Category: computersecurity

Auto Added by WPeMatico

Mapping Security and Privacy Research across the Decades

Posted on By infossl
academicpapers, computersecurity, historyofsecurity, privacy, Security technology

This is really interesting: “A Data-Driven Reflection on 36 Years of Security and Privacy Research,” by Aniqua Baset and Tamara Denning: Abstract: Meta-research—research about research—allows us, as a community, to examine trends in our research and make informed decisions regarding the course of our future research activities. Additionally, overviews of past research are particularly useful … Read More “Mapping Security and Privacy Research across the Decades” »

Measuring the Security of IoT Devices

Posted on By infossl
computersecurity, cybersecurity, internetofthings, Security technology

In August, CyberITL completed a large-scale survey of software security practices in the IoT environment, by looking at the compiled software. Data Collected: 22 Vendors 1,294 Products 4,956 Firmware versions 3,333,411 Binaries analyzed Date range of data: 2003-03-24 to 2019-01-24 (varies by vendor, most up to 2018 releases) […] This dataset contains products such as … Read More “Measuring the Security of IoT Devices” »

Attacking the Intel Secure Enclave

Posted on By infossl
academicpapers, computersecurity, intel, malware, Security technology

Interesting paper by Michael Schwarz, Samuel Weiser, Daniel Gruss. The upshot is that both Intel and AMD have assumed that trusted enclaves will run only trustworthy code. Of course, that’s not true. And there are no security mechanisms that can deal with malicious enclaves, because the designers couldn’t imagine that they would be necessary. The … Read More “Attacking the Intel Secure Enclave” »

Evaluating the GCHQ Exceptional Access Proposal

Posted on By infossl
backdoors, computersecurity, crime, cryptowars, eavesdropping, essays, gchq, lawenforcement, Security technology, vulnerabilities

The so-called Crypto Wars have been going on for 25 years now. Basically, the FBI — and some of their peer agencies in the UK, Australia, and elsewhere — argue that the pervasive use of civilian encryption is hampering their ability to solve crimes and that they need the tech companies to make their systems … Read More “Evaluating the GCHQ Exceptional Access Proposal” »

Security Vulnerability in ESS ExpressVote Touchscreen Voting Computer

Posted on By infossl
computersecurity, Security technology, securityengineering, voting, vulnerabilities

Of course the ESS ExpressVote voting computer will have lots of security vulnerabilities. It’s a computer, and computers have lots of vulnerabilities. This particular vulnerability is particularly interesting because it’s the result of a security mistake in the design process. Someone didn’t think the security through, and the result is a voter-verifiable paper audit trail … Read More “Security Vulnerability in ESS ExpressVote Touchscreen Voting Computer” »

Hacking Police Bodycams

Posted on By infossl
computersecurity, hacking, police, privacy, Security technology, vulnerabilities

Suprising no one, the security of police bodycams is terrible. Mitchell even realized that because he can remotely access device storage on models like the Fire Cam OnCall, an attacker could potentially plant malware on some of the cameras. Then, when the camera connects to a PC for syncing, it could deliver all sorts of … Read More “Hacking Police Bodycams” »