Uncategorized – Page 37 – SSL and internet security news

Messaging Service Wiretap Discovered through Expired TLS Cert

October 27, 2023 infossl

certificates, man-in-the-middle attacks, privacy, Security technology, surveillance, tls, Uncategorized

Fascinating story of a covert wiretap that was discovered because of an expired TLS certificate: The suspected man-in-the-middle attack was identified when the administrator of jabber.ru, the largest Russian XMPP service, received a notification that one of the servers’ certificates had expired. However, jabber.ru found no expired certificates on the server, as explained in … Read More “Messaging Service Wiretap Discovered through Expired TLS Cert” »

New NSA Information from (and About) Snowden

October 26, 2023 infossl

Edward Snowden, Guardian, New York Times, nsa, privacy, Security technology, surveillance, Uncategorized

Interesting article about the Snowden documents, including comments from former Guardian editor Ewen MacAskill MacAskill, who shared the Pulitzer Prize for Public Service with Glenn Greenwald and Laura Poitras for their journalistic work on the Snowden files, retired from The Guardian in 2018. He told Computer Weekly that: As far as he knows, a copy … Read More “New NSA Information from (and About) Snowden” »

Microsoft is Soft-Launching Security Copilot

October 25, 2023 infossl

artificial intelligence, computer security, incident response, LLM, microsoft, security analysis, Security technology, Uncategorized

Microsoft has announced an early access program for its LLM-based security chatbot assistant: Security Copilot. I am curious whether this thing is actually useful. Powered by WPeMatico

EPA Won’t Force Water Utilities to Audit Their Cybersecurity

October 24, 2023 infossl

cybersecurity, infrastructure, national security policy, Security technology, Uncategorized, utilities

The industry pushed back: Despite the EPA’s willingness to provide training and technical support to help states and public water system organizations implement cybersecurity surveys, the move garnered opposition from both GOP state attorneys and trade groups. Republican state attorneys that were against the new proposed policies said that the call for new inspections could … Read More “EPA Won’t Force Water Utilities to Audit Their Cybersecurity” »

Child Exploitation and the Crypto Wars

October 23, 2023 infossl

child pornography, children, crypto wars, encryption, laws, national security policy, privacy, Security technology, surveillance, Uncategorized

Susan Landau published an excellent essay on the current justification for the government breaking end-to-end-encryption: child sexual abuse and exploitation (CSAE). She puts the debate into historical context, discusses the problem of CSAE, and explains why breaking encryption isn’t the solution. Powered by WPeMatico

Friday Squid Blogging: Why There Are No Giant Squid in Aquariums

October 20, 2023 infossl

Security technology, squid, Uncategorized

They’re too big and we can’t recreate their habitat. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico

AI and US Election Rules

October 20, 2023 infossl

artificial intelligence, deep fake, essays, laws, Security technology, Uncategorized, voting

If an AI breaks the rules for you, does that count as breaking the rules? This is the essential question being taken up by the Federal Election Commission this month, and public input is needed to curtail the potential for AI to take US campaigns (even more) off the rails. At issue is whether candidates … Read More “AI and US Election Rules” »

Former Uber CISO Appealing His Conviction

October 19, 2023 infossl

breaches, data breaches, ftc, regulation, Security technology, uber, Uncategorized

Joe Sullivan, Uber’s CEO during their 2016 data breach, is appealing his conviction. Prosecutors charged Sullivan, whom Uber hired as CISO after the 2014 breach, of withholding information about the 2016 incident from the FTC even as its investigators were scrutinizing the company’s data security and privacy practices. The government argued that Sullivan should have … Read More “Former Uber CISO Appealing His Conviction” »

Analysis of Intellexa’s Predator Spyware

October 18, 2023 infossl

cyberweapons, privacy, Security technology, spyware, surveillance, Uncategorized

Amnesty International has published a comprehensive analysis of the Predator government spyware products. These technologies used to be the exclusive purview of organizations like the NSA. Now they’re available to every country on the planet—democratic, nondemocratic, authoritarian, whatever—for a price. This is the legacy of not securing the Internet when we could have. Powered by … Read More “Analysis of Intellexa’s Predator Spyware” »

Security Vulnerability of Switzerland’s E-Voting System

October 17, 2023 infossl

blockchain, cybersecurity, malware, Security technology, switzerland, Uncategorized, voting

Online voting is insecure, period. This doesn’t stop organizations and governments from using it. (And for low-stakes elections, it’s probably fine.) Switzerland—not low stakes—uses online voting for national elections. Andrew Appel explains why it’s a bad idea: Last year, I published a 5-part series about Switzerland’s e-voting system. Like any internet voting system, it has … Read More “Security Vulnerability of Switzerland’s E-Voting System” »