Informations about SSL certificates and networks security
After years of claiming that the Terrorist Screening Database is kept secret within the government, we have now learned that the DHS shares it “with more than 1,400 private entities, including hospitals and universities….” Critics say that the watchlist is wildly overbroad and mismanaged, and that large numbers of people wrongly included on the list … Read More “Can Everybody Read the US Terrorist Watch List?” »
Notice this bit from an article on the arrest of Christopher Hasson: It was only after Hasson’s arrest last Friday at his workplace that the chilling plans prosecutors assert he was crafting became apparent, detected by an internal Coast Guard program that watches for any “insider threat.” The program identified suspicious computer activity tied to … Read More ““Insider Threat” Detection Software” »
A research group at NATO’s Strategic Communications Center of Excellence catfished soldiers involved in an European military exercise — we don’t know what country they were from — to demonstrate the power of the attack technique. Over four weeks, the researchers developed fake pages and closed groups on Facebook that looked like they were associated … Read More “Attacking Soldiers on Social Media” »
There’s new research on the security of password managers, specifically 1Password, Dashlane, KeePass, and Lastpass. This work specifically looks at password leakage on the host computer. That is, does the password manager accidentally leave plaintext copies of the password lying around memory? All password managers we examined sufficiently secured user secrets while in a “not … Read More “On the Security of Password Managers” »
Really: After years of “making do” with the available technology for his squid studies, Mooney created a versatile tag that allows him to research squid behavior. With the help of Kakani Katija, an engineer adapting the tag for jellyfish at California’s Monterey Bay Aquarium Research Institute (MBARI), Mooney’s team is creating a replicable system flexible … Read More “Friday Squid Blogging: A Tracking Device for Squid” »
Really interesting article by and interview with Paul M. Nakasone (Commander of U.S. Cyber Command, Director of the National Security Agency, and Chief of the Central Security Service) in the current issue of Joint Forces Quarterly. He talks about the evolving role of US CyberCommand, and it’s new posture of “persistent engagement” using a “cyber-presistant … Read More “Gen. Nakasone on US CyberCommand” »
The police are increasingly getting search warrants for information about all cellphones in a certain location at a certain time: Police departments across the country have been knocking at Google’s door for at least the last two years with warrants to tap into the company’s extensive stores of cellphone location data. Known as “reverse location … Read More “Reverse Location Search Warrants” »
At the end of January, the US Department of Homeland Security issued a warning regarding serious DNS hijacking attempts against US government domains. Brian Krebs wrote an excellent article detailing the attacks and their implications. Strongly recommended. Powered by WPeMatico
Interesting — although short and not very detailed — article about Estonia’s volunteer cyber-defense militia. Padar’s militia of amateur IT workers, economists, lawyers, and other white-hat types are grouped in the city of Tartu, about 65 miles from the Russian border, and in the capital, Tallinn, about twice as far from it. The volunteers, who’ve … Read More “Estonia’s Volunteer Cyber Militia” »
It seems that someone from a company called Swift Recovery Ltd. is impersonating me — at least on Telegram. The person is using a photo of me, and is using details of my life available on Wikipedia to convince people that they are me. They are not. If anyone has any more information — stories, … Read More “I Am Not Associated with Swift Recovery Ltd.” »