Eric's latest column
Transparency and Oversight
The use of IMSI catchers poses serious privacy risks. Unlike traditional wiretaps, which selectively intercept calls to and from a specified target, IMSI catchers pretend to be a cell tower and capture information from every cell phone in the vicinity. It is impossible to target specific mobile phone users with these devices; they scoop up information from every phone within range.
Recent
Security choices
While it remains ironic to receive personal security advice from the law enforcement agency that tried to force Apple to hack their own products, Comey makes an important point; “I think people ought to take responsibility for their own safety and security.”
Lessons from Silk Road
Defence in depth and zoning are solid security principals that have stood the test of time. However, many otherwise talented IT professionals still do not reflect them in their designs. The Silk Road case contains valuable lessons for architecting services behind Tor or any VPN.
M.P. David Graham: On a mission
David Graham, Member of Parliament for Laurentides–Labelle, is on a mission to get fast, reliable, and affordable Internet to all Canadians. He estimates that only twenty per cent of homes in the largest county in his electoral district have 10 Mbps Internet or better, while for a third, dial-up or satellite remain the only options.
Ineffective intrusive powers
Canadian police are fighting an uphill battle. Their recent request for new legislation to compel people to disclose passwords and encryption keys demonstrates both desperation and lack of cybersecurity savvy.
Open source options
A good firewall, VPN, and log management solution are critical. Fortunately, there are excellent open source options available.
Effectively address insider threats
A layered defense strategy with technical, physical, and administrative controls can effectively address insider threats.
Yahoo! Mail! down?! Great! timing! as! more! US! senators! dogpile! hacked! web! giant!
Enjoy the sounds of a thousand heads at Verizon slamming into a thousand desks Yahoo!’s embattled mail service was dealt another blow Tuesday when an ...
Down the rabbit hole, part 1: Making my life private and secure
Over the years I’ve done a number of-let’s just call them “experiments in computering”-where I attempt to use my computers in such a way that ...
Six senators demand more details about the Yahoo data breach
Six U.S. senators have called Yahoo’s massive data breach “unacceptable,” and they’re demanding that the company provide more details about the incident. In a letter ...
Aqua to Use $9M in Funding to Ramp Up Container Security Efforts
Microsoft takes a leading investment role in the startup, which looks to capitalize on the emerging opportunity for container security. You can read the full ...
Ransomware roundup: Targeting servers, government, honoring Donald Trump and Voldemort
Security researchers have discovered more ransomware under development, namely one paying homage to Voldemort and another featuring Donald Trump, as well as one variant currently ...
25 Emerging Security Vendors To Watch
A wave of companies is entering the security field armed with technologies to help businesses mitigate the next generation of cyberattacks. Who are these emerging ...
More Cybersecurity News
Swift CEO details three more failed attacks on banking network
Banks stopped three new attempts to abuse the Swift financial transfer network this summer, its CEO Gottfried Leibbrandt said Monday, as he announced Swift’s plan ...
Yahoo Confirms August Data Dump Issue Unrelated To Breach Of 500 Million Users
No ‘connection’ between August 2016 data dump claims and 2014 nation-state attack, company says. You can read the full article here.
Swift CEO reveals three more failed attacks on banking network
Banks stopped three new attempts to abuse the Swift financial transfer network this summer, its CEO Gottfried Leibbrandt said Monday, as he announced Swift’s plan ...
Sharing Cybersecurity Threat Intelligence Is The Only Way We Win
Security organizations must leverage each other’s information in order to better predict, prevent, detect, and respond to threats their customers and organizations face. You can ...
Yahoo Sued By User Over 2014 Hacking
New Yorker files lawsuit against Yahoo for recklessness and delay in uncovering hack of half a billion accounts. You can read the full article here.
Yahoo Hacking: US Senator Seeks SEC Role In Probe
Democrat Mark Warner asks US Securities and Exchange Commission to investigate whether Yahoo completed obligations post breach discovery. You can read the full article here.
Threat Spotlight: GozNym
This blog was authored by Ben Baker, Edmund Brumaghin, and Jonah Samost. Executive Summary GozNym is the combination of features from two previously identified families ...
Mobile Fraud Changes Outlook for Multifactor Authentication
SMS one-time passcodes just won’t cut it anymore. We need new approaches that people will actually use. You can read the full article here.
Transparency and Oversight
The use of IMSI catchers poses serious privacy risks. Unlike traditional wiretaps, which selectively intercept calls to and from a specified target, IMSI catchers pretend to be a cell tower and capture information from every cell phone in the vicinity. It is impossible to target specific mobile phone users with these devices; they scoop up information from every phone within range.
No wonder we’re being hit by Internet of Things botnets. Ever tried patching a Thing?
Akamai CSO laments pisspoor security design practices Internet of Things devices are starting to pose a real threat to security for the sensible part of ...
Security blogger Krebs says IoT DDoS attack was payback for a blog
Security blogger Brian Krebs says a massive distributed denial-of-service attack that took down his Web site last week was likely the consequences for his outing ...
10 ways to secure a mobile workforce
Super mobile worker Image by Thinkstock We are entering the age of “supermobility,” in which mobile devices will provide all of the tools and technology ...
Tesla Responds to Chinese Hack With a Major Security Upgrade
When researchers at the Chinese firm Tencent hacked a Tesla S, the carmaker pushed out a new security feature known as code signing to millions ...
How to mitigate hackers who farm their victims
Nation-states and savvy criminal hackers don’t pull uninformed, spur-of-the-moment smash-and-grab jobs on data networks. They reconnoiter and position themselves to slowly implement precise surgical maneuvers ...
Always be prepared: Monitor, analyze and test your security
This is the final entry in our series on the 20 Critical Security Controls devised by the Center for Internet Security (CIS) as best practices ...
Your users have porous passwords? Blame yourself, IT.
Maybe IT needs to tone down its security awareness efforts. New research by psychologists into password strength delivered the non-intuitive conclusion that users who are ...
152k cameras in 990Gbps record-breaking dual DDoS
Hacked low-powered cameras and internet-of-things things The world’s largest distributed denial of service (DDoS) attack has been clocked from the same network of 152,463 compromised ...
Don’t let banks fool you, the blockchain really does have other uses
Gov.UK missing out on the real value? We’re shocked, we tell you… Shocked! Analysis It is a truth universally acknowledged that executives in the financial ...
Google tries to cross out XSS attacks by releasing its own test tool
Just about every content security policy does it wrong Google has spent more than US$1.2 million ( 920,400, A$1.6 million) in the last two years ... More Items »
Subscribe
Archives
Tags
attacker
awareness
backdoor
biometrics
bitcoin
Brazil
Breach
BYOD
Canada
china
Cisco
cloud
crime
crypto
D-Link
dos
facebook
firewall
Google
hacker
intelligence
IoT
korea
Lavabit
malware
Microsoft
military
mobile
NSA
password
payment
privacy
security
Snowden
social
spam
Threat Intelligence
twitter
USA
vulnerability
Yahoo
Terms of Use
The views expressed on this site are those of the author alone and do not necessarily reflect the views of any other other entity. By using this site you agree to our Terms of Use and Privacy Policy.
Copyright © 2016 SecurityShelf.com | All Rights Reserved.