Schneier on Security

SEPTEMBER 16, 2019

Not that serious, but interesting : In late 2011, Intel introduced a performance enhancement to its line of server processors that allowed network cards and other peripherals to connect directly to a CPU's last-level cache, rather than following the standard (and significantly longer) path through the server's main memory. By avoiding system memory, Intel's DDIO­short for Data-Direct I/O­increased input/output bandwidth and reduced latency and power consumption.

238

238

Troy Hunt

SEPTEMBER 17, 2019

Allow me to be controversial for a moment: arbitrary password restrictions on banks such as short max lengths and disallowed characters don't matter. Also, allow me to argue with myself for a moment: banks shouldn't have these restrictions in place anyway. I want to put forward cases for both arguments here because seeing both sides is important. I want to help shed some light on why this practice happens and argue pragmatically both for and against.

Banking 234

Banking Passwords Accountability Authentication 234

Krebs on Security

SEPTEMBER 18, 2019

A reader forwarded what he briefly imagined might be a bold, if potentially costly, innovation on the old Nigerian prince scam that asks for help squirreling away millions in unclaimed fortune: It was sent via the U.S. Postal Service, with a postmarked stamp and everything. In truth these old fashioned “advance fee” or “419” scams predate email and have circulated via postal mail in various forms and countries over the years.

Scams 208

Scams Phishing 208

The Last Watchdog

SEPTEMBER 20, 2019

Local government agencies remain acutely exposed to being hacked. That’s long been true. However, at this moment in history, two particularly worrisome types of cyber attacks are cycling up and hitting local government entities hard: ransomware sieges and election tampering. Related: Free tools that can help protect elections I had a deep discussion about this with Todd Weller, chief strategy officer at Bandura Cyber.

Ransomware 153

Ransomware Government Firewall Cyber Insurance 153

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

SEPTEMBER 20, 2019

Maria Farrell has a really interesting framing of information/device privacy: What our smartphones and relationship abusers share is that they both exert power over us in a world shaped to tip the balance in their favour, and they both work really, really hard to obscure this fact and keep us confused and blaming ourselves. Here are some of the ways our unequal relationship with our smartphones is like an abusive relationship: They isolate us from deeper, competing relationships in favour of sup

Media 226

Media Surveillance 226

Tech Republic Security

SEPTEMBER 18, 2019

The average breach causes an average of $149,000 in damages, yet most small-to-medium-sized businesses thought cyberattacks would cost them under $10,000, survey reports.

Small Business 160

Small Business 160

Daniel Miessler

SEPTEMBER 18, 2019

What I like so much about the podcast world is how two shows can cover mostly the same material, but be wildly different. The world of security podcasts is like this, with my top three recommendations having completely different tastes and textures. I wasn’t going to recommend my own show, but then I realized that if I wasn’t willing to recommend it then I shouldn’t be doing it.

Technology 100

Technology Passwords Internet Internet 100

Schneier on Security

SEPTEMBER 20, 2019

Earlier this month I made fun of a company called Crown-Sterling, for.for.for being a company that deserves being made fun of. This morning, the company announced that they "decrypted two 256-bit asymmetric public keys in approximately 50 seconds from a standard laptop computer." Really. They did. This keylength is so small it has never been considered secure.

Encryption 222

Encryption 222

Tech Republic Security

SEPTEMBER 18, 2019

BlueKeep and DejaBlue renewed interest in brute-force scanning for vulnerable systems, which negatively impacts Windows Server performance. Cameyo has solutions to protect your Virtual Desktop server.

149

149

Adam Levin

SEPTEMBER 16, 2019

In the second episode of Third Certainty, Adam Levin explains how consumers can protect themselves in the aftermath of the Capital One data breach. The post Is There a Hacker in Your Wallet? Third Certainty Episode 2 appeared first on Adam Levin.

Data breaches 114

Data breaches 114

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Adam Shostack

SEPTEMBER 18, 2019

There were widely circulated reports of voice cloning being used in phishing. I’ve been predicting these for a while ( Threat modeling in 2018 at Blackhat, 28 minutes in), but Guillaume Ross asked some really good questions about it. A new John Locke manuscript, “The Toleration of Papists” has been discovered and published. ( Short analysis in the Guardian.

Phishing 100

Phishing 100

Schneier on Security

SEPTEMBER 19, 2019

I previously blogged about a Black Hat talk that disclosed security vulnerabilities in the Boeing 787 software. Ben Rothke concludes that the vulnerabilities are real, but not practical.

Software 214

Software 214

Tech Republic Security

SEPTEMBER 18, 2019

By abusing a little-known multicast protocol, attackers can launch DDoS attacks of immense power, but there may be an easy fix.

DDOS 167

DDOS 167

The Last Watchdog

SEPTEMBER 19, 2019

Internet 201

Internet Internet 201

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Thales Cloud Protection & Licensing

SEPTEMBER 17, 2019

As government agencies get back to work after summer barbeques, family vacations and once-in-a-lifetime getaways, the focus is on the priorities for the rest of 2019. Cybersecurity remains one of the top concerns and priorities for our government. The focus on the rest of 2019 and looking ahead to 2020 was very clear when I attended two recent industry events.

