Sat.Dec 09, 2017 - Fri.Dec 15, 2017

article thumbnail

I'm Sorry You Feel This Way NatWest, but HTTPS on Your Landing Page Is Important

Troy Hunt

Occasionally, I feel like I'm just handing an organisation more shovels - "here, keep digging, I'm sure this'll work out just fine." The latest such event was with NatWest (a bank in the UK), and it culminated with this tweet from them: I'm sorry you feel this way. I can certainly pass on your concerns and feed this back to the tech team for you Troy?

Banking 274
article thumbnail

Tracking People Without GPS

Schneier on Security

Interesting research : The trick in accurately tracking a person with this method is finding out what kind of activity they're performing. Whether they're walking, driving a car, or riding in a train or airplane, it's pretty easy to figure out when you know what you're looking for. The sensors can determine how fast a person is traveling and what kind of movements they make.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Wired Guide to Digital Security, From Passwords to Faraday Cages

WIRED Threat Level

In an age of nonstop breaches and hacks, here are ways to improve your online security based on your level of risk, from average user to NSA contractor.

Passwords 110
article thumbnail

Protecting data for compliance and transformation

Thales Cloud Protection & Licensing

Until recently, it was nothing more than a buzzword bandied around across various industries. Now though, businesses everywhere are undergoing various forms of digital transformation as they look for ways to better interact with their end customers, whether consumer or corporate. Organisations are finding themselves under increasing pressure from their boards, all keen on moving their businesses forward technologically, to deliver the solutions and services they need to remain competitive in an

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Face ID Stinks

Troy Hunt

I've been gradually coming to this conclusion of my own free will, but Phil Schiller's comments last week finally cemented it for me: Face ID stinks. I wrote about the security implementations of Face ID just after it was announced and that piece is still entirely relevant today. To date, we haven't seen practical attacks against it that should worry the masses and the one piece that suggests it's vulnerable has been pretty thoroughly debunked by Dan Goodin at Ars Technica.

153
153
article thumbnail

Security Planner

Schneier on Security

Security Planner is a custom security advice tool from Citizen Lab. Answer a few questions, and it gives you a few simple things you can do to improve your security. It's not meant to be comprehensive, but instead to give people things they can actually do to immediately improve their security. I don't see it replacing any of the good security guides out there, but instead augmenting them.

192
192

More Trending

article thumbnail

2017 AWS Re:Invent Recap: The evolution of innovation in the cloud

Thales Cloud Protection & Licensing

A couple weeks ago I attended yet another successful AWS Re:Invent conference. For those of you that don’t already know, AWS Re:Invent is Amazon Web Services premier cloud conference for customers, partners, and industry professionals. There was a noticeable increase in attendance at this year’s show, and keynote presentations from AWS’ CEO Andy Jassy and Amazon.com’s VP & CTO Werner Vogels did not disappoint.

article thumbnail

New Pluralsight Play by Play: What You Need to Know About HTTPS Today

Troy Hunt

As many followers know, I run a workshop titled Hack Yourself First where I spend a couple of days with folks running through all sorts of common security issues and, of course, how to fix them. I must have run it 50 times by now so it's a pretty well-known quantity, but there's one module more than any other that changes at a fierce rate - HTTPS. I was thinking about it just now when considering how to approach this post launching the new course because let's face it, I've got a lot of material

article thumbnail

Remote Hack of a Boeing 757

Schneier on Security

Last month, the DHS announced that it was able to remotely hack a Boeing 757: "We got the airplane on Sept. 19, 2016. Two days later, I was successful in accomplishing a remote, non-cooperative, penetration," said Robert Hickey, aviation program manager within the Cyber Security Division of the DHS Science and Technology (S&T) Directorate. "[Which] means I didn't have anybody touching the airplane, I didn't have an insider threat.

Hacking 190
article thumbnail

MobileCoin: A New Cryptocurrency From Signal Creator Moxie Marlinspike

WIRED Threat Level

MobileCoin aims to make cryptocurrency transactions quick and easy for everyone, while still preserving privacy and decentralization.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Lazarus Group Targets Bitcoin Company

Dark Reading

The cybercrime group blamed for attacks on the SWIFT financial network launches a spearphishing campaign to steal employee credentials at a London cryptocurrency company.

article thumbnail

Weekly Update 65

Troy Hunt

I actually got a lot of writing done this week! Plus travelled to Sydney and then Melbourne to speak at a couple of events so that's a pretty good week IMHO. What's especially good is that there's no more flights or hotel rooms in 2017 for me! As for this week, there's a bunch of stuff around a new Pluralsight course, my dismay with Face ID and a bit of taking a UK bank to task.

