Eric's latest column

Effectively address insider threats

A layered defense strategy with technical, physical, and administrative controls can effectively address insider threats.

Recent

Poké Lessons

Game developers must be studying Pokémon GO as they contemplate future products. Here are some lessons learned from the game through the eyes of a security professional.

SC4 Hardware Security Module

Ron Garret is on a mission to make secure communications available to everyone. He expects the first production run of the SC4-HSM to be available ...

Opportunities for incremental improvement

Achieving the right level of security is challenging, especially when existing applications are involved. Sometimes perfect really is the enemy of the good enough.

You’re the product being sold

Pokémon Go, the location-based augmented reality mobile game developed by Niantic and published by The Pokémon Company, was released earlier this month in the United States and Sunday in Canada. But from a privacy perspective, it’s not all fun and games.

Reduce reliance on letter mail

Fueled by online commerce, the package delivery business continues to grow. But the future of letter mail is much less certain; in light of the ongoing labour dispute at Canada Post, many are questioning its relevance in a digital world.

Reasonable expectation of privacy

It is difficult for laws to keep pace with evolving technology. Matters are further complicated by dangerously flawed court decisions, such as the recent ruling by a United States federal judge for the Eastern District of Virginia, who found that a defendant “did not possess a reasonable expectation of privacy in his computer.”





Major update drops for popular Pwntools penetration showbag

Hackers chuffed. The third version of the Pwntools exploit showbag has been released, sporting new Android p0wnage functions and a host of additional modules. You ...

NYT says Moscow bureau was targeted by cyberattack

The Moscow bureau of The New York Times was the target of a cyberattack, though there are no indications yet that the hackers were successful, ...

Intel douses Wildfire ransomware as-a-service Euro menace

Group scored $79k a month with infect-o-tronic rent-a-bot An alliance of cops and anti-malware experts have doused the Wildfire ransomware that plagued users in Belgium ...

Equation Group exploit hits newer Cisco ASA, Juniper Netscreen

NSA cache dump keeps patches pumping Hungary-based security consultancy SilentSignal has ported a public exploit to newer models of Cisco’s Adaptive Security Appliance (ASA). You ...

A Life or Death Case of Identity Theft?

Identity thieves have perfected a scam in which they impersonate existing customers at retail mobile phone stores, pay a small cash deposit on pricey new ...

Boffins design security chip to spot hidden hardware trojans in processors

When fabs go rogue Scientists at the NYU Tandon School of Engineering have designed a new form of application-specific integrated circuit (ASIC) designed to spot ...

More Cybersecurity News

Hacked hookup site Ashley Madison’s security was laughable

Canadian and Australian privacy watchdogs bite, hard Ruby Corp, the rebranded parent company of illicit-affair-arranging outfit Ashley Madison, has had to enter into court-enforceable orders ...

Ashley Madison misled users with a fake security award

It’s never a good sign when a website markets itself with a phony security award. But that’s what Ashley Madison did prior to last year’s ...

Hit-And-Run Tactics Fuel Growth In DDoS Attacks

A majority of organizations in Imperva DDoS study suffer multiple consecutive attacks. You can read the full article here.

19% shoppers would abandon a retailer that’s been hacked

Nearly a fifth of shoppers would avoid at a retailer that has been a victim of a cybersecurity hack, according to a survey. The 2016 ...

Reporters At New York Times And Other Media Hit By Russian Hackers

CNN reports an FBI investigation into an even wider victim base in recently exposed cyber spy operations focusing on the US presidential campaign. You can ...

Where the monsters live

The monsters read your full network traffic flow if they have your keys or you used weak ones. The monsters are in the hidden partitions ...

Epic Games forum hack underscores the need to install security patches

A recent data breach at Epic Games may have been avoided if the company had simply installed a security patch. On Monday, Epic Games reported ...

Blizzard blighted by another DDoS storm

Someone like fragging servers Blizzard, the game developer behind World of Warcraft and Overwatch, was hit by another DDoS attack on Tuesday. You can read ...

CISO Security ‘Portfolios’ Vs. Reporting Structures

Organizational structure is a tool for driving action. Worrying about your boss’s title won’t help you as much as a better communication framework. You can ...

Free course: Responding to cybersecurity incidents

Let’s face it, a data breach at your organization seems inevitable. And the response should be managed “in such a way as to limit damage, ...

EU ‘Seeks to Restrict Digital Comms Encryption’

The EU wants to force WhatsApp, iMessage and other internet-based tools to abide by tougher data-protection rules, leaked documents say. You can read the full ...

OIG finds security flaws in wireless networks at federal health service data centers

Security holes which could lead to “unauthorized access” to personally identifiable information is not something you want to hear in regards to the wireless networks ...

EU ministers look to tighten up privacy JUST KIDDING surveillance laws

No phone taps on WhatsApp is whack, moan spymasters European ministers are debating a clampdown on encryption and a further increase in surveillance in response ...

Third-party vendors — your weakest link?

Some of you may remember the TV game show The Weakest Link , during which a somewhat caustic Anne Robinson would declare one of the ...

Anatomy Of A Social Media Attack

Finding and addressing Twitter and Facebook threats requires a thorough understanding of how they’re accomplished. You can read the full article here.

U.S. plan to collect social media info from visitors faces fierce opposition

Civil liberties and tech advocacy groups have opposed a move by the Department of Homeland Security to collect social media information from certain categories of ...

Imperva: Application layer DDoS attacks are on the rise.

Application layer DDoS attacks are becoming more common, perhaps because they cost less for malicious actors to execute and can more effectively evade defenses than ...

Side channel power, the new security front

Side channels used to be avenues for cyber attacks. Today, one side channel has been elevated to a new front line for cyber defense, and ...

‘NSA’ hack okshun woz writ by Inglish speeker trieing to hyde

Linguist says perps of zero day dump wanted to pose as gramatically-incorrect aliens The perpetrator behind the dumping of tools penned by the probably-the-NSA hacking ...

More Items »