Alex Kreilein

Find me on:

Recent Posts

Particle Physics, A Small Mammal & Risk-Informed Thinking

Posted by Alex Kreilein on Wed, May 4, 2016 @ 14:05 PM

Last week, the fears of all security practitioners were realized.

The Large Hadron Collider (LHC), the world’s most powerful particle accelerator, went dark. Within this international experimental facility, researchers are recreating moments in time, like The Big Bang, to determine the origins of the universe and are using partial physics to yield breakthroughs in innovation. The facility consists of a 27-kilometre ring of superconducting magnets and a number of accelerating structures boosting the energy of the particles along the way. This construction with an estimated budget of $4B and the collaboration of 10,000 scientists makes the LHC one of the most expensive and technically-advanced programs in the world. Sadly, it’s not really working at the moment thanks to a small, industrious creature.

As NPR reported a “small mammal, possibly a weasel,” gnawed-through a power cable at the LHC causing its failure. CERN released documentation pointing the finger to a small "fouine.” Either order, the effect is the same: no big bang for Switzerland!

So should we all prepare our infrastructure for attacks from clever mammals? This question gets at the heart of risk-informed thinking.    

Read More

Topics: cybersecurity, information security, IT, job training, risk mitigation, InfoSec

A Chance for Civil Discourse

Posted by Alex Kreilein on Thu, Mar 24, 2016 @ 17:03 PM

A game is being played with your privacy and with your security. The hype around the current controversy of Apple vs. FBI misleads the public with the sort of vapid technical detail that should alarm leaders in our community. This is not an issue the 24-hour news cycle will solve. It must be addressed by technical and legal scholars.

Read More

Topics: cybersecurity, information security, IT, privacy, apple, fbi, secureset, security, AppleVsFBI

Brute Force: Privacy & Security in the Age of Cryptography

Posted by Alex Kreilein on Mon, Mar 21, 2016 @ 16:03 PM

Alex Kreilein, Co-founder & CTO, SecureSet, & Austin Chambers, Attorney, Lewis, Bess, Williams & Weese

On February 16, 2016, the United States District Court for the Central District of California issued an order that required Apple to assist the FBI in the search of the iPhone used by one the the San Bernardino shooters. The Order requires Apple to comply with an FBI demand that Apple build and install software disabling the countermeasures on the iPhone 5c running iOS 9 that wipe the iPhone after 10 failed passcode attempts. The device belonged to the San Bernardino County Department of Public Health, which has given the government permission to search the phone.

The FBI in this specific circumstance is not requiring that Apple unlock this iPhone.  In this circumstance, the FBI is also not requiring Apple apply a new form of cryptography to this or other iPhones (we’ll get to this later). However, the FBI is requiring that Apple develop and install software on this iPhone to allow the Bureau to run possible passcode combinations until the phone unlocks without fear of triggering the security countermeasures that erase data on the device automatically.

Legal Standing

The legal arguments behind the Apple v. FBI1 case are the subject of intense scrutiny, although despite that scrutiny, the case itself is regularly mischaracterized. One side alleges the FBI is desperately seeking precedent necessary to unlock millions of devices through one of any manner of doors using only the antiquated All Writs Act of 1789 (“AWA”) as the key. Meanwhile the other side alleges Apple is preventing access to just a single phone—one belonging to a dead ISIS terrorist, no less—in what amounts to nothing more than a twisted marketing ploy. We believe both characterizations factually miss the mark, and in so doing, obscure the ramifications of the case itself.

The outcomes of this matter depend heavily on how the court interprets the powers and limits of the AWA. Apple raised interesting First and Fifth Amendment arguments, however, these are less likely to be deciding factors in the case, so we will leave those for others to assess. Ultimately, the court must decide two fundamental questions: Is the AWA applicable to this case, and if so, would the AWA allow a court to order Apple to create a new, but insecure, version of iOS?

Does the AWA apply?

The AWA was passed as part of the Judiciary Act of 1789, the same act that created the U.S. federal court system. The AWA provides that courts may issues all writs—or orders—that are necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law. In other words, courts can issue writs to “fill gaps” as necessary to give effect to various aspects of the judicial duties. The AWA appeared early in U.S. judicial history, even playing a part in the case Marbury v. Madison, a landmark case forming the basis for the exercise of judicial review. In the time since, it has been used in cases ranging from requiring custodians to bring a prisoner to court for their own appeal (filling a gap in the traditional writ of Habeas Corpus) to compelling phone companies to place a pen register on a phone line. Thus, the AWA has been both hero and villain in vindicating the constitutional rights of defendants, while also giving rise to contentious expansions of courts’ constitutional authority.

Read More

Topics: cybersecurity, information security, IT, privacy, apple, fbi, secureset, security, AppleVsFBI

Join the Force: War Games Denver Awaits

Posted by Alex Kreilein on Mon, Oct 5, 2015 @ 10:10 AM

Tech gurus, hacktivists, self-proclaimed IT experts, we see you.

Read More

Pro Tip: Be Blue

Posted by Alex Kreilein on Thu, Oct 1, 2015 @ 14:10 PM

Alternative analysis is a hot industry trend for operations and training. Often referred to as Red Teaming, this practice pits authorized operators against each other on opposite sides. Red breaks and Blue defends.

Read More