- Threat Watch
- Warrior Tools
- Body Armor
- Long Guns
- Accuracy International
- Desert Tactical Arms
- Kel-Tec Long Guns
- Mosin Nagant
- Rock River Arms
- Ruger Long Guns
- Sabre Defense
- SIG Sauer
- Smith & Wesson Long Guns
- Wilson Combat
Posts Tagged security
From Fox News:
“There are probably 100 FBI agents who worked on the investigation of Mrs. Clinton– hardworking men and women in field who gathered evidence and interviewed witnesses–…and are furious at the decision not to prosecute her,” Napolitano said on The Kelly File.
Randomly-generated passphrases offer a major security upgrade over user-chosen passwords. Estimating the difficulty of guessing or cracking a human-chosen password is very difficult. It was the primary topic of my own PhD thesis and remains an active area of research. (One of many difficulties when people choose passwords themselves is that people aren’t very good at making random, unpredictable choices.)
Measuring the security of a randomly-generated passphrase is easy. The most common approach to randomly-generated passphrases (immortalized by XKCD) is to simply choose several words from a list of words, at random. The more words you choose, or the longer the list, the harder it is to crack. Looking at it mathematically, for k words chosen from a list of length n, there are kn possible passphrases of this type. It will take an adversary about kn/2 guesses on average to crack this passphrase. This leaves a big question, though: where do we get a list of words suitable for passphrases, and how do we choose the length of that list?
In general choosing four five-letter words is better than one long word with number substitutions and some weird characters thrown in. It’s easier to remember and vastly harder for a computer to guess.
From GOP USA:
Police chiefs are struggling to recruit enough officers willing to carry a gun to tackle a Paris-style terror attack, because they fear they will be treated as criminal suspects if they use their weapon in the line of duty, the country’s top firearms officer has warned.
After November’s terrorist gun and bomb attacks on Paris, senior security officials believe Britain needs an extra 1,500 armed officers. But because half won’t make it through rigorous training and selection, police chiefs need 3,000 volunteers to come forward.
From the EFF:
In addition, this new method of accessing the phone raises questions about the government’s apparent use of security vulnerabilities in iOS and whether it will inform Apple about these vulnerabilities. As a panel of experts hand-picked by the White House recognized, any decision to withhold a security vulnerability for intelligence or law enforcement purposes leaves ordinary users at risk from malicious third parties who also may use the vulnerability. Thanks to a lawsuit by EFF, the government has released its official policy for determining when to disclose security vulnerabilities, the Vulnerabilities Equities Process (VEP).
“The European Union Is Not a Security Union is republished with permission of Stratfor.”
In the wake of any shocking event, national governments and officials of the European Union invariably call for more cooperation between member states to prevent anything similar happening in the future. The response to the March 22 terrorist attacks in Brussels has been no different.
Following the attacks, the governments of Germany, Italy, France and members of the European Commission demanded a global response to the terrorist threat. The commission’s president, Jean-Claude Juncker, even proposed the creation of a “security union” to combat terrorism at the continental level. In a March 24 meeting, ministers at the EU Justice and Home Affairs Council highlighted the need to share information among member states to fight terrorism. But despite the calls for greater cooperation among EU members, the national interests of individual member states will prevail in the long run, limiting the possibility of integration within the bloc on security issues. Read the rest of this entry »
If Apple is compelled to create a program that doesn’t exist for the government, that would be a type of slavery.
Instead, the DOJ has obtained the most unique search warrant I have ever seen in 40 years of examining them. Here, the DOJ has persuaded a judge to issue a search warrant for A THING THAT DOES NOT EXIST, by forcing Apple to create a key that the FBI is incapable of creating.
There is no authority for the government to compel a nonparty to its case to do its work, against the nonparty’s will, and against profound constitutional values. Essentially, the DOJ wants Apple to hack into its own computer product, thereby telling anyone who can access the key how to do the same.
If the courts conscripted Apple to work for the government and thereby destroy or diminish its own product, the decision would constitute a form of slavery, which is prohibited by our values and by the Thirteenth Amendment.
It’s way more complicated than the pundits are saying. To be fully informed read these articles.
From the EFF:
…the FBI’s demands reflect a familiar pattern of security agencies leveraging the most seemingly compelling situations—usually the aftermath of terror attacks—to create powers that are later used more widely and eventually abused. The government programs monitoring the telephone system and Internet, for example, were created in the wake of the 9/11 attacks. Those programs came to undermine the rights of billions of people, doing more damage to our security than the tragic events that prompted their creation.
