Archive for the 'Security' Category

Medical IT crap, the why

Monday, July 11th, 2016

(Continuing from my previous post.) I think the major problem is that buyers specify domain functionality, but not the huge list of “non-functional requirements”. So anyone fulfilling the functional requirements can sell their piece of crap as lowest bidder. Looking at a modern application, non-functional requirements are stuff like resilience, redundancy, load management, the whole […]

A day in the life of “medical IT security”

Saturday, July 9th, 2016

This article is an excellent description of some of the serious problems related to IT security in healthcare. Even though medical staff actively circumvent “security” in a myriad inventive ways, it’s pretty clear that 99% of the blame lies with IT staff and vendors being completely out of touch with the actual institutional mission. To […]

Somewhat dumb credit card region lock

Thursday, June 16th, 2016

Visa has a neat feature where you can determine in which regions the card can be used. In my case, it’s “internet”, “Sweden”, “Nordic countries”, “Europe”, “North and central America”, “South America”, “Africa”, “Asia”, “Oceania”. You can set these through the credit card app (mine is from Volvo, of course). So I disabled all regions […]

Horrible little law

Friday, April 15th, 2016

Feinstein-Burr senate bill, it’s getting crazier by the day: No, this slippery little act says that when a company or person gets a court order asking for encrypted emails or files to be handed over and decrypted, compliance is the law. How compliance actually happens isn’t specified. They don’t care how user security was broken […]

Being a werewolf

Saturday, April 9th, 2016

Very interesting game with implications for understanding of secure protocols and compromise detection.

Enemy number one

Thursday, March 24th, 2016

The US gov is quickly turning into corporate threat number one: Apple has long suspected that servers it ordered from the traditional supply chain were intercepted during shipping, with additional chips and firmware added to them by unknown third parties in order to make them vulnerable to infiltration, according to a person familiar with the […]

Protonmail

Saturday, March 19th, 2016

Protonmail, a secure mail system, is now up and running for public use. I’ve just opened an account and it looks just like any other webmail to the user. Assuming everything is correctly implemented as they describe, it will ensure your email contents are encrypted end-to-end. It will also make traffic analysis of metadata much […]

John Oliver on the Apple/FBI thing

Wednesday, March 16th, 2016

If you for some reason missed John Oliver’s explanation of the Apple vs FBI thing, do watch it now.

The FBI in full Honecker mode

Saturday, March 12th, 2016

Consider this: Obama: cryptographers who don’t believe in magic ponies are “fetishists,” “absolutists” …and even worse, this: Surprise! NSA data will soon routinely be used for domestic policing that has nothing to do with terrorism Let’s consider this for a bit. In particular the “going dark” idea. The idea that cryptography makes the governments of […]

Privacy shield…

Tuesday, March 1st, 2016

Completely worthless. Same pig, different name. We can’t trust the EU. 5 things you need to know about the EU-US Privacy Shield agreement | Macworld