Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: PC Security

Google – An Empirical Analysis of Email Delivery Security

Neither Snow Nor Rain Nor MITM…An Empirical Analysis of Email Delivery Security

“The SMTP protocol is responsible for carrying some of users’ most intimate communication, but like other Internet protocols, authentication and confidentiality were added only as an afterthought. In this work, we present the first report on global adoption rates of SMTP security extensions, including: STARTTLS, SPF, DKIM, and DMARC. We present data from two perspectives: SMTP server configurations for the Alexa Top Million domains, and over a year of SMTP connections to and from Gmail. We find that the top mail providers (e.g., Gmail, Yahoo, and Outlook) all proactively encrypt and authenticate messages. However, these best practices have yet to reach widespread adoption in a long tail of over 700,000 SMTP servers, of which only 35% successfully configure encryption, and 1.1% specify a DMARC authentication policy. This security patchwork — paired with SMTP policies that favor failing open to allow gradual deployment — exposes users to attackers who downgrade TLS connections in favor of clear text and who falsify MX records to reroute messages. We present evidence of such attacks in the wild, highlighting seven countries where more than 20% of inbound Gmail messages arrive in cleartext due to network attackers.”

Emerging Cyber Threats Report 2016 – Impact of The Internet of Things

Georgia Institute of Technology Cybersecurity Summit 2015– “The intersection of the physical and digital world continued to deepen in 2015. The adoption of network- connected devices and sensors — the Internet of Things — accelerated and was expected to reach nearly 5 billion devices by the end of the year. The collection and analysis ofContinue Reading

White House – Cybersecurity Strategy and Implementation Plan

Tony Scott – Federal CIO – Modernizing Federal Sybersecurity – [October 30, 2015] “the Administration directed a series of actions to continue strengthening Federal cybersecurity & modernizing the government’s technology infrastructure. Strengthening the cybersecurity of Federal networks, systems, and data is one of the most important challenges we face as a Nation. Every day, publicContinue Reading

Adblock Browser, Do Not Track and Acceptable Ads

“Adblock Plus has launched the Adblock Browser, and we’re excited to announce that DuckDuckGo is the default search engine in Adblock Browser on iOS and Android! We’ve been working with the EFF to promote a new “Do Not Track” (DNT) standard for web browsing. We hope this new DNT policy will better protect people fromContinue Reading

WSJ – Level 3 Tries to Waylay Hackers

Drew Fitzgerald – – “Earlier this month, Brett Wentworth took Level 3 Communications Inc. into territory that most rivals have been reluctant to enter. The director of global security at the largest carrier of Internet traffic cut off data from reaching a group of servers in China that his company believed was involved inContinue Reading

UN Report Champions Encryption and Anonymity

EPIC – “The UN Special Rapporteur on Freedom of Expression released a report today supporting strong encryption and anonymity tools. The Rapporteur finds that, “States should not restrict encryption and anonymity, which facilitate and often enable the rights to freedom of opinion and expression.” EPIC previously urged the UN to support secure, anonymous communications, stating,Continue Reading

What Every Librarian Needs to Know About HTTPS

EFF – “Librarians have long understood that to provide access to knowledge it is crucial to protect their patrons’ privacy. Books can provide information that is deeply unpopular. As a result, local communities and governments sometimes try to ban the most objectionable ones. Librarians rightly see it as their duty to preserve access to books,Continue Reading

The Spy in the Sandbox – Practical Cache Attacks in Javascript

The Spy in the Sandbox — Practical Cache Attacks in Javascript. Yossef Oren, Vasileios P. Kemerlis, Simha Sethumadhavan, Angelos D. Keromytis (Submitted on 25 Feb 2015 (v1), last revised 1 Mar 2015 (this version, v2)) “We present the first micro-architectural side-channel attack which runs entirely in the browser. In contrast to other works in thisContinue Reading

House Reconsiders Data Breach Bill

EPIC – “Members of the Energy and Commerce Committee have convened to rework the Data Security and Breach Notification Act. The Act, introduced by Reps. Blackburn and Welch, would require businesses to notify consumers of a data breach “unless there is no reasonable risk of identity theft or financial harm.” The bill would also preemptContinue Reading

CRS – Cyberwarfare and Cyberterrorism

Cyberwarfare and Cyberterrorism: In Brief, Catherine A. Theohary, Specialist in National Security, Policy and Information Operations. John W. Rollins, Specialist in Terrorism and National Security. March 27, 2015. “Recent incidents have highlighted the lack of consensus internationally on what defines a cyberattack, an act of war in cyberspace, or cyberterrorism. Cyberwar is typically conceptualized asContinue Reading

Even more unwanted software protection via the Safe Browsing API

Google Online Security Blog: ” Deceptive software disguised as a useful download harms your web experience by making undesired changes to your computer. Safe Browsing offers protection from such unwanted software by showing a warning in Chrome before you download these programs. In February we started showing additional warnings in Chrome before you visit aContinue Reading

The Emergence of Cybersecurity Law

Prepared for the Indiana University Maurer School of Law by Hanover Research | February 2015 “This paper examines cyberlaw as a growing field of legal practice and the roles that lawyers play in helping companies respond to cybersecurity threats. Drawing on interviews with lawyers, consultants, and academics knowledgeable in the intersection of law and cybersecurity,Continue Reading