<![CDATA[Decipher]]> decipher.sc Decipher is an independent editorial site that takes a practical approach to covering information security. Through news analysis and in-depth features, Decipher explores the impact of the latest risks and provides informative and educational material for readers curious about how security affects our world. Tue, 22 May 2018 00:00:00 -0400 en-us info@decipher.sc Copyright 2018 3600 <![CDATA[YubiKeys Now Work With iOS]]> dennis@decipher.sc(Dennis Fisher) https://duo.com/decipher/yubikeys-now-work-with-ios https://duo.com/decipher/yubikeys-now-work-with-ios Tue, 22 May 2018 00:00:00 -0400

Yubico has released an SDK that will enable iOS app developers to support hardware-based 2FA.]]>
<![CDATA[The Business of America is Surveillance]]> dennis@decipher.sc(Dennis Fisher) https://duo.com/decipher/the-business-of-america-is-surveillance https://duo.com/decipher/the-business-of-america-is-surveillance Mon, 21 May 2018 00:00:00 -0400

The FCC is looking into a website flaw that allowed the real-time tracking of anyone with just a mobile phone number.]]>
<![CDATA[Exposed AWS Resources Leaked Sensitive Data]]> thu@duosecurity.com(Thu Pham) https://duo.com/decipher/exposed-aws-resources-leaked-sensitive-data https://duo.com/decipher/exposed-aws-resources-leaked-sensitive-data Fri, 18 May 2018 00:00:00 -0400

Amazon S3 buckets aren't the only data repositories that can leak data because of the organization's configuration errors. Other cloud services on the AWS platform are often found accessible by anyone on the Internet.]]>
<![CDATA[Google Puts Plaintext HTTP Out to Pasture]]> dennis@decipher.sc(Dennis Fisher) https://duo.com/decipher/http-is-dead-long-live-https https://duo.com/decipher/http-is-dead-long-live-https Thu, 17 May 2018 00:00:00 -0400

Google Chrome will mark all HTTP pages as not secure in the coming months, a major milestone in the overdue death of plaintext connections.]]>
<![CDATA[Cybersecurity Czar Job to Remain Vacant]]> dennis@decipher.sc(Dennis Fisher) https://duo.com/decipher/cybersecurity-czar-job-to-remain-vacant https://duo.com/decipher/cybersecurity-czar-job-to-remain-vacant Wed, 16 May 2018 00:00:00 -0400

The White House plans to leave the cybersecurity coordinator job open, while lawmakers have introduced a bill to establish a new cybersecurity office.]]>
<![CDATA[Predict Which Security Flaws Will be Exploited, Patch Those Bugs]]> fahmida@decipher.sc(Fahmida Y. Rashid) https://duo.com/decipher/predict-which-security-flaws-exploited-patch-those-bugs https://duo.com/decipher/predict-which-security-flaws-exploited-patch-those-bugs Wed, 16 May 2018 00:00:00 -0400

How do enterprises figure out which security flaws to fix first? Research shows common vulnerability management and remediation strategies are no better than random guesses. Trying to predict which flaws will be exploited and fixing those is a better use of the security teams's time.]]>
<![CDATA[Google's Android P Confirms Humans Still at the Helm]]> fahmida@decipher.sc(Fahmida Y. Rashid) https://duo.com/decipher/googles-android-p-confirms-humans-still-at-the-helm https://duo.com/decipher/googles-android-p-confirms-humans-still-at-the-helm Tue, 15 May 2018 00:00:00 -0400

The new Android Protected Confirmation API in Android P ensures that a human, not malware, is engaging with the app.]]>
<![CDATA[Efail Is Not a Death Knell For Encrypted Email]]> dennis@decipher.sc(Dennis Fisher) https://duo.com/decipher/efail-is-not-a-death-knell-for-encrypted-email https://duo.com/decipher/efail-is-not-a-death-knell-for-encrypted-email Mon, 14 May 2018 00:00:00 -0400

The Efail attacks on encrypted email clients implementing OpenPGP or S/MIME are serious, but there are mitigations and defenses available for users.]]>
<![CDATA[Secure Data Act Bans Crypto Backdoors]]> dennis@decipher.sc(Dennis Fisher) https://duo.com/decipher/secure-data-act-bans-crypto-backdoors https://duo.com/decipher/secure-data-act-bans-crypto-backdoors Fri, 11 May 2018 00:00:00 -0400

A new bill would prevent government agencies from mandating backdoors in encrypted hardware or software products.]]>
<![CDATA[Don't Try This at Home: Chip Decapsulation]]> dennis@decipher.sc(Dennis Fisher) https://duo.com/decipher/dont-try-this-at-home-chip-decapsulation https://duo.com/decipher/dont-try-this-at-home-chip-decapsulation Thu, 10 May 2018 00:00:00 -0400

