Soghoian: " Without Computer Security, Sources' Secrets Aren't Safe With Journalists"

Christopher Soghoian's NYT op-ed on one important lesson from Wikileaks: infosec for journalists and their sources. "Sadly, operational computer security is still not taught in most journalism schools, and poor data security practices remain widespread in news organizations. Confidential information is sent over regular phone lines and via text messages and e-mail, all of which are easy to intercept. — Read the rest

Airport lounges will let anyone in, provided you can fake a QR code

When computer security expert and hardcore traveller Przemek Jaroszewski found that he couldn't enter an airline lounge in Warsaw because the automated reader mistakenly rejected his boarding card, he wrote a 600-line Javascript program that generated a QR code for "Batholemew Simpson," a business-class traveller on a flight departing that day.

Did the FBI pay Carnegie Mellon $1 million to identify and attack Tor users?

Documents published by Vice News: Motherboard and further reporting by Wired News suggest that a team of researchers from Carnegie Mellon University who canceled their scheduled 2015 BlackHat talk identified Tor hidden servers and visitors, and turned that data over to the FBI. — Read the rest

News organizations and Digital Security: solutions to surveillance post-Snowden


I'm in Washington, D.C. today with the Freedom of the Press Foundation for a day-long event, "News Organizations and Digital Security, Solutions to Surveillance Post-Snowden."

Heavy hitters are present, talking about encryption and security in real-world practice–including including Dana Priest, investigative reporter, Washington Post; James Risen, investigative reporter, New York Times; Christopher Soghoian, principal technologist and senior policy analyst, ACLU; Julia Angwin, investigative reporter, ProPublica; all of The Intercept's security team and others. — Read the rest