interface, the iPhone designers make it a bit harder to detect dangerous emails. Here is an email claiming to be from “Humana Health” asking me to pay for my COVID-19 insurance, whatever that might be. The structure, layout, and English are convincing. The ... Read More

I now offer an online course on Cloud Security Basics under the auspices of the University of Minnesota and hosted by Coursera. I am still working on three subsequent courses to fill out a 4-part specialization in Cloud Security. I’m looking at online courses as an alternative to writing books ... Read More

Unlike members of the insect family, computer software bugs live forever. Software security bugs (well, flaws) are especially troubling since they demand respect from every software developer now and forever. We want to believe we can “eradicate” software flaws through reviews, testing, and vigilance. Eradication is a myth. A flaw’s ... Read More