Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Forbes recommends tools for journalists

frank at journalistsecurity.net frank at journalistsecurity.net
Mon Dec 17 15:38:21 PST 2012


 But if
> you're getting information security advice from a Forbes blog, that will be
> the least of your worries.

Where would you suggest we get information security advice from? Many
here are quick to point out what people should not rely upon. But
relatively few seem to want to assume the responsibility to suggest what
people should use. We are gleaning material including on concepts from
the Information Security chapter written by Danny in CPJ's Journalist
Security Guide (full disclosure: I wrote the chapters on physical
safety). We are looking for guidance on tools from Security-in-a-Box by
Tactical Tech. And we are reviewing and closely following the discussion
over the new Internews guide which covers both concepts and tools. We
are also looking at relevant guides by Small World News by Brian and
others, and Mobile Active by Katrin and Alix.

It seems to me that the above comprise the best available sources out
there. Would you agree? Of course, if you or anyone has any other
suggestions, we are all ears. The discussion itself over the Forbes blog
and other material is all helpful. But backhanded snipes without the
benefit of positive alternative suggestions are not.

Most people on this list and in conferences seem to be agreeing, at
least lately if not also before, that if people who need to use the
tools don't use them, then that becomes a security problem in and of
itself. And that the overwhelming majority of people in places like
Syria really do not understand the risks or practice best measures.
Would you agree? Getting over these obstacles requires training, and
also more transparency within this "Open Source" community about what we
should be teaching people.

I am also learning not to take gratuitous snipes here personally. As it
seems to be all too common within this group. But I do think we would
serve a great many more people if we had more constructive
conversations. Isn't that what this list is for?


> -------- Original Message --------
> Subject: Re: [liberationtech] Forbes recommends tools for journalists
> From: Steve Weis <steveweis at gmail.com>
> Date: Mon, December 17, 2012 6:10 pm
> To: liberationtech <liberationtech at lists.stanford.edu>
> 
> 
> Just to go further down the tech tangent...
> 
> There are SSD drives with full-disk encryption, such as the Intel 520
> series. Here's a paper "Reliably Erasing Data >From Flash-Based Solid State
> Drives" from Usenix 2011 that analyzes disk sanitation on several SSD
> drives. Their conclusion was that built in encryption and sanitization
> functions were most effective, but were not always implemented correctly:
> http://static.usenix.org/events/fast11/tech/full_papers/Wei.pdf
> 
> Regarding storage for disk-encryption keys, PCs with TPMs can seal keys
> such that they can only be unsealed if the machine is booted to a
> verifiable state. Then you can leave the sealed key on the disk, which is
> how Bitlocker works.
> 
> Keep in mind that TPMs can be compromised by physical attacks. They aren't
> going to protect you from a moderately-funded forensics effort. But if
> you're getting information security advice from a Forbes blog, that will be
> the least of your worries.
> 
> On Mon, Dec 17, 2012 at 1:42 PM, Michael Rogers <michael at briarproject.org>wrote:
> 
> > I'm not aware of any suitable storage on current smartphones or
> > personal computers, so we may need to ask device manufacturers to add
> > (simple, inexpensive) hardware to their devices to support secure
> > deletion.
> ><hr>--
> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech



More information about the liberationtech mailing list