Last week, President Obama issued a policy directive (PPD-41) on cyber-incident response coordination. The FBI is in charge, which is no surprise. Actually, there’s not much surprising in the document. I suppose it’s important to formalize this stuff, but I think it’s what happens now. News article. Brief analysis. The FBI’s perspective. Powered by WPeMatico
Author: infossl
NIST is no longer recommending two-factor authentication systems that use SMS, because of their many insecurities. In the latest draft of its Digital Authentication Guideline, there’s the line: [Out of band verification] using SMS is deprecated, and will no longer be allowed in future releases of this guidance. Powered by WPeMatico
Andrew “bunnie” Huang and Edward Snowden have designed a smartphone case that detects unauthorized transmissions by the phone. Paper. Three news articles. Looks like a clever design. Of course, it has to be outside the device; otherwise, it could be compromised along with the device. Note that this is still in the research design stage; … Read More “Detecting When a Smartphone Has Been Compromised” »
Disaster stories involving the Internet of Things are all the rage. They feature cars (both driven and driverless), the power grid, dams, and tunnel ventilation systems. A particularly vivid and realistic one, near-future fiction published last month in New York Magazine, described a cyberattack on New York that involved hacking of cars, the water system, … Read More “Real-World Security and the Internet of Things” »
Russia was behind the hacks into the Democratic National Committee’s computer network that led to the release of thousands of internal emails just before the party’s convention began, U.S. intelligence agencies have reportedly concluded. The FBI is investigating. WikiLeaks promises there is more data to come. The political nature of this cyberattack means that Democrats … Read More “The Security of Our Election Systems” »
I spend a lot of time in my book Liars and Outliers on cooperating versus defecting. Cooperating is good for the group at the expense of the individual. Defecting is good for the individual at the expense of the group. Given that evolution concerns individuals, there has been a lot of controversy over how altruism … Read More “How Altruism Might Have Evolved” »
Archie McPhee sells glow-in-the-dark finger tentacles. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Powered by WPeMatico
Russia has attacked the US in cyberspace in an attempt to influence our national election, many experts have concluded. We need to take this national security threat seriously and both respond and defend, despite the partisan nature of this particular attack. There is virtually no debate about that, either from the technical experts who analyzed … Read More “Hacking the Vote” »
The Open Technology Institute of the New America Foundation has released a policy paper on the vulnerabilities equities process: “Bugs in the System: A Primer on the Software Vulnerability Ecosystem and its Policy Implications.” Their policy recommendations: Minimize participation in the vulnerability black market. Establish strong, clear procedures for disclosure when it discovers and acquires … Read More “More on the Vulnerabilities Equities Process” »
The thing about infrastructure is that everyone uses it. If it’s secure, it’s secure for everyone. And if it’s insecure, it’s insecure for everyone. This forces some hard policy choices. When I was working with the Guardian on the Snowden documents, the one top-secret program the NSA desperately did not want us to expose was … Read More “The Democratization of Cyberattack” »