Troy Hunt

MARCH 29, 2018

The penny first dropped for me just over 7 years ago to the day: The only secure password is the one you can't remember. In an era well before the birth of Have I Been Pwned (HIBP), I was doing a bunch of password analysis on data breaches and wouldn't you know it - people are terrible at creating passwords! Of course, we all know that but it's interesting to look back on that post all these years later and realise that unfortunately, nothing has really changed.

Password Management 262

Password Management Passwords Data breaches Retail 262

Schneier on Security

MARCH 29, 2018

In the wake of the Cambridge Analytica scandal, news articles and commentators have focused on what Facebook knows about us. A lot, it turns out. It collects data from our posts, our likes, our photos , things we type and delete without posting, and things we do while not on Facebook and even when we're offline. It buys data about us from others. And it can infer even more: our sexual orientation, political beliefs, relationship status, drug use, and other personality traits -- even if we didn't

Surveillance 237

Surveillance Artificial Intelligence Advertising Big data 237

WIRED Threat Level

MARCH 27, 2018

What's happening at the US Army's new cyber branch headquarters marks a change for Fort Gordon. Hell, it might be changing warfare itself—all through a computer screen.

110

110

Thales Cloud Protection & Licensing

MARCH 28, 2018

Cloud providers have done a good job of integrating default encryption services within their core infrastructure. However, as discussed in previous blogs , the encryption service is only as secure as the keys that are used to encrypt the data. Enterprises cannot ignore the responsibility of implementing a strong key assurance service that ensures they maintain control of their own risks.

Encryption 90

Encryption Government Authentication Accountability 90

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Troy Hunt

MARCH 26, 2018

Here's the tl;dr - someone named "Md. Shofiur R" found troyhunt.com on a "free online malware scanner" and tried to scare me into believing my site had security vulnerabilities then shake me down for a penetration test. It didn't work out so well for him, here's the blow-by-blow account of things then I'll add some more thoughts afterwards: Should I respond?

Scams 197

Scams Penetration Testing Accountability Data breaches 197

Schneier on Security

MARCH 26, 2018

Interesting research into undetectably adding backdoors into computer chips during manufacture: " Stealthy dopant-level hardware Trojans: extended version ," also available here : Abstract: In recent years, hardware Trojans have drawn the attention of governments and industry as well as the scientific community. One of the main concerns is that integrated circuits, e.g., for military or critical-infrastructure applications, could be maliciously manipulated during the manufacturing process, which

Manufacturing 171

Manufacturing Government Malware 171

Thales Cloud Protection & Licensing

MARCH 29, 2018

As the volume of both card-based payments and digital payments continue to grow significantly year-on-year, the importance of securing sensitive card data (and in particular the primary account number or PAN) has never been a more critical and challenging task. In the recent Thales eSecurity eBook, ‘ PCI Compliance and Data Protection for Dummies ’, we cover the main technologies that can be used, such as encryption and tokenization, to help with such efforts in protecting the payment prior to a

Data breaches 87

Data breaches Encryption Mobile IoT 87

Troy Hunt

MARCH 27, 2018

Recently, I've witnessed a couple of incidents which have caused me to question some pretty fundamental security basics with our local Aussie telcos, specifically Telstra and Optus. It began with a visit to the local Telstra store earlier this month to upgrade a couple of phone plans which resulted in me sitting alone by this screen whilst the Telstra staffer disappeared into the back room for a few minutes: Is it normal for @Telstra to display customer passwords on publicly facing terminals in

Passwords 150

Passwords Banking Mobile Telecommunications 150

Schneier on Security

MARCH 28, 2018

Ross Anderson has a really interesting paper on tracing stolen bitcoin. From a blog post : Previous attempts to track tainted coins had used either the "poison" or the "haircut" method. Suppose I open a new address and pay into it three stolen bitcoin followed by seven freshly-mined ones. Then under poison, the output is ten stolen bitcoin, while under haircut it's ten bitcoin that are marked 30% stolen.

Banking 147

Banking Accountability Software 147

WIRED Threat Level

MARCH 27, 2018

For years, Facebook has left a privacy setting on its site that addresses a problem that no longer exists.

102

102

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Elie

MARCH 24, 2018

This post provides an in-depth analysis of Gooligan monetization schemas and recounts how Google took it down with the help of external partners. This post is the final post of the series dedicated to the hunt and take down of Gooligan that we did at Google in collaboration with Check Point in November 2016. The. first post. recounts the Gooligan origin story and offers an overview of how it works.

