Informations about SSL certificates and networks security
Verizon’s Data Brief Digest 2017 describes an attack against an unnamed university by attackers who hacked a variety of IoT devices and had them spam network targets and slow them down: Analysis of the university firewall identified over 5,000 devices making hundreds of Domain Name Service (DNS) look-ups every 15 minutes, slowing the institution’s entire … Read More “IoT Attack Against a University Network” »
Duqu 2.0 is a really impressive piece of malware, related to Stuxnet and probably written by the NSA. One of its security features is that it stays resident in its host’s memory without ever writing persistent files to the system’s drives. Now, this same technique is being used by criminals: Now, fileless malware is going … Read More “Duqu Malware Techniques Used by Cybercriminals” »
Interesting article in Science discussing field research on how people are radicalized to become terrorists. The potential for research that can overcome existing constraints can be seen in recent advances in understanding violent extremism and, partly, in interdiction and prevention. Most notable is waning interest in simplistic root-cause explanations of why individuals become violent extremists … Read More “Research into the Root Causes of Terrorism” »
Pew Research just published their latest research data on Americans and their views on cybersecurity: This survey finds that a majority of Americans have directly experienced some form of data theft or fraud, that a sizeable share of the public thinks that their personal data have become less secure in recent years, and that many … Read More “Survey Data on Americans and Cybersecurity” »
There’s a really interesting paper from George Washington University on hacking back: “Into the Gray Zone: The Private Sector and Active Defense against Cyber Threats.” I’ve never been a fan of hacking back. There’s a reason we no longer issue letters of marque or allow private entities to commit crimes, and hacking back is a … Read More “Hacking Back” »
Interesting research. (Popular article here.) As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Powered by WPeMatico
The Center for Strategic and International Studies (CSIS) published “From Awareness to Action: A Cybersecurity Agenda for the 45th President” (press release here). There’s a lot I agree with — and some things I don’t — but these paragraphs struck me as particularly insightful: The Obama administration made significant progress but suffered from two conceptual … Read More “CSIS's Cybersecurity Agenda” »
Interesting research: “De-anonymizing Web Browsing Data with Social Networks“: Abstract: Can online trackers and network adversaries de-anonymize web browsing data readily available to them? We show — theoretically, via simulation, and through experiments on real user data — that de-identified web browsing histories can be linked to social media profiles using only publicly available data. … Read More “De-Anonymizing Browser History Using Social-Network Data” »
Lately, I have been collecting IoT security and privacy guidelines. Here’s everything I’ve found: “Internet of Things (IoT) Broadband Internet Technical Advisory Group, Broadband Internet Technical Advisory Group, Nov 2016. “IoT Security Guidance,” Open Web Application Security Project (OWASP), May 2016. “Strategic Principles for Securing the Internet of Things (IoT),” US Department of Homeland Security, … Read More “Security and Privacy Guidelines for the Internet of Things” »
This online safety guide was written for people concerned about being tracked and stalked online. It’s a good resource. Powered by WPeMatico