Category: securityengineering

Auto Added by WPeMatico

Security and Privacy Guidelines for the Internet of Things

Posted on By infossl
internetofthings, privacy, Security technology, securityengineering, securitystandards

Lately, I have been collecting IoT security and privacy guidelines. Here’s everything I’ve found: “Internet of Things (IoT) Broadband Internet Technical Advisory Group, Broadband Internet Technical Advisory Group, Nov 2016. “IoT Security Guidance,” Open Web Application Security Project (OWASP), May 2016. “Strategic Principles for Securing the Internet of Things (IoT),” US Department of Homeland Security, … Read More “Security and Privacy Guidelines for the Internet of Things” »

Cryptkeeper Bug

Posted on By infossl
backdoors, encryption, linux, Security technology, securityengineering

The Linux encryption app Cryptkeeper has a rather stunning security bug: the single-character decryption key “p” decrypts everything: The flawed version is in Debian 9 (Stretch), currently in testing, but not in Debian 8 (Jessie). The bug appears to be a result of a bad interaction with the encfs encrypted filesystem’s command line interface: Cryptkeeper … Read More “Cryptkeeper Bug” »

Security Design: Stop Trying to Fix the User

Posted on By infossl
essays, passwords, Security technology, securityengineering, usability, usb

Every few years, a researcher replicates a security study by littering USB sticks around an organization’s grounds and waiting to see how many people pick them up and plug them in, causing the autorun function to install innocuous malware on their computers. These studies are great for making security professionals feel superior. The researchers get … Read More “Security Design: Stop Trying to Fix the User” »

The Cost of Cyberattacks Is Less than You Might Think

Posted on By infossl
academicpapers, costbenefitanalysis, cyberattack, cybersecurity, databreaches, externalities, nationalsecuritypolicy, nist, reputation, Security technology, securityengineering, securitystandards

Interesting research from Sasha Romanosky at RAND: Abstract: In 2013, the US President signed an executive order designed to help secure the nation’s critical infrastructure from cyberattacks. As part of that order, he directed the National Institute for Standards and Technology (NIST) to develop a framework that would become an authoritative source for information security … Read More “The Cost of Cyberattacks Is Less than You Might Think” »

Detecting When a Smartphone Has Been Compromised

Posted on By infossl
academicpapers, malware, phones, Security technology, securityengineering, tracking

Andrew “bunnie” Huang and Edward Snowden have designed a smartphone case that detects unauthorized transmissions by the phone. Paper. Three news articles. Looks like a clever design. Of course, it has to be outside the device; otherwise, it could be compromised along with the device. Note that this is still in the research design stage; … Read More “Detecting When a Smartphone Has Been Compromised” »

Real-World Security and the Internet of Things

Posted on By infossl
cybersecurity, hacking, internetofthings, movieplotthreats, nationalsecuritypolicy, nsa, Security technology, securityengineering

Disaster stories involving the Internet of Things are all the rage. They feature cars (both driven and driverless), the power grid, dams, and tunnel ventilation systems. A particularly vivid and realistic one, near-future fiction published last month in New York Magazine, described a cyberattack on New York that involved hacking of cars, the water system, … Read More “Real-World Security and the Internet of Things” »