securityengineering – Page 4 – SSL and internet security news

New IoT Security Regulations

November 13, 2018 infossl

essays, internetofthings, nationalsecuritypolicy, Security technology, securityengineering

Due to ever-evolving technological advances, manufacturers are connecting consumer goods — from toys to light bulbs to major appliances — to the Internet at breakneck speeds. This is the Internet of Things, and it’s a security nightmare. The Internet of Things fuses products with communications technology to make daily life more effortless. Think Amazon’s Alexa, … Read More “New IoT Security Regulations” »

Consumer Reports Reviews Wireless Home-Security Cameras

November 7, 2018 infossl

cameras, internetofthings, Security technology, securityengineering, vulnerabilities

Consumer Reports is starting to evaluate the security of IoT devices. As part of that, it’s reviewing wireless home-security cameras. It found significant security vulnerabilities in D-Link cameras: In contrast, D-Link doesn’t store video from the DCS-2630L in the cloud. Instead, the camera has its own, onboard web server, which can deliver video to the … Read More “Consumer Reports Reviews Wireless Home-Security Cameras” »

Security of Solid-State-Drive Encryption

November 6, 2018 infossl

academicpapers, encryption, firmware, hardware, reverseengineering, Security technology, securityengineering, vulnerabilities

Interesting research: “Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs)“: Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware. In theory, the security guarantees offered by hardware encryption are similar to or better than software implementations. In reality, we found that many hardware implementations have … Read More “Security of Solid-State-Drive Encryption” »

Buying Used Voting Machines on eBay

November 1, 2018 infossl

ebay, secrecy, Security technology, securityengineering, voting

This is not surprising: This year, I bought two more machines to see if security had improved. To my dismay, I discovered that the newer model machines — those that were used in the 2016 election — are running Windows CE and have USB ports, along with other components, that make them even easier to … Read More “Buying Used Voting Machines on eBay” »

Security Vulnerability in ESS ExpressVote Touchscreen Voting Computer

September 20, 2018 infossl

computersecurity, Security technology, securityengineering, voting, vulnerabilities

Of course the ESS ExpressVote voting computer will have lots of security vulnerabilities. It’s a computer, and computers have lots of vulnerabilities. This particular vulnerability is particularly interesting because it’s the result of a security mistake in the design process. Someone didn’t think the security through, and the result is a voter-verifiable paper audit trail … Read More “Security Vulnerability in ESS ExpressVote Touchscreen Voting Computer” »

Public Shaming of Companies for Bad Security

September 18, 2018 infossl

psychologyofsecurity, Security technology, securityengineering, securitypolicies

Troy Hunt makes some good points, with good examples. Powered by WPeMatico

Thomas Dullien on Complexity and Security

June 14, 2018 infossl

audio, complexity, conferences, Security technology, securityconferences, securityengineering, video

For many years, I have said that complexity is the worst enemy of security. At CyCon earlier this month, Thomas Dullien gave an excellent talk on the subject with far more detail than I’ve ever provided. Video. Slides. Powered by WPeMatico

New iPhone OS May Include Device-Unlocking Security

June 12, 2018 infossl

apple, cybersecurity, ios, iphone, operatingsystems, Security technology, securityengineering

iOS 12, the next release of Apple’s iPhone operating system, may include features to prevent someone from unlocking your phone without your permission: The feature essentially forces users to unlock the iPhone with the passcode when connecting it to a USB accessory everytime the phone has not been unlocked for one hour. That includes the … Read More “New iPhone OS May Include Device-Unlocking Security” »

Ray Ozzie’s Encryption Backdoor

May 7, 2018 infossl

backdoors, cryptography, cryptowars, encryption, keyescrow, lawenforcement, Security technology, securityengineering

Last month, Wired published a long article about Ray Ozzie and his supposed new scheme for adding a backdoor in encrypted devices. It’s a weird article. It paints Ozzie’s proposal as something that “attains the impossible” and “satisfies both law enforcement and privacy purists,” when (1) it’s barely a proposal, and (2) it’s essentially the … Read More “Ray Ozzie’s Encryption Backdoor” »

Artificial Intelligence and the Attack/Defense Balance

March 15, 2018 infossl

artificialintelligence, essays, Security technology, securityengineering, vulnerabilities

Artificial intelligence technologies have the potential to upend the longstanding advantage that attack has over defense on the Internet. This has to do with the relative strengths and weaknesses of people and computers, how those all interplay in Internet security, and where AI technologies might change things. You can divide Internet security tasks into two … Read More “Artificial Intelligence and the Attack/Defense Balance” »