Link

How easy is it to securely leak information to some of America’s top news organizations?

Good to spread the manual… leaking is pretty much a “standardised process” by now:

One quick download and a codename: If I can use SecureDrop, you can do it too.

Source: How easy is it to securely leak information to some of America’s top news organizations? This easy » Nieman Journalism Lab

They link to a video explaining the same thing:

Link

Class Breaks

Bruce Schneier on the different way most online risks works:

In a sense, class breaks are not a new concept in risk management. It’s the difference between home burglaries and fires, which happen occasionally to different houses in a neighborhood over the course of the year, and floods and earthquakes, which either happen to everyone in the neighborhood or no one. Insurance companies can handle both types of risk, but they are inherently different. The increasing computerization of everything is moving us from a burglary/fire risk model to a flood/earthquake model, which a given threat either affects everyone in town or doesn’t happen at all.

Source: Class Breaks

Link

Project Wycheproof: unit-testing cryptography

Using a unit-testing approach in cryptography. Somehow I had expected this to be common practice already, but it obviously includes quite a bit more knowledge, research and effort:

We’re excited to announce the release of Project Wycheproof, a set of security tests that check cryptographic software libraries for known weaknesses. We’ve developed over 80 test cases which have uncovered more than 40 security bugs (some tests or bugs are not open sourced today, as they are being fixed by vendors). For example, we found that we could recover the private key of widely-used DSA and ECDHC implementations.

Source: Google Online Security Blog: Project Wycheproof