“A step-by-step account of an overnight digital heist”     by Russell Brandom

In the early morning hours of October 21st, 2014, Partap Davis lost $3,000. He had gone to sleep just after 2AM in his Albuquerque, New Mexico, home after a late night playing World of Tanks. While he slept, an attacker undid every online security protection he set up. By the time he woke up, most of his online life had been compromised: two email accounts, his phone, his Twitter, his two-factor authenticator, and most importantly, his bitcoin wallets.

In this article, Partap Davis spent weeks tracking down exactly how it had happened. In this article, “Anatomy of a Hack” is revealed.

Electronic Frontier Foundation (EFF) prepared a “Secure Messaging Scorecard” that compares many widely-available text messaging applications on computers and mobile devices, including iOS devices such as iPhone and iPad, as well as Android based phones and tablets.

My favorites are:

I use ChatSecure + Orbot

Cryptocat is a nice alternative using Facebook contacts, though I never used it.

Prediction means it is done before the actual result occurs.

By flawless, it is meant that there is zero error; the prediction is not just close to the result, it is exactly the result.

If you want to learn how to do that, or learn how not to be fooled by fake predictions, read this extremely well-prepared article:

CIA (United States of America, Central Intelligence Agency) adopts Amazon cloud (AWS – Amazon Web Services) for use with the intelligence data. This is a turning point for cloud services, and implies extreme trust in their security.

You may read more in the following (among many others):

I have recently came accross Matt Welsh’s blog. He has great opinions on many academia-industry-university issues. Go ahead and read his blog in general:

Some articles I have read and really enjoyed are:

A relatively old article from Bruce Schneier, but it is still perfectly valid:

Some of my favorite quotes from the article:

“The odds favor the attacker. Bad guys have more to gain by examining a system than good guys. Defenders have to protect against every possible vulnerability, but an attacker only has to find one security flaw to compromise the whole system.”

“Security is different from any other design requirement, because functionality does not equal quality. If a word processor prints successfully, you know that the print function works. Security is different; just because a safe recognizes the correct combination does not mean that its contents are secure from a safecracker.”

A very nice column on the history of null-terminated strings, and the (horrible) outcomes in terms of global economics and security:

“The Most Expensive One-byte Mistake” by Poul-Henning Kamp:

A great and short article by Arvind Narayanan and Vitaly Shmatikov, titled Privacy and Security: Myths and Fallacies of “Personally Identifiable Information”

A brief history of real random number generators, containing several implications and links to further reading, and finishing with a particular current real random number generator.

“Behind Intel’s New Random-Number Generator” by Greg Taylor and George Cox [September 2011]