SEARCH
All Articles
The Upside of the Twitter Password Bug
The Twitter password bug caused an uproar, but the company's handling of it shows the potential value of being transparent about security.
Google Asylo Lets Devs Build Confidential Computing Apps
Protect the data at rest and in transit. How about while in use? Google’s open source framework Asylo helps developers use secure enclaves with their applications without having to know the specifics of how TEEs work or learning how to use specialized tools.
Updated NIST Cybersecurity Framework Emphasizes Access Control & Supply Chain Risk
The National Institute of Standards and Technology (NIST) released its version 1.1 update to the 1.0 version of their Framework for Improving Critical Infrastructure Cybersecurity, last updated in 2014.
Rowhammer, Android and the Future of Hardware Attacks
A team from a Dutch university have developed an attack that can remotely compromise some Android devices using the Rowhammer technique.
Find Phishing Sites in Certificate Transparency Logs
Mining Certificate Transparency logs can help uncover phishing sites using spoofed domain names, but it’s hard to do. Facebook has updated its Certificate Transparency Monitoring tool to notify website owners when their sites are being spoofed for malicious use.
Amazon Joins Google in Shutting Down Domain Fronting
Recent changes by Google to Google App Engine and Amazon to Amazon CloudFront has shut down domain fronting. App developers will have to consider other options if they want to disguise their app’s network traffic to evade network blocks and government censors.
Hack Back Bill Looms in Georgia
The Georgia governor may soon sign a bill that would legalize active cybersecurity defense measures.
Privacy, Human Rights Groups Decry Russian Ban on Telegram
Russia's ban of Telegram, the encrypted messaging app, is drawing criticism from privacy and human rights groups.
Key Escrow By Any Other Name is Still Key Escrow
Ray Ozzie's Clear key escrow proposal for decrypting devices relies on a secure processor that doesn't yet exist.
Zero + Zero + Zero = Trusted?
There is renewed interest in the zero trust security model as everyone tries to make sense out of how to get better security through "no trust." CIOs and CISOs should be looking at thinking about how this security model relates to their organizations.
No Easy Fix for BGP Leaks
We forget that the Internet is pretty fragile and when something breaks, there is collateral damage. DNS hijacking and BGP leaks are two of the problems we haven't fixed yet, and there aren't any easy solutions.
Uber Evolves Bug Bounty Program to Reassure Researchers
Uber has updated its bounty program to provide security researchers with clarity on what good faith research looks like.
Manage Third-Party Suppliers with Personality Tests
Every supplier and third party vendor has different behaviors, abilities and knowledge. Developing a personality profile for each supplier can help organizations decide how much effort they need to spend managing that relationship as part of an effective infosec and privacy assurance program.
The Rise and Rise of Cryptocurrency Related Crime
Cryptocurrencies such as Bitcoin and Monero have become favorites of cyberminals associated with ransomware and malicious coinmining, but there's much more going on beneath the surface.
Hacker History: How Dan Kaminsky Almost Broke the Internet
In this illustrated Hacker History video, security researcher Dan Kaminsky goes back to 2008 and describes how he found the vulnerability in DNS and almost broke the Internet. Unfortunately, DNS still needs to be fixed.