Category: cybersecurity

Auto Added by WPeMatico

The Conviction of Uber’s Chief Security Officer

Posted on By infossl
courts, cover-ups, cyberattack, cybersecurity, data breaches, data protection, Security technology, uber, Uncategorized

I have been meaning to write about Joe Sullivan, Uber’s former Chief Security Officer. He was convicted of crimes related to covering up a cyberattack against Uber. It’s a complicated case, and I’m not convinced that he deserved a guilty ruling or that it’s a good thing for the industry. I may still write something, … Read More “The Conviction of Uber’s Chief Security Officer” »

October Is Cybersecurity Awareness Month

Posted on By infossl
cybersecurity, history of security, security education, Security technology, Uncategorized

For the past nineteen years, October has been Cybersecurity Awareness Month here in the US, and that event that has always been part advice and part ridicule. I tend to fall on the apathy end of the spectrum; I don’t think I’ve ever mentioned it before. But the memes can be funny. Here’s a decent … Read More “October Is Cybersecurity Awareness Month” »

New Report on IoT Security

Posted on By infossl
cybersecurity, Internet of Things, reports, security engineering, Security technology, Uncategorized

The Atlantic Council has published a report on securing the Internet of Things: “Security in the Billions: Toward a Multinational Strategy to Better Secure the IoT Ecosystem.” The report examines the regulatory approaches taken by four countries—the US, the UK, Australia, and Singapore—to secure home, medical, and networking/telecommunications devices. The report recommends that regulators should … Read More “New Report on IoT Security” »

USB “Rubber Ducky” Attack Tool

Posted on By infossl
cyberattack, cybersecurity, hacking, Security technology, Uncategorized, usb

The USB Rubber Ducky is getting better and better. Already, previous versions of the Rubber Ducky could carry out attacks like creating a fake Windows pop-up box to harvest a user’s login credentials or causing Chrome to send all saved passwords to an attacker’s webserver. But these attacks had to be carefully crafted for specific … Read More “USB “Rubber Ducky” Attack Tool” »

Securing Open-Source Software

Posted on By infossl
cybersecurity, infrastructure, open source, Security technology, Uncategorized

Good essay arguing that open-source software is a critical national-security asset and needs to be treated as such: Open source is at least as important to the economy, public services, and national security as proprietary code, but it lacks the same standards and safeguards. It bears the qualities of a public good and is as … Read More “Securing Open-Source Software” »

Apple’s Lockdown Mode

Posted on By infossl
apple, cybersecurity, ios, Security technology, Uncategorized, usability, vulnerabilities

I haven’t written about Apple’s Lockdown Mode yet, mostly because I haven’t delved into the details. This is how Apple describes it: Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most … Read More “Apple’s Lockdown Mode” »

When Security Locks You Out of Everything

Posted on By infossl
authentication, cybersecurity, passwords, Security technology, two-factor authentication, Uncategorized

Thought experiment story of someone who lost everything in a house fire, and now can’t log into anything: But to get into my cloud, I need my password and 2FA. And even if I could convince the cloud provider to bypass that and let me in, the backup is secured with a password which is … Read More “When Security Locks You Out of Everything” »

M1 Chip Vulnerability

Posted on By infossl
academic papers, apple, cybersecurity, hardware, malware, Security technology, Uncategorized, vulnerabilities

This is a new vulnerability against Apple’s M1 chip. Researchers say that it is unpatchable. Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory, however, have created a novel hardware attack, which combines memory corruption and speculative execution attacks to sidestep the security feature. The attack shows that pointer authentication can be defeated without leaving … Read More “M1 Chip Vulnerability” »

Security and Human Behavior (SHB) 2022

Posted on By infossl
conferences, cybersecurity, privacy, security conferences, Security technology, terrorism, Uncategorized

Today is the second day of the fifteenth Workshop on Security and Human Behavior, hosted by Ross Anderson and Alice Hutchings at the University of Cambridge. After two years of having this conference remotely on Zoom, it’s nice to be back together in person. SHB is a small, annual, invitational workshop of people studying various … Read More “Security and Human Behavior (SHB) 2022” »

The Justice Department Will No Longer Charge Security Researchers with Criminal Hacking

Posted on By infossl
courts, cybercrime, cybersecurity, national security policy, reverse engineering, Security technology, Uncategorized, vulnerabilities

Following a recent Supreme Court ruling, the Justice Department will no longer prosecute “good faith” security researchers with cybercrimes: The policy for the first time directs that good-faith security research should not be charged. Good faith security research means accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw … Read More “The Justice Department Will No Longer Charge Security Researchers with Criminal Hacking” »