Category: incentives

Auto Added by WPeMatico

Microsoft and Security Incentives

Posted on By infossl
cybersecurity, incentives, microsoft, national security policy, Security technology, Uncategorized

Former senior White House cyber policy director A. J. Grotto talks about the economic incentives for companies to improve their security—in particular, Microsoft: Grotto told us Microsoft had to be “dragged kicking and screaming” to provide logging capabilities to the government by default, and given the fact the mega-corp banked around $20 billion in revenue … Read More “Microsoft and Security Incentives” »

Australia Increases Fines for Massive Data Breaches

Posted on By infossl
australia, cyberattack, data breaches, incentives, Security technology, Uncategorized

After suffering two large, and embarrassing, data breaches in recent weeks, the Australian government increased the fine for serious data breaches from $2.2 million to a minimum of $50 million. (That’s $50 million AUD, or $32 million USD.) This is a welcome change. The problem is one of incentives, and Australia has now increased the … Read More “Australia Increases Fines for Massive Data Breaches” »

On Vulnerability-Adjacent Vulnerabilities

Posted on By infossl
exploits, incentives, patching, Security technology, Uncategorized, zero-day

At the virtual Enigma Conference, Google’s Project Zero’s Maggie Stone gave a talk about zero-day exploits in the wild. In it, she talked about how often vendors fix vulnerabilities only to have the attackers tweak their exploits to work again. From a MIT Technology Review article: Soon after they were spotted, the researchers saw one … Read More “On Vulnerability-Adjacent Vulnerabilities” »

Programmers Who Don’t Understand Security Are Poor at Security

Posted on By infossl
incentives, programming, psychologyofsecurity, Security technology, securityengineering

A university study confirmed the obvious: if you pay a random bunch of freelance programmers a small amount of money to write security software, they’re not going to do a very good job at it. In an experiment that involved 43 programmers hired via the Freelancer.com platform, University of Bonn academics have discovered that developers … Read More “Programmers Who Don’t Understand Security Are Poor at Security” »

NSA Collects MS Windows Error Information

Posted on By infossl
espionage, hacking, incentives, microsoft, nsa, Security technology, vulnerabilities, windows, zeroday

Back in 2013, Der Spiegel reported that the NSA intercepts and collects Windows bug reports: One example of the sheer creativity with which the TAO spies approach their work can be seen in a hacking method they use that exploits the error-proneness of Microsoft’s Windows. Every user of the operating system is familiar with the … Read More “NSA Collects MS Windows Error Information” »

Surveillance Intermediaries

Posted on By infossl
academicpapers, courts, incentives, laws, nationalsecuritypolicy, privacy, Security technology, surveillance

Interesting law-journal article: “Surveillance Intermediaries,” by Alan Z. Rozenshtein. Abstract:Apple’s 2016 fight against a court order commanding it to help the FBI unlock the iPhone of one of the San Bernardino terrorists exemplifies how central the question of regulating government surveillance has become in American politics and law. But scholarly attempts to answer this question … Read More “Surveillance Intermediaries” »

Security Economics of the Internet of Things

Posted on By infossl
denialofservice, economicsofsecurity, embeddedsystems, incentives, internetofthings, nationalsecuritypolicy, patching, Security technology

Brian Krebs is a popular reporter on the cybersecurity beat. He regularly exposes cybercriminals and their tactics, and consequently is regularly a target of their ire. Last month, he wrote about an online attack-for-hire service that resulted in the arrest of the two proprietors. In the aftermath, his site was taken down by a massive … Read More “Security Economics of the Internet of Things” »