Informations about SSL certificates and networks security
Auto Added by WPeMatico
Andrew Odlyzko’s new essay is worth reading — “Cybersecurity is not very important“: Abstract: There is a rising tide of security breaches. There is an even faster rising tide of hysteria over the ostensible reason for these breaches, namely the deficient state of our information infrastructure. Yet the world is doing remarkably well overall, and … Read More “An Argument that Cybersecurity Is Basically Okay” »
Good article on the Triton malware which targets industrial control systems. Powered by WPeMatico
This will complicate things: To complicate matters, having cyber insurance might not cover everyone’s losses. Zurich American Insurance Company refused to pay out a $100 million claim from Mondelez, saying that since the U.S. and other governments labeled the NotPetya attack as an action by the Russian military their claim was excluded under the “hostile … Read More “Cybersecurity Insurance Not Paying for NotPetya Losses” »
The Crypto Wars have been waging off-and-on for a quarter-century. On one side is law enforcement, which wants to be able to break encryption, to access devices and communications of terrorists and criminals. On the other are almost every cryptographer and computer security expert, repeatedly explaining that there’s no way to provide this capability without … Read More “Cybersecurity for the Public Interest” »
I had not heard about this case before. Zurich Insurance has refused to pay Mondelez International’s claim of $100 million in damages from NotPetya. It claims it is an act of war and therefor not covered. Mondelez is suing. Those turning to cyber insurance to manage their exposure presently face significant uncertainties about its promise. … Read More “Cyberinsurance and Acts of War” »
Last week, I evaluated the security of a recent GCHQ backdoor proposal for communications systems. Furthering the debate, Nate Cardozo and Seth Schoen of EFF explain how this sort of backdoor can be detected: In fact, we think when the ghost feature is active — silently inserting a secret eavesdropping member into an otherwise end-to-end … Read More “Hacking the GCHQ Backdoor” »
Nice interview with the EFF’s director of cybersecurity, Eva Gaperon. Powered by WPeMatico
Peter Swire proposes a a pedagogic framework for teaching cybersecurity policy. Specifically, he makes real the old joke about adding levels to the OSI networking stack: an organizational layer, a government layer, and an international layer. Powered by WPeMatico
A new variant of the Shamoon malware has destroyed significant amounts of data at a UAE “heavy engineering company” and the Italian oil and gas contractor Saipem. Shamoon is the Iranian malware that was targeted against the Saudi Arabian oil company, Saudi Aramco, in 2012 and 2016. We have no idea if this new variant … Read More “New Shamoon Variant” »
This is an interesting interview with a former NSA employee about supply chain security. I consider this to be an insurmountable problem right now. Powered by WPeMatico