Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybersecurity

BYU – Why We Disregard Security Warnings

BYU Marriott School News – “Software developers listen up: if you want people to pay attention to your security warnings on their computers or mobile devices, you need to make them pop up at better times. A new study from BYU, in collaboration with Google Chrome engineers, finds the status quo of warning messages appearing haphazardly—while people are typing, watching a video, uploading files, etc.—results in up to 90 percent of users disregarding them. Researchers found these times are less effective because of “dual task interference,” a neural limitation where even simple tasks can’t be simultaneously performed without significant performance loss. Or, in human terms, multitasking. “We found that the brain can’t handle multitasking very well,” [emphasis added] said study coauthor and BYU information systems professor Anthony Vance. “Software developers categorically present these messages without any regard to what the user is doing. They interrupt us constantly and our research shows there’s a high penalty that comes by presenting these messages at random times.” For example, 74 percent of people in the study ignored security messages that popped up while they were on the way to close a web page window. Another 79 percent ignored the messages if they were watching a video. And a whopping 87 percent disregarded the messages while they were transferring information, in this case, a confirmation code. “But you can mitigate this problem simply by finessing the timing of the warnings,” said Jeff Jenkins, lead author of the study appearing in Information Systems Research, one of the premier journals of business research. “Waiting to display a warning to when people are not busy doing something else increases their security behavior substantially.”

theguardian – Police to hire law firms to tackle cyber criminals in radical pilot project

“Private law firms will be hired by police to pursue criminal suspects for profit, under a radical new scheme to target cyber criminals and fraudsters. In a pilot project by the City of London police, the lead force on fraud in England and Wales, officers will pass details of suspects and cases to law firms,… Continue Reading

Report – Data Theft Rising Sharply, Insider Threats Cited as Leading Cause

“New Ponemon Institute Report Finds Most Employees Have Too Much Access, Multiplying Damage When Accounts Are Compromised: August 2016” Closing Security Gaps to Protect Corporate Data: A Study of US and European Organizations – “…IT respondents say insider negligence is more than twice as likely to cause the compromise of insider accounts as any other… Continue Reading

Updated Circular A-130, Managing Information as a Strategic Resource

White House – OMB: [July 26, 2016] “the Office of Management and Budget (OMB) …releas[ed] an update to the Federal Government’s governing document for the management of Federal information resources: Circular A-130, Managing Information as a Strategic Resource. The way we manage information technology (IT), security, data governance, and privacy has rapidly evolved since A-130… Continue Reading

Unprecedented mass hack of Democratic members of Congress

PCWorld: “The hacker who claims to have breached the Democratic National Committee’s computers is now taking credit for hacking confidential files from a related campaign group. Guccifer 2.0 alleged on Friday that he also attacked the servers of the Democractic Congressional Campaign Committee (DCCC). He posted some of the purported files on his blog, and… Continue Reading

NIST Updates Personal Identity Verification Guid

“NIST has recently expanded the flexibility and enhanced the security of Personal Identity Verification (PIV) credentials by updating the following guidelines: • Special Publication (SP) 800-156, Representation of PIV Chain-of-Trust for Import and Export, provides details regarding the use of chain -of -trust for import and export among PIV Card issuers. • SP 800-166, Derived… Continue Reading

Paper – Securing the Connected Car

Commonalities in Vehicle Vulnerabilities, Corey Thuen, Senior Security Consultant, IOActive: “With the Connected Car becoming commonplace in the market, vehicle cybersecurity grows more important by the year. At the forefront of this growing area of security research, IOActive has amassed real-world vulnerability data illustrating the general issues and potential solutions to the cybersecurity issues facing… Continue Reading

Inspection of Federal Computer Security at US Department of the Interior

Inspection of Federal Computer Security at the U.S. Department of the Interior, August 9, 2016: “In accordance with Section 406 of the Cybersecurity Act of 2015, we inspected DOI’s policies, procedures, and practices for securing its computer networks and systems for all covered systems related to logical access control policies and practices, use of multifactor… Continue Reading

EFF – How to: Avoid Phishing Attacks

EFF Surveillance Self Defense – “When an attacker sends an email or link that looks innocent, but is actually malicious, it’s called phishing. Phishing attacks are a common way that users get infected with malware—programs that hide on your computer and can be used to remotely control it, steal information, or spy on you. In… Continue Reading

HTTPS Windows exploit targets social security numbers, email addresses

Dan Goodin, arstechnica, August 3, 2016: “The HTTPS cryptographic scheme protecting millions of websites is vulnerable to a newly revived attack that exposes encrypted e-mail addresses, social security numbers, and other sensitive data even when attackers don’t have the ability to monitor a targeted end user’s Internet connection. The exploit is notable because it doesn’t… Continue Reading

FACE Recognition Technology: FBI Should Better Ensure Privacy and Accuracy

FACE Recognition Technology: FBI Should Better Ensure Privacy and Accuracy [Reissued on August 3, 2016] GAO-16-267: Published: May 16, 2016. Publicly Released: Jun 15, 2016. “The Department of Justice’s (DOJ) Federal Bureau of Investigation (FBI) operates the Next Generation Identification-Interstate Photo System (NGI-IPS)— a face recognition service that allows law enforcement agencies to search a… Continue Reading

YouTube’s traffic is 97 percent encrypted

“Today we added YouTube to Google’s HTTPS transparency report. We’re proud to announce that in the last two years, we steadily rolled out encryption using HTTPS to 97 percent of YouTube’s traffic. Continue Reading