Archive for information security

You are browsing the archives of information security.

Awareness of Information Security

Awareness of a problem is always one of the first prerequisites to finding a solution. In everyday life, many people are grossly unaware of many threats around them. Technology always amplifies things and that happens without discrimination or moral clauses. It amplifies both good and bad. It can make our information more safe and less […]

Using a Home Email Server for Federal Govt Business

The following article was published in March of 2015, but it’s worth a fresh look since we now know much more about Hillary Clintons home email server. Specifically, the requirement for assessment and authorization seems to have been ignored completely in the media stories. The State Department CIO had specific responsibility for this and the […]

Computer Security For Beginners

Don’t put any information that you don’t want exposed on any computer system that is connected to anything. Consider using a second computer that is not connected or a portable USB drive that can be unplugged or encrypted. Don’t connect any computer system to any other system or network of system without considering possible negative […]

Stop Using Quicktime for Windows

Quicktime for Windows is no longer being supported by Apple, but new vulnerabilities have been disclosed that include the possibility for “remote code execution”. This means exploits can likely take over control of a computer running Quicktime for Windows. The United States Computer Emergency Readiness Team (US-CERT), Trend Micro, and other security organizations have called […]

Witness Signatures Add Authenticity

Part of the Apple/FBI court case involves how software updates are protected with digital signatures. The key ensures that the update comes from Apple and therefore has a level of trust associated with the history of the company. The government is not asking Apple to turn over the signing key and Apple is not likely […]

Encryption Ensures Privacy

Encryption techniques are mathematically designed to be uncrackable, at least in an amount of time that relates to the value of the secret. This means the time and computing resources needed to successfully attack the encryption will cost more than the attacker is willing to spend. More computing power means less time. If it takes […]

Hacking an Encrypted Phone

Recent news has the media atwitter with misinformation about hacking phones and encrypted data. Here are some of the basic issues: ENCRYPTION Encryption is the process of using a coding technique to obscure information. Simple substitution techniques like using a number for each letter of the alphabet have been in use for many years. These […]

Password Strength Requirements

While the main premise of the article linked below is correct, it understates a key part of password cracking methodology. There are two primary means of cracking passwords: using word lists, and brute force. There are also many hybrid combinations, which is an important focus of the article. In brute force cracking, every element of […]

FISMA Law vs Home Email Server

Working for a federal agency that has IT functions regulated by public law and running an email server from home to use for agency business seems problematic, but it may be possible. Here are some of the laws and regulations that come into play: FISMA – PUBLIC LAW 107–347, DEC. 17 2002 is known as […]