ArsTechnica discusses Fifth Amendment issues:
But the Fifth Amendment goes beyond the well-known right against compelled self-incrimination. The relevant part for the Apple analysis is: “nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.”
The idea here is that the government is conscripting Apple to build something that it doesn’t want to do. That allegedly is a breach of its “substantive due process.” The government is “conscripting a company’s employees to become agents for the government,” as one source familiar with Apple’s legal strategy told Ars. The doctrine of substantive due process, according to Cornell University School of Law, holds “that the 5th and 14th Amendments require all governmental intrusions into fundamental rights and liberties be fair and reasonable and in furtherance of a legitimate governmental interest.”
Reason discusses the political battle over encryption:
This incident is only the latest conflict in a years-long encryption and security war waging between privacy- and security-minded groups and the law enforcement community. As more communications are digitized, authorities have been calling for industry assistance to build so-called government “backdoors” into secure technologies by hook or by crook.
Those in law enforcement fear a scenario where critical evidence in a terrorism or criminal case is beyond the reach of law enforcement because it is protected by strong encryption techniques that conceal data from anyone but the intended recipient. Hence, leaders at agencies like the Department of Justice, the Department of Homeland Security, and the National Security Agency, along with President Obama, have weighed in against strong encryption.
In the wake of the Russian Metrojet crash and the Paris terror attacks, security while flying in the U.S. is of greater concern than ever. Yet in Atlanta, a man said he accidentally carried a loaded gun onto a commercial flight and the TSA never found it.
The TSA is mostly just security theater to make it seem like people are safe. This is worse than doing nothing because now people have a false sense of security.
From Ars Technica:
LastPass officials warned Monday that attackers have compromised servers that run the company’s password management service and made off with cryptographically protected passwords and other sensitive user data. It was the second breach notification regarding the service in the past four years.
In an e-mail to reporters, Ars resident password expert Jeremi Gosney said the real-world risks the breach posed to end users was minimal. He based his assessment on the LastPass response to the breach and the system that was in place when it happened. He paid particular attention to the 100,000-round hashing routine, which he said was among the strongest he has ever seen.
From The RAND Corporation:
Dozens of young Americans like Nguyen have attempted to join overseas jihadist groups in the past several years, raising special concern among counterterrorism officials that they might bring the fight home with them when they return. The threat was punctuated with gunfire earlier this year, when two French brothers—Chérif and Saïd Kouachi—stormed the Paris offices of the news magazine Charlie Hebdo; both had reportedly trained with groups in Yemen and then slipped back into French society.
A RAND analysis by internationally renowned terrorism expert Brian Michael Jenkins of more than 100 cases found that almost all of the American jihadists who went overseas ended up dead or landed in the same place as Sinh Vinh Ngo Nguyen. Brought down by his trusted confidante, who was really working undercover for the FBI, Nguyen admitted in court that he was trying to get to Pakistan to help train al Qaeda fighters. He was sent to prison for 13 years.
Interview from Harvard University:
Terms of the buyout deal with Spanish smartphone maker Geeksphone, the phone’s hardware manufacturer, were not disclosed. Silent Circle said Thursday that it has raised $50 million and plans on showing off an encrypted “enterprise privacy ecosystem” at World Mobile Congress next week. A BlackPhone tablet is on the way, too.
“Silent Circle has brought tremendous disruption to the mobile industry and created an integrated suite of secure enterprise communication products that are challenging the status quo,” Mike Janke, cofounder and chairman of the Silent Circle board, said in a statement. “This first stage of growth has enabled us to raise approximately $50M to accelerate our continued rapid expansion and fuel our second stage of growth.”
Clark agreed that any Android-based password manager that uses the OS clipboard is susceptible. He strongly recommends that people stop using any app setup that works this way. Many apps use standalone browsers, browser extensions, or software keyboards to enter credentials into login fields. There is no evidence they are susceptible to sniffing. The reason ClipCaster takes special aim at LastPass, Clark said, is simple. It just happened to be the manager he installed on his phone. There are no reports that password managers running on iOS or Windows Phone are vulnerable. But there can be way to know for sure, since Ars is unaware of the any comprehensive study testing the security of managers on those platforms.