Informations about SSL certificates and networks security
Auto Added by WPeMatico
Construction cranes are vulnerable to hacking: In our research and vulnerability discoveries, we found that weaknesses in the controllers can be (easily) taken advantage of to move full-sized machines such as cranes used in construction sites and factories. In the different attack classes that we’ve outlined, we were able to perform the attacks quickly and … Read More “Hacking Construction Cranes” »
The US House of Representatives Committee on Oversight and Government Reform has just released a comprehensive report on the 2017 Equifax hack. It’s a great piece of writing, with a detailed timeline, root cause analysis, and lessons learned. Lance Spitzner also commented on this. Here is my testimony before before the House Subcommittee on Digital … Read More “Congressional Report on the 2017 Equifax Data Breach” »
The research group AI Now just published its annual report. It’s an excellent summary of today’s AI security challenges, as well as a policy agenda to address them. This is related, and also worth reading. Powered by WPeMatico
Interesting policy paper by Third Way: “To Catch a Hacker: Toward a comprehensive strategy to identify, pursue, and punish malicious cyber actors“: In this paper, we argue that the United States currently lacks a comprehensive overarching strategic approach to identify, stop and punish cyberattackers. We show that: There is a burgeoning cybercrime wave: A rising … Read More “How to Punish Cybercriminals” »
The US Government Accounting Office just published a new report: “Weapons Systems Cyber Security: DOD Just Beginning to Grapple with Scale of Vulnerabilities” (summary here). The upshot won’t be a surprise to any of my regular readers: they’re vulnerable. From the summary: Automation and connectivity are fundamental enablers of DOD’s modern military capabilities. However, they … Read More “Security Vulnerabilities in US Weapons Systems” »
According to a new CSIS report, “going dark” is not the most pressing problem facing law enforcement in the age of digital data: Over the past year, we conducted a series of interviews with federal, state, and local law enforcement officials, attorneys, service providers, and civil society groups. We also commissioned a survey of law … Read More “New Report on Police Digital Forensics Techniques” »
Last month, the US Department of Commerce released a report on the threat of botnets and what to do about it. I note that it explicitly said that the IoT makes the threat worse, and that the solutions are largely economic. The Departments determined that the opportunities and challenges in working toward dramatically reducing threats … Read More “Department of Commerce Report on the Botnet Threat” »
New US government report: “Report on Improving Cybersecurity in the Health Care Industry.” It’s pretty scathing, but nothing in it will surprise regular readers of this blog. It’s worth reading the executive summary, and then skimming the recommendations. Recommendations are in six areas. The Task Force identified six high-level imperatives by which to organize its … Read More “Healthcare Industry Cybersecurity Report” »
Pew Research just published their latest research data on Americans and their views on cybersecurity: This survey finds that a majority of Americans have directly experienced some form of data theft or fraud, that a sizeable share of the public thinks that their personal data have become less secure in recent years, and that many … Read More “Survey Data on Americans and Cybersecurity” »
The Center for Strategic and International Studies (CSIS) published “From Awareness to Action: A Cybersecurity Agenda for the 45th President” (press release here). There’s a lot I agree with — and some things I don’t — but these paragraphs struck me as particularly insightful: The Obama administration made significant progress but suffered from two conceptual … Read More “CSIS's Cybersecurity Agenda” »