Russia's ban of Telegram, the encrypted messaging app, is drawing criticism from privacy and human rights groups.
Ray Ozzie's Clear key escrow proposal for decrypting devices relies on a secure processor that doesn't yet exist.
There is renewed interest in the zero trust security model as everyone tries to make sense out of how to get better security through "no trust." CIOs and CISOs should be looking at thinking about how this security model relates to their organizations.
We forget that the Internet is pretty fragile and when something breaks, there is collateral damage. DNS hijacking and BGP leaks are two of the problems we haven't fixed yet, and there aren't any easy solutions.
Uber has updated its bounty program to provide security researchers with clarity on what good faith research looks like.
Every supplier and third party vendor has different behaviors, abilities and knowledge. Developing a personality profile for each supplier can help organizations decide how much effort they need to spend managing that relationship as part of an effective infosec and privacy assurance program.
Cryptocurrencies such as Bitcoin and Monero have become favorites of cyberminals associated with ransomware and malicious coinmining, but there's much more going on beneath the surface.
In this illustrated Hacker History video, security researcher Dan Kaminsky goes back to 2008 and describes how he found the vulnerability in DNS and almost broke the Internet. Unfortunately, DNS still needs to be fixed.
In the face of increased threats to user privacy, companies such as Apple, Google, and others have moved to encrypt more and more channels.
Blockchain technology has uses in security, but experts say it's not the universal answer to security problems.
Security experts are pushing for a new process to disclose hardware vulnerabilities.
The Digital Security Exchange is helping to connect at-risk groups with security experts who can help protect them.
Everyone has their own story about who they are and what they do. LinkedIn CISO Cory Scott describes how to use people's personal narratives to put together security teams that have a diverse set of skills, problem-solving, and experiences.
AMD has released mitigations for the Spectre vulnerability that affects some of its processors.
The WebAuthn specification from the W3C could make password-free authentication a reality in the near future.