Eric's latest column

Transparency and Oversight

The use of IMSI catchers poses serious privacy risks. Unlike traditional wiretaps, which selectively intercept calls to and from a specified target, IMSI catchers pretend to be a cell tower and capture information from every cell phone in the vicinity. It is impossible to target specific mobile phone users with these devices; they scoop up information from every phone within range.

Recent

Security choices

While it remains ironic to receive personal security advice from the law enforcement agency that tried to force Apple to hack their own products, Comey makes an important point; “I think people ought to take responsibility for their own safety and security.”

Lessons from Silk Road

Defence in depth and zoning are solid security principals that have stood the test of time. However, many otherwise talented IT professionals still do not reflect them in their designs. The Silk Road case contains valuable lessons for architecting services behind Tor or any VPN.

M.P. David Graham: On a mission

David Graham, Member of Parliament for Laurentides–Labelle, is on a mission to get fast, reliable, and affordable Internet to all Canadians. He estimates that only twenty per cent of homes in the largest county in his electoral district have 10 Mbps Internet or better, while for a third, dial-up or satellite remain the only options.

Ineffective intrusive powers

Canadian police are fighting an uphill battle. Their recent request for new legislation to compel people to disclose passwords and encryption keys demonstrates both desperation and lack of cybersecurity savvy.

Open source options

A good firewall, VPN, and log management solution are critical. Fortunately, there are excellent open source options available.

Effectively address insider threats

A layered defense strategy with technical, physical, and administrative controls can effectively address insider threats.





Yahoo! Mail! down?! Great! timing! as! more! US! senators! dogpile! hacked! web! giant!

Enjoy the sounds of a thousand heads at Verizon slamming into a thousand desks Yahoo!’s embattled mail service was dealt another blow Tuesday when an ...

Down the rabbit hole, part 1: Making my life private and secure

Over the years I’ve done a number of-let’s just call them “experiments in computering”-where I attempt to use my computers in such a way that ...

Six senators demand more details about the Yahoo data breach

Six U.S. senators have called Yahoo’s massive data breach “unacceptable,” and they’re demanding that the company provide more details about the incident. In a letter ...

Aqua to Use $9M in Funding to Ramp Up Container Security Efforts

Microsoft takes a leading investment role in the startup, which looks to capitalize on the emerging opportunity for container security. You can read the full ...

Ransomware roundup: Targeting servers, government, honoring Donald Trump and Voldemort

Security researchers have discovered more ransomware under development, namely one paying homage to Voldemort and another featuring Donald Trump, as well as one variant currently ...

25 Emerging Security Vendors To Watch

A wave of companies is entering the security field armed with technologies to help businesses mitigate the next generation of cyberattacks. Who are these emerging ...

More Cybersecurity News

Swift CEO details three more failed attacks on banking network

Banks stopped three new attempts to abuse the Swift financial transfer network this summer, its CEO Gottfried Leibbrandt said Monday, as he announced Swift’s plan ...

Yahoo Confirms August Data Dump Issue Unrelated To Breach Of 500 Million Users

No ‘connection’ between August 2016 data dump claims and 2014 nation-state attack, company says. You can read the full article here.

Swift CEO reveals three more failed attacks on banking network

Banks stopped three new attempts to abuse the Swift financial transfer network this summer, its CEO Gottfried Leibbrandt said Monday, as he announced Swift’s plan ...

Sharing Cybersecurity Threat Intelligence Is The Only Way We Win

Security organizations must leverage each other’s information in order to better predict, prevent, detect, and respond to threats their customers and organizations face. You can ...

Yahoo Sued By User Over 2014 Hacking

New Yorker files lawsuit against Yahoo for recklessness and delay in uncovering hack of half a billion accounts. You can read the full article here.

Yahoo Hacking: US Senator Seeks SEC Role In Probe

Democrat Mark Warner asks US Securities and Exchange Commission to investigate whether Yahoo completed obligations post breach discovery. You can read the full article here.

Threat Spotlight: GozNym

This blog was authored by Ben Baker, Edmund Brumaghin, and Jonah Samost. Executive Summary GozNym is the combination of features from two previously identified families ...

Mobile Fraud Changes Outlook for Multifactor Authentication

SMS one-time passcodes just won’t cut it anymore. We need new approaches that people will actually use. You can read the full article here.

Transparency and Oversight

The use of IMSI catchers poses serious privacy risks. Unlike traditional wiretaps, which selectively intercept calls to and from a specified target, IMSI catchers pretend to be a cell tower and capture information from every cell phone in the vicinity. It is impossible to target specific mobile phone users with these devices; they scoop up information from every phone within range.

No wonder we’re being hit by Internet of Things botnets. Ever tried patching a Thing?

Akamai CSO laments pisspoor security design practices Internet of Things devices are starting to pose a real threat to security for the sensible part of ...

Security blogger Krebs says IoT DDoS attack was payback for a blog

Security blogger Brian Krebs says a massive distributed denial-of-service attack that took down his Web site last week was likely the consequences for his outing ...

10 ways to secure a mobile workforce

Super mobile worker Image by Thinkstock We are entering the age of “supermobility,” in which mobile devices will provide all of the tools and technology ...

Tesla Responds to Chinese Hack With a Major Security Upgrade

When researchers at the Chinese firm Tencent hacked a Tesla S, the carmaker pushed out a new security feature known as code signing to millions ...

How to mitigate hackers who farm their victims

Nation-states and savvy criminal hackers don’t pull uninformed, spur-of-the-moment smash-and-grab jobs on data networks. They reconnoiter and position themselves to slowly implement precise surgical maneuvers ...

Always be prepared: Monitor, analyze and test your security

This is the final entry in our series on the 20 Critical Security Controls devised by the Center for Internet Security (CIS) as best practices ...

Your users have porous passwords? Blame yourself, IT.

Maybe IT needs to tone down its security awareness efforts. New research by psychologists into password strength delivered the non-intuitive conclusion that users who are ...

152k cameras in 990Gbps record-breaking dual DDoS

Hacked low-powered cameras and internet-of-things things The world’s largest distributed denial of service (DDoS) attack has been clocked from the same network of 152,463 compromised ...

Don’t let banks fool you, the blockchain really does have other uses

Gov.UK missing out on the real value? We’re shocked, we tell you… Shocked! Analysis It is a truth universally acknowledged that executives in the financial ...

Google tries to cross out XSS attacks by releasing its own test tool

Just about every content security policy does it wrong Google has spent more than US$1.2 million ( 920,400, A$1.6 million) in the last two years ...

More Items »