Sat.Jan 06, 2018 - Fri.Jan 12, 2018

article thumbnail

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Troy Hunt

India's Aadhaar implementation is the largest biometric system in the world, holding about 1.2 billion locals' data. It's operating in an era of increasingly large repositories of personal data held by both private companies and governments alike. It's also an era where this sort of information is constantly leaked to unauthorised parties; last year Equifax lost control of 145.5 million records on US consumers (this started a series events which ultimately led to me testifying in front of Congre

Hacking 278
article thumbnail

XKCD's Smartphone Security System

Schneier on Security

Funny.

209
209
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

A Clever Radio Trick Can Tell If a Drone Is Watching You

WIRED Threat Level

A quirk of video compression lets spy targets see what the drone watching them sees.

112
112
article thumbnail

Profile of the Month: Cindy Provin, Chief Executive Officer

Thales Cloud Protection & Licensing

Cindy Provin is a 20-year veteran at Thales. This month, she became the CEO for Thales eSecurity. Previously, she served as the President for Thales eSecurity Americas, and Chief Strategy & Marketing Officer for Thales eSecurity. In her new role as CEO, Cindy will be responsible for leading a world-class organization and delivering a portfolio of security solutions to protect data wherever it is created, shared or stored.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Weekly Update 69 (Boat Edition)

Troy Hunt

It's my last day in the sun ?? Well, at least it's my last day in the sun for a couple of weeks so today I've gone to the sunniest place I know. It's "the boat edition" of my weekly update and I apologise up front for the rocking motion, the occasional wind noise (I lost the fluffy bit off my smartLav mic ) and the gratuitous amount of sunshine and beach.

Internet 121
article thumbnail

Yet Another FBI Proposal for Insecure Communications

Schneier on Security

Deputy Attorney General Rosenstein has given talks where he proposes that tech companies decrease their communications and device security for the benefit of the FBI. In a recent talk , his idea is that tech companies just save a copy of the plaintext: Law enforcement can also partner with private industry to address a problem we call "Going Dark." Technology increasingly frustrates traditional law enforcement efforts to collect evidence needed to protect public safety and solve crime.

More Trending

article thumbnail

AI in Cybersecurity: Where We Stand & Where We Need to Go

Dark Reading

How security practitioners can incorporate expert knowledge into machine learning algorithms that reveal security insights, safeguard data, and keep attackers out.

article thumbnail

How to Comply with GDPR

eSecurity Planet

IT experts share some their tips on updating IT systems and business processes to comply with the EU's strict new data privacy regulations.

article thumbnail

NSA Morale

Schneier on Security

The Washington Post is reporting that poor morale at the NSA is causing a significant talent shortage. A November New York Times article said much the same thing. The articles point to many factors: the recent reorganization , low pay, and the various leaks. I have been saying for a while that the Shadow Brokers leaks have been much more damaging to the NSA -- both to morale and operating capabilities -- than Edward Snowden.

163
163
article thumbnail

Congress Renews FISA Warrantless Surveillance Bill For Six More Years

WIRED Threat Level

The House of Representatives Thursday strengthened spying powers authorized under Section 702 of the 2008 FISA Amendments Act.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Privacy: The Dark Side of the Internet of Things

Dark Reading

Before letting an IoT device into your business or home, consider what data is being collected and where it is going.

article thumbnail

Security Beyond The Perimeter

Andrew Hay

Whether we like it or not, the way we architect, utilize, and secure the networks and systems under our control has changed. When servers were safely tucked away behind corporate firewalls and perimeter-deployed intrusion prevention controls, organizations became complacent and dependent on their host security. Unfortunately, inadequately architected security controls that rely solely on broad network-based protection can make the migration of an organization’s systems to private, public, and hy

article thumbnail

Fingerprinting Digital Documents

Schneier on Security

In this era of electronic leakers, remember that zero-width spaces and homoglyph substitution can fingerprint individual instances of files.

