No Panacea

I’m starting this post with several links of technical videos, podcasts, and books that can be viewed for free online. I hope to expand this list as I pick up more resources on the way.

Internet Protocols and Communication Networks (Windows Media - audio and video, some for download other streaming)
Topics covered: Networking concepts, Routing Protocols (RIP, EIGRP, OSPF, EGP, BGP), Transport Protocols (TCP, UDP), Network Protocol (IPv4, IPv6), Wireless Broadband, etc.

Google Video Lectures (Google Video)
Topics: AJAX, Distributed Systems, Web Security, C++, Java, Python

Security
Handbook of Applied Cryptography (Entire book in PDF)

Google I/O Sessions and Videos
Topics: Web Applications APIs, Mashups, AJAX, Google Gears, Authentication to Google Services

Security Engineering (by Ross Anderson) (Entire book in PDF, audio chapters)

Many times I get questions on the use of DES/3DES/AES/IDEA versus other block ciphers. I try to explain the differences in performance, and strength of each cipher rather than saying a is better than b. In regards to the US, there as a CNSS Advisory Memorandum issued March 2005 that speaks to the military use of DES and 3DES (”Advisory Memorandum on the Retirement of Data Encryption Standard (DES) Based Cryptography to Protect National Security Systems“)

Here are the key points:

• DES is to be retired (and Triple DES using ONLY one key)
• Triple DES using two keys to be retired by 2008
• Triple DES using any mode to be retired by 2015

The report does not mention the use of the Advanced Encryption Standard (AES) or any future retirement dates on it.

So recently I wanted to “retire” my smartphone and format/erase/delete/flush/redact the information on it. I figured I would go through a series of menu options and hit the “yes” button…however, it’s not so easy! It took some scavenging on the Internet but I finally found the solution. I have a Samsung SCH-i730, or should I say, had. In any case, it took some finger acrobatics to get this to work. You have to hold down a slider, press a button, and insert a stylus at the same time–I don’t even think nuclear weapons have that type of “two-man” operation (hyperbole of course). In any case until this operation becomes easier, you can bet there’s going to be a lot of data being passed around on these small computing devices. Who’s to blame if data is not deleted? The company since they make it too difficult? The user since he/she did not follow instructions? I would bet a jury would not convict Samsung in a case that involved smartphone data leakage—so I guess as high-tech users we need to be more vigilant…and practice more how dexterous our fingers can be.