Security – Page 19 – Maverisk / Étoiles du Nord

Trigger seeding

In defense of sloppy account management …
Sort of. Rather, deliberately sloppy account management.

Reading through this in particular, and that, I wondered: Would there not be a nice part of a solution in seeding your user accounts database(s) with fake accounts, to act as tripwires ..? They could be given no access to anything, or access only to honeypot-like info / environments. And then trigger the alarm when accessed – by intruders, or by own security staff or auditors when doing surveillance of controls functioning.
Somehow also, I have a gut feeling there’s some hidden secondary effects in this. Any of you who has given this some more thought already, and have info on this ..? Much appreciated.

For now, this:

[This makes me look fat. La Défense again.]

Oh hey, quoted (at a distance)

Oh hey, I got quoted (almost … I mean at an enormous distance) by some reputable (?) institution.
Where that body did jump to all sorts of conclusions (see my next Monday 27 April post squared with my 3 April post against (?) those), but in the passing mentioned an arms’ race known to modern man already for decades as if it were something new. In this here piece.

What’s the aim, then? To have all sorts revert to Flipping ..?

To leave you with:
DSCN3994
[Still? against intruders, Trier]

Culpable misinformation

The inescapable Bruce was very mild, characterising Comey’s texts as a joke. Like here, on this. Whereas puppets everywhere (in NL as well, here) can show only a handful cases if any at all where mass surveillance (like this by InfoSec Taylor:

explains) has been key. Referring not to any paraphrase (here) of Ben Franklin (“Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.”) ..?

But the point is: Where failure to act may be culpable in the same way that acts may be, deliberate (intentful) misrepresentation by omitting knowledge and/or presenting false conclusions may be as culpable as outright lying. In particular, when in the public sphere (of income) where speaking the truth (the whole, and nothing but…) is part of the deal, however indirectly through defense of a constitution. Wilful neglect of that duty (that may include informing oneself properly!) is a scam, con, deceit, fraud.

So, come clean. And:

[F..tis didn’t get away with it; too simpleton despite pretense]

VoteChain

A short question: Would anyone have pointers to info on how to use blockchain methodology to have (physical-world) voting on the ‘Net but with integrity, secrecy and (non-)repudiation everywhere, from eligibility registration to tallying and publication ..?

Because I’d say there’s possibilities with said technology ( / process / methodology / application ?).
E.g., what was it again with that Swiss canton that did three votes per voter and newspaper publication of codes, and other such schemes ..?

Otherwise, this:
[youtube https://www.youtube.com/watch?v=PLIVVDmDjDI]
Will return on this subject. For now:

[Not seen so oft; for no (?) reason; FLlW near Baltimore]

Here, First

Integrity at any level is the Yggdrasil of any CIA or other quality of the layers on top of it.

I.e., if at the platforms level the integrity of software (à la Turing, engine/programs and data) cannot be fully 100,000…% be guaranteed, no extreme of measures op top of it can restore the missing percentage, only (somewhat) limit further deterioration of the stack on top.

Okay, this being a bit abstract, a somewhat more simple and extensive explanation will follow.
Till then:

[No base, no glory; Sevilla]

All in all, together in order

Ah. Actually, I needed a well-ordered list of the subset of my posts re All Against All. Because searches don’t pony up the rightly ordered results, herewith for future reference:

Part 1 here;
Part 2 here;
Part 3 here;
Part 4 here;
Part 5 here;
Part 6 here.

So… Done. For you:
DSCN4588
[Well-calculated dare, Madrid]

Total priv’stalking

Errrm, would anyone have pointers to literature (of the serious kind, not the NSFW kind you only understand) regarding comparison of real physical-world stalking versus on-line total data collection ..?
No, not as some rant against TLAs but rather against commercial enterprise than not only collects, but actively circles around you, wherever you go. Giving you the creeps.

Because the psychological first response is so similar, can it be that the secondary behavioural response / adaptation is similar, in self-censorship and distortion of actual free movement around … the web and free choice of information ..?

And also, whether current anti-stalking laws of the physical world, would actually work, or need strengthening anyway, and/or would/could work or need translation/extension, to cover liberty of movement and privacy-as-being-the-right-to-be-left-alone i.e., privacy as the right to not be tracked, privacy as the right to anonymity everywhere but the very very select very place- and time(!!)-restricted cases one’s personal info is actually required. Privacy as in: companies might have the right to have their own information but not the right to collect information of or on me (on Being or Behavioural) as that is in the end always information produced by me, through being or behaving. The (European) principle still is that copyright can be granted, transferred, shared out in common parlance by payment for use (or getting paid for transferring the right to collect such payments) i.e., economically, but not legally; the actual ownership of the copyright remains with the author!

See why I excluded the TLAs ..? They may collect all they would want but not use unless on suspicion after normal-legal specific a priori proof; that’s their job. No officially (…) they may not step outside their confined remit box, but they do have a box to work within.
Now, back to the question: Please reply with other than the purely legal mumbo-jumbo that not even peers could truly understand but just babble along with.

In return, in advance:

[Foggy (eyes), since in the olden days, probably never to be seen again; Bélem]

Better IoT privacy

Oh, I’ve been outdone again, in some ways. Which isn’t a big deal; ’twill happen to you, often, too. This time, it’s about the IAM in IoT that I signalled here and here, here, and here as a generic problem. Correct: Challenge.
Which all was readable. Hopefully. For all dealing with the stuff on a monthly basis (ahum, ‘weekly’ or ‘daily’ wouldn’t make sense; you’d be ahead of me probably…) that is. For a more general explanation, one can now turn to this here piece; much better at generalpublicspeak than I’d produce when diving onto it again.
Oh well. This:
DSCN6007
[Somehow, typically Madridean ;-| / Southern European / Latin style]

Coolness 1 – progress 0

Hm, on the face of it, this here is interesting: the director of Europol (no less) saying that TOR and Bitcoin shouldn’t be vilified even if they pose problems for agencies, since they allow cittizzzens to enjoy the freedoms of the Interwebz.

Nevertheless … Claiming that means: ‘may still be needed to trace and convict those colouring outside the boxes’, which would raise suspicion of window dressing. Let’s see how this talk will be walked, shall we ..?

After which dense text you deserve:

[Typical Zuid-As]

Repudiation, repudiation (not) everywhere

With DARPA’s quest for Active Authentication (as here), what will the future spread of (non-)repudiation look like ..? By means of strength of proof e.g. before courts, when system abusers may claim to accidentally have the same behavioural ICT use patterns as the unknown culprits, or be victims of replay attacks.
I’m unsure about how this will play out, then; whether Innocent Until, or Proof of Innocence, or even Reasonable Suspicion may still exist.

Yeah, I get it – you’ll claim that this is for DoD purposes only. Of course, as it never has, in the past. @SwiftOnSecurity would (need to) be on the alert.

Well, as this kind of innovation (by this agency) usually reaches society in all sorts of very unexpected ways, there’s hope that something in support of the Constitution may in the end come out… for now, I’ll leave you with:

[Light on the inside, though without outlook… FLlW at Racine, WI]