147
147
article thumbnail

WhatsApp Encryption Security Flaws Could Allow Snoops to Slide Into Group Chats

WIRED Threat Level

German researchers say that a flaw in the app's group-chat feature undermines its end-to-end encryption promises.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Wi-Fi Alliance Launches WPA2 Enhancements and Debuts WPA3

Dark Reading

WPA2 protocol enhancements bring stronger security protection and best practices, while new WPA3 protocol offers new security capabilities.

79
article thumbnail

The Case for Best Practices Key Management in Cisco HyperFlex

Thales Cloud Protection & Licensing

Hyperconverged infrastructure adoption has grown tremendously over the past few years, and for good reason. Solutions like Cisco’s HyperFlex can provide cloud-like simplification and savings with on premises data center-like scale, performance, and reliability; the best of both worlds. And, like any enterprise computing environment, the encryption of sensitive data has become a fundamental requirement.

article thumbnail

Facial Recognition Is Coming to Retail

Schneier on Security

Summary article.

Retail 146
article thumbnail

Skype Introduces End-to-End Encrypted Texts and Voice

WIRED Threat Level

After years of lingering questions about Skype's commitment to protecting user data, it will soon offer end-to-end encryption to its 300 million monthly users.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

How to Attract More Women Into Cybersecurity - Now

Dark Reading

A recent survey finds a number of attributes women seek in their careers can be found in a cybersecurity profession - the dots just need to be connected.

article thumbnail

FBI Director Calls Smartphone Encryption an ‘Urgent Public Safety Issue’

Threatpost

The debate over the government's authority to access private encrypted data on digital devices was amplified when the Federal Bureau of Investigation Director Christopher Wray called unbreakable encryption an 'urgent public safety issue.'.

article thumbnail

Susan Landau's New Book: Listening In

Schneier on Security

Susan Landau has written a terrific book on cybersecurity threats and why we need strong crypto. Listening In: Cybersecurity in an Insecure Age. It's based in part on her 2016 Congressional testimony in the Apple/FBI case; it examines how the Digital Revolution has transformed society, and how law enforcement needs to -- and can -- adjust to the new realities.

article thumbnail

How the Government Hides Secret Surveillance Programs

WIRED Threat Level

A new report from Human Rights Watch sheds light on a troubling law enforcement practice called “parallel construction.”.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

New Cryptocurrency Mining Malware Has Links to North Korea

Dark Reading

A malware tool for stealthily installing software that mines the Monero virtual currency looks like the handiwork of North Korean threat actors, AlienVault says.

Malware 76
article thumbnail

Kali on the Windows Subsystem for Linux

Kali Linux

Update : This post is outdated. For a better way of getting Kali Linux on Windows 10, install Kali Linux from the App store. We’re always on the prowl for novel environments to run Kali on, and with the introduction of the Windows Subsystem for Linux (WSL) in Windows 10, new and exciting possibilities have surfaced. After all, if the WSL can support Ubuntu, it shouldn’t be too hard to incorporate another Debian-like distribution, right?

article thumbnail

Tourist Scams

Schneier on Security

A comprehensive list. Most are old and obvious, but there are some clever variants.

Scams 142
article thumbnail

How Meltdown and Spectre Were Independently Discovered By Four Research Teams At Once

WIRED Threat Level

The uncanny coincidences among the Meltdown and Spectre discoveries raise questions about "bug collisions"—and the safety of the NSA's hidden vulnerability collection.

112
112
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

CISOs' No. 1 Concern in 2018: The Talent Gap

Dark Reading

Survey finds 'lack of competent in-house staff' outranks all other forms of cybersecurity worry, including data breaches to ransomware attacks.

CISO 74
article thumbnail

Microsoft January Patch Tuesday Update Fixes 16 Critical Bugs

Threatpost

Thanks to Meltdown and Spectre, January has already been an extremely busy month of patching for Microsoft.

Hacking 51
article thumbnail

Cybersecurity and the 2017 US National Security Strategy

Schneier on Security

Commentaries on the 2017 US national security strategy by Michael Sulmeyer and Ben Buchanan.

article thumbnail

Meltdown and Spectre Vulnerability Fixes Have Started, But Don't Solve Everything

WIRED Threat Level

Meltdown and Spectre Fixes Arrive—But Don't Solve Everything.

145
145
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!