Five years ago, the National Security Agency (NSA) released 136 issues of its internal Cryptolog periodical spanning 1974 through 1997. The collection offered a look into the some of the discussions being held within one of America’s most secretive intelligence agencies. Today the GWU-based National Security Archive is providing a complete index of all 1,504 items in the declassified collection, including but not limited to articles, interviews, and puzzles.

source: SOS

To provide the strongest defense against phishing, Advanced Protection goes beyond traditional 2-Step Verification. You will need to sign into your account with a password and a physical Security Key. Other authentication factors, like codes sent via SMS or the Google Authenticator app, will no longer work.

source: SOS

So of the five serious zero-day vulnerabilities against Windows in the NSA’s pocket, four were never independently discovered.

I think this is an interesting data point in the debate about the risks of hoarding, etc.

source: SOS

Dividing security checks into haves and have-nots is bad social policy

Probably a dead on arrival policy, but nevertheless.

source: SOS

Your privacy leaking feature of the day.

source: SOS

It begins with a taxonomy of the different ways investigators might try to bypass encryption schemes. We classify six kinds of workarounds: find the key, guess the key, compel the key, exploit a flaw in the encryption software, access plaintext while the device is in use, and locate another plaintext copy.

source: SOS

They all largely say the same things: avoid known vulnerabilities, don’t have insecure defaults, make your systems patchable, and so on.

So basically, do all the things you’re not doing but know you should.

source: SOS

Pattern lock is widely used as a mechanism for authentication and authorization on Android devices. In this paper, we demonstrate a novel video-based attack to reconstruct Android lock patterns from video footage filmed using a mobile phone camera.

source: SOS