Accountability 72

Accountability Malware 72

Troy Hunt

MARCH 30, 2018

It's a MASSIVE weekly update! The big news for me this week is the 1Password partnership and I've really tried to share more about how I came to the decision to work with them in this video. I've been so cautious with the way I've managed the image of HIBP to ensure it's always positioned in the right light and I wanted to delve more into that thinking here.

Data breaches 117

Data breaches Passwords 117

Schneier on Security

MARCH 29, 2018

When Spectre and Meltdown were first announced earlier this year, pretty much everyone predicted that there would be many more attacks targeting branch prediction in microprocessors. Here's another one : In the new attack, an attacker primes the PHT and running branch instructions so that the PHT will always assume a particular branch is taken or not taken.

Encryption 137

Encryption Software 137

WIRED Threat Level

MARCH 30, 2018

Internet infrastructure company Cloudflare appears to be preparing to launch a service to encrypt traffic to the computers that look up web addresses.

Encryption 83

Encryption Internet Internet 83

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Elie

MARCH 24, 2018

This post provides an in-depth analysis of Gooligan monetization schemas and recounts how Google took it down with the help of external partners. This post is the final post of the series dedicated to the hunt and take down of Gooligan that we did at Google in collaboration with Check Point in November 2016. The. first post. recounts the Gooligan origin story and offers an overview of how it works.

Accountability 72

Accountability Malware 72

Dark Reading

MARCH 30, 2018

The first in a series of articles shining a spotlight on women who are quietly changing the game in cybersecurity.

Cybersecurity 94

Cybersecurity 94

Schneier on Security

MARCH 27, 2018

Yet another development in the arms race between facial recognition systems and facial-recognition-system foolers. BoingBoing post.

153

153

WIRED Threat Level

MARCH 27, 2018

Researchers point out serious gaps in the privacy promises of stealth cryptocoin Monero.

99

99

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

eSecurity Planet

MARCH 26, 2018

Hundreds of vendors exhibit at the annual cyber security gathering, but only 10 are finalists in the Innovation sandbox contest. Find out who they are.

74

74

Privacy and Cybersecurity Law

MARCH 26, 2018

The United States Securities and Exchange Commission (SEC) recently published updated interpretative guidance concerning the duty of covered public companies to disclose […].

Risk 52

Risk Cybersecurity Marketing 52

Schneier on Security

MARCH 30, 2018

It's routine for US police to unlock iPhones with the fingerprints of dead people. It seems only to work with recently dead people.

147

147

WIRED Threat Level

MARCH 30, 2018

If Under Armour had protected all passwords equally, its 150-million-user MyFitnessPal breach wouldn’t have been nearly as bad.

Hacking 81

Hacking Passwords 81

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

eSecurity Planet

MARCH 28, 2018

Secdo offers an incident response platform that combines endpoint protection with cloud-based AI that handles threats in real time.

Malware 74

Malware 74

Penetration Testing

MARCH 28, 2018

pagodo (Passive Google Dork) – Automate Google Hacking Database scraping The goal of this project was to develop a passive Google dork script to collect potentially vulnerable web pages and applications on the Internet.... The post pagodo v2.5 releases: Automate Google Hacking Database scraping appeared first on Penetration Testing.

Hacking 52

Hacking Penetration Testing Internet Internet 52

Schneier on Security

MARCH 28, 2018

Researchers have exploited a flaw in the cryptocurrency Monero to break the anonymity of transactions. Research paper. BoingBoing post.

Cryptocurrency 138

Cryptocurrency 138

WIRED Threat Level

MARCH 29, 2018

The unfortunately named MuslimCrypt uses steganography to pass discreet messages through images online.

88

88

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Spinone

MARCH 27, 2018

An increasing number of schools are moving their records, lesson plans, teaching materials, and even classes online, in order to take advantage of the increased efficiency and collaboration opportunities that the cloud provides. A third of US students are issued mobile devices for schoolwork and 75% of high-schoolers access class information through an online portal. […] The post Google Workspace for Education.

Education 52

Education Mobile 52

Threatpost

MARCH 30, 2018

Under Armour is getting kudos for disclosing breach within weeks, but concerns remain over an unknown portion of credentials reportedly stored using the weak SHA-1 hashing function.

Accountability 53

Accountability Mobile 53

Dark Reading

MARCH 28, 2018

In anticipation of an IoT-centric future, CISOs must be rigorous in shoring up defenses that provide real-time insights across all network access points.

Internet 55

Internet Internet CISO IoT 55

WIRED Threat Level

MARCH 29, 2018

The social media giant Thursday outlined several attempts to help protect the midterm elections, but still has a long way to go.

Media 75

Media 75

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity