Making Privacy Great Again (?) – The Blackphone Story – Part 2 – Ride on Time

(to those who miss, here is part 1…)

Everyone wants to be secure, or so it seems, and that what makes the whole story of Silent Circle so sad. A group of extremely talented people (Phil Zimmerman (PGP), Jon Callas (Apple, OpenPGP), Mike Kershaw (Kismet) etc.) gathered and created Silent Circle… and developed phone that will be secure and focus on your privacy. The first phone, the Blackphone 1 was too slow and too restrictive, so Blackphone 2 came along and provided a much-needed boost in terms of usability and performance to clients who want to have a phone that gives them android experience. Blackberry did the same when they decided to ditch their own OS and move to the android domain, and … both seems to have failed to gain substantial market share. But don’t blame the players, blame the game – we live in a world where people talk about privacy like Trump is talking about America – endless use of slogans which are driven by personal motives.

Continue reading

Making Privacy Great Again (?) – The Blackphone Story – Part 1 – Introduction

Ever since my last post I’ve been more silent than usual. The reason for it was a phone called Blackphone‍ 2 or BP2, a “Private by Design” product of a company called Silent Circle‍.

What made me extremely interested in the product was the fact that in January Silent Circle started to brick phones which were not authorised for sale by them. You can read about it here.

I decided to go out and buy two units and see what they did it, and how can you bypass it.

There was one tiny problem – I’m not a mobile phone security expert, and while I can tell you as a security oriented end user that Android security sucks I couldn’t really pinpoint the elements which made it so bad. Sure, there is so many videos and guides out there that teaches you the ins-and-outs of an android system, and also discuss the security aspects of it but I decided to choose a different path. As you know (from my previous posts) I’m extremely interested in the subject of awareness, and my view is that the best path for learning is failure in a secure environment that allows you to fail. I did, for almost a month. My secure environment is my beautiful wife who allowed me to bring the phones to the bedroom, suffered heroically the sounds that came from my computer and the phone throughout many nights, and completely supported me. Most other partners would have been voting to brexit‍ me out from the bedroom to the living room until my insanity will pass.

It’s been a fascinating journey, and a painful one. I had days with zero progress, days with total setback, and days that I just wanted to smash the darn devices on the wall and get my life back. I didn’t. It reminded me how hard it is to learn something totally new, and how easy it is to make mistakes that are driven by a lack of understanding, and how easy it is to be afraid to admit it and get yourself into even bigger trouble. While it would have made much more sense to read a book or go via a training I wanted to see life is indeed so counter intuitive to our human logic.

See you soon…in part 2

Eh’den

PS

If you have good knowledge about android application security, please contact me. I still have some unanswered questions 😉

Awareness Myth Busting

Why attempts to raise the level of awareness to information security are failing, and what to do in order to change it.

Written by Eh’den Biber

Prologue – Battlefield

The field of information security is system and technology driven. This is why it is no wonder that the first attempts to make people act according to way we believed is best from information security standpoint was compliance. Oh, and it worked SO great, didn’t it? Dear auditors, this was a rhetorical, cynical question, so let me assure you: when it comes to humans, compliance doesn’t work, sometimes even when you put a gun against someone’s head.
We moved to from compliance to awareness, and we continue to fail.

This article will try to break down multiple elements to why we fail in our information security awareness activities. After years of looking into awareness from educational, psychological, neurological, biological and spiritual perspectives I realised that the reason we are failing to increase awareness is because we never did a true root-cause analysis.

Believe me, I’ve been doing everything I can to avoid writing this article. Like Arjuna the hero of the Bevagad Gita, I tried to avoid going into a battlefield, getting in a collision course with a community of people, some of which I know personally. Every time I wanted to write the article you’re about to read, my subconscious was re-living the times I’ve been ridiculed, judged, kicked around (physically, emotionally, verbally), and eventually, stabbed (yeh, in London). When in a battlefield, it is hard to remember that who you think you are is a mind running on ego operating system, which been optimised to increase your survival rate. This thing, my humanity, was preventing me from writing, in order to prevent the suffering, to increase survival rates. This is what the brain/mind is meant to do, and in my case, my brain was trying to increase my professional survival.

The reason for my long silence in recent months was due to the fact I came to the realisation that our profession is based on pseudo and proto science, that most of what we do can be qualified as cult behaviour (cargo, anyone?), and that our blindness is in the core of our failure to reduce the likelihood of future loss event that is caused by a “human vulnerability” which lead to wrong decision making.

Finally, I said it, and here I am experiencing how it feels to be honest and fearless. Blessed.

Continue reading

When a Muslim met a Jew (the X-rated edition)

A tale about elections, erections, infosec and awareness.

By Eh’den Biber

 

Last week I had a conversation with an extremely intelligent man, who is also holding a passport of a country who is Muslim. A country which don’t have a diplomatic relationship with the country I was born in, Israel.

The Arab-Israeli conflict reminds me a very smart Jewish which can be paraphrased more or less to “Wise people shut the fuck up”. Obviously wisdom is way far ahead of me, but in the meanwhile, it’s a great story.

So we talked. About Israel, and his country, and it was very interesting because he was surprised that I grew in a semi-atheist environment (Oh, Tel-Aviv, you have wonderful sides). I was surprised because I’m not used to a dialogue about the subject that does not end up in stereotypes. It’s been a while since I talked about the subject, mainly because of the fact I got tired of hearing how the Jews control the world. I want to remind ANYONE who still think so to stop reading and look at the other side of the appliance they are using to read this. It’s China who owns the world.

Continue reading

Breaking The Iceberg

What the US election tells us about the lack of awareness we live in – and how it all relates to information security.

`

By Eh’den Biber

 

To understand the core of the problem of , we need to understand that we are like an iceberg – a majority of what makes us feel, walk, talk, drive, write , see, breath – is under the surface. Most of us don’t notice the fact we are constantly breathing – and yes, you only noticed it right now, and you will admit it if you were honest. What you consider as “you” don’t actually do anything conscious when you walk-and-snapchat-hopefully-not-your-penis, and not in the form of an ASCII art (you welcome, people-who-had-commodore-64). Let’s move on 🙂

The point of the matter is that what we associ`ate ourselves as “me” – that thing which is now speaking and makes comments in your head, you know, “that thing” – is not you even what you experience right now.

Derren Brown, a brilliant magician, illusionist and a very smart guy published a book last week called “happy”. It is a book a practical philosophy type of book about the meaning of happiness. It is a great book, get it.

In the first chapter, he describes what we consider as what we experience right now as
“…neat narratives that allow us to arrange complicated reality into a satisfying and tidy parcel, and move on with our lives. Without them in place, we would see only a mess of details. If we were unable to form meaningful patterns, our lives would become overwhelmed.”

If you want to know more about this thing, read Derren’s new book. Or if you want a kinder, funnier edition grab the book “The Untethered Soul: The Journey Beyond Yourself” by Michel Zinger. Or if you are into slow speaking philosophers with sometimes non-understandable English, hook into Osho. Or, if you’re trying to blow your mind away listen to Terence McKenna.

Or don’t. Most likely, you don’t.

Most people, so it seems, are very happy being who they are. As Oscar Wilde said: “If you want to tell people the truth, make them laugh, or else they will kill you”. The subconscious is a big, scary thing to most people, and most people would be scared shit to know they run by powers they have little control or influence on. Similar to icebergs which only 10% of their size is above the water (You welcome, Titanic), your brain is mostly unconscious, with one research showing 7 seconds delay between the time your brain “made up” its mind and the time you realise it. Seven seconds of unconscious thinking, decision making, which you have no clue of, which is controlled by a subconscious mind.

The States of America has chosen via the wisdom of the crowd to have two people who like the truth as much as they like transparency to represent them for the upcoming election. One is doing it most likely because he is trying to compensate on his lack of erection and the other is trying to compensate her husband over-excited sense of erection. These two very-unworthy-people-to-become-president were chosen to represent people who seems to be utterly blind to the fact they could have prevented it – because IT IS A FREAKING DEMOCRACY.

This state of utter lack of awareness to the nature of the system is not surprising. It is easy to and make fun of Americans because they have raised the level of fake-ness into a form of art (AKA Hollywood and Netflix). However, quest for truth was never “the thing” in human civilisations. As John Taylor Gato wrote in “the underground of American education” there were only two occasions in which freedom of individuals was driving society: Athene golden era, and the early days of the united states of America.

There is always a burst of quest for awareness: take for example the Falun Dafa, AKA Falun Gong in , or the drug culture and civil rights movements of the 60s and early 70s in the US and in Europe. When they occur, the authorities do everything they can to cut it, and cut it fast.

The reason why society fears this burst of awareness is because our societies are built on elements of enslavement. Sure, the enslavement we experience in the west do not come close to the enslavement of the people in , or sadly, the state of freedom in most of the countries who represent the (UN). But still, even here in the west, people are not allowed full control on their future. let me explain why:

At the end of the day, there is only ONE freedom that truly counts – it is an inner freedom. When one is experiencing inner freedom, nothing can break it. Nothing. If nothing can break you, you can move the people in power when you don’t like them. As you can see in the current  in the US, that is not happening, because people have no sense of awareness. Ladies and Gentlemen – this is not a simple correlation – it is a rare causation.

So how can we change it? Obviously not how we try to do it, and obviously not by those who supposed to be responsible of it.

Take for example of , group of people who are the main beneficiary of the organisation they lead (AKA – “the board”) are being scrutinised because of security incidents that are caused by cyber-attacks. These people realise the situation is not good, and that the cause to it is their , who seems to be illiterate.

The problem starts when they try to the bloody peasants (or infosec infidels), which usually ends up going nowhere.

 

It doesn’t go anywhere because in the case of information security a true change requires to make people perform information security related decisions in their unconscious – like driving, or dancing, or snapchatting … ok we already covered that. But the subconscious is already full of the story one has about himself/herself/themselves.

 

Again, another beautiful quote from Derren Brown book:

We are, each of us, a product of the stories we tell ourselves. 

Awareness is about moving away from our story, our “me”, in order to give space to wisdom. When the story subsides, wisdom arise. The problem is that the subconscious is untamed by you, and to clean it up is PAINFUL. Do you know how hurt it is to let go of what makes “me” happy, and what makes “me” suffer? A lot. How much? Let me give you a glimpse of my paths (bless all of them) who created a magnificent story: I had to sit down next to our third child, my daughter, and see her die in front of my eyes – that after we lost our second son on the day of my sister wedding. The pain of letting go of that child was horrible, the pain of kissing my daughter forehead and leave her so she could die was HUGE. And still that pain was NOTHING compared to letting go of that story in order to let space be part of me. That story constructed me, I was that story. To let go of everything I used to associate with felt as if I was being torn apart from the inside. That inner sensation, that letting go of the story of myself, was the most painful experience I ever had. It knocked this thing I called “me” down, and I can assure you, most people don’t dare to go as far as I did. Not  nor emotional pain (I had both bless the one), none of them came even close to untangling my subconscious. It is a death experience, and since most humans are driven by fear of death awareness brings up resistance which ends up with suffering (or he’ll, depends when you resist).

What allowed me go via this process? Love, compassion, kindness, happiness, stillness”, which are the gifts of experiences that my teacher given me by being them. These gifts led to a state of gratitude, and peace. They allowed the true “I” to be experienced. My false sense of self took a leap of faith into the abyss, to do the counter intuitive act of “dying” so the true “I” can experience itself. I’m aware this all sounds weird and strange if you truly believe in your story, but that is why awareness is ungrasped and unquantifiable by the mind.

This is the nature of awareness: If you want one, you’re not going to experience it. You become one by letting go of all wants and needs, of letting go of your story.

Next time you hear about information , or when you watch the candidates to the US presidency and think to yourself , realise that unless you will choose to experience an inner space of awareness, you will continue to experience a “reality” in which you let a blind people tell you what light looks like.

Break the Iceberg, discover that you are the endless sea.

Namaste

Eh’den

‍ , ‍ , ‍ , ‍ , ‍