Security technology, squid
How to use squid as bait. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
Month: April 2020
accountability, compliance, cybersecurity, departmentofdefense, reports, Security technology
It has produced several reports outlining what’s wrong and what needs to be fixed. It’s not fixing them: GAO looked at three DoD-designed initiatives to see whether the Pentagon is following through on its own goals. In a majority of cases, DoD has not completed the cybersecurity training and awareness tasks it set out to. … Read More “The DoD Isn’t Fixing Its Security Problems” »
breaches, covid19, medicine, privacy, Security technology
This one isn’t even related to contact tracing: On March 17, 2020, the federal government relaxed a number of telehealth-related regulatory requirements due to COVID-19. On April 3, 2020, California Governor Gavin Newsom issued Executive Order N-43-20 (the Order), which relaxes various telehealth reporting requirements, penalties, and enforcements otherwise imposed under state laws, including those … Read More “California Needlessly Reduces Privacy During COVID-19 Pandemic” »
apple, covid19, epidemiology, google, privacy, Security technology, tracing, tracking
Google and Apple have announced a joint project to create a privacy-preserving COVID-19 contact tracing app. (Details, such as we have them, are here.) It’s similar to the app being developed at MIT, and similar to others being described and developed elsewhere. It’s nice seeing the privacy protections; they’re well thought out. I was going … Read More “Contact Tracing COVID-19 Infections via Smartphone Apps” »
Security technology, squid
The squid drawings of Yuuki Tokuda are simply incredible. I tried to figure out how to buy one of them, but everything is in Japanese. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by … Read More “Friday Squid Blogging: Amazingly Realistic Squid Drawings” »
cybersecurity, opensource, Security technology, securityengineering
Attack matrix for Kubernetes, using the MITRE ATT&CK framework. A good first step towards understand the security of this suddenly popular and very complex container orchestration system. Powered by WPeMatico
dns, microsoft, Security technology, securityengineering, wifi
A few months ago, Brian Krebs told the story of the domain corp.com, and how it is basically a security nightmare: At issue is a problem known as “namespace collision,” a situation where domain names intended to be used exclusively on an internal company network end up overlapping with domains that can resolve normally on … Read More “Microsoft Buys Corp.com” »
crowdsourcing, cryptography, encryption, rsa, Security technology
RSA-250 has been factored. This computation was performed with the Number Field Sieve algorithm, using the open-source CADO-NFS software. The total computation time was roughly 2700 core-years, using Intel Xeon Gold 6130 CPUs as a reference (2.1GHz): RSA-250 sieving: 2450 physical core-years RSA-250 matrix: 250 physical core-years The computation involved tens of thousands of machines … Read More “RSA-250 Factored” »
covid19, cybersecurity, hacking, phishing, Security technology
Three weeks ago (could it possibly be that long already?), I wrote about the increased risks of working remotely during the COVID-19 pandemic. One, employees are working from their home networks and sometimes from their home computers. These systems are more likely to be out of date, unpatched, and unprotected. They are more vulnerable to … Read More “Cybersecurity During COVID-19” »
authentication, credentials, malware, microsoft, phishing, Security technology
Microsoft is reporting that an Emotat malware infection shut down a network by causing computers to overheat and then crash. The Emotet payload was delivered and executed on the systems of Fabrikam — a fake name Microsoft gave the victim in their case study — five days after the employee’s user credentials were exfiltrated to … Read More “Emotat Malware Causes Physical Damage” »