Month: December 2015
-
Laugh the pain away with 2015's best infosec memes
Originally published in Engadget. Otherwise you’ll just end up crying. As you might guess, infosec memes aren't as straightforward as Pizza Rat or Left Shark. That's because most of the time they run on one part inside jokes and two parts hacker history. They're usually technical, and they communicate an intimate knowledge of the slow-roasted… Read more…
-
Must-see talks from 2015's Chaos Communication Congress hacker conference
Originally published in ZDnet. Image by Thorsten Schroeder This year's Chaos Communication Congress (32C3: Gated Communities) featured four days of superb talks and discussions on hacking and politics, and lucky for those who couldn't attend, the legendary infosec conference already has its talks recorded and ready to view online. Much ado was made about the… Read more…
-
In TalkTalk aftermath, it's time for companies to pay higher price for breaches
Originally published in ZDnet. After Target's breach, its stock was fine. Home Depot's stock prices showed no noticeable impact of its big hack attack. JPMorgan Chase's investors didn't even blink when the company was revealed to be the target of the largest-ever theft of customer data from a US financial institution (and one of the… Read more…
-
The myth of Mariana's Web, the darkest corner of the internet
Originally published in Engadget. Let’s just call it the Derpweb. Chances are, like me, the first time you heard about the Dark Web it was described as a foul and depraved marketplace, where children, drugs, and pirated movies could be bought for mere Bitcoin. Tabloids paint it as a place where a veritable "Top 10"… Read more…
-
Banks told to get tough on cybersecurity in 2016
Originally published in ZDnet. 2016 New York state cybersecurity requirements for banks, expected to be applied country-wide, include multi-factor auth, regular audits and pentests, and exacting third-party vendor cybersecurity scrutiny. Special Feature Security and Privacy: New Challenges As big data, the IoT, and social media spread their wings, they bring new challenges to information security… Read more…
-
2015's big hacks, attacks and security blunders
Originally published in Engadget. You’d think that 2015’s password was 123456. The security breaches, blunders, and disasters of 2015 tanked our trust in health insurance providers, credit agencies, the IRS, car manufacturers, connected toys for kids, and even "adult" dating sites. These stories shaped 2015, and forever changed the way we see data privacy and… Read more…
-
Your VPN may be worthless
Originally published in Engadget. An easily fixable flaw exposes your private online activity. You may have heard that VPN provider Perfect Privacy found a massive security hole in most services — one can de-anonymizes users, thus rendering it useless. Two weeks have passed and most affected providers still haven't fixed the problem, called "Port Fail."… Read more…
-
Guardian article on cybercrime serves up Angler Exploit Kit
Originally published in ZDnet. Updated: A cybercrime article on the Guardian's website has been found to be serving up the Angler Exploit Kit. Security How AI agents help hackers steal your confidential data – and what to do about it This new tool lets you see how much of your data is exposed online –… Read more…
-
In hacking, the blame game is purely for entertainment
Originally published in Engadget. Pointing fingers doesn’t make your data more secure. As the holidays approach, I find myself missing the drama and spectacle of the Sony hack. You know, the kind of drama where a movie studio realizes it's under attack and decides that overacting will save the film. Or that threatening journalists to… Read more…
-
Microsoft, law enforcement disrupt sprawling Dorkbot botnet
Originally published in ZDnet. Dorkbot machine detections heat map for past three months Thursday Microsoft claimed a cryptic victory over Win32/Dorkbot botnet malware, but didn't divulge much about how, simply saying it has assisted law enforcement to "disrupt" Dorkbot botnets. On December 3, US CERT released a Technical Alert about denting Dorkbot, as a collaboration… Read more…