Day: July 19, 2017

This is a companion lunchtime post to my previous one. Whereas that post focused on government-related areas, this posts shares some cybersecurity items of broader interest:

• Two Factor Authentication. The Verge has an interesting opinion piece on why two-factor authentication has failed us. We have a mix of approaches, some still depending on SMS even though there are significant weaknesses there. As they say: “Nearly all major web services now provide some form of two-factor authentication, but they vary greatly in how well they protect accounts. Dedicated hackers have little problem bypassing through the weaker implementations, either by intercepting codes or exploiting account-recovery systems. We talk about two-factor like aspirin — a uniform, all-purpose fix that’s straightforward to apply — but the reality is far more complex. The general framework still offers meaningful protection, but it’s time to be honest about its limits. In 2017, just having two-factor is no longer enough.”
• Backup Software. One of the best solutions for security — and a key protection against ransomware — is having backups. But Windows backup software is often hit or miss. Here’s a good review of various packages from PC World. I’ve been using an older version of their top-rated software for a few years now: I’m on Acronis True Image 2015. It backs up to the cloud without a subscription. Their newer stuff seems to have some different models, and I haven’t decided (a) if I want to upgrade, and (b) if I want to go with their subscription approach. I’ll also note that I’ve used the Paragon backup (an older version). What I didn’t like was that it grabbed every partition on the system, and did really bad space management such that your backups would fill a drive.
• Family Passwords. This week, Lastpass announced a new service: A family password manager. As they write: “Enter LastPass Families, where you can store everything from bank accounts to passports to credit cards. Your details are secure, organized the way you want, and easily shared with your spouse, kids, in-laws, and more. You can even give access to others in the event of an emergency. The family manager can quickly add and remove members to the account, making it easy to get everyone up and running.” I still need to figure out if this service (or how this service) is an improvement over multiple Lastpass accounts. They also indicate that there is a fee for the service beyond Lastpass Premium, but if I have multiple family members with LP Premium, can things somehow be combined into one account that takes into account what has been paid. Perhaps they’ll answer this post.
• Alice and Bob. I’ve always joked that when I hear the names Alice and Bob, my eyes glaze over for the crypto discussion that follows. But why Alice and Bob? What is their history? This article answers that question. It details the major events in the “lives” of Alice and Bob, from their birth in 1978 onwards.
• Erasing Data. Here’s a pretty good summary of how to erase data from both magnetic and solid state drives. File it away; it may prove useful.

Over the past few weeks, I’ve collected a number of articles related to, shall we say, work-related topics. Here is where I share them with you, while enjoying my lunch:

• Headline: “Air Force operationalizes new cybersecurity plans“. This is a real interesting article detailing some of the changes being made in the Air Force to improve their cybersecurity stance. For those with an interest in cybersecurity and resilience, it is a move in the right direction.
• Headline: “There may soon be a new US military service — for space“. There’s one problem with the US Air Force. There’s no air in space. This article is about a potential separation between the Air Force side and the “Space Force”, with a notion that the Space Force would be like the Marines: part of, but yet separate from, the Air Force. It will be interesting to see how this pans out.
• Headline: “Malware protection for air-gapped systems“. One of the ways we supposedly protect system is through air gaps — that is, no actual network connections. Yet as we saw with Stuxnet, such gaps don’t always work. This explores the way one vendor is addressing protection for such systems.
• Headline: “U.S. to create the independent U.S. Cyber Command, split off from NSA“. The Department of Defense has many broad commands, most representing geographic areas (think Atlantic Command, Pacific Command, etc.) or broad functional areas (Strategic Command). One recent command created was Cyber Command, but it was part of and colocated with NSA. This article, as well as this one, discuss the potential separation of the two. This would permit Cyber Command to focus on cyber-related defense activities  (and possibly offense), and NSA to focus on its intelligence role. What they don’t discussion is the disposition of the unclassified side of NSA — what was once the National Computer Security Center, and now would include things like the Common Criteria folk. My guess is that the separation is easier in theory than practice.