Pew Research just published their latest research data on Americans and their views on cybersecurity: This survey finds that a majority of Americans have directly experienced some form of data theft or fraud, that a sizeable share of the public thinks that their personal data have become less secure in recent years, and that many … Read More “Survey Data on Americans and Cybersecurity” »
There’s a really interesting paper from George Washington University on hacking back: “Into the Gray Zone: The Private Sector and Active Defense against Cyber Threats.” I’ve never been a fan of hacking back. There’s a reason we no longer issue letters of marque or allow private entities to commit crimes, and hacking back is a … Read More “Hacking Back” »
Interesting research. (Popular article here.) As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Powered by WPeMatico
The Center for Strategic and International Studies (CSIS) published “From Awareness to Action: A Cybersecurity Agenda for the 45th President” (press release here). There’s a lot I agree with — and some things I don’t — but these paragraphs struck me as particularly insightful: The Obama administration made significant progress but suffered from two conceptual … Read More “CSIS's Cybersecurity Agenda” »
Interesting research: “De-anonymizing Web Browsing Data with Social Networks“: Abstract: Can online trackers and network adversaries de-anonymize web browsing data readily available to them? We show — theoretically, via simulation, and through experiments on real user data — that de-identified web browsing histories can be linked to social media profiles using only publicly available data. … Read More “De-Anonymizing Browser History Using Social-Network Data” »
Lately, I have been collecting IoT security and privacy guidelines. Here’s everything I’ve found: “Internet of Things (IoT) Broadband Internet Technical Advisory Group, Broadband Internet Technical Advisory Group, Nov 2016. “IoT Security Guidance,” Open Web Application Security Project (OWASP), May 2016. “Strategic Principles for Securing the Internet of Things (IoT),” US Department of Homeland Security, … Read More “Security and Privacy Guidelines for the Internet of Things” »
This online safety guide was written for people concerned about being tracked and stalked online. It’s a good resource. Powered by WPeMatico
Wired is reporting on a new slot machine hack. A Russian group has reverse-engineered a particular brand of slot machine — from Austrian company Novomatic — and can simulate and predict the pseudo-random number generator. The cell phones from Pechanga, combined with intelligence from investigations in Missouri and Europe, revealed key details. According to Willy … Read More “Predicting a Slot Machine's PRNG” »
Here’s a nice profile of Citizen Lab and its director, Ron Diebert. Citizen Lab is a jewel. There should be more of them. Powered by WPeMatico
The Linux encryption app Cryptkeeper has a rather stunning security bug: the single-character decryption key “p” decrypts everything: The flawed version is in Debian 9 (Stretch), currently in testing, but not in Debian 8 (Jessie). The bug appears to be a result of a bad interaction with the encfs encrypted filesystem’s command line interface: Cryptkeeper … Read More “Cryptkeeper Bug” »