Cybersecurity |
Sponsored by |
|
I have a new book out, Thinking Security: Stopping Next Year's Hackers. There are lots of security books out there today; why did I think another was needed? Two wellsprings nourished my muse. (The desire for that sort of poetic imagery was not among them.) The first was a deep-rooted dissatisfaction with common security advice. This common "wisdom" -- I use the word advisedly -- often seemed to be outdated. Yes, it was the distillation of years of conventional wisdom, but that was precisely the problem: the world has changed; the advice hasn't. more
Google today revealed a new initiative, named Project Zero, with the objective to "significantly reduce the number of people harmed by targeted attacks." To carry out the project, Google is recruiting a team of experienced hackers - "practically-minded security researchers" - to contribute 100% of their time toward improving security across the Internet. more
In January 2018, I looked back at 2017 to figure out how routing security looked globally and on a country level. Using the same metrics and methodology, I've recently taken a look at 2018 to see if we're making improvements. The good news is, it seems like the routing system is doing better! But there is still much work to be done. Using BGPStream.com, a great public service providing information about suspicious events in the routing system, I analyzed the number of incidents... more
The coronavirus pandemic has, in the most emphatic way, shown us all just how interconnected everything and everyone is. A worldwide race is underway to minimize human interactions in order to avoid a global catastrophe. The inescapable consequence of these initiatives is an unprecedented shut down of the local, regional and global economy. The latest cost estimate to save the global economy is now at $7 trillion and climbing. more
A report broke today revealing hackers have successfully breached a German internet infrastructure firm that provides services to several large companies, including Ericsson, Leica, Toshiba, UniCredit, British Telecom, Hugo Boss, NH Hotel Group, Oracle, Airbus, Porsche, and Volkswagen. more
On Friday 11 January 2013 the European Cybercrime Centre, EC3, officially opened its doors at Europol in The Hague. If something shone through from the speeches of the panel participants, it is that there are tight budget restraints and a strong wish to cooperate with the U.S., the Interpol centre in Singapore and Russia. Let me share my thoughts on expectations. more
What does authorized access mean? If an employee with authorized access to a computer system goes into that system, downloads company secrets, and hands that information over to the company's competitor, did that alleged misappropriation of company information constitute unauthorized access? This is no small question. If the access is unauthorized, the employee potentially violated the Computer Fraud and Abuse Act (CFAA) (the CFAA contains both criminal and civil causes of action). But courts get uncomfortable here. more
US, China and Russia have refused to sign the French-backed agreement, Paris Call for Trust and Security in Cyberspace, announced by French President at the UNESCO Internet Governance Forum (IGF) on Monday. more
DNS-over-HTTPs (DoH) has sometimes been regarded as the next big thing in web security. The system, it's been argued, can help to defeat many common types of cyberattack -- and particularly DNS cache poisoning and MITM eavesdropping. Presumably, this is the reason that both Google and Mozilla implemented DoH in their browsers (Chrome and Firefox, respectively) at the end of last year. In reality, though, it's far from clear that DoH is a solution to any real-world problem. more
Speaking at The Times Tech Summit in London, Ciaran Martin, chief of the National Cyber Security Centre (NCSC), warned Russia is seeking to undermine the international system. more
In the debate over government "exceptional access" to encrypted communications, opponents with a technical bent (and that includes me) have said that it won't work: that such a scheme would inevitably lead to security problems. The response -- from the policy side, not from technical folk - has been to assert that perhaps more effort would suffice. FBI Director James Comey has said, "But my reaction to that is: I'm not sure they've really tried." Hillary Clinton wants a "Manhattan-like project, something that would bring the government and the tech communities together". More effort won't solve the problem - but the misunderstanding lies at the heart of why exceptional access is so hard. more
For those people tracking the evolution and deployment of DNSSEC or who are just interested in "DNS security" in general there is a great amount of activity happening next week at IETF 90 in Toronto. I dove into this activity in great detail in a recent post, "Rough Guide to IETF 90: DNSSEC, DANE and DNS Security", and summarized the activity in a Deploy360 post... more
5G has arrived and is poised to supercharge our lives with ultra-fast download speeds and better than ever connectivity. It may not be ready to replace WiFi just yet, but AT&T has already deployed 5G networks in various cities across the US. 5G tech was the hottest commodity at CES 2019. According to some estimates, 5G will bring $12 trillion into the global economy by 2035, connecting everything from our toasters to our pet's collars and a range of other IoT devices. more
Admittedly, I'm a not Johnny-come-lately with regards to surveillance, intelligence, telecommunications, network security, law enforcement, and a cross-pollination of all-of-the-above. I actually have a very colorful background of working within all of the aforementioned disciplines - at one time or another - either through the U.S. Military, U.S Government contractors, private industry, etc. ... And unfortunately, I am not generally "shocked" very often by much of the abuses being perpetrated on unwitting Internet users, both by supposedly "trusted" entities (e.g. Democratic Governments, ISPs, etc.) more
One of the "fathers of the internet," Vint Cerf, in a September 2019 article he published, said: "Today, hackers routinely break into online accounts and divert users to fake or compromised websites. We constantly need to create new security measures to address them. To date, much of the internet security innovation we've seen revolves around verifying and securing the identities of people and organizations online. more