IoT 101

IoT Government Cloud Migration Encryption 101

Schneier on Security

SEPTEMBER 18, 2019

Expandpass is a string expansion program. It's "useful for cracking passwords you kinda-remember." You tell the program what you remember about the password and it tries related passwords. I learned about it in this article about Phil Dougherty, who helps people recover lost cryptocurrency passwords (mostly Ethereum) for a cut of the recovered value.

Passwords 211

Passwords Cryptocurrency 211

Tech Republic Security

SEPTEMBER 20, 2019

A report from a former NSA operative says countries across the world are still adjusting to the new reality of sophisticated cyberwarfare.

Media 157

Media Government 157

Security Affairs

SEPTEMBER 17, 2019

Tens of millions of records belonging to passengers of two airline companies owned by Lion Air have been exposed and exchanged on forums. Data belonging to passengers of two airline companies owned by Lion Air have been exposed and exchanged on forums. The information was left exposed online on an unsecured Amazon bucket, the records were stored in two databases in a directory containing backup files mostly for Malindo Air and Thai Lion Air.

Backups 111

Backups Advertising Hacking Data breaches 111

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Thales Cloud Protection & Licensing

SEPTEMBER 19, 2019

Data is the most valuable online currency a consumer possesses. Yet most people don’t trust the companies they’re sharing data with, according to a new market trends study published by Gartner. In fact, 75% of consumers worry their online accounts may be hacked and the vast majority also believe companies are using or sharing their data without even telling them, according to the study.

Data breaches 96

Data breaches Encryption Big data Risk 96

Schneier on Security

SEPTEMBER 18, 2019

I am in search of a strategic thought partner: a person who can work closely with me over the next 9 to 12 months in assessing what's needed to advance the practice, integration, and adoption of public-interest technology. All of the details are in the RFP. The selected strategist will work closely with me on a number of clear deliverables. This is a contract position that could possibly become a salaried position in a subsequent phase, and under a different agreement.

Technology 209

Technology 209

Tech Republic Security

SEPTEMBER 17, 2019

The volume of data processed in the enterprise is rapidly increasing, though strategies to secure data, including biometrics, are subject to technical and legal issues.

140

140

Security Affairs

SEPTEMBER 16, 2019

A flaw in LastPass password manager leaks credentials from previous site. An expert discovered a flaw in the LastPass password manager that exposes login credentials entered on a site previously visited by a user. Tavis Ormandy, the popular white-hat hacker at Google Project Zero, has discovered a vulnerability in the LastPass password manager that exposes login credentials entered on a site previously visited by a user.

Password Management 111

Password Management Passwords Advertising Mobile 111

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

PerezBox Security

SEPTEMBER 16, 2019

In September of 2019 Mozilla will begin releasing DNS over HTTPS (DOH) in Firefox via their Trusted Recursive Resolver (TRR) program. A primer on DNS Security. The change is based. Read More. The post Mozilla Introduces Mechanism to Hijack all DNS Traffic in the Name of Privacy appeared first on PerezBox.

DNS 91

DNS Information Security 91

Schneier on Security

SEPTEMBER 20, 2019

This article discusses new types of biometrics under development, including gait, scent, heartbeat, microbiome, and butt shape (no, really).

Authentication 200

Authentication 200

Tech Republic Security

SEPTEMBER 19, 2019

While businesses don't want to lose data, 66% of business decision makers said their current IT resources do not keep up with growing technological demands.

Technology 146

Technology 146

Security Affairs

SEPTEMBER 15, 2019

Facebook addressed a vulnerability in Instagram that could have allowed attackers to access private user information. The security researcher @ZHacker13 discovered a flaw in Instagram that allowed an attacker to access account information, including user phone number and real name. ZHacker13 discovered the vulnerability in August and reported the issue to Facebook that asked for additional time to address the issue.

Accountability 111

Accountability Advertising Hacking Information Security 111

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

WIRED Threat Level

SEPTEMBER 16, 2019

In a new memoir and interview, the world’s most famous whistle-blower elucidates as never before why he stood up to mass surveillance—and his love for an internet that no longer exists.

Surveillance 90

Surveillance Internet Internet 90

Schneier on Security

SEPTEMBER 14, 2019

This is a current list of where and when I am scheduled to speak: I'm speaking at University College London on September 23, 2019. I'm speaking at World's Top 50 Innovators 2019 at the Royal Society in London on September 24, 2019. I'm speaking at Cyber Security Nordic in Helsinki, Finland on October 3, 2019. I'm speaking at the Australian Cyber Conference 2019 in Melbourne on October 9, 2019.

167

167

Tech Republic Security

SEPTEMBER 19, 2019

If you had a Yahoo account between January 1, 2012 and December 31, 2016, you may be entitled to a bit of money.

Data breaches 168

Data breaches Accountability 168

Security Affairs

SEPTEMBER 18, 2019

Researchers at Greenbone Networks vulnerability analysis and management company discovered 400 Million medical radiological images exposed online via unsecured PACS servers. The experts at Greenbone Networks vulnerability analysis and management company discovered 600 unprotected servers exposed online that contained medical radiological images. The research was conducted between mid-July 2019 and early September 2019.

Identity Theft 110

Identity Theft Social Engineering Healthcare Internet 110

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity