cybersecurity – Page 11 – SSL and internet security news

Securing the International IoT Supply Chain

July 1, 2020 infossl

academicpapers, cybersecurity, hardware, internetofthings, Security technology, securitypolicies, supplychain

Together with Nate Kim (former student) and Trey Herr (Atlantic Council Cyber Statecraft Initiative), I have written a paper on IoT supply chain security. The basic problem we try to solve is: how to you enforce IoT security regulations when most of the stuff is made in other countries? And our solution is: enforce the … Read More “Securing the International IoT Supply Chain” »

The Unintended Harms of Cybersecurity

June 26, 2020 infossl

academicpapers, cyberattack, cybercrime, cybersecurity, riskassessment, risks, Security technology

Interesting research: “Identifying Unintended Harms of Cybersecurity Countermeasures“: Abstract: Well-meaning cybersecurity risk owners will deploy countermeasures (technologies or procedures) to manage risks to their services or systems. In some cases, those countermeasures will produce unintended consequences, which must then be addressed. Unintended consequences can potentially induce harm, adversely affecting user behaviour, user inclusion, or the … Read More “The Unintended Harms of Cybersecurity” »

Zoom Will Be End-to-End Encrypted for All Users

June 17, 2020 infossl

cybersecurity, encryption, Security technology, securityengineering, twofactorauthentication, videoconferencing

Zoom is doing the right thing: it’s making end-to-end encryption available to all users, paid and unpaid. (This is a change; I wrote about the initial decision here.) …we have identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our platform. This will enable … Read More “Zoom Will Be End-to-End Encrypted for All Users” »

Examining the US Cyber Budget

June 15, 2020 infossl

cyberattack, cybersecurity, defense, homelandsecurity, nationalsecuritypolicy, Security technology

Jason Healey takes a detailed look at the US federal cybersecurity budget and reaches an important conclusion: the US keeps saying that we need to prioritize defense, but in fact we prioritize attack. To its credit, this budget does reveal an overall growth in cybersecurity funding of about 5 percent above the fiscal 2019 estimate. … Read More “Examining the US Cyber Budget” »

New Research: “Privacy Threats in Intimate Relationships”

June 5, 2020 infossl

academicpapers, cybersecurity, privacy, Security technology, securityawareness

I just published a new paper with Karen Levy of Cornell: “Privacy Threats in Intimate Relationships.” Abstract: This article provides an overview of intimate threats: a class of privacy threats that can arise within our families, romantic partnerships, close friendships, and caregiving relationships. Many common assumptions about privacy are upended in the context of these … Read More “New Research: “Privacy Threats in Intimate Relationships”” »

AI and Cybersecurity

May 19, 2020 infossl

artificialintelligence, attribution, cybersecurity, nationalsecuritypolicy, reports, Security technology

Ben Buchanan has written “A National Security Research Agenda for Cybersecurity and Artificial Intelligence.” It’s really good — well worth reading. Powered by WPeMatico

iOS XML Bug

May 7, 2020 infossl

cybersecurity, ios, malware, Security technology, vulnerabilities

This is a good explanation of an iOS bug that allowed someone to break out of the application sandbox. A summary: What a crazy bug, and Siguza’s explanation is very cogent. Basically, it comes down to this: XML is terrible. iOS uses XML for Plists, and Plists are used everywhere in iOS (and MacOS). iOS’s … Read More “iOS XML Bug” »

ILOVEYOU Virus

May 6, 2020 infossl

cybercrime, cybersecurity, historyofcomputing, historyofsecurity, malware, Security technology

It’s the twentieth anniversary of the ILOVEYOU virus, and here are three interesting articles about it and its effects on software design. Powered by WPeMatico

Vulnerability Finding Using Machine Learning

April 20, 2020 infossl

artificialintelligence, cloudcomputing, cybersecurity, machinelearning, microsoft, Security technology, securityengineering, vulnerabilities

Microsoft is training a machine-learning system to find software bugs: At Microsoft, 47,000 developers generate nearly 30 thousand bugs a month. These items get stored across over 100 AzureDevOps and GitHub repositories. To better label and prioritize bugs at that scale, we couldn’t just apply more people to the problem. However, large volumes of semi-curated … Read More “Vulnerability Finding Using Machine Learning” »

The DoD Isn’t Fixing Its Security Problems

April 17, 2020 infossl

accountability, compliance, cybersecurity, departmentofdefense, reports, Security technology

It has produced several reports outlining what’s wrong and what needs to be fixed. It’s not fixing them: GAO looked at three DoD-designed initiatives to see whether the Pentagon is following through on its own goals. In a majority of cases, DoD has not completed the cybersecurity training and awareness tasks it set out to. … Read More “The DoD Isn’t Fixing Its Security Problems” »