Security news that informs and inspires

All Articles

570 articles:

Andy Ellis Has Your Back

Akamai CSO Andy Ellis takes an uncommon approach to his job, distributing responsibility for security across the organization.

Network Security, CISO

The Faces Change, But the Crypto Problem Remains the Same

The FBI and NSA desire to weaken encryption is still the same, despite change at the top of the agencies.

Encryption

Vulnerability Disclosure Doesn’t Mean Scaring Users

The disclosure this week of several new vulnerabilities in AMD chips--without any technical details--has again raised concerns about the way some researchers choose to deal with vendors on vulnerability research.

Vulnerability Disclosure

IoT Security: Hard Problem, No Easy Answers

It’s easy to talk the security talk, but it isn’t so easy to walk the walk. We learned that the hard way at a IoT security workshop during the 2018 Security Analyst Summit. We were asked to design a security product to protect an average household’s collection of IoT devices.

IoT Security

Privacy Concerns Arise With Some Connected Cars

Some connected cars will download and permanently store data from phones that sync to them.

Mapping the Internet, Who’s Who? (Part Three)

It turned out to be harder than expected to create a definitive list of who is poking the Internet and looking for information about devices. Enter Grey Noise, whose mission is to count the scanners. While scanners scour the Internet looking for things, Grey Noise eavesdrops on everyone—researchers, defenders, and malicious actors—doing the scanning.

Internet, Cartography

Mapping the Internet, Navigation (Part Two)

Whether or not a map is valuable depends entirely on how well someone can use it to navigate from one place to another. Same goes for Internet scans. The scanning tools pull together different types of information, such as the kind of device and how it is configured, but the resulting map—the scan data—is valuable only if people can use it to answer important questions.

Internet, Cartography

Uber Releases Metta Adversarial Simulation Tool

The Uber Metta adversarial simulation tool allows defenders to test their network detection systems.

Network Security, Tools

Mapping the Internet, One Device at a Time (Part One)

Just as people use search engines such as Google, Bing, and DuckDuckGo to find specific information on the Internet, there are special search engines that can find information about Internet-connected devices and networks. Think webcams, printers, smart light bulbs, industrial control systems, monitoring systems. Information about these devices are just a special search query away.

Internet, Cartography

UK Government Proposes Secure by Design Guidelines for IoT

The UK government has published a Secure by Design report on improving the cybersecurity of consumer Internet of Things (IoT) devices such as smart TVs and wearables, urging manufacturers to follow common security guidelines and help protect consumers.

IoT Security, Government

Attackers Lie, Leave False Trails

We still don't know who was behind the Olympic Destroyer malware that targeted South Korea during the Winter Olympics, but we know all those supposed clues to their origins were false clues planted by the attackers. As defenders, assume everything you can't verify completely is a lie the attackers deliberately crafted.

Hackers, Malware

‘Nothing’s Going to Last Forever’: An Oral History of the LØpht, Part Four

In 1999 a group of venture capitalists came together to buy the L0pht and make it part of @stake, a security consulting firm.

L0pht

How Attackers Try to Outmaneuver Google Play Security

Malicious app developers are using anti-reverse engineering tactics to get around Google Play security restrictions.

Google

Thirty Minutes Or Less: An Oral History of the LØpht, Part Three

The L0pht hacker group testified before the Senate in 1998 and told the lawmakers they could take down the Internet in 30 minutes or less because of a vulnerability in the BGP protocol.

L0pht

LinkedIn CISO: The Stories We Tell

As CISO of LinkedIn, Cory Scott understands the importance of matching people to the right team. Instead of looking for specific skills or job titles, he asks people for their personal narratives.

CISO, Hackers