Category Archives: English

Internet, Privacy and Televisions

Posted on by

It seems that television (hardware) makers do not have very clear ideas (or have understood it too well) of which kind of information one can extract from private people when their televisions are connected to internet. Here is a possibly disturbing but not surprising story.

Obviously the televisions will ‘call home’ for a variety of reasons and purposes, and this is part of having the television connected to internet. What it should also be spelled out clearly, is what the television reports back about its owner.

A new way of authenticating yourself

Posted on by

We all know very well that username+password is a very weak form of authentication. Unfortunately alternative universal and more secure methods are not available.

Some researcher (see here for example) are proposing to use our mobile phones as pencils to draw our signature in the air and to use this movement as our password. This approach has many interesting characteristics, from the hardware-set used, to the movement itself which can be extremely difficult to replicate, much more difficult than a fingerprint, and a few drawbacks like the obvious need of space to do it.

There is already an App for Android that you can download here. In any case, more research is needed in particular in the full evaluation of the security features of this almost biometric authentication method.

Cyber Readiness Index of Countries

Posted on by

It has just been presented here a study about the “Readiness” of Countries with respect to all what is “Cyber”.

It is difficult to comment on the data presented, but it is surely of interest. Personally I love slide 21 which has just the following in it:

No Index Measures Security

Not much else to add.

ENISA Publishes Guidelines on the Use of Cryptography

Posted on by

ENISA just published a report with recommendations on the use of crypto algorithms, keysizes and parameters.

Crypto elements are classified in primitives, schemes, protocols ad key sizes and for each of them it is stated if it is:

  • Legacy not adequate, to be replaced immediately
  • Legacy adequate but with better existing alternatives
  • Future proof and expected to remain secure for 10 to 50 years.

Following the NSA saga and the state of uncertainty we are living in right now, this is a must read.

News of the week

Posted on by

Some news of this week that caught my eye:

  • A claim for a new “indestructible” rootkit: BadBIOS: true or advertisement? See here.
  • Lavabit and Silent Circle join forces in the Dark Mail Alliance to create a really secure end-to-end email service. See here.
  • Amazon will build a 600M USD cloud for the CIA, IBM is not too happy about that… See here.
  • Bitcoin “crisis” and the advent of Litecoin, what is it going on in the world of online currencies? See here for a report and here for the latest news.

Linkedin Intro-duces Intro

Posted on by

Linkedin has introduced a service called Intro for the moment for Iphone users. Here are some details about it.

I am very puzzled by the “How it works” details, and in particular for all possible kind of issues with the possible use of private, personal or company information. Here there are some relevant arguments against this new service which are worth reading and considering.

Will tablets kill desktop PCs?

Posted on by

A few days ago IDC released (see here and here) a forecast according to which by 2017 87% of connected devices will be tablets and smartphones. Desktop PC sales will be down whereas tablets and smartphone sales will grow double digits.

This does not surprises me, most users do not need a full PC for browsing the web and access the few applications by now mostly “in/on the clouds” that they use. Easy of access, intuitive interfaces and great graphics are more important than the full power of a desktop PC with all possible kind of resident applications (which the user should then manage).

Security and all kinds of management should be done by the device provider, better if almost unknown to the user or with very limited user participation.

Privacy and personal information dissemination are the only issue which involves directly every user, and on this point we will need to improve quite a lot.

Obviously, work related PC requirements are different, and for this use desktop PCs will remain, albeit in reduced numbers.