Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: PC Security

New on LLRX – Four Part Series on Privacy and Data Security Violations

Via LLRX.com – fours new articles by law professor Daniel J. Solove on privacy, data protection and the harm caused by breaches.

Backoff: New Point of Sale Malware

“This advisory was prepared in collaboration with the National Cybersecurity and Communications Integration Center (NCCIC), United States Secret Service (USSS), Financial Sector Information Sharingand Analysis Center (FS-ISAC), and Trustwave Spiderlabs, acting under contract with the USSS. The purpose of this release is to provide relevant and actionable technical indicators for network defense. Recent investigations revealedContinue Reading

Report: British spy agency scanned for vulnerable systems in 32 countries

PCWorld via Mikael Ricknäs: “British intelligence agency GCHQ used port scanning as part of the “Hacienda” program to find vulnerable systems it and other agencies could compromise across at least 27 countries, German news site Heise Online has revealed. The use of so-called port scanning has long been a trusty tool used by hackers to find systems theyContinue Reading

The Honeymoon Effect and the Role of Legacy Code in Zero-Day Vulnerabilities

Familiarity Breeds Contempt: The Honeymoon Effect and the Role of Legacy Code in Zero-Day Vulnerabilities,  by Clark, Fry, Blaze and Smith “Work on security vulnerabilities in software has primarily focused on three points in the software life-cycle: (1) finding and removing software defects, (2) patching or hardening software after vulnerabilities have been discovered, and (3) measuring the rate ofContinue Reading

DHS Privacy Complaints Increase in 2013, Many Databases Kept Secret

EPIC – “The Department of Homeland Security Quarterly Report to Congress details programs and databases affecting privacy. According to the agency, DHS received 964 privacy complaints between September 1, 2013 and November 30, 2013. By contrast, DHS received 295 privacy complaints during the same period in 2011. According to the report, most DHS systems complies with Privacy Act noticeContinue Reading

Council on Foreign Relations Cybersecurity Policy Research Links

“How can the United States protect cyberspace “control system of our country,” without restricting the open “flow of information on the Internet“? What should countries consider when developing international cybersecurity standards and protocol? What should their citizens know to protect their information and their rights? Cybersecurity Policy Research Links provide news, background information, legislation, analysis,Continue Reading

Research shows smartphone sensors leave trackable fingerprints

News release, ECE Illinois: “Research by Associate Professor Romit Roy Choudhury and graduate students Sanorita Dey and Nirupam Roy have demonstrated that the accelerometers used in mobile devices posses unique, trackable fingerprints. This suggests that even when a smartphone application doesn’t ask for geospatial information (“…would like to use your current location”), there are otherContinue Reading

EFF – Which Tech Companies Help Protect You From Government Data Demands?

EFF Survey Shows Improved Privacy and Transparency Policies of the Internet’s Biggest Companies “Technology companies are privy to our most sensitive information: our conversations, photos, location data, and more. But which companies fight the hardest to protect your privacy from government data requests? Today, the Electronic Frontier Foundation (EFF) releases its fourth annual “Who HasContinue Reading

NIST Revises Guide to Use of Transport Layer Security (TLS) in Networks

“The National Institute of Standards and Technology (NIST) has released an update to a document that helps computer administrators maintain the security of information traveling across their networks. The document, NIST Special Publication 800-52 Revision 1: Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations, updates the original SP 800-52, released in 2005. Sensitive data—fromContinue Reading

The Target Data Breach: Frequently Asked Questions

CRS – The Target Data Breach: Frequently Asked Questions. N. Eric Weiss. Specialist in Financial Economics; Rena S. Miller, Specialist in Financial Economics. April 22, 2014. “According to Target, in November and December of 2013, information on 40 million payment cards (credit, debit, and ATM cards) and personally identifiable information (PII) on 70 million customers was compromised. The Secret Service hasContinue Reading

Biggest EU cyber security exercise to date

“Today, 28 April 2014, European countries kick off the Cyber Europe 2014 (CE2014). CE2014 is a highly sophisticated cyber exercise, involving more than 600 security actors across Europe. More than 200 organisations and 400 cyber-security professionals across Europe join forces today during the first phase of ENISA’s bi-annual large scale cyber security exercise, Cyber Europe 2014.Continue Reading

More online Americans say they’ve experienced a personal data breach

Pew Research – Mary Madden – “As news of large-scale data breaches and vulnerabilities grows, new findings from the Pew Research Center suggest that growing numbers of online Americans have had important personal information stolen and many have had an account compromised.  Findings from a January 2014 survey show that: 18% of online adults haveContinue Reading