The Art of Security

A postmodern infographic.

The Art of Security

Jack Leonard: The design of this infographic is a tribute to swiss modernism & the postmodern movement. It features Bauhaus style type & distorted illustrations and makes for heavy use of images.

I chose to incorporate pictures of faces and people to play on the stark dissonance between security and people.

See also other posts tagged ‘security’ and ‘infographics’.

Life on the Internet

The Art of Security

“This infographic distills the Art of Security. Dissimilar from the Art of War in the information security world we will never know our enemy and our battle is not one that can be won. So how can we ensure that we don’t lose that battle?”

Image
Life on the Internet

US government framework for handling cyberattacks

The Verge: The White House now has a color-coded scale for cybersecurity threats

The Presidential Policy Directive on United States Cyber Incident Coordination builds on the action plan that Obama laid out earlier this year, and it’s intended to create a clear standard of when and how government agencies will handle incidents. It also comes with a new threat level scale, assigning specific colors and response levels to the danger of a hack.

Cyber Incident Severity Schema

The cyberattack severity scale is somewhat vague, but it’s supposed to make sure that the agencies involved in cybersecurity — the Department of Justice, Department of Homeland Security, and Office of the Director of National Intelligence — respond to threats with the same level of urgency and investment.

See also

Standard
PirateBox
Shape of things to come

PirateBox: Your own Internet in a box

PirateBox is a DIY anonymous offline file-sharing and communications system built with free software and inexpensive off-the-shelf hardware.

PirateBox

PirateBox creates offline wireless networks designed for anonymous file sharing, chatting, message boarding, and media streaming. You can think of it as your very own portable offline Internet in a box!

When users join the PirateBox wireless network and open a web browser, they are automatically redirected to the PirateBox welcome page. Users can anonymously chat, post images or comments on the bulletin board, watch or listen to streaming media, or upload and download files inside their web browser.

To get started you will need one wireless router, a USB flash drive, an Ethernet cable and a computer with ethernet port, with an optional 5V/USB Battery.

piratebox.cc

Standard

Meet the seven people who hold the keys to worldwide internet security

It sounds like the stuff of science fiction: seven keys, held by individuals from all over the world, that together control security at the core of the web. James Ball joins a private ceremony, and finds the reality is rather closer to The Office than The Matrix.
James Ball, The Guardian

The keyholders have been meeting four times a year, twice on the east coast of the US and twice here on the west, since 2010. All have long backgrounds in internet security and work for various international institutions. They were chosen for their geographical spread as well as their experience – no one country is allowed to have too many keyholders. They travel to the ceremony at their own, or their employer’s, expense.

What these men and women control is the system at the heart of the web: the domain name system, or DNS. This is the internet’s version of a telephone directory. Without these addresses, you would need to know a long sequence of numbers for every site you wanted to visit.

Alan Westin
Shape of things to come

Alan Westin’s four states of privacy

In her post explaining her reasons for shutting down Groklaw, Pamela Jones excerpts a passage from a book by Janna Malamud Smith which in turn references Alan Westin’s four states of privacy, outlined in his 1967 book Privacy and Freedom:

Safe privacy is an important component of autonomy, freedom, and thus psychological well-being, in any society that values individuals. Summed up briefly, a statement of “how not to dehumanize people” might read: Don’t terrorize or humiliate. Don’t starve, freeze, exhaust. Don’t demean or impose degrading submission. Don’t force separation from loved ones. Don’t make demands in an incomprehensible language. Don’t refuse to listen closely. Don’t destroy privacy. Terrorists of all sorts destroy privacy both by corrupting it into secrecy and by using hostile surveillance to undo its useful sanctuary.

But if we describe a standard for treating people humanely, why does stripping privacy violate it? And what is privacy? In his landmark book, Privacy and Freedom, Alan Westin names four states of privacy: solitude, anonymity, reserve, and intimacy. The reasons for valuing privacy become more apparent as we explore these states.

The essence of solitude, and all privacy, is a sense of choice and control. You control who watches or learns about you. You choose to leave and return.

Intimacy is a private state because in it people relax their public front either physically or emotionally or, occasionally, both. They tell personal stories, exchange looks, or touch privately. They may ignore each other without offending. They may have sex. They may speak frankly using words they would not use in front of others, expressing ideas and feelings — positive or negative — that are unacceptable in public. (I don’t think I ever got over his death. She seems unable to stop lying to her mother. He looks flabby in those running shorts. I feel horny. In spite of everything, I still long to see them. I am so angry at you I could scream. That joke is disgusting, but it’s really funny.) Shielded from forced exposure, a person often feels more able to expose himself.

Standard
Life on the Internet

The 10 Immutable Laws of Computer Security

Scott Culp’s “10 Immutable Laws of Security” from Microsoft c.2000, but still highly relevant today.

  1. Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore.
  2. Law #2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore.
  3. Law #3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.
  4. Law #4: If you allow a bad guy to upload programs to your website, it’s not your website any more.
  5. Law #5: Weak passwords trump strong security.
  6. Law #6: A computer is only as secure as the administrator is trustworthy.
  7. Law #7: Encrypted data is only as secure as the decryption key.
  8. Law #8: An out of date virus scanner is only marginally better than no virus scanner at all.
  9. Law #9: Absolute anonymity isn’t practical, in real life or on the Web.
  10. Law #10: Technology is not a panacea.

Further reading: Revisiting the 10 Immutable Laws of Security

Standard