cyberattack, cyberweapons, malware, russia, Security technology
Andy Greenberg wrote a fascinating account of the Russian NotPetya worm, with an emphasis on its effects on the company Maersk. BoingBoing post. Powered by WPeMatico
cyberattack, cyberwar, Security technology
A report for the Center for Strategic and International Studies looks at surprise and war. One of the report’s cyberwar scenarios is particularly compelling. It doesn’t just map cyber onto today’s tactics, but completely reimagines future tactics that include a cyber component (quote starts on page 110). The U.S. secretary of defense had wondered this … Read More “Future Cyberwar” »
Security technology, squid
This seems to have happened twice in two weeks. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
riskassessment, Security technology, terrorism
Another excellent paper by the Mueller/Stewart team: “Terrorism and Bathtubs: Comparing and Assessing the Risks“: Abstract: The likelihood that anyone outside a war zone will be killed by an Islamist extremist terrorist is extremely small. In the United States, for example, some six people have perished each year since 9/11 at the hands of such … Read More “John Mueller and Mark Stewart on the Risks of Terrorism” »
authentication, Security technology, twofactorauthentication, usability
Stuart Schechter published a good primer on the security issues surrounding two-factor authentication. While it’s often an important security measure, it’s not a panacea. Stuart discusses the usability and security issues that you have to think about before deploying the system. Powered by WPeMatico
alarms, cars, crime, Security technology, theft
Modern cars have alarm systems that automatically connect to a remote call center. This makes cars harder to steal, since tripping the alarm causes a quick response. This article describes a theft attempt that tried to neutralize that security system. In the first attack, the thieves just disabled the alarm system and then left. If … Read More ““Two Stage” BMW Theft Attempt” »
computersecurity, machinelearning, Security technology, videos
James Mickens gave an excellent keynote at the USENIX Security Conference last week, talking about the social aspects of security — racism, sexism, etc. — and the problems with machine learning and the Internet. Worth watching. Powered by WPeMatico
Security technology, squid
The Hotaruika Museum is a museum devoted to firefly squid in Toyama, Japan. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
browsers, cookies, Security technology, tracking, web, webprivacy
Interesting research on web tracking: “Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies: Abstract: Nowadays, cookies are the most prominent mechanism to identify and authenticate users on the Internet. Although protected by the Same Origin Policy, popular browsers include cookies in all requests, even when these are cross-site. Unfortunately, these … Read More “New Ways to Track Internet Browsing” »
hardware, intel, Security technology, sidechannelattacks, vulnerabilities
Another speculative-execution attack against Intel’s SGX. At a high level, SGX is a new feature in modern Intel CPUs which allows computers to protect users’ data even if the entire system falls under the attacker’s control. While it was previously believed that SGX is resilient to speculative execution attacks (such as Meltdown and Spectre), Foreshadow … Read More “Speculation Attack Against Intel’s SGX” »