Banking 111
article thumbnail

E-Mail Tracking

Schneier on Security

Good article on the history and practice of e-mail tracking: The tech is pretty simple. Tracking clients embed a line of code in the body of an email­ -- usually in a 1x1 pixel image, so tiny it's invisible, but also in elements like hyperlinks and custom fonts. When a recipient opens the email, the tracking client recognizes that pixel has been downloaded, as well as where and on what device.

article thumbnail

What To Do If You've Been Doxed

WIRED Threat Level

If a troll is spilling your personal info across the internet, you have ways to fight back. Eva Galperin, director of cybersecurity at the EFF, shares tips.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

How Google Encrypts Data in the Cloud

eSecurity Planet

Google details its Application Layer Transport Security approach for securing data inside the cloud.

article thumbnail

Is Your Security Workflow Backwards?

Dark Reading

The pace at which information security evolves means organizations must work smarter, not harder. Here's how to stay ahead of the threats.

article thumbnail

Surveillance inside the Body

Schneier on Security

The FDA has approved a pill with an embedded sensor that can report when it is swallowed. The pill transmits information to a wearable patch, which in turn transmits information to a smartphone.

article thumbnail

Exclusive: Tracing ISIS’ Weapons Supply Chain—Back to the US

WIRED Threat Level

The Islamic State is designing and mass-producing its own advanced munitions—with parts from all over the world.

111
111
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Permissions Flaw Found Azure AD Connect

Threatpost

A permissions flaw in Microsoft’s Azure AD Connect software could allow a rogue admin to escalate account privileges and gain unauthorized universal access within a company’s internal network. .

article thumbnail

BlueBorne Attack Highlights Flaws in Linux, IoT Security

Dark Reading

Bluetooth vulnerabilities let attackers control devices running Linux or any OS derived from it, putting much of the Internet of Things at risk, including popular consumer products.

IoT 59
article thumbnail

Open Source Patch Management: Options for DIYers

eSecurity Planet

Patch management could stop half of all breaches. There are few open source patch management options, but you could build your own. We tell you how.

60
article thumbnail

Bots and Form Letters Make It Nearly Impossible to Find Real FCC Net Neutrality Comments

WIRED Threat Level

Over seven months, 39 Nicholas Thompsons submitted net neutrality comments to the FCC. We tried to track each of them down.

105
105
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Triton Malware Targets Industrial Control Systems in Middle East

Threatpost

Malware intended for a “high-impact” attack against safety systems likely would of caused physical damage to a targeted company located in the Middle East.

Malware 56
article thumbnail

Mobile Device Makers Increasingly Embrace Bug Bounty Programs

Dark Reading

Samsung is the latest to join a small group of smartphone makers to cast their net wide on catching vulnerabilities in their devices.

Mobile 70
article thumbnail

NIST Releases Draft Update To Cybersecurity Framework

Privacy and Cybersecurity Law

In 2014, the National Institute of Standards and Technology (NIST) released its first version of the Framework for Improving Critical […].

article thumbnail

Smartphone Security 101: Key Steps From PINs to Permissions

WIRED Threat Level

Keep your device safe from snoops with basic precautions like setting the right PIN and vetting your app permissions.

106
106
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

19-Year-Old TLS Vulnerability Weakens Modern Website Crypto

Threatpost

New research shows how an old vulnerability called ROBOT can be exploited using an adaptive chosen-ciphertext attack to reveal the plaintext for a given TLS session.

49
article thumbnail

2 Million Fake Net Neutrality Comments Stole American Identities

Dark Reading

New York Attorney General Eric Schneiderman updates the investigation into fake content submitted during the net neutrality comment process.

67
article thumbnail

Nation State Attackers Shut Down Industrial Plant with New ICS Malware

eSecurity Planet

The malware was designed specifically to target Triconex SIS controllers.

Malware 69
article thumbnail

How to Encrypt All of the Things, From Chats to Calls and More

WIRED Threat Level

Want to keep outsiders from listening in on your chats, phone calls, and more? Encrypt them. All of them.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.