[liberationtech] NPC digital security event video
The video of the National Press Club event on Digital Security for Journalists is now up at the link below. The speakers were: Matthew Cole: a former producer for ABC News and an investigative journalist, focusing on national security and intelligence issues who has firsthand experience being on the receiving end of government surveillance as a result of his reporting activities. Joseph Hall: the senior staff technologist at the Center for Democracy Technology whose work focuses on policy mechanisms for encouraging trustworthiness and transparency in information systems. Jonathan Hutcheson: a public interest lawyer and journalist who designed and implemented a comprehensive source security platform for 100 Reporters’ Whistleblower Alley that enables the anonymous uploading of sensitive documents. http://press.org/news-multimedia/videos/journalists-digital-security-national-press-club-special-event#.UIrQ63ssKDY.twitter Much of the discussion of tools during the presentations will be familiar to people on this list, of course. The value for you may be in hearing, especially during the Q A, the dialogue involving both technologists and journalists. Frank SmythExecutive DirectorGlobal Journalist Securityfrank@journalistsecurity.netTel. + 1 202 244 0717Cell + 1 202 352 1736Twitter: @JournoSecurityWebsite: www.journalistsecurity.netPGP Public KeyPlease consider our Earth before printing this email. Confidentiality Notice: This email and any files transmitted with it are confidential. If you have received this email in error, please notify the sender and delete this message and any copies. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] NPC digital security event video
I attended the beginning of this event and was taken aback by some bad advice given by Jonathan Hutcheson. Starting around 17:50, he talks about how password managers can supposedly protect you from keyloggers and malware: http://www.youtube.com/watch?v=cLp2pl3BVhg#t=17m50s Specifically around 18:30: By simply...copying and pasting passwords from a password manager you kinda protect yourself from [keyloggers] as well Besides the fact that he's suggesting you enter your password manager's root password on a compromised device, modern malware has no problem stealing cut pasted content. On-screen keyboards don't help for the same reason; malware can just capture the screen on mouse clicks. This has been done in the wild to defeat some banks' ill-conceived onscreen PIN pads. I didn't stay for the full panel, but would take any other security advice with a grain of salt. On Fri, Oct 26, 2012 at 11:38 AM, fr...@journalistsecurity.net wrote: Jonathan Hutcheson: a public interest lawyer and journalist who designed and implemented a comprehensive source security platform for 100 Reporters’ Whistleblower Alley that enables the anonymous uploading of sensitive documents. http://press.org/news-multimedia/videos/journalists-digital-security-national-press-club-special-event#.UIrQ63ssKDY.twitter -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] NPC digital security event video
Steve Weis: I attended the beginning of this event and was taken aback by some bad advice given by Jonathan Hutcheson. Starting around 17:50, he talks about how password managers can supposedly protect you from keyloggers and malware: http://www.youtube.com/watch?v=cLp2pl3BVhg#t=17m50s Specifically around 18:30: By simply...copying and pasting passwords from a password manager you kinda protect yourself from [keyloggers] as well Besides the fact that he's suggesting you enter your password manager's root password on a compromised device, modern malware has no problem stealing cut pasted content. On-screen keyboards don't help for the same reason; malware can just capture the screen on mouse clicks. This has been done in the wild to defeat some banks' ill-conceived onscreen PIN pads. I didn't stay for the full panel, but would take any other security advice with a grain of salt. Generally, I find that taking security advice from journalists is like hoping they'll save our failing democracy with the Free Press. That is - such things are probably fine until there is actually a real threat. It's turtles after that... All the best, Jake -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech