Troy Hunt

MARCH 29, 2018

The penny first dropped for me just over 7 years ago to the day: The only secure password is the one you can't remember. In an era well before the birth of Have I Been Pwned (HIBP), I was doing a bunch of password analysis on data breaches and wouldn't you know it - people are terrible at creating passwords! Of course, we all know that but it's interesting to look back on that post all these years later and realise that unfortunately, nothing has really changed.

Password Management 263

Password Management Passwords Data breaches Retail 263

Schneier on Security

MARCH 29, 2018

In the wake of the Cambridge Analytica scandal, news articles and commentators have focused on what Facebook knows about us. A lot, it turns out. It collects data from our posts, our likes, our photos , things we type and delete without posting, and things we do while not on Facebook and even when we're offline. It buys data about us from others. And it can infer even more: our sexual orientation, political beliefs, relationship status, drug use, and other personality traits -- even if we didn't

Surveillance 247

Surveillance Artificial Intelligence Advertising Big data 247

WIRED Threat Level

MARCH 27, 2018

What's happening at the US Army's new cyber branch headquarters marks a change for Fort Gordon. Hell, it might be changing warfare itself—all through a computer screen.

111

111

Dark Reading

MARCH 30, 2018

The first in a series of articles shining a spotlight on women who are quietly changing the game in cybersecurity.

Cybersecurity 94

Cybersecurity 94

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Troy Hunt

MARCH 26, 2018

Here's the tl;dr - someone named "Md. Shofiur R" found troyhunt.com on a "free online malware scanner" and tried to scare me into believing my site had security vulnerabilities then shake me down for a penetration test. It didn't work out so well for him, here's the blow-by-blow account of things then I'll add some more thoughts afterwards: Should I respond?

Scams 210

Scams Penetration Testing Accountability Data breaches 210

Schneier on Security

MARCH 26, 2018

Interesting research into undetectably adding backdoors into computer chips during manufacture: " Stealthy dopant-level hardware Trojans: extended version ," also available here : Abstract: In recent years, hardware Trojans have drawn the attention of governments and industry as well as the scientific community. One of the main concerns is that integrated circuits, e.g., for military or critical-infrastructure applications, could be maliciously manipulated during the manufacturing process, which

Manufacturing 180

Manufacturing Government Malware 180

Thales Cloud Protection & Licensing

MARCH 28, 2018

Cloud providers have done a good job of integrating default encryption services within their core infrastructure. However, as discussed in previous blogs , the encryption service is only as secure as the keys that are used to encrypt the data. Enterprises cannot ignore the responsibility of implementing a strong key assurance service that ensures they maintain control of their own risks.

Encryption 90

Encryption Government Authentication Accountability 90

Troy Hunt

MARCH 27, 2018

Recently, I've witnessed a couple of incidents which have caused me to question some pretty fundamental security basics with our local Aussie telcos, specifically Telstra and Optus. It began with a visit to the local Telstra store earlier this month to upgrade a couple of phone plans which resulted in me sitting alone by this screen whilst the Telstra staffer disappeared into the back room for a few minutes: Is it normal for @Telstra to display customer passwords on publicly facing terminals in

Passwords 157

Passwords Banking Mobile Telecommunications 157

Schneier on Security

MARCH 27, 2018

Yet another development in the arms race between facial recognition systems and facial-recognition-system foolers. BoingBoing post.

163

163

WIRED Threat Level

MARCH 27, 2018

Researchers point out serious gaps in the privacy promises of stealth cryptocoin Monero.

111

111

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Thales Cloud Protection & Licensing

MARCH 29, 2018

As the volume of both card-based payments and digital payments continue to grow significantly year-on-year, the importance of securing sensitive card data (and in particular the primary account number or PAN) has never been a more critical and challenging task. In the recent Thales eSecurity eBook, ‘ PCI Compliance and Data Protection for Dummies ’, we cover the main technologies that can be used, such as encryption and tokenization, to help with such efforts in protecting the payment prior to a

Data breaches 87

Data breaches Encryption Mobile IoT 87

Troy Hunt

MARCH 30, 2018

It's a MASSIVE weekly update! The big news for me this week is the 1Password partnership and I've really tried to share more about how I came to the decision to work with them in this video. I've been so cautious with the way I've managed the image of HIBP to ensure it's always positioned in the right light and I wanted to delve more into that thinking here.

