Tag Archives: CISA

Weekly output: LinkNYC, Google renews RCS plea, Chris Krebs at Black Hat, 5G explainer, Cyber Safety Review Board, Web3 security

Posted on by
Reply

After a week on the West Coast, including four days in Las Vegas for the Black Hat security conference, I now have two weeks of not going anywhere. Which is good!

8/8/2022: LinkNYC begins deploying 5G kiosks – but not yet with 5G inside, Light Reading

After too many months of not writing for this telecom trade-pub client, I filed this update on New York rebooting its LinkNYC effort to bring free WiFi and digital city services to individual blocks.

8/9/2022: Google Posts Yet Another Plea for Apple to Support RCS Messaging in iMessage, PCMag

Google makes fair points when it calls out Apple for hindering the quality and privacy of cross-platform text messaging by not supporting the RCS messaging standard in iMessage. But Google hurts its cause by not supporting RCS in Google Voice–or even explaining that hangup. Also unhelpful: Google has yet to ship an API that would let the developers of Signal and other third-party messaging apps support RCS.

Screenshot of PCMag post as seen in Chrome on a Pixel 5a, with a VPN service active.8/10/2022: Ex-CISA Chief’s Advice at Black Hat: Make Security Valuable and Attacks Costly, PCMag

I covered the keynote by former Cybersecurity and Infrastructure Security Agency head Chris Krebs that opened Black Hat. His talk ended on a self-help note, as he advised his audience: “Life’s too short to work for assholes. So don’t.” And yet Krebs worked for President Trump from 2018 through 2020, when Trump fired him for correctly confirming that the 2020 election was run fairly and securely; that could not have been easy for him.

8/11/2022: What Is 5G, and Does It Actually Make a Difference?, Wirecutter

I wrote yet another 5G explainer, this time for the New York Times’ Wirecutter site.

8/11/2022: How a US Govt Board Helped the Open-Source Community Leap to Patch Log4j, PCMag

As the token Washingtonian among PCMag’s crew of writers, I had to write up this very Washington panel about the first test of the Cyber Safety Review Board–an organization set up as an infosec version of the National Transportation Safety Board.

8/12/2022: Why Is Web3 Security Such a Garbage Fire? Let Us Count the Ways, PCMag

This talk about a series of security meltdowns at blockchain-based sites and services had more than a few unintentional-comedy moments.

8/12/2022: The 14 Scariest Things We Saw at Black Hat 2022, PCMag

My contribution to this recap was the “Startups Shirk Security” section.

Updated 8/21/2022 to add the PCMag Black Hat recap.

Advertisement

Weekly output: Rocket Lab booster catch, passwordless logins, Mark Vena podcast, Chris Krebs cybersecurity-policy assessment, Facebook to end background location tracking

Posted on by
Reply

Friday marked two years since we adopted our cat. Abel still ignores us when we tell him not to jump on the dining-room table but is a sweetie in most other ways. And every time I expand the online world’s inventory of cat photos by posting one of him, I feel like I am being a good citizen of the Internet.

Screenshot of the PCMag post in Safari for iPadOS, showing the screengrab I took of Rocket Lab's stream showing the Electron booster and its parachute at right, with the helicopter's cable at left.5/3/2022: Watch a Helicopter Catch an Electron Booster Rocket, PCMag

I watched a helicopter catch and briefly hold a spent first stage of a rocket as it descended under a parachute, a first-time experience for me, and then tuned into Rocket Lab’s press conference hours later to get some quotes from Rocket Lab CEO Peter Beck for this story.

5/5/2022: Google lines up with Apple and Microsoft to nix passwords in favor of nearby-device authentication, Fast Company

I got an advance on this three-company news announcement from Google, so all the quotes in this post are from two Googlers. If you’d like to read more about this initiative, please turn your attention to Dan Goodin’s writeup at Ars Technica.

5/5/2022: S02 E19 – SmartTechCheck Podcast, Mark Vena

I rejoined this podcast after missing it last week due to travel.

5/6/2022: Ex-CISA Chief: Biden Cybersecurity EO ‘Raises the Standard’ on IT Vendors, PCMag

I wrote up the closing session at the Hack the Capitol event in D.C., in which former Cybersecurity & Infrastructure Security Administration director Chris Krebs shared his insights about the state of information-security policy.

5/6/2022: Facebook Unfollows ‘Nearby Friends,’ Other Background Location Features

Facebook bulk-erasing everybody’s location history will be its biggest data-minimization move since scrapping its facial-recognition database. And yet the company’s sole announcement of this move Friday was in-app prompts and e-mails for some users.

Weekly output: CISA, e-mail “sub-addressing”

Posted on by
Reply

Greetings, frustrated owners of Timex sport watches. I’m glad that essay I wrote in a fit of nerd rage continues to draw such interest at each time change, and I hope that at least some of the people who come here looking for help taking their timepiece in and out of Daylight Saving Time stick around and keep reading.

I spent much of this week wrapping up work on a long and long-delayed story. This coming week will see me in Dublin, where I’m covering Web Summit and catching up with some cousins I haven’t seen in over a dozen years. That’ll be my last air travel for work this year, and I am quite okay with that fact.

Yahoo Tech CISA post10/27/2015: CISA: Why Tech Leaders Hate the Latest Cyber-Security Bill, Yahoo Tech

I had meant to write about this cybersecurity bill earlier, but instead this post went up on the day that the Senate approved it by a 74-21 vote. I guess the folks there did not find this piece terribly persuasive. FYI: If you don’t like rants about Obama’s creeping dictatorship, you might want to avoid the comments.

11/1/2015: When a site rejects email “sub-addressing”, USA Today

Want to protect your privacy by giving a site a custom e-mail address that still lands in your inbox? Some won’t let you do that, and their explanations don’t square with the basic specifications of e-mail.