Security news that informs and inspires

All Articles

156 articles:

YubiKeys Now Work With iOS

Yubico has released an SDK that will enable iOS app developers to support hardware-based 2FA.

2fa, Yubico

The Business of America is Surveillance

The FCC is looking into a website flaw that allowed the real-time tracking of anyone with just a mobile phone number.

Government, Surveillance

Exposed AWS Resources Leaked Sensitive Data

Amazon S3 buckets aren't the only data repositories that can leak data because of the organization's configuration errors. Other cloud services on the AWS platform are often found accessible by anyone on the Internet.

Aws Security, Cloud Security

Google Puts Plaintext HTTP Out to Pasture

Google Chrome will mark all HTTP pages as not secure in the coming months, a major milestone in the overdue death of plaintext connections.

Google, Encryption

Predict Which Security Flaws Will be Exploited, Patch Those Bugs

How do enterprises figure out which security flaws to fix first? Research shows common vulnerability management and remediation strategies are no better than random guesses. Trying to predict which flaws will be exploited and fixing those is a better use of the security teams's time.

Vulnerability, Patch

Cybersecurity Czar Job to Remain Vacant

The White House plans to leave the cybersecurity coordinator job open, while lawmakers have introduced a bill to establish a new cybersecurity office.

Cybersecurity, Government Security

Google's Android P Confirms Humans Still at the Helm

The new Android Protected Confirmation API in Android P ensures that a human, not malware, is engaging with the app.

Mobile Security, Android, Android Security

Efail Is Not a Death Knell For Encrypted Email

The Efail attacks on encrypted email clients implementing OpenPGP or S/MIME are serious, but there are mitigations and defenses available for users.

Encryption

Secure Data Act Bans Crypto Backdoors

A new bill would prevent government agencies from mandating backdoors in encrypted hardware or software products.

Encryption, Legislation

Don't Try This at Home: Chip Decapsulation

Mikhail Davidov decided to see what it would take to develop a process to manually decapsulate chips. After months of work, experimentation, and trial and error, he succeeded.

Hardware

Georgia Hack Back Bill Vetoed

The bill in Georgia that would have legalized active defense measures and outlawed some security research was vetoed by the state's governor.

Legislation

Users Need More Than Minimal Breach Disclosure

Companies get away with disclosing just the bare minimum, or dribble out the bad news to the point where no one is paying attention. We need to hold companies to a higher set of expectations.

Data Breaches, Data Breach Notification

The Upside of the Twitter Password Bug

The Twitter password bug caused an uproar, but the company's handling of it shows the potential value of being transparent about security.

Twitter

Google Asylo Lets Devs Build Confidential Computing Apps

Protect the data at rest and in transit. How about while in use? Google’s open source framework Asylo helps developers use secure enclaves with their applications without having to know the specifics of how TEEs work or learning how to use specialized tools.

Cloud, Appdev, Encryption

Updated NIST Cybersecurity Framework Emphasizes Access Control & Supply Chain Risk

The National Institute of Standards and Technology (NIST) released its version 1.1 update to the 1.0 version of their Framework for Improving Critical Infrastructure Cybersecurity, last updated in 2014.

NIST, Cybersecurity, Access Controls, Access Control Security, Supply Chain