Mutual Authentication in Real Life–Launching a Nuclear Missile…

A few years ago, I wanted to run an exercise with our incident response team in Switzerland. A customer, the government and me came together to develop the goals and the scenario. One of the key question we tried to answer together with the university, which we wanted to use as observers was, whether we…

1

Notebook searches at a country border

I guess you still know the discussions a while ago where it was made public that notebooks can be searched without suspicion when you cross the border to the US. Actually the truth is, that this can happen everywhere as far as I understand. To be clear: I am not a lawyer, I am an…

2

Should the Government be able to enforce security updates?

This is actually an interesting question. A lot of governments enforce rules and regulations on how you have to run your car, how often you have to check it, in which condition you have to keep your tires etc. The same is true for a lot of other devices we are using. Now, it seems…

1

Do we Need Special Laws?

Well, yes we need Cybersecurity Legislation without doubt but sometimes the legislator goes too far in my opinion. I read this article this morning: Use Google Street View Maps & Serve More Time. I quote: The state legislature in the U.S. state of Louisiana has passed a law adding extra time for committing a crime…

0

A Detailed Analysis of an Attack – Do We Need an International Incident Sharing Database?

I recently came across a paper called Shadows in the Cloud, which is actually a follow-up report of Tracking GhostNet: Investigating a Cyber Espionage Network, an investigation of the attacks on the office of the Dalai Lama and some governmental bodies. The report is written by two bodies who had the privilege to investigate those…

2

What we can learn for the volcanic cloud for information security

I am one of the grounded people. Luckily for me, I would have had to fly out today and am now “stuck” at home. It is not so fortunate for the event organizer which has a significant amount of sessions he has to do on LiveMeeting now. On the other hand, maybe that this is…

0

Council of Europe: We need ONE Cybercrime Convention

As you saw from previous posts, I am at the Octopus Conference on Cooperation against Cybercrime at the moment. We had yesterday the Deputy Secretary General of the Council of Europe and one of her key statements was that different bodies (like the Council of Europe, UN etc.) should not compete. The Budapest convention by…

0

Council of Europe – Octopus Conference (Cooperation against Cybercrime) Day 1

A few years ago, the Budapest Convention on Cybercrime was signed within the Council of Europe. Since then it was ratified all across the globe by a lot of countries or at least used as the base for legislation. Since a few years as well, the Council of Europe is organizing a conference on Cooperation…

1

Legal Challenges of International Business and the Cloud

To start with: I am an engineer not a lawyer – and this might be part of the problem… When I started to think about the Cloud and security and thought about all the work I do with Law Enforcement and the challenges they face. Additionally, I started to think about the legal challenges we…

0

Algeria: Conference on Certification (eID)

When I tweeted last week that I am on my way to Algeria, I got quite some reactions and questions that I shall report how it was. So, let me try to briefly summarize my impressions. I was invited to speak at a conference on certification in Algiers. Well, initially I pushed back as I…

3