securitypolicies – SSL and internet security news

Securing the International IoT Supply Chain

July 1, 2020 infossl

academicpapers, cybersecurity, hardware, internetofthings, Security technology, securitypolicies, supplychain

Together with Nate Kim (former student) and Trey Herr (Atlantic Council Cyber Statecraft Initiative), I have written a paper on IoT supply chain security. The basic problem we try to solve is: how to you enforce IoT security regulations when most of the stuff is made in other countries? And our solution is: enforce the … Read More “Securing the International IoT Supply Chain” »

Zoom’s Commitment to User Security Depends on Whether you Pay It or Not

June 4, 2020 infossl

backdoors, encryption, privacy, Security technology, securitypolicies, videoconferencing

Zoom was doing so well…. And now we have this: Corporate clients will get access to Zoom’s end-to-end encryption service now being developed, but Yuan said free users won’t enjoy that level of privacy, which makes it impossible for third parties to decipher communications. “Free users for sure we don’t want to give that because … Read More “Zoom’s Commitment to User Security Depends on Whether you Pay It or Not” »

Security of Health Information

March 5, 2020 infossl

cybersecurity, epidemiology, essays, medicine, nationalsecuritypolicy, privacy, Security technology, securitypolicies, vulnerabilities

The world is racing to contain the new COVID-19 virus that is spreading around the globe with alarming speed. Right now, pandemic disease experts at the World Health Organization (WHO), the US Centers for Disease Control and Prevention (CDC), and other public-health agencies are gathering information to learn how and where the virus is spreading. … Read More “Security of Health Information” »

West Virginia Using Internet Voting

October 19, 2018 infossl

blockchain, phones, Security technology, securitypolicies, voting

This is crazy (and dangerous). West Virginia is allowing people to vote via a smart-phone app. Even crazier, the app uses blockchain — presumably because they have no idea what the security issues with voting actually are. Powered by WPeMatico

Access Now Is Looking for a Chief Security Officer

October 9, 2018 infossl

privacy, risks, Security technology, securitypolicies

The international digital human rights organization Access Now (I am on the board) is looking to hire a Chief Security Officer. I believe that, somewhere, there is a highly qualified security person who has had enough of corporate life and wants instead of make a difference in the world. If that’s you, please consider applying. … Read More “Access Now Is Looking for a Chief Security Officer” »

The US National Cyber Strategy

October 9, 2018 infossl

cybersecurity, defense, nationalsecuritypolicy, Security technology, securitypolicies

Last month, the White House released the “National Cyber Strategy of the United States of America. I generally don’t have much to say about these sorts of documents. They’re filled with broad generalities. Who can argue with: Defend the homeland by protecting networks, systems, functions, and data; Promote American prosperity by nurturing a secure, thriving … Read More “The US National Cyber Strategy” »

Public Shaming of Companies for Bad Security

September 18, 2018 infossl

psychologyofsecurity, Security technology, securityengineering, securitypolicies

Troy Hunt makes some good points, with good examples. Powered by WPeMatico

Five-Eyes Intelligence Services Choose Surveillance Over Security

September 6, 2018 infossl

backdoors, eavesdropping, intelligence, nationalsecuritypolicy, privacy, Security technology, securitypolicies, surveillance

The Five Eyes — the intelligence consortium of the rich English-speaking countries (the US, Canada, the UK, Australia, and New Zealand) — have issued a “Statement of Principles on Access to Evidence and Encryption” where they claim their needs for surveillance outweigh everyone’s needs for security and privacy. …the increasing use and sophistication of certain … Read More “Five-Eyes Intelligence Services Choose Surveillance Over Security” »

Russia is Banning Telegram

April 23, 2018 infossl

backdoors, cellphones, encryption, jamming, russia, Security technology, securitypolicies

Russia has banned the secure messaging app Telegram. It’s making an absolute mess of the ban — blocking 16 million IP addresses, many belonging to the Amazon and Google clouds — and it’s not even clear that it’s working. But, more importantly, I’m not convinced Telegram is secure in the first place. Such a weird … Read More “Russia is Banning Telegram” »

E-Mailing Private HTTPS Keys

March 13, 2018 infossl

certificates, email, https, keys, Security technology, securitypolicies, tls

I don’t know what to make of this story: The email was sent on Tuesday by the CEO of Trustico, a UK-based reseller of TLS certificates issued by the browser-trusted certificate authorities Comodo and, until recently, Symantec. It was sent to Jeremy Rowley, an executive vice president at DigiCert, a certificate authority that acquired Symantec’s … Read More “E-Mailing Private HTTPS Keys” »