Mikhail Davidov decided to see what it would take to develop a process to manually decapsulate chips. After months of work, experimentation, and trial and error, he succeeded.]]>
<![CDATA[Georgia Hack Back Bill Vetoed]]> dennis@decipher.sc(Dennis Fisher) https://duo.com/decipher/hack-back-bill-vetoed-in-georgia https://duo.com/decipher/hack-back-bill-vetoed-in-georgia Wed, 09 May 2018 00:00:00 -0400

The bill in Georgia that would have legalized active defense measures and outlawed some security research was vetoed by the state's governor.]]>
<![CDATA[Users Need More Than Minimal Breach Disclosure]]> fahmida@decipher.sc(Fahmida Y. Rashid) https://duo.com/decipher/disclosing-the-minimum-for-data-breaches-isnt-good-enough https://duo.com/decipher/disclosing-the-minimum-for-data-breaches-isnt-good-enough Tue, 08 May 2018 00:00:00 -0400

Companies get away with disclosing just the bare minimum, or dribble out the bad news to the point where no one is paying attention. We need to hold companies to a higher set of expectations.]]>
<![CDATA[The Upside of the Twitter Password Bug]]> dennis@decipher.sc(Dennis Fisher) https://duo.com/decipher/the-upside-of-the-twitter-password-bug https://duo.com/decipher/the-upside-of-the-twitter-password-bug Mon, 07 May 2018 00:00:00 -0400

The Twitter password bug caused an uproar, but the company's handling of it shows the potential value of being transparent about security.]]>
<![CDATA[Google Asylo Lets Devs Build Confidential Computing Apps]]> fahmida@decipher.sc(Fahmida Y. Rashid) https://duo.com/decipher/google-asylo-lets-devs-build-confidential-computing-apps https://duo.com/decipher/google-asylo-lets-devs-build-confidential-computing-apps Fri, 04 May 2018 00:00:00 -0400

Protect the data at rest and in transit. How about while in use? Google’s open source framework Asylo helps developers use secure enclaves with their applications without having to know the specifics of how TEEs work or learning how to use specialized tools.]]>
<![CDATA[Updated NIST Cybersecurity Framework Emphasizes Access Control & Supply Chain Risk]]> thu@duosecurity.com(Thu Pham) https://duo.com/decipher/updated-nist-cybersecurity-framework-emphasizes-access-control-and-supply-chain-risk https://duo.com/decipher/updated-nist-cybersecurity-framework-emphasizes-access-control-and-supply-chain-risk Thu, 03 May 2018 00:01:00 -0400

The National Institute of Standards and Technology (NIST) released its version 1.1 update to the 1.0 version of their Framework for Improving Critical Infrastructure Cybersecurity, last updated in 2014.]]>
<![CDATA[Rowhammer, Android and the Future of Hardware Attacks]]> dennis@decipher.sc(Dennis Fisher) https://duo.com/decipher/rowhammer-android-and-the-future-of-hardware-attacks https://duo.com/decipher/rowhammer-android-and-the-future-of-hardware-attacks Thu, 03 May 2018 00:00:00 -0400

A team from a Dutch university have developed an attack that can remotely compromise some Android devices using the Rowhammer technique.]]>
<![CDATA[Find Phishing Sites in Certificate Transparency Logs]]> fahmida@decipher.sc(Fahmida Y. Rashid) https://duo.com/decipher/find-phishing-sites-in-certificate-transparency-logs https://duo.com/decipher/find-phishing-sites-in-certificate-transparency-logs Wed, 02 May 2018 00:00:00 -0400

Mining Certificate Transparency logs can help uncover phishing sites using spoofed domain names, but it’s hard to do. Facebook has updated its Certificate Transparency Monitoring tool to notify website owners when their sites are being spoofed for malicious use.]]>
<![CDATA[Amazon Joins Google in Shutting Down Domain Fronting]]> fahmida@decipher.sc(Fahmida Y. Rashid) https://duo.com/decipher/amazon-joins-google-in-shutting-down-domain-fronting https://duo.com/decipher/amazon-joins-google-in-shutting-down-domain-fronting Tue, 01 May 2018 00:00:00 -0400

Recent changes by Google to Google App Engine and Amazon to Amazon CloudFront has shut down domain fronting. App developers will have to consider other options if they want to disguise their app’s network traffic to evade network blocks and government censors. ]]>
<![CDATA[Hack Back Bill Looms in Georgia]]> dennis@decipher.sc(Dennis Fisher) https://duo.com/decipher/hack-back-bill-looms-in-georgia https://duo.com/decipher/hack-back-bill-looms-in-georgia Tue, 01 May 2018 00:00:00 -0400

The Georgia governor may soon sign a bill that would legalize active cybersecurity defense measures.]]>
<![CDATA[Privacy, Human Rights Groups Decry Russian Ban on Telegram]]> dennis@decipher.sc(Dennis Fisher) https://duo.com/decipher/privacy-human-rights-groups-decry-russian-ban-on-telegram https://duo.com/decipher/privacy-human-rights-groups-decry-russian-ban-on-telegram Mon, 30 Apr 2018 00:00:00 -0400

Russia's ban of Telegram, the encrypted messaging app, is drawing criticism from privacy and human rights groups.]]>