Category: cybersecurity

Auto Added by WPeMatico

Fake Stories in Real News Sites

Posted on By infossl
cybersecurity, disinformation, fakenews, hacking, propaganda, russia, Security technology

Fireeye is reporting that a hacking group called Ghostwriter broke into the content management systems of Eastern European news sites to plant fake stories. From a Wired story: The propagandists have created and disseminated disinformation since at least March 2017, with a focus on undermining NATO and the US troops in Poland and the Baltics; … Read More “Fake Stories in Real News Sites” »

Update on NIST’s Post-Quantum Cryptography Program

Posted on By infossl
cryptography, cybersecurity, nist, quantumcomputing, quantumcryptography, Security technology

NIST has posted an update on their post-quantum cryptography program: After spending more than three years examining new approaches to encryption and data protection that could defeat an assault from a quantum computer, the National Institute of Standards and Technology (NIST) has winnowed the 69 submissions it initially received down to a final group of … Read More “Update on NIST’s Post-Quantum Cryptography Program” »

NSA on Securing VPNs

Posted on By infossl
cryptography, cybersecurity, nsa, Security technology, securityanalysis, vpn

The NSA’s Central Security Service — that’s the part that’s supposed to work on defense — has released two documents (a full and an abridged version) on securing virtual private networks. Some of it is basic, but it contains good information. Maintaining a secure VPN tunnel can be complex and requires regular maintenance. To maintain … Read More “NSA on Securing VPNs” »

IoT Security Principles

Posted on By infossl
cybersecurity, internetofthings, Security technology, securityengineering

The BSA — also known as the Software Alliance, formerly the Business Software Alliance (which explains the acronym) — is an industry lobbying group. They just published “Policy Principles for Building a Secure and Trustworthy Internet of Things.” They call for: Distinguishing between consumer and industrial IoT. Offering incentives for integrating security. Harmonizing national and … Read More “IoT Security Principles” »

Hacked by Police

Posted on By infossl
crime, cybersecurity, france, hacking, lawenforcement, phones, Security technology, securityengineering

French police hacked EncroChat secure phones, which are widely used by criminals: Encrochat’s phones are essentially modified Android devices, with some models using the “BQ Aquaris X2,” an Android handset released in 2018 by a Spanish electronics company, according to the leaked documents. Encrochat took the base unit, installed its own encrypted messaging programs which … Read More “Hacked by Police” »

Securing the International IoT Supply Chain

Posted on By infossl
academicpapers, cybersecurity, hardware, internetofthings, Security technology, securitypolicies, supplychain

Together with Nate Kim (former student) and Trey Herr (Atlantic Council Cyber Statecraft Initiative), I have written a paper on IoT supply chain security. The basic problem we try to solve is: how to you enforce IoT security regulations when most of the stuff is made in other countries? And our solution is: enforce the … Read More “Securing the International IoT Supply Chain” »

The Unintended Harms of Cybersecurity

Posted on By infossl
academicpapers, cyberattack, cybercrime, cybersecurity, riskassessment, risks, Security technology

Interesting research: “Identifying Unintended Harms of Cybersecurity Countermeasures“: Abstract: Well-meaning cybersecurity risk owners will deploy countermeasures (technologies or procedures) to manage risks to their services or systems. In some cases, those countermeasures will produce unintended consequences, which must then be addressed. Unintended consequences can potentially induce harm, adversely affecting user behaviour, user inclusion, or the … Read More “The Unintended Harms of Cybersecurity” »

Zoom Will Be End-to-End Encrypted for All Users

Posted on By infossl
cybersecurity, encryption, Security technology, securityengineering, twofactorauthentication, videoconferencing

Zoom is doing the right thing: it’s making end-to-end encryption available to all users, paid and unpaid. (This is a change; I wrote about the initial decision here.) …we have identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our platform. This will enable … Read More “Zoom Will Be End-to-End Encrypted for All Users” »

Examining the US Cyber Budget

Posted on By infossl
cyberattack, cybersecurity, defense, homelandsecurity, nationalsecuritypolicy, Security technology

Jason Healey takes a detailed look at the US federal cybersecurity budget and reaches an important conclusion: the US keeps saying that we need to prioritize defense, but in fact we prioritize attack. To its credit, this budget does reveal an overall growth in cybersecurity funding of about 5 percent above the fiscal 2019 estimate. … Read More “Examining the US Cyber Budget” »

New Research: “Privacy Threats in Intimate Relationships”

Posted on By infossl
academicpapers, cybersecurity, privacy, Security technology, securityawareness

I just published a new paper with Karen Levy of Cornell: “Privacy Threats in Intimate Relationships.” Abstract: This article provides an overview of intimate threats: a class of privacy threats that can arise within our families, romantic partnerships, close friendships, and caregiving relationships. Many common assumptions about privacy are upended in the context of these … Read More “New Research: “Privacy Threats in Intimate Relationships”” »