Cybersecurity |
Sponsored by |
|
Zoom programmers made elementary security errors when coding, and did not use protective measures that compiler toolchains make available. It's not a great stretch to assume that similar flaws afflict their server implementations. While Mudge noted that Zoom's Windows and Mac clients are (possibly accidentally) somewhat safer than the Linux client, I suspect that their servers run on Linux.Were they written with similar lack of attention to security? more
It is a well understood scientific fact that Internet voting in public elections is not securable: "the Internet should not be used for the return of marked ballots. ... [N]o known technology guarantees the secrecy, security, and verifiability of a marked ballot transmitted over the Internet." But can legislatures (city councils, county boards, or the U.S. Congress) safely vote by Internet? Perhaps they can. To understand why, let's examine two important differences between legislature votes and public elections. more
As news of the spread of the coronavirus (COVID-19) continues to emerge, CSC has undertaken the first in a series of studies looking at how the development of the crisis has affected online content. This first article looks at the numbers of registered domains with names containing coronavirus-related strings - "coronavirus" or "covid(-)19" (optional hyphen) - and analyzes the types of content present on the associated websites. more
There are new threats that you may have already been exposed to. Here are some of the new threats and advice on how to protect yourself. During this pandemic, Zoom has emerged as a very popular teleconferencing choice for companies and educational institutions, but a new weakness for Zoom was also discovered. Some online conferences and classes that had not password protected their sessions fell victim to eavesdroppers using the screen sharing feature to "Zoom Bomb" those sessions with graphic images. more
The coronavirus pandemic has, in the most emphatic way, shown us all just how interconnected everything and everyone is. A worldwide race is underway to minimize human interactions in order to avoid a global catastrophe. The inescapable consequence of these initiatives is an unprecedented shut down of the local, regional and global economy. The latest cost estimate to save the global economy is now at $7 trillion and climbing. more
Since the world went virtual, often by using Zoom, several people have asked me if I use it, and if so, do I use their app or their web interface. If I do use it, isn't this odd, given that I've been doing security and privacy work for more than 30 years, and "everyone" knows that Zoom is a security disaster? To give too short an answer to a very complicated question: I do use it, via both Mac and iOS apps. Some of my reasons are specific to me and may not apply to you... more
The March 19, 2020, guidance from the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) declared what global citizens appreciate more each day as the COVID-19 pandemic crisis unfolds: "Functioning critical infrastructure is imperative during the response to the COVID-19 emergency for both public health and safety as well as community well-being." more
As businesses adjust to the "new normal" in the ongoing COVID-19 pandemic, it is important to quickly take stock of where your organization stands on privacy and security risk. Even in these unusual circumstances, organizations of all sizes and sophistication continue to be expected to act with reasonable care and comply with their public commitments and regulatory obligations. Enterprises may be finding different or better ways to operate, collaborate, and service customers. more
Reading up on COVID-19 and Zoom/Boris Johnson outcry yesterday, an analogy struck me between the two: the lack of testing. In both cases, to truly know how safe and secure we are, testing needs to be stepped up considerably. This post focuses on cybersecurity. Over the past days and weeks, more and more organisations have switched to digital products and services to sustain working from home, to keep productivity up and to be connected. more
With the COVID-19 health crisis evolving so quickly, it's hard to predict the extent of the long-term impact on business and the economy. While every business sector is facing different considerations, it's safe to say all are handling challenges from supply chain interruptions, rapid shifts to remote work, and massive changes in consumer spending and communication habits. more
Straightforward out-of-court domain name proceeding can provide efficient relief against fraudulent websites and email. Google has seen a steep rise amid the Coronavirus pandemic in new websites set up to engage in phishing (i.e. fraudulent attempts to obtain sensitive information such as usernames, passwords and financial details). Companies in all industries - not just the financial sector - are at risk from this nefarious practice. But one relatively simple out-of-court proceeding may provide relief. more
An international group of more than 360 cyber threat intelligence researchers from over 40 countries have joined forces to help the medical sector amid the COVID-19 crisis. more
DNS-over-HTTPs (DoH) has sometimes been regarded as the next big thing in web security. The system, it's been argued, can help to defeat many common types of cyberattack -- and particularly DNS cache poisoning and MITM eavesdropping. Presumably, this is the reason that both Google and Mozilla implemented DoH in their browsers (Chrome and Firefox, respectively) at the end of last year. In reality, though, it's far from clear that DoH is a solution to any real-world problem. more
We are all aware of the steps for mitigating the spread of the novel coronavirus (COVID-19): Wash your hands; Practice social distancing; Report exposure.But these are not the only activities to practice right now. Cyber-criminals are taking advantage of this health crisis and the emotional upheaval it creates to perpetrate their crimes. Therefore, we also need to exercise good internet hygiene. In a time of crisis or tragedy, bad actors don't slow down; their efforts amplify. more
This past meeting of the Internet Corporation for Assigned Names and Numbers (ICANN), ICANN67, was intended to be held in person in Cancun, Mexico, but was actually the first meeting to be held entirely online and virtually. It was a well-managed affair with fewer sessions than the in-person meetings and less opportunity for the community to convene and meet as individuals. The last-minute change from an in-person to a virtual meeting impacted ICANN's ability to provide translation services for the full set of UN-supported languages, Arabic, Chinese, English, French, Russian, and Spanish. more
A World-Renowned Source for Internet Developments. Serving Since 2002.