The Investigatory Powers Bill for architects and administrators

OK, it’s not the end of the world. But it does change things radically, should it pass third reading in its current form. There is, right now, an opportunity to effect some change to the bill in committee stage, and I urge you to read it and the excellent briefings from Liberty and the Open Rights Group and others and to write to your MP.

Anyway. What does this change in our threat models and security assessments? What aspects of security validation and testing do we need to take more seriously? I’m writing this from my perspective, which is from a small ISP systems perspective, but this contains my personal views, not that of my employer, yada yada.

Continue reading The Investigatory Powers Bill for architects and administrators

The Dark Web: Guidance for journalists

We had a lot of coverage of “the dark web” with the latest Ashley Madison leak coverage. Because a link to a torrent was being shared via a Tor page (well, nearly – actually most people were passing around the Tor2Web link), journalists were falling over themselves to highlight the connection to the “dark web”, that murky and shady part of the internet that probably adds another few % to your click-through ratios.

So many outlets and journalists – even big outfits like BBC News and The Guardian – got their terminology terribly wrong on this stuff, so I thought I’d slap together some guidance, being somewhat au fait with the technology involved. Journalists are actually most of the reason why these sorts of tools exist in the first place, in fact – if that surprises you, read on…

Continue reading The Dark Web: Guidance for journalists

The surprising thing about BlackBerry outages

The surprising thing, to me at the least, whenever there’s a huge story all over the technology pages of the BBC or the Guardian about the BlackBerry Messenger/email services being down for huge periods of time, is that people are surprised at this.

The internet has flourished and works so very well because it is decentralized, based on open protocols, and systems working together to let people communicate. Let’s just compare standard email with the BlackBerry flavour for a moment. Continue reading The surprising thing about BlackBerry outages