LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Recent Features

LWN.net Weekly Edition for October 3, 2013

Integrity and embedded devices

NUMA scheduling progress

LWN.net Weekly Edition for September 26, 2013

A perf ABI fix

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Security quotes of the week

[Posted July 10, 2013 by jake]

The idea that copyright owners might convince a judge, or, worse, a jury that because they found a copy of an e-book on the Pirate Bay originally sold to me they can then hold me responsible or civilly liable is almost certainly wrong, as a matter of law. At the very least, it’s a long shot and a stupid legal bet. After all, it’s not illegal to lose your computer. It’s not illegal to have it stolen or hacked. It’s not illegal to throw away your computer or your hard drive. In many places, it’s not illegal to give away your e-books, or to loan them. In some places, it’s not illegal to sell your e-books.
Cory Doctorow on yet another e-book DRM scheme

Based on recent disclosures, we know that the NSA has decided to store encrypted communication for later analysis, and I think it’s safe to say that other countries follow suit. So it’s likely there are stored Cryptocat communications floating around in various spy agency archives. These agencies may have already found this issue and used it to view messages, or now that it’s public - they can do so easily.

This is where an issue like this can be so devastating, if those encrypted messages have been saved anywhere - any users engaged in activity that their local government doesn’t care for are now at risk.

Personally, I wouldn’t trust Cryptocat until it’s had a true code audit (the pen-test they had last year clearly doesn’t count), and the crypto systems reviewed by a true cryptographer. If a mistake like this was allowed in, and overlooked for so long, I’ve no doubt that other weaknesses exist.

Adam Caudill is ... unimpressed ... with Cryptocat

Destroying cameras? And mice? Over malware? Are you serious?

Worse, the EDA [Economic Development Administration] continued destroying components until it could no longer afford to destroy them. In fact, the agency intended to continue destroying gear just as soon as it got more funds approved to do so. Uhh... okay!

And no, it does not end there. It turns out the malware infection was absolutely routine. All the EDA had to do was isolate the affected components, remove the malware, reconnect the hardware and move on. NOAA, which received a notice at the same time as EDA, completed this operation in one month.

Mario Aguilar is ... unimpressed ... by a US government malware prevention scheme
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds