This post from last year was posted to a forum, so I thought I’d write up some rebuttals to their comments. The first comment is by David Chisnall, creator of CHERI C/C++, which proposes we can solve the problem with…
Tag: Errata Security
C can be memory-safe
The idea of memory-safe languages is in the news lately. C/C++ is famous for being the world’s system language (that runs most things) but also infamous for being unsafe. Many want to solve this by hard-forking the world’s system code, either by…
C can be memory-safe
The idea of memory-safe languages is in the news lately. C/C++ is famous for being the world’s system language (that runs most things) but also infamous for being unsafe. Many want to solve this by hard-forking the world’s system code, either by…
I’m still bitter about Slammer
Today is the 20th anniversary of the Slammer worm. I’m still angry over it, so I thought I’d write up my anger. This post will be of interest to nobody, it’s just me venting my bitterness and get off my…
The RISC Deprogrammer
I should write up a larger technical document on this, but in the meanwhile is this short (-ish) blogpost. Everything you know about RISC is wrong. It’s some weird nerd cult. Techies frequently mention RISC in conversation, with other techies…
The RISC Deprogrammer
I should write up a larger technical document on this, but in the meanwhile is this short (-ish) blogpost. Everything you know about RISC is wrong. It’s some weird nerd cult. Techies frequently mention RISC in conversation, with other techies…
The RISC Deprogrammer
I should write up a larger technical document on this, but in the meanwhile is this short (-ish) blogpost. Everything you know about RISC is wrong. It’s some weird nerd cult. Techies frequently mention RISC in conversation, with other techies…
The RISC Deprogrammer
I should write up a larger technical document on this, but in the meanwhile is this short (-ish) blogpost. Everything you know about RISC is wrong. It’s some weird nerd cult. Techies frequently mention RISC in conversation, with other techies…
DS620slim tiny home server
In this blogpost, I describe the Synology DS620slim. Mostly these are notes for myself, so when I need to replace something in the future, I can remember how I built the system. It’s a “NAS” (network attached storage) server that…
No, a researcher didn’t find Olympics app spying on you
This article has been indexed from Errata Security For the Beijing 2022 Winter Olympics, the Chinese government requires everyone to download an app onto their phone. It has many security/privacy concerns, as CitizenLab documents. However, another researcher goes further, claiming…
No, a researcher didn’t find Olympics app spying on you
This article has been indexed from Errata Security For the Beijing 2022 Winter Olympics, the Chinese government requires everyone to download an app onto their phone. It has many security/privacy concerns, as CitizenLab documents. However, another researcher goes further, claiming…
Journalists: stop selling NFTs that you don’t understand
This article has been indexed from Errata Security The reason you don’t really understand NFTs is because the journalists describing them to you don’t understand them, either. We can see that when they attempt to sell an NFT as part…
Journalists: stop selling NFTs that you don’t understand
This article has been indexed from Errata Security The reason you don’t really understand NFTs is because the journalists describing them to you don’t understand them, either. We can see that when they attempt to sell an NFT as part…
Example: forensicating the Mesa County system image
This article has been indexed from Errata Security Tina Peters, the election clerk in Mesa County (Colorado) went rogue and dumped disk images of an election computer on the Internet. They are available on the Internet via BitTorrent [Mesa1][Mesa2], The…
Example: forensicating the Mesa County system image
This article has been indexed from Errata Security Tina Peters, the election clerk in Mesa County (Colorado) went rogue and dumped disk images of an election computer on the Internet. They are available on the Internet via BitTorrent [Mesa1][Mesa2], The…
Debunking: that Jones Alfa-Trump report
This article has been indexed from Errata Security The Alfa-Trump conspiracy-theory has gotten a new life. Among the new things is a report done by Democrat operative Daniel Jones [*]. In this blogpost, I debunk that report. If you’ll recall,…
Review: Dune (2021)
This article has been indexed from Errata Security One of the most important classic sci-fi stories is the book “Dune” from Frank Herbert. It was recently made into a movie. I thought I’d write a quick review. The summary is…
Review: Dune (2021)
This article has been indexed from Errata Security One of the most important classic sci-fi stories is the book “Dune” from Frank Herbert. It was recently made into a movie. I thought I’d write a quick review. The summary is…
Fact check: that “forensics” of the Mesa image is crazy
This article has been indexed from Errata Security Tina Peters, the elections clerk from Mesa County (Colorado) went rogue, creating a “disk-image” of the election server, and posting that image to the public Internet. Conspiracy theorists have been analyzing the…
100 terabyte home NAS
This article has been indexed from Errata Security So, as a nerd, let’s say you need 100 terabytes of home storage. What do you do? My solution would be a commercial NAS RAID, like from Synology, QNAP, or Asustor. I’m…
100 terabyte home NAS
This article has been indexed from Errata Security So, as a nerd, let’s say you need 100 terabytes of home storage. What do you do? My solution would be a commercial NAS RAID, like from Synology, QNAP, or Asustor. I’m…
Check: that Republican audit of Maricopa
This article has been indexed from Errata Security Author: Robert Graham (@erratarob) Later today (Friday, September 24, 2021), Republican auditors release their final report on the found with elections in Maricopa county. Draft copies have circulated online. In this blogpost,…
That Alfa-Trump Sussman indictment
This article has been indexed from Errata Security Five years ago, online magazine Slate broke a story about how DNS packets showed secret communications between Alfa Bank in Russia and the Trump Organization, proving a link that Trump denied. I…
How not to get caught in law-enforcement geofence requests
This article has been indexed from Errata Security I thought I’d write up a response to this question from well-known 4th Amendment and CFAA lawyer Orin Kerr: Question for tech people related to “geofence” warrants served on Google: How easy…
How not to get caught in law-enforcement geofence requests
This article has been indexed from Errata Security I thought I’d write up a response to this question from well-known 4th Amendment and CFAA lawyer Orin Kerr: Question for tech people related to “geofence” warrants served on Google: How easy…
Of course you can’t trust scientists on politics
This article has been indexed from Errata Security Many people make the same claim as this tweet. It’s obviously wrong. Yes,, the right-wing has a problem with science, but this isn’t it. If you think you don’t trust scientists, you’re…
Of course you can’t trust scientists on politics
This article has been indexed from Errata Security Many people make the same claim as this tweet. It’s obviously wrong. Yes,, the right-wing has a problem with science, but this isn’t it. If you think you don’t trust scientists, you’re…
Risk analysis for DEF CON 2021
This article has been indexed from Errata Security It’s the second year of the pandemic and the DEF CON hacker conference wasn’t canceled. However, the Delta variant is spreading. I thought I’d do a little bit of risk analysis. TL;DR:…
Ransomware: Quis custodiet ipsos custodes
This article has been indexed from Errata Security Many claim that “ransomware” is due to cybersecurity failures. It’s not really true. We are adequately protecting users and computers. The failure is in the inability of cybersecurity guardians to protect themselves.…
Some quick notes on SDR
This article has been indexed from Errata Security I’m trying to create perfect screen captures of SDR to explain the world of radio around us. In this blogpost, I’m going to discuss some of the imperfect captures I’m getting, specifically,…
When we’ll get a 128-bit CPU
This article has been indexed from Errata Security On Hacker News, this article claiming “You won’t live to see a 128-bit CPU” is trending”. Sadly, it was non-technical, so didn’t really contain anything useful. I thought I’d write up some…
Anatomy of how you get pwned
Read the original article: Anatomy of how you get pwned Today, somebody had a problem: they kept seeing a popup on their screen, and obvious scam trying to sell them McAfee anti-virus. Where was this coming from? In this blogpost,…
Ethics: University of Minnesota’s hostile patches
Read the original article: Ethics: University of Minnesota’s hostile patches The University of Minnesota (UMN) got into trouble this week for doing a study where they have submitted deliberately vulnerable patches into open-source projects, in order to test whether hostile…
A quick FAQ about NFTs
Read the original article: A quick FAQ about NFTs I thought I’d write up 4 technical questions about NFTs. They may not be the ones you ask, but they are the ones you should be asking. The questions: What does…
We are living in 1984 (ETERNALBLUE)
Read the original article: We are living in 1984 (ETERNALBLUE) In the book 1984, the protagonist questions his sanity, because his memory differs from what appears to be everybody else’s memory. The Party said that Oceania had never been in…
We are living in 1984 (ETERNALBLUE)
Read the original article: We are living in 1984 (ETERNALBLUE) In the book 1984, the protagonist questions his sanity, because his memory differs from what appears to be everybody else’s memory. The Party said that Oceania had never been in…
Review: Perlroth’s book on the cyberarms market
Read the original article: Review: Perlroth’s book on the cyberarms market New York Times reporter Nicole Perlroth has written a book on zero-days and nation-state hacking entitled “This Is How They Tell Me The World Ends”. Here is my review.…
The deal with DMCA 1201 reform
Read the original article: The deal with DMCA 1201 reform There are two fights in Congress now against the DMCA, the “Digital Millennium Copyright Act”. One is over Section 512 covering “takedowns” on the web. The other is over Section…
Why Biden: Principle over Party
Read the original article: Why Biden: Principle over Party There exist many #NeverTrump Republicans who agree that while Trump would best achieve their Party’s policies, that he must nonetheless be opposed on Principle. The Principle at question isn’t about character…
No, that’s not how warrantee expiration works
Read the original article: No, that’s not how warrantee expiration works The NYPost Hunter Biden story has triggered a lot of sleuths obsessing on technical details trying to prove it’s a hoax. So far, these claims are wrong. The story…
No, font errors mean nothing in that NYPost article
Read the original article: No, font errors mean nothing in that NYPost article The NYPost has an article on Hunter Biden emails. Critics claim that these don’t look like emails, and that there are errors with the fonts, thus showing…
Yes, we can validate leaked emails
Read the original article: Yes, we can validate leaked emails When emails leak, we can know whether they are authenticate or forged. It’s the first question we should ask of today’s leak of emails of Hunter Biden. It has a definitive answer.…
Factcheck: Regeneron’s use of embryonic stem cells
Read the original article: Factcheck: Regeneron’s use of embryonic stem cells This week, Trump’s opponents misunderstood a Regeneron press release to conclude that the REG-COV2 treatment (which may have saved his life) was created from stem cells. When that was…
Cliché: Security through obscurity (yet again)
Read the original article: Cliché: Security through obscurity (yet again) Infosec is a largely non-technical field. People learn a topic only as far as they need to regurgitate the right answer on a certification test. Over time, they start to…
How CEOs think
Read the original article: How CEOs think Recently, Twitter was hacked. CEOs who read about this in the news ask how they can protect themselves from similar threats. The following tweet expresses our frustration with CEOs, that they don’t listen…
In defense of open debate
Read the original article: In defense of open debate Recently, Harper’s published a Letter on Justice and Open Debate. It’s a rather boring defense of liberalism and the norm of tolerating differing points of view. Mike Masnick wrote rebuttal on Techdirt. In…
In defense of open debate
Read the original article: In defense of open debate Recently, Harper’s published a Letter on Justice and Open Debate. It’s a rather boring defense of liberalism and the norm of tolerating differing points of view. Mike Masnick wrote rebuttal on Techdirt. In…
Apple ARM Mac rumors
Read the original article: Apple ARM Mac rumors The latest rumor is that Apple is going to announce Macintoshes based on ARM processors at their developer conference. I thought I’d write up some perspectives on this. It’s different this timeThis…
Apple ARM Mac rumors
Read the original article: Apple ARM Mac rumors The latest rumor is that Apple is going to announce Macintoshes based on ARM processors at their developer conference. I thought I’d write up some perspectives on this. It’s different this timeThis…
What is Boolean?
Read the original article: What is Boolean? My mother asks the following question, so I’m writing up a blogpost in response. I am watching a George Boole bio on Prime but still don’t get it. I started watching the first…
Securing work-at-home apps
Read the original article: Securing work-at-home apps In today’s post, I answer the following question: Our customer’s employees are now using our corporate application while working from home. They are concerned about security, protecting their trade secrets. What security feature…
Securing work-at-home apps
Read the original article: Securing work-at-home apps In today’s post, I answer the following question: Our customer’s employees are now using our corporate application while working from home. They are concerned about security, protecting their trade secrets. What security feature…
CISSP is at most equivalent to a 2-year associates degree
Read the original article: CISSP is at most equivalent to a 2-year associates degree There are few college programs for “cybersecurity”. Instead, people rely upon industry “certifications”, programs that attempt to certify a person has the requisite skills. The most…
CISSP is at most equivalent to a 2-year associates degree
Read the original article: CISSP is at most equivalent to a 2-year associates degree There are few college programs for “cybersecurity”. Instead, people rely upon industry “certifications”, programs that attempt to certify a person has the requisite skills. The most…
About them Zoom vulns…
About them Zoom vulns… Advertise on IT Security News. Read the complete article: About them Zoom vulns…
Huawei backdoors explanation, explained
Today Huawei published a video explaining the concept of “backdoors” in telco equipment. Many are criticizing the video for being tone deaf. I don’t understand this concept of “tone deafness”. Instead, I want to explore the facts. Does the word…
A requirements spec for voting
A requirements spec for voting Advertise on IT Security News. Read the complete article: A requirements spec for voting
There’s no evidence the Saudis hacked Jeff Bezos’s iPhone
There’s no evidence the Saudis hacked Jeff Bezos’s iPhone Advertise on IT Security News. Read the complete article: There’s no evidence the Saudis hacked Jeff Bezos’s iPhone
How to decrypt WhatsApp end-to-end media files
How to decrypt WhatsApp end-to-end media files Advertise on IT Security News. Read the complete article: How to decrypt WhatsApp end-to-end media files