Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Daily Archives: December 22, 2014

Exploring the Ecosystem of Third-party Security Seals

Clubbing Seals – Exploring the Ecosystem of Third-party Security Seals – Tom Van Goethem, Frank Piessens, Wouter Joosen, Nick Nikiforaki in Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS 2014), Scottsdale, Arizona, USA.

“In the current web of distrust, malware, and server compromises, convincing an online consumer that a website is secure, can make the difference between a visitor and a buyer. Third-party security seals position themselves as a solution to this problem, where a trusted external company vouches for the security of a website, and communicates it to visitors through a security seal which the certified website can embed in its pages. In this paper, we explore the ecosystem of third-party security
seals focusing on their security claims, in an attempt to quantify the difference between the advertised guarantees of security seals, and reality. Through a series of automated and manual experiments, we discover a real lack of thoroughness from the side of the seal providers, which results in obviously insecure websites being certified as secure. Next to the incomplete protection, we demonstrate how malware can trivially evade detection by seal providers and detail a series of attacks that are actually facilitated by seal providers. Among other things, we show how seals can give more credence to phishing attacks, and how the current architecture of third-party security seals can be used as a completely passive vulnerability oracle, allowing attackers to focus their energy on websites with known vulnerabilities.”

EPA Announces First National Regulations to Safeguard Disposal of Coal Ash

“The U.S. Environmental Protection Agency (EPA) … announced [December 19, 2014] the first national regulations to provide for the safe disposal of coal combustion residuals (coal ash) from coal-fired power plants. The final rule establishes safeguards to protect communities from coal ash impoundment failures, like the catastrophic Kingston, Tenn., spill in 2008, and establishes safeguards to… Continue Reading

The Cost of Iraq, Afghanistan, and Other Global War on Terror Operations Since 9/11

CRS – The Cost of Iraq, Afghanistan, and Other Global War on Terror Operations Since 9/11, Amy Belasco, Specialist in U.S. Defense Policy and Budget. December 8, 2014. “With enactment of the FY2014 Consolidated Appropriations Act on January 1, 2014 (H.R. 3547/P.L. 113-73), Congress has approved appropriations for the past 13 years of war that total $1.6 trillion for military operations,… Continue Reading

U.S. Immigration Policy: Chart Book of Key Trends

CRS – U.S. Immigration Policy: Chart Book of Key Trends. William A. Kandel, Analyst in Immigration Policy, December 17, 2014 “This report is a chart book of selected immigration trends that touch on the main elements of comprehensive immigration reform (CIR). Most policymakers agree that the main issues in CIR include increased border security and immigration enforcement, improved employment… Continue Reading

FOIA Suits Jump In 2014

“More freedom of information lawsuits were brought against the federal government in fiscal year 2014 than in any year since at least 2001, according to a new analysis of court records by the Transactional Records Access Clearinghouse (TRAC). A total of 422 Freedom of Information Act suits were filed in federal district court last year compared… Continue Reading

2013 Annual Survey of Public Employment and Payroll

Census – “Provides a comprehensive look at the employment of the nation’s state and local governments, as well as the federal government. It shows the number of government civilian employees and their gross payroll by governmental function. These governmental functions include, for example, elementary and secondary education, and police protection.” Continue Reading

New GAO Reports – Federal Subcontracting, Higher Education, 401(k) Plans, Government Mobile Devices

Federal Subcontracting: Further Actions Needed to Improve Oversight of Pass-through Contracts, GAO-15-200: Published: Dec 22, 2014. Publicly Released: Dec 22, 2014. Higher Education: Education Should Strengthen Oversight of Schools and Accreditors, GAO-15-59: Published: Dec 22, 2014. Publicly Released: Dec 22, 2014. 401(K) Plans: Greater Protections Needed for Forced Transfers and Inactive Accounts, GAO-15-73: Published: Nov 21, 2014. Publicly… Continue Reading