cybersecurity – Page 12 – SSL and internet security news

New Research: “Privacy Threats in Intimate Relationships”

June 5, 2020 infossl

academicpapers, cybersecurity, privacy, Security technology, securityawareness

I just published a new paper with Karen Levy of Cornell: “Privacy Threats in Intimate Relationships.” Abstract: This article provides an overview of intimate threats: a class of privacy threats that can arise within our families, romantic partnerships, close friendships, and caregiving relationships. Many common assumptions about privacy are upended in the context of these … Read More “New Research: “Privacy Threats in Intimate Relationships”” »

AI and Cybersecurity

May 19, 2020 infossl

artificialintelligence, attribution, cybersecurity, nationalsecuritypolicy, reports, Security technology

Ben Buchanan has written “A National Security Research Agenda for Cybersecurity and Artificial Intelligence.” It’s really good — well worth reading. Powered by WPeMatico

iOS XML Bug

May 7, 2020 infossl

cybersecurity, ios, malware, Security technology, vulnerabilities

This is a good explanation of an iOS bug that allowed someone to break out of the application sandbox. A summary: What a crazy bug, and Siguza’s explanation is very cogent. Basically, it comes down to this: XML is terrible. iOS uses XML for Plists, and Plists are used everywhere in iOS (and MacOS). iOS’s … Read More “iOS XML Bug” »

ILOVEYOU Virus

May 6, 2020 infossl

cybercrime, cybersecurity, historyofcomputing, historyofsecurity, malware, Security technology

It’s the twentieth anniversary of the ILOVEYOU virus, and here are three interesting articles about it and its effects on software design. Powered by WPeMatico

Vulnerability Finding Using Machine Learning

April 20, 2020 infossl

artificialintelligence, cloudcomputing, cybersecurity, machinelearning, microsoft, Security technology, securityengineering, vulnerabilities

Microsoft is training a machine-learning system to find software bugs: At Microsoft, 47,000 developers generate nearly 30 thousand bugs a month. These items get stored across over 100 AzureDevOps and GitHub repositories. To better label and prioritize bugs at that scale, we couldn’t just apply more people to the problem. However, large volumes of semi-curated … Read More “Vulnerability Finding Using Machine Learning” »

The DoD Isn’t Fixing Its Security Problems

April 17, 2020 infossl

accountability, compliance, cybersecurity, departmentofdefense, reports, Security technology

It has produced several reports outlining what’s wrong and what needs to be fixed. It’s not fixing them: GAO looked at three DoD-designed initiatives to see whether the Pentagon is following through on its own goals. In a majority of cases, DoD has not completed the cybersecurity training and awareness tasks it set out to. … Read More “The DoD Isn’t Fixing Its Security Problems” »

Kubernetes Security

April 10, 2020 infossl

cybersecurity, opensource, Security technology, securityengineering

Attack matrix for Kubernetes, using the MITRE ATT&CK framework. A good first step towards understand the security of this suddenly popular and very complex container orchestration system. Powered by WPeMatico

Cybersecurity During COVID-19

April 7, 2020 infossl

covid19, cybersecurity, hacking, phishing, Security technology

Three weeks ago (could it possibly be that long already?), I wrote about the increased risks of working remotely during the COVID-19 pandemic. One, employees are working from their home networks and sometimes from their home computers. These systems are more likely to be out of date, unpatched, and unprotected. They are more vulnerable to … Read More “Cybersecurity During COVID-19” »

Internet Voting in Puerto Rico

March 24, 2020 infossl

aclu, authentication, cybersecurity, internet, secrecy, Security technology, voting

Puerto Rico is considered allowing for Internet voting. I have joined a group of security experts in a letter opposing the bill. Cybersecurity experts agree that under current technology, no practically proven method exists to securely, verifiably, or privately return voted materials over the internet. That means that votes could be manipulated or deleted on … Read More “Internet Voting in Puerto Rico” »

LA Covers Up Bad Cybersecurity

March 11, 2020 infossl

coverups, cybersecurity, Security technology, utilities, vulnerabilities

This is bad in several dimensions. The Los Angeles Department of Water and Power has been accused of deliberately keeping widespread gaps in its cybersecurity a secret from regulators in a large-scale coverup involving the city’s mayor. Powered by WPeMatico