Accurate, Focused Research on Law, Technology and Knowledge Discovery With Daily Postings Since 2002
You’ve probably heard about the ransomware attack affecting organizations’ computer systems around the world. It seems to affect server software on organizations’ networked computers. But ransomware can attack anybody’s computer, so now is a good time to update your own operating system and other software. And then keep them up-to-date. The ransomware in the news …
The New York Times: “The ransomware tactic behind a global cyberattack on Friday was nothing new. But new digital tools mean that hackers “don’t even need to have any skills to do this anymore.” Attack May Worsen Monday, It Is Feared – “The effects of Friday’s attack could be magnified as workers return to their …
This report is compiled data from tens of millions of simulated phishing attacks sent through Wombat’s Security Education platform over a 12 month period, as well as an extensive survey of our database of infosec professionals. The report also includes survey data from thousands of end users in the UK and US that measured their …
Executive Order on May 11, 2017 Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure “Policy. The executive branch operates its information technology (IT) on behalf of the American people. Its IT and data should be secured responsibly using all United States Government capabilities. The President will hold heads of executive …
Via CSO – “Standards group recommends removing periodic password change requirements – A recently released draft of the National Institute of Standards and Technology’s (NIST’s) digital identity guidelines has met with approval by vendors. The draft guidelines revise password security recommendations and altering many of the standards and best practices security professionals use when forming policies …
Verizon: “Welcome to the 10th anniversary of the Data Breach Investigations Report (DBIR). We sincerely thank you for once again taking time to dig into our InfoSec coddiwomple that has now culminated in a decade of nefarious deeds and malicious mayhem in the security world. 2016 was an extremely tumultuous year, both in the United …
CRS – Cybersecurity: Critical Infrastructure Authoritative Reports and Resources, Rita Tehan, Information Research Specialist, April 21, 2017. “Cybersecurity: Critical Infrastructure Authoritative Reports and Resources Congressional Research Service Summary Critical infrastructure is defined in the USA PATRIOT Act (P.L. 107-56, §1016(e)) as“ systems and assets, physical or virtual, so vital to the United States that the …
Via LLRX.com – Living in the Cloud … NOT for the Technically Challenged – Perhaps Cloudy with a Chance of Meatballs? – Pete Weiss shares some insights into the IoT and living in the cloud – a move many of us have not been ready and willing to do but the question of choice regarding …
Matthew Green: “…Classical (desktop and laptop) operating systems were designed primarily to support application developers. This means they offer a lot of power to your applications. An application like Microsoft Word can typically read and write all the files available to your account. If Word becomes compromised, this is usually enough to pwn you in practice. And in many cases, …
“Cybersecurity experts recommend that smartphone owners take a number of steps to keep their mobile devices safe and secure. These include using a pass code to gain access to the phone, as well as regularly updating a phone’s apps and operating system. Many Americans, however, are not adhering to these best practices, according to a …
“The risk of identity theft in the United States continues to rise. The incidence of such crimes rose consistently over the last decade, from 246,214 in 2006 to 399,225 last year. The rate of identity theft varies considerably between states. Using the Federal Trade Commission’s 2017 Consumer Sentinel Network Data Book, 24/7 Wall St. reviewed the …
Kerr, Orin S. and Schneier, Bruce, Encryption Workarounds (March 20, 2017). Available at SSRN: https://ssrn.com/abstract=2938033 or http://dx.doi.org/10.2139/ssrn.2938033 “The widespread use of encryption has triggered a new step in many criminal investigations: the encryption workaround. We define an encryption workaround as any lawful government effort to reveal an unencrypted version of a target’s data that has been concealed by …
