John Oliver spent 18 minutes discussing the latest iteration of the crypto wars sparked by the recent Apple v. FBI case. In his summation, he provided a fantastic metaphor for cybersecurity, "dancing madly on the lip of a volcano". I think this metaphor is especially pointed as we see a greater increase in regulatory intervention by bodies with very limited views or education into security. There is no global consensus on cyber security and the house is on fire as of late.

After waiting for what seemed like an eternity, the site finally has a Let's Encrypt certificate! I took some time to setup TLS properly this evening (total project time: 2 hours), following fantastic guides from Mozilla and other sources (WeakDH.org, Qualys SSL Server Test, and Scott Helme's SecurityHeaders) ensure a secure and modern implementation. See reports below. Was this necessary for a site that simply serves up my idle thoughts on privacy and security?

Brian Warehime of nullsecure.org published a new threat intel piece, walking his readers through his analysis of incidents captures through his honeypot. The entire post, http://nullsecure.org/threat-intel-web-crew/, is fantastic and I encourage you to read it top to bottom. One snippet I found incredibly useful was a simple bash shell function that saves a great deal of time when performing IP based analysis. function ipgrab() { read line; echo $line | grep -E -o '[0-9]{1,3}\.

I heard about the breach at [$COMPANY_NAME$] and the [$BREACH_QUANTITY$] [$DATA_TYPE$ one of "credit card", "patient record", "social security number", "user login", "hashed passwords", "national security secrets", "Hollywood star's 'selfies'"] compromised. Of course this is a serious matter and is the largest since [$YESTERDAY_DATE$] The people at [$COMPANY_NAME$] have not yet released details, which is appropriate given an incident response of this magnitude. I understand that they have the [$RESPONDER_NAME$ multiple of "

Vice has a great interview with Peter Singer. Singer makes some excellent points, especially when it comes to applying the word terrorism to the Sony pictures hack. The FBI's definition of terrorism is as follows:18 U.S.C. § 2331 defines "international terrorism" and "domestic terrorism" for purposes of Chapter 113B of the Code, entitled "Terrorism":"International terrorism" means activities with the following three characteristics: Involve violent acts or acts dangerous to human life that violate federal or state law;Appear to be intended (i) to intimidate or coerce a civilian population; (ii) to influence the policy of a government by intimidation or coercion; or (iii) to affect the conduct of a government by mass destruction, assassination, or kidnapping; andOccur primarily outside the territorial jurisdiction of the U.

Power exists to be used. Some wish for cyber safety, which they will not get. Others wish for cyber order, which they will not get. Some have the eye to discern cyber policies that are "the least worst thing;" may they fill the vacuum of wishful thinking.

Privacy and security folks rely on encryption as a means to ensure the confidentiality and integrity of information, protecting it at rest and in transit. But what happens when a fundamental control is thoroughly compromised? When a protective control becomes an attack vector? How should we react? It is critical to note that proof of concept exploit code is already in the wild. This is not a theoretical emergency.

Generating keys and CSR requests for your Public Key Infrastructure (PKI) needs is tedious and annoying without proper tools. Remembering openssl commands and syntax requires a constant visit to the man page or the googles. So what does any good geek do when faced with a repetitive problem? They write a script or download a tool. I wrote a script because I love reinventing the wheel.

The Chaos Computer Club, a Germany based hacker collective with a rich history of publicly demonstrating security risks, published an article describing how it had broken the new iPhone Biometric authentication service. They used tools and techniques originally developed in 2004 to fool the iPhone fingerprint sensor.  "The biometrics hacking team of the Chaos Computer Club (CCC) has successfully bypassed the biometric security of Apple's TouchID using easy everyday means.