If you haven’t seen the Talking Heads True Stories you should. [amazon] But that’s not what we’re going to be talking about today. I just needed a title for the blog posting, and that got me thinking.
Please remember that email is not a secure communications medium. Do not say anything in an email that you would not be comfortable seeing on a bathroom wall or on CNN.
I made a bad move when I used HJ Hornbeck’s posting on bayesian reasoning about Russian hacking as a jumping-off point for a critique of using bayesian reasoning to attempt to predict events.
This is a pretty fair view into what the high-end hacker’s existence is like. There are blurry lines everywhere, so it’s a bit hard to even say what is “hacking” versus “marketing” or “information operations” – it’s complicated.
I made an oblique reference to Bayesian arguments in a postscript to a posting, [stderr] and hadn’t realized that HJ Hornbeck has already been digging into exactly that topic, using exactly that example. [hj1] [hj2] With all respect to HJ, I’m going to use his example as an opportunity to critique some of how Bayesian arguments are used in the skeptical community.
Apparently we’re going to have to have regular discussions about email security, until politicians get their heads out of the sand and realize that they are targets and regular victims of mid-skill-level attack, and they need to level up their game if they don’t want to periodically look stupid.
Email security is not hard. I’d say “it just takes a little attention to detail…” but it doesn’t even take that much. I can only conclude that politicians are just blockheads about information technology and politics and it just shows how eminently qualified they are to lead high-tech civilizations. [stderr]
How to look like you’ve been sitting with your head in the sand for a decade:
DHS Labels Elections As Critical Infrastructure
As you can probably guess, I get a lot of emails related to whatever’s going on in the security world. There was a very short buzz around the “Russia Hacking” thing but very few security practitioners care about it at all. Except one, who sent me this: