[liberationtech] Forbes recommends tools for journalists
frank at journalistsecurity.net
frank at journalistsecurity.net
Mon Dec 17 15:38:21 PST 2012
But if
> you're getting information security advice from a Forbes blog, that will be
> the least of your worries.
Where would you suggest we get information security advice from? Many
here are quick to point out what people should not rely upon. But
relatively few seem to want to assume the responsibility to suggest what
people should use. We are gleaning material including on concepts from
the Information Security chapter written by Danny in CPJ's Journalist
Security Guide (full disclosure: I wrote the chapters on physical
safety). We are looking for guidance on tools from Security-in-a-Box by
Tactical Tech. And we are reviewing and closely following the discussion
over the new Internews guide which covers both concepts and tools. We
are also looking at relevant guides by Small World News by Brian and
others, and Mobile Active by Katrin and Alix.
It seems to me that the above comprise the best available sources out
there. Would you agree? Of course, if you or anyone has any other
suggestions, we are all ears. The discussion itself over the Forbes blog
and other material is all helpful. But backhanded snipes without the
benefit of positive alternative suggestions are not.
Most people on this list and in conferences seem to be agreeing, at
least lately if not also before, that if people who need to use the
tools don't use them, then that becomes a security problem in and of
itself. And that the overwhelming majority of people in places like
Syria really do not understand the risks or practice best measures.
Would you agree? Getting over these obstacles requires training, and
also more transparency within this "Open Source" community about what we
should be teaching people.
I am also learning not to take gratuitous snipes here personally. As it
seems to be all too common within this group. But I do think we would
serve a great many more people if we had more constructive
conversations. Isn't that what this list is for?
> -------- Original Message --------
> Subject: Re: [liberationtech] Forbes recommends tools for journalists
> From: Steve Weis <steveweis at gmail.com>
> Date: Mon, December 17, 2012 6:10 pm
> To: liberationtech <liberationtech at lists.stanford.edu>
>
>
> Just to go further down the tech tangent...
>
> There are SSD drives with full-disk encryption, such as the Intel 520
> series. Here's a paper "Reliably Erasing Data From Flash-Based Solid State
> Drives" from Usenix 2011 that analyzes disk sanitation on several SSD
> drives. Their conclusion was that built in encryption and sanitization
> functions were most effective, but were not always implemented correctly:
> http://static.usenix.org/events/fast11/tech/full_papers/Wei.pdf
>
> Regarding storage for disk-encryption keys, PCs with TPMs can seal keys
> such that they can only be unsealed if the machine is booted to a
> verifiable state. Then you can leave the sealed key on the disk, which is
> how Bitlocker works.
>
> Keep in mind that TPMs can be compromised by physical attacks. They aren't
> going to protect you from a moderately-funded forensics effort. But if
> you're getting information security advice from a Forbes blog, that will be
> the least of your worries.
>
> On Mon, Dec 17, 2012 at 1:42 PM, Michael Rogers <michael at briarproject.org>wrote:
>
> > I'm not aware of any suitable storage on current smartphones or
> > personal computers, so we may need to ask device manufacturers to add
> > (simple, inexpensive) hardware to their devices to support secure
> > deletion.
> ><hr>--
> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy
mailing list