229: Slinky with a Lot of Math
Nick Kartsioukas (@ExplodingLemur) spoke with us about information security, melting down spectres, lemurs, and sensible resolutions.
Nick recommends Aumasson’s Serious Cryptography (also available from NoStarch) as a good orientation. (Offline, he also recommended Shneier’s Secrets and Lies.)
When thinking about security, you need to develop your threat model (EFF) and not panic (Mickens). As a user of the internet, there are some getting started guides (Motherboard, EFF, Smart Girl’s Guide to Privacy) along with Nick’s advice of using an antivirus program (comparison), an Adblocker (uBlock), a password manager, and 2-factor authentication. Data backups are also very useful (3-2-1 rule: 3 copies, 2 separate media, 1 offsite). For a professional infosec perspective, the CIS 20 are best practice guidelines for computer security.
For Spectre and Meltdown, the best high-level explanation is in Twitter from @gsuberland though XKCD does its usual good job as well. For more detail, about speculative execution bugs, check out this github readme.
For the history of the Stuxnet, check out Zetter’s Countdown to Zero Day and the Security Now podcast episode 291.
Ham radio Field Days for 2018 are June 23-24
Last but not least: Depression lies so get help and if you want to know how to help someone else, look at MakeItOk.org