Micah Lee

Bradley Manning's statement shows that US intelligence analysts are trained in using Tor

Posted March 12, 2013 in tor leaks

This morning I had the opportunity to help Freedom of the Press Foundation publish the full, previously unreleased audio recording of Bradley Manning’s statement to the military court in Ft. Meade about his motivations for leaking over 700,000 government documents to WikiLeaks.

In his statement Bradley Manning not only explains his motivation for leaking documents to WikiLeaks (he contacted the Washington Post and the New York Times first), but also technically how he went about doing it, including the software and protocols he used.

Continue reading →

Using Gajim Instead of Pidgin for More Secure OTR Chat

Posted February 20, 2013 in crypto security

I’ve been using Pidgin as my chat client for many years. The one feature of Pidgin that I care about more than any other is that it supports Off-the-Record (OTR).

If you don’t know about OTR, it’s awesome. It lets you have end-to-end encrypted chat sessions with people so that only you and the person you’re chatting with can read the chat messages and all other parties—such as your chat server (often Google), your ISP, or anyone else eavesdropping on your—cannot. It also has cool features like forward secrecy that other cryptosystems like PGP don’t have. If you’ve ever been to a CryptoParty, setting up Pidgin and OTR and learning how to verify keys is always on the schedule.

Continue reading →

Unity vs. Windows 8

Posted February 2, 2013 in linux

I posted this as a comment on my previous blog post, Why I’m Leaving Ubuntu for Debian. I decided it’s worth it’s own post though.

Continue reading →

Mobile Location Anonymity: Proxying Twitter, IM, and Email through Tor on Android

Posted February 1, 2013 in crypto mobile tor

Each time your computer makes a connection to a server on the internet, you tell the remote server, as well as your ISP and every router in between, your IP address. If you’re using the internet on your phone you might be disclosing the IP of your 3G or 4G connection, or the IP of the wifi network you’re connected to.

If your phone checks for new emails or tweets every couple minutes, or keeps up a consistent connection to your instant messenger server, any of those services is almost definitely logging a history of your IP addresses.

This IP address data could be used to figure out your physical location over time. This is the information that New York City subpoenaed Twitter for, to get the private messages and IP addresses (read: location data) of Occupy protester Malcolm Harris.

Continue reading →

Why I'm Leaving Ubuntu for Debian

Posted January 27, 2013 in linux

I decided to switch to Debian.

I’ve been using Ubuntu as my primary operating system since 2005. Back then it was truly amazing. Before I started using Ubuntu I tried out Red Hat, Mandrake (and later Mandriva), Slackware, Gentoo, and even Debian. In all of them, something didn’t work. Usually it was wifi, but sometimes it was audio or video, or weird X config problems. But when I switched to Ubuntu, all of that went away. Rather than being frusturated that I was still a Linux noob and couldn’t even connect to the internet, Ubuntu helped me get past the initial barriers so I could really dive in. I’m eternally grateful to Ubuntu for this, and I’m very impressed at how successful they’ve has been at fixing bug #1 (though there’s still a long way to go).

Continue reading →

No Really, the NSA Can’t Brute Force Your Crypto

Posted January 23, 2013 in crypto

I’ve talked to many people who assume that the NSA, the world’s most powerful and well-funded spy agency, can easily crack the encryption on messages they intercept by brute force. They speculate: “What if Big Brother has a massive cluster of supercomputers guessing keys at full power in a top secret and shadowy lab a mile beneath Maryland?” Even then, they still can’t crack your crypto.

Don’t get me wrong. There are many implementation flaws, bugs, misconfigurations, user errors, and rubber hose attacks that could lead to crypto being compromised. I’m referring to the NSA’s ability to use massive computing power to guess a crypto key.

Continue reading →

Beefing Up Security on Your SSH Server

Posted January 20, 2013 in sysadmin security

Lately I’ve been thinking about setting up a blog to talk about tech things I find interesting, particularly web security, since that’s how I spend a lot of my work and free time. Since I had an under-used VPS sitting around, I figured I ought to set up WordPress on it and start blogging. What better topic to blog about than how I’m securely setting up this website?

Continue reading →

Micah Lee is a security engineer, software developer, and a journalist. He's the author of Hacks, Leaks, and Revelations. Read more →

Buy Hacks, Leaks, and Revelations: The Art of Analyzing Hacked and Leaked Data

Creative Commons License

Unless otherwise specified, blog posts are licensed under Creative Commons Attribution-NonCommercial. You are free to share and adapt this content, but you must give me credit, you can't use it for commercial purposes, and if you make adaptations (like a translation), you must make it clear that it has been modified.

Subscribe to feed