413 private links
In this first lecture of Security Engineering (https://www.cl.cam.ac.uk/~rja14/book.html), Ross looks at the various kinds of attacker and their capabilities: the crooks, state actors, corporate competitors, and "the swamp". Sam then looks at the various tools they all use, and how real-world vulnerabilities are patched and/or exploited.
I've written a third edition of Security Engineering. The e-book version is available now for $44 from Wiley and Amazon; paper copies are available from Amazon here for delivery in the USA and here for the UK.
Here are the chapters, with links to the seven sample chapters as I last put them online for review: //
Here are fifteen teaching videos we made based on the book for a security engineering class at Edinburgh, taught to masters students and fourth-year undergrads: //
The Second Edition (2008)
Download for free here:
A little-discussed detail in the Lavender AI article is that Israel is killing people based on being in the same Whatsapp group [1] as a suspected militant [2]. Where are they getting this data? Is WhatsApp sharing it?
"Everyone at ATSC knew there was nothing inside the ADE 651."[2] A whistleblower who worked to sell the device around the world with McCormick told the BBC that he once challenged McCormick over the device's effectiveness. McCormick was said to have answered that the device did "exactly what it's meant to ... it makes money."
TSA's self-screening trial in Las Vegas' airport should have been the standard checkpoint ages ago //
skeffles
liffie420
3/08/24 11:59am
A 9/11 style takeover became impossible once they started locking the cockpit doors. That was the only real change they needed. //
skeffles
Ryan Erik King
3/08/24 11:05am
The TSA is designed to be noticeable, intrusive, and cumbersome, as a feature and not a bug. If it ain’t creating a whole hassle, then how will the public NOTICE the government is DOING SOMETHING about that terrorism stuff? It is pure theater like that. It is meant to be in your face, and down your pants, by design.
If it just worked, seamlessly and quietly, then nobody would notice it. //
_beveryman
Ryan Erik King
3/08/24 2:26pm
I am going to regret weighing in with this perspective, but I have been mulling over some security theater in computer security (Web Application Firewalls), and unfortunately there’s a parallel here which explains the value of TSA security theater.
WAF’s do not stop dedicated attackers.
...
So too, the TSA. Security theater doesn’t keep the dedicated attackers out, it keeps the volume of attackers lower, especially the less sophisticated ones. WAF’s provide value in the same way the TSA does, and this was a very uncomfortable light bulb to go off in my mind. //
ilya212
_beveryman
3/08/24 10:30pm
You are not wrong, and you are not the only one. The best summary of TSA I had ever seen came from Israeli airport security (and I trust these guys know what they are talking about): It stops stupid terrorists.
The question however is: How much damage can stupid terrorists actually do? And does preventing this rather minor damage outweigh all the frustration, wasted time, and overall societal grief TSA causes? //
ncbo
Ryan Erik King
3/09/24 11:50am
“theater” itself is a deterrent. It’s like how your front door could be made of thin glass floor to ceiling, trivially easy to smash by a 9 year old. But has anyone ever? That small step of having to break something deters 99% of would-be criminals. //
xspeedy
Ryan Erik King
3/09/24 1:41pm
My biggest frustration is the lack of consistent rules between airports. Some have you remove laptops, others don’t. And so one is always guessing.
The Russian propaganda outlet RT.com released a transcript Friday of senior German military officers discussing the deployment of the German Taurus stealth cruise missile to Ukraine.
Luftwaffe commander Ingo Gerhartz led the 38-minute call that took place on February 19 involved. Other participants were the German Air Force Head of the Operations and Training Section, Frank Graefe, a Luftwaffe Space Command Air Operations Center staff member, Stefan Fenske, and another staff from the center identified only by the surname Frostedte. The call was intercepted because General Gaefe, who was attending the biennial Singapore Airshow (sounds a lot like "hiking the Appalachian Trail"), participated in the discussion using an unsecured hotel telephone line. //
Divulging sensitive operational details in a call recorded by the SVR has caused a lot of problems for Scholz and Germany.
Germany's lack of seriousness in manning its armed forces and now in the way that it handles highly classified details is showing more and more EU nations that it can't look to Germany for competent leadership. The call, which apparently revealed Scholz's thinking on the subject of the Taurus missile that he hadn't shared with allies, foreign or domestic, has given his already flaccid credibility a body blow. This has caused France's Emanuel Macron to make a stab at wresting the leadership of the EU and European NATO from Germany. The tenor of the leaked conversation was one of lukewarm enthusiasm for assisting Ukraine with a strong shot of defeatism.
The long-term impact of the leaked conversation remains unclear. While it's unlikely to lead to an immediate shift in German policy, it has undoubtedly raised the stakes in the ongoing debate about military aid to Ukraine. The damage to diplomatic trust is very real, and the increased pressure from allies creates a complex situation for Scholz. Scholz's approval rate is roughly half that of Joe Biden (17%), and his coalition allies see self-preservation in jumping ship. However, Germany's constitution virtually guarantees that Scholz's government will continue to move zombie-like for the next two years when Germany's power and influence are sorely needed.
What is crystal clear is that this intelligence coup by the SVR has had a significant impact in dividing the pro-Ukraine coalition.