Data breaches 118

Data breaches Passwords 118

Schneier on Security

MARCH 28, 2018

Ross Anderson has a really interesting paper on tracing stolen bitcoin. From a blog post : Previous attempts to track tainted coins had used either the "poison" or the "haircut" method. Suppose I open a new address and pay into it three stolen bitcoin followed by seven freshly-mined ones. Then under poison, the output is ten stolen bitcoin, while under haircut it's ten bitcoin that are marked 30% stolen.

Banking 157

Banking Accountability Software 157

WIRED Threat Level

MARCH 25, 2018

No matter how much mystique a hacker persona has, the individual or group behind it inevitably makes operations security errors sometimes.

110

110

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

eSecurity Planet

MARCH 29, 2018

Learn what you can do to limit the risk of in-browser cryptojacking attacks.

Risk 75

Risk 75

Elie

MARCH 24, 2018

This post provides an in-depth analysis of Gooligan monetization schemas and recounts how Google took it down with the help of external partners. This post is the final post of the series dedicated to the hunt and take down of Gooligan that we did at Google in collaboration with Check Point in November 2016. The. first post. recounts the Gooligan origin story and offers an overview of how it works.

Accountability 72

Accountability Malware 72

Schneier on Security

MARCH 30, 2018

It's routine for US police to unlock iPhones with the fingerprints of dead people. It seems only to work with recently dead people.

155

155

WIRED Threat Level

MARCH 30, 2018

Atlanta isn't the SamSam ransomware strain's first victim—and it won't be the last.

Ransomware 107

Ransomware 107

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Dark Reading

MARCH 26, 2018

Use these ideas to sharpen up your home office machine against potential intruders.

68

68

Elie

MARCH 24, 2018

This post provides an in-depth analysis of Gooligan monetization schemas and recounts how Google took it down with the help of external partners. This post is the final post of the series dedicated to the hunt and take down of Gooligan that we did at Google in collaboration with Check Point in November 2016. The. first post. recounts the Gooligan origin story and offers an overview of how it works.

Accountability 72

Accountability Malware 72

Schneier on Security

MARCH 28, 2018

Researchers have exploited a flaw in the cryptocurrency Monero to break the anonymity of transactions. Research paper. BoingBoing post.

Cryptocurrency 146

Cryptocurrency 146

WIRED Threat Level

MARCH 29, 2018

The unfortunately named MuslimCrypt uses steganography to pass discreet messages through images online.

107

107

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

MARCH 28, 2018

Having a code of ethics and enforcing it are two different things.

Cybersecurity 62

Cybersecurity 62

eSecurity Planet

MARCH 28, 2018

Secdo offers an incident response platform that combines endpoint protection with cloud-based AI that handles threats in real time.

Malware 59

Malware 59

Schneier on Security

MARCH 29, 2018

When Spectre and Meltdown were first announced earlier this year, pretty much everyone predicted that there would be many more attacks targeting branch prediction in microprocessors. Here's another one : In the new attack, an attacker primes the PHT and running branch instructions so that the PHT will always assume a particular branch is taken or not taken.

Encryption 144

Encryption Software 144

WIRED Threat Level

MARCH 30, 2018

If Under Armour had protected all passwords equally, its 150-million-user MyFitnessPal breach wouldn’t have been nearly as bad.

Hacking 102

Hacking Passwords 102

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Dark Reading

MARCH 26, 2018

AVCrypt tries to disable anti-malware software before it can be detected and removed.

Ransomware 61

Ransomware Malware Software 61

eSecurity Planet

MARCH 26, 2018

Hundreds of vendors exhibit at the annual cyber security gathering, but only 10 are finalists in the Innovation sandbox contest. Find out who they are.

57

57

Threatpost

MARCH 27, 2018

Researchers identify a new malware family called GoScanSSH that avoids servers linked to government and military IP addresses. .

Malware 56

Malware Government Hacking 56

WIRED Threat Level

MARCH 30, 2018

Internet infrastructure company Cloudflare appears to be preparing to launch a service to encrypt traffic to the computers that look up web addresses.

Encryption 101

Encryption Internet Internet 101

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity