Author: infossl

Security of Health Information

Posted on By infossl
cybersecurity, epidemiology, essays, medicine, nationalsecuritypolicy, privacy, Security technology, securitypolicies, vulnerabilities

The world is racing to contain the new COVID-19 virus that is spreading around the globe with alarming speed. Right now, pandemic disease experts at the World Health Organization (WHO), the US Centers for Disease Control and Prevention (CDC), and other public-health agencies are gathering information to learn how and where the virus is spreading. … Read More “Security of Health Information” »

Let’s Encrypt Vulnerability

Posted on By infossl
certificates, encryption, Security technology, vulnerabilities

The BBC is reporting a vulnerability in the Let’s Encrypt certificate service: In a notification email to its clients, the organisation said: “We recently discovered a bug in the Let’s Encrypt certificate authority code. “Unfortunately, this means we need to revoke the certificates that were affected by this bug, which includes one or more of … Read More “Let’s Encrypt Vulnerability” »

Wi-Fi Chip Vulnerability

Posted on By infossl
encryption, hacking, hardware, patching, Security technology, vulnerabilities, wifi

There’s a vulnerability in Wi-Fi hardware that breaks the encryption: The vulnerability exists in Wi-Fi chips made by Cypress Semiconductor and Broadcom, the latter a chipmaker Cypress acquired in 2016. The affected devices include iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices, and Wi-Fi routers from Asus and Huawei, as well as the Raspberry … Read More “Wi-Fi Chip Vulnerability” »

Facebook’s Download-Your-Data Tool Is Incomplete

Posted on By infossl
dataprotection, facebook, gdpr, privacy, Security technology

Privacy International has the details: Key facts: Despite Facebook claim, “Download Your Information” doesn’t provide users with a list of all advertisers who uploaded a list with their personal data. As a user this means you can’t exercise your rights under GDPR because you don’t know which companies have uploaded data to Facebook. Information provided … Read More “Facebook’s Download-Your-Data Tool Is Incomplete” »

Humble Bundle’s 2020 Cybersecurity Books

Posted on By infossl
books, cybersecurity, schneiernews, Security technology

For years, Humble Bundle has been selling great books at a “pay what you can afford” model. This month, they’re featuring as many as nineteen cybersecurity books for as little as $1, including four of mine. These are digital copies, all DRM-free. Part of the money goes to support the EFF or Let’s Encrypt. (The … Read More “Humble Bundle’s 2020 Cybersecurity Books” »

Deep Learning to Find Malicious Email Attachments

Posted on By infossl
email, gmail, google, machinelearning, malware, phishing, Security technology

Google presented its system of using deep-learning techniques to identify malicious email attachments: At the RSA security conference in San Francisco on Tuesday, Google’s security and anti-abuse research lead Elie Bursztein will present findings on how the new deep-learning scanner for documents is faring against the 300 billion attachments it has to process each week. … Read More “Deep Learning to Find Malicious Email Attachments” »

Securing the Internet of Things through Class-Action Lawsuits

Posted on By infossl
courts, internetofthings, laws, publicinterest, Security technology

This law journal article discusses the role of class-action litigation to secure the Internet of Things. Basically, the article postulates that (1) market realities will produce insecure IoT devices, and (2) political failures will leave that industry unregulated. Result: insecure IoT. It proposes proactive class action litigation against manufacturers of unsafe and unsecured IoT devices … Read More “Securing the Internet of Things through Class-Action Lawsuits” »

Newly Declassified Study Demonstrates Uselessness of NSA’s Phone Metadata Program

Posted on By infossl
intelligence, metadata, nationalsecuritypolicy, nsa, phones, Security technology

The New York Times is reporting on the NSA’s phone metadata program, which the NSA shut down last year: A National Security Agency system that analyzed logs of Americans’ domestic phone calls and text messages cost $100 million from 2015 to 2019, but yielded only a single significant investigation, according to a newly declassified study. … Read More “Newly Declassified Study Demonstrates Uselessness of NSA’s Phone Metadata Program” »

Firefox Enables DNS over HTTPS

Posted on By infossl
browsers, childpornography, dns, firefox, https, mozilla, Security technology, securityengineering, terrorism

This is good news: Whenever you visit a website — even if it’s HTTPS enabled — the DNS query that converts the web address into an IP address that computers can read is usually unencrypted. DNS-over-HTTPS, or DoH, encrypts the request so that it can’t be intercepted or hijacked in order to send a user … Read More “Firefox Enables DNS over HTTPS” »