cybersecurity – Page 3 – SSL and internet security news

On Software Liabilities

February 8, 2024 infossl

academic papers, cybersecurity, Security technology, software liability, Uncategorized, vulnerabilities

Over on Lawfare, Jim Dempsey published a really interesting proposal for software liability: “Standard for Software Liability: Focus on the Product for Liability, Focus on the Process for Safe Harbor.” Section 1 of this paper sets the stage by briefly describing the problem to be solved. Section 2 canvasses the different fields of law (warranty, … Read More “On Software Liabilities” »

Facebook Enables Messenger End-to-End Encryption by Default

December 11, 2023 infossl

cybersecurity, encryption, facebook, Meta, Security technology, Uncategorized

It’s happened. Details here, and tech details here (for messages in transit) and here (for messages in storage) Rollout to everyone will take months, but it’s a good day for both privacy and security. Slashdot thread. Powered by WPeMatico

Security Analysis of a Thirteenth-Century Venetian Election Protocol

December 6, 2023 infossl

academic papers, cybersecurity, history of security, italy, protocols, Security technology, Uncategorized, voting

Interesting analysis: This paper discusses the protocol used for electing the Doge of Venice between 1268 and the end of the Republic in 1797. We will show that it has some useful properties that in addition to being interesting in themselves, also suggest that its fundamental design principle is worth investigating for application to leader … Read More “Security Analysis of a Thirteenth-Century Venetian Election Protocol” »

Ransomware Gang Files SEC Complaint

November 17, 2023 infossl

cybersecurity, data breaches, disclosure, extortion, ransomware, Security technology, Uncategorized

A ransomware gang, annoyed at not being paid, filed an SEC complaint against its victim for not disclosing its security breach within the required four days. This is over the top, but is just another example of the extreme pressure ransomware gangs put on companies after seizing their data. Gangs are now going through the … Read More “Ransomware Gang Files SEC Complaint” »

New York Increases Cybersecurity Rules for Financial Companies

November 3, 2023 infossl

banking, computer security, cybersecurity, ransomware, regulation, Security technology, Uncategorized

Another example of a large and influential state doing things the federal government won’t: Boards of directors, or other senior committees, are charged with overseeing cybersecurity risk management, and must retain an appropriate level of expertise to understand cyber issues, the rules say. Directors must sign off on cybersecurity programs, and ensure that any security … Read More “New York Increases Cybersecurity Rules for Financial Companies” »

EPA Won’t Force Water Utilities to Audit Their Cybersecurity

October 24, 2023 infossl

cybersecurity, infrastructure, national security policy, Security technology, Uncategorized, utilities

The industry pushed back: Despite the EPA’s willingness to provide training and technical support to help states and public water system organizations implement cybersecurity surveys, the move garnered opposition from both GOP state attorneys and trade groups. Republican state attorneys that were against the new proposed policies said that the call for new inspections could … Read More “EPA Won’t Force Water Utilities to Audit Their Cybersecurity” »

Security Vulnerability of Switzerland’s E-Voting System

October 17, 2023 infossl

blockchain, cybersecurity, malware, Security technology, switzerland, Uncategorized, voting

Online voting is insecure, period. This doesn’t stop organizations and governments from using it. (And for low-stakes elections, it’s probably fine.) Switzerland—not low stakes—uses online voting for national elections. Andrew Appel explains why it’s a bad idea: Last year, I published a 5-part series about Switzerland’s e-voting system. Like any internet voting system, it has … Read More “Security Vulnerability of Switzerland’s E-Voting System” »

NSA AI Security Center

October 2, 2023 infossl

artificial intelligence, cybersecurity, national security policy, nsa, Security technology, Uncategorized

The NSA is starting a new artificial intelligence security center: The AI security center’s establishment follows an NSA study that identified securing AI models from theft and sabotage as a major national security challenge, especially as generative AI technologies emerge with immense transformative potential for both good and evil. Nakasone said it would become “NSA’s … Read More “NSA AI Security Center” »

On the Cybersecurity Jobs Shortage

September 20, 2023 infossl

cybersecurity, employment, Security technology, Uncategorized

In April, Cybersecurity Ventures reported on extreme cybersecurity job shortage: Global cybersecurity job vacancies grew by 350 percent, from one million openings in 2013 to 3.5 million in 2021, according to Cybersecurity Ventures. The number of unfilled jobs leveled off in 2022, and remains at 3.5 million in 2023, with more than 750,000 of those … Read More “On the Cybersecurity Jobs Shortage” »

Remotely Stopping Polish Trains

August 28, 2023 infossl

cyberattack, cybersecurity, radio, russia, Security technology, transportation, Uncategorized

Turns out that it’s easy to broadcast radio commands that force Polish trains to stop: …the saboteurs appear to have sent simple so-called “radio-stop” commands via radio frequency to the trains they targeted. Because the trains use a radio system that lacks encryption or authentication for those commands, Olejnik says, anyone with as little as … Read More “Remotely Stopping Polish Trains” »