economics of security – SSL and internet security news

The Security Vulnerabilities of Message Interoperability

March 29, 2023 infossl

academic papers, authentication, economics of security, privacy, psychology of security, Security technology, Uncategorized

Jenny Blessing and Ross Anderson have evaluated the security of systems designed to allow the various Internet messaging platforms to interoperate with each other: The Digital Markets Act ruled that users on different platforms should be able to exchange messages with each other. This opens up a real Pandora’s box. How will the networks manage … Read More “The Security Vulnerabilities of Message Interoperability” »

Hacking the Tax Code

February 10, 2023 infossl

economics of security, hacking, laws, loopholes, Security technology, Uncategorized

The tax code isn’t software. It doesn’t run on a computer. But it’s still code. It’s a series of algorithms that takes an input—financial information for the year—and produces an output: the amount of tax owed. It’s incredibly complex code; there are a bazillion details and exceptions and special cases. It consists of government laws, … Read More “Hacking the Tax Code” »

SolarWinds and Market Incentives

February 8, 2023 infossl

breaches, data breaches, economics of security, essays, Security technology, Uncategorized

In early 2021, IEEE Security and Privacy asked a number of board members for brief perspectives on the SolarWinds incident while it was still breaking news. This was my response. The penetration of government and corporate networks worldwide is the result of inadequate cyberdefenses across the board. The lessons are many, but I want to … Read More “SolarWinds and Market Incentives” »

Insurance Coverage for NotPetya Losses

February 28, 2022 infossl

cyberattack, cybersecurity, economics of security, insurance, russia, Security technology, ukraine, Uncategorized

Tarah Wheeler and Josephine Wolff analyze a recent court decision that the NotPetya attacks are not considered an act of war under the wording of Merck’s insurance policy, and that the insurers must pay the $1B+ claim. Wheeler and Wolff argue that the judge “did the right thing for the wrong reasons..” Powered by WPeMatico

An Examination of the Bug Bounty Marketplace

January 17, 2022 infossl

economics of security, hacking, reports, Security technology, Uncategorized

Here’s a fascinating report: “Bounty Everything: Hackers and the Making of the Global Bug Marketplace.” From a summary: …researchers Ryan Ellis and Yuan Stevens provide a window into the working lives of hackers who participate in “bug bounty” programs — programs that hire hackers to discover and report bugs or other vulnerabilities in their systems. … Read More “An Examination of the Bug Bounty Marketplace” »

Illegal Content and the Blockchain

March 17, 2021 infossl

bitcoin, blockchain, botnets, censorship, cryptocurrency, economics of security, essays, Security technology, tor, Uncategorized

Security researchers have recently discovered a botnet with a novel defense against takedowns. Normally, authorities can disable a botnet by taking over its command-and-control server. With nowhere to go for instructions, the botnet is rendered useless. But over the years, botnet designers have come up with ways to make this counterattack harder. Now the content-delivery … Read More “Illegal Content and the Blockchain” »

WEIS 2021 Call for Papers

February 18, 2021 infossl

conferences, economics of security, Security technology, Uncategorized

The 20th Annual Workshop on the Economics of Information Security (WEIS 2021) will be held online in June. We just published the call for papers. Powered by WPeMatico