March 2020 – Page 2 – SSL and internet security news

Work-from-Home Security Advice

March 19, 2020 infossl

covid19, epidemiology, infrastructure, Security technology, securityawareness, vpn, vulnerabilities

SANS has made freely available its “Work-from-Home Awareness Kit.” When I think about how COVID-19’s security measures are affecting organizational networks, I see several interrelated problems: One, employees are working from their home networks and sometimes from their home computers. These systems are more likely to be out of date, unpatched, and unprotected. They are … Read More “Work-from-Home Security Advice” »

The Insecurity of WordPress and Apache Struts

March 18, 2020 infossl

apache, reports, Security technology, securityengineering, vulnerabilities

Interesting data: A study that analyzed all the vulnerability disclosures between 2010 and 2019 found that around 55% of all the security bugs that have been weaponized and exploited in the wild were for two major application frameworks, namely WordPress and Apache Struts. The Drupal content management system ranked third, followed by Ruby on Rails … Read More “The Insecurity of WordPress and Apache Struts” »

TSA Admits Liquid Ban Is Security Theater

March 16, 2020 infossl

airtravel, medicine, Security technology, securitytheater, tsa

The TSA is allowing people to bring larger bottles of hand sanitizer with them on airplanes: Passengers will now be allowed to travel with containers of liquid hand sanitizer up to 12 ounces. However, the agency cautioned that the shift could mean slightly longer waits at checkpoint because the containers may have to be screened … Read More “TSA Admits Liquid Ban Is Security Theater” »

Friday Squid Blogging: New Report on Squid Markets

March 13, 2020 infossl

Security technology, squid

This report costs $2,000. (Please don’t buy it for me.) As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico

The EARN-IT Act

March 13, 2020 infossl

backdoors, children, cryptography, cryptowars, encryption, Security technology

Prepare for another attack on encryption in the U.S. The EARN-IT Act purports to be about protecting children from predation, but it’s really about forcing the tech companies to break their encryption schemes: The EARN IT Act would create a “National Commission on Online Child Sexual Exploitation Prevention” tasked with developing “best practices” for owners … Read More “The EARN-IT Act” »

The Whisper Secret-Sharing App Exposed Locations

March 12, 2020 infossl

blackmail, children, datacollection, dataloss, leaks, secretsharing, Security technology

This is a big deal: Whisper, the secret-sharing app that called itself the “safest place on the Internet,” left years of users’ most intimate confessions exposed on the Web tied to their age, location and other details, raising alarm among cybersecurity researchers that users could have been unmasked or blackmailed. […] The records were viewable … Read More “The Whisper Secret-Sharing App Exposed Locations” »

LA Covers Up Bad Cybersecurity

March 11, 2020 infossl

coverups, cybersecurity, Security technology, utilities, vulnerabilities

This is bad in several dimensions. The Los Angeles Department of Water and Power has been accused of deliberately keeping widespread gaps in its cybersecurity a secret from regulators in a large-scale coverup involving the city’s mayor. Powered by WPeMatico

CIA Dirty Laundry Aired

March 10, 2020 infossl

cia, cybersecurity, hacking, leaks, passwords, Security technology

Joshua Schulte, the CIA employee standing trial for leaking the Wikileaks Vault 7 CIA hacking tools, maintains his innocence. And during the trial, a lot of shoddy security and sysadmin practices are coming out: All this raises a question, though: just how bad is the CIA’s security that it wasn’t able to keep Schulte out, … Read More “CIA Dirty Laundry Aired” »

Cybersecurity Law Casebook

March 9, 2020 infossl

courts, cybersecurity, laws, Security technology

Robert Chesney teaches cybersecurity at the University of Texas School of Law. He recently published a fantastic casebook, which is a good source for anyone studying this. Powered by WPeMatico

Friday Squid Blogging: The Effect of Noise on Squid

March 6, 2020 infossl

Security technology, squid

Two articles. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico