Category: economics of security

Auto Added by WPeMatico

Backdoor in XZ Utils That Almost Happened

Posted on By infossl
backdoors, cybersecurity, economics of security, hacking, linux, malware, open source, Security technology, social engineering, ssh, Uncategorized

Last week, the internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s an important moral to the story of the attack and its discovery: The security of the global internet depends on countless obscure pieces … Read More “Backdoor in XZ Utils That Almost Happened” »

Ross Anderson

Posted on By infossl
cryptanalysis, cryptography, cybersecurity, economics of security, security conferences, security engineering, Security technology, Uncategorized

Ross Anderson unexpectedly passed away Thursday night in, I believe, his home in Cambridge. I can’t remember when I first met Ross. Of course it was before 2008, when we created the Security and Human Behavior workshop. It was well before 2001, when we created the Workshop on Economics and Information Security. (Okay, he created … Read More “Ross Anderson” »

Google Pays $10M in Bug Bounties in 2023

Posted on By infossl
economics of security, google, Security technology, Uncategorized, vulnerabilities

BleepingComputer has the details. It’s $2M less than in 2022, but it’s still a lot. The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the program’s launch in 2010 has reached $59 million. For Android, the world’s most popular and widely used mobile operating system, the program awarded … Read More “Google Pays $10M in Bug Bounties in 2023” »

Drones and the US Air Force

Posted on By infossl
defense, Department of Defense, drones, economics of security, Security technology, Uncategorized, war

Fascinating analysis of the use of drones on a modern battlefield—that is, Ukraine—and the inability of the US Air Force to react to this change. The F-35A certainly remains an important platform for high-intensity conventional warfare. But the Air Force is planning to buy 1,763 of the aircraft, which will remain in service through the … Read More “Drones and the US Air Force” »

The Security Vulnerabilities of Message Interoperability

Posted on By infossl
academic papers, authentication, economics of security, privacy, psychology of security, Security technology, Uncategorized

Jenny Blessing and Ross Anderson have evaluated the security of systems designed to allow the various Internet messaging platforms to interoperate with each other: The Digital Markets Act ruled that users on different platforms should be able to exchange messages with each other. This opens up a real Pandora’s box. How will the networks manage … Read More “The Security Vulnerabilities of Message Interoperability” »

Hacking the Tax Code

Posted on By infossl
economics of security, hacking, laws, loopholes, Security technology, Uncategorized

The tax code isn’t software. It doesn’t run on a computer. But it’s still code. It’s a series of algorithms that takes an input—financial information for the year—and produces an output: the amount of tax owed. It’s incredibly complex code; there are a bazillion details and exceptions and special cases. It consists of government laws, … Read More “Hacking the Tax Code” »

SolarWinds and Market Incentives

Posted on By infossl
breaches, data breaches, economics of security, essays, Security technology, Uncategorized

In early 2021, IEEE Security and Privacy asked a number of board members for brief perspectives on the SolarWinds incident while it was still breaking news. This was my response. The penetration of government and corporate networks worldwide is the result of inadequate cyberdefenses across the board. The lessons are many, but I want to … Read More “SolarWinds and Market Incentives” »

Insurance Coverage for NotPetya Losses

Posted on By infossl
cyberattack, cybersecurity, economics of security, insurance, russia, Security technology, ukraine, Uncategorized

Tarah Wheeler and Josephine Wolff analyze a recent court decision that the NotPetya attacks are not considered an act of war under the wording of Merck’s insurance policy, and that the insurers must pay the $1B+ claim. Wheeler and Wolff argue that the judge “did the right thing for the wrong reasons..” Powered by WPeMatico

An Examination of the Bug Bounty Marketplace

Posted on By infossl
economics of security, hacking, reports, Security technology, Uncategorized

Here’s a fascinating report: “Bounty Everything: Hackers and the Making of the Global Bug Marketplace.” From a summary: …researchers Ryan Ellis and Yuan Stevens provide a window into the working lives of hackers who participate in “bug bounty” programs­ — programs that hire hackers to discover and report bugs or other vulnerabilities in their systems. … Read More “An Examination of the Bug Bounty Marketplace” »