Author Archives: Taylor Armerding

Your voice is yours alone – as unique to you as your fingerprints, eyeballs and DNA.

Unfortunately, that doesn’t mean it can’t be spoofed. And that reality could undermine one of the promised security benefits of multi-factor authentication, which requires “something you are,“ along with something you have or you know. In theory, even if attackers can steal passwords, they can’t turn into you.

But given the march of technology, that is no longer a sure thing. Fingerprints are no longer an entirely hack-proof method of authentication – they can be spoofed.

To read this article in full or to leave a comment, please click here

Your voice is yours alone – as unique to you as your fingerprints, eyeballs and DNA.

Unfortunately, that doesn’t mean it can’t be spoofed. And that reality could undermine one of the promised security benefits of multi-factor authentication, which requires “something you are,“ along with something you have or you know. In theory, even if attackers can steal passwords, they can’t turn into you.

But given the march of technology, that is no longer a sure thing. Fingerprints are no longer an entirely hack-proof method of authentication – they can be spoofed.

To read this article in full or to leave a comment, please click here

The reviews of President Donald Trump’s Executive Order (EO) on cybersecurity were coming in within hours of its signing yesterday afternoon, and they were most definitely mixed.

There was general agreement that the intent of the EO – delayed more than three months from late-January, when it was originally scheduled to be signed – was good.

Several experts called it “a good start,” and a few, including Jacob Olcott, vice president at BitSight and former legal advisor to the Senate Commerce Committee and counsel to the House of Representatives Homeland Security Committee, thought it was much better than a good start.

Olcott called it, “smart policy and a big win for this administration.”

To read this article in full or to leave a comment, please click here

It may be time for a revision of, “the customer is always right,” at least in the financial sector.

That, Boston Police Detective Steven Blair told an audience of bankers at the Boston Fed’s 2017 Cybersecurity Conference on Monday, is because too many banking “customers” are fraudsters, who take advantage of the generally laudable desire of front-line employees to provide good customer service.

Attendees had heard Kenneth Montgomery, first vice president and COO of the Boston Fed, say earlier that cybersecurity is now, “the number-one operational and enterprise issue” for the financial sector. He said the worldwide costs of cybercrime are estimated at $3 trillion annually now, and expected to double by 2021.

To read this article in full or to leave a comment, please click here

At least one of the major reasons for the ongoing exponential increase in ransomware as a criminal business model could be summed up with the iconic line from the prison boss in 1967’s “Cool Hand Luke”: “What we got here is a failure to communicate.”

That was a recurring theme from those on a “Ransomware Panel” Thursday at SOURCE Boston 2017, moderated by Paul Roberts, founder and editor in chief of The Security Ledger.

The communication breakdown occurs at all levels, the panelists said, starting with victims.

Frank McLaughlin, a Boston Police detective, said when a business gets hit with ransomware, “the police are the last people they want to call, for obvious reasons. It becomes a public record.”

To read this article in full or to leave a comment, please click here

At least one of the major reasons for the ongoing exponential increase in ransomware as a criminal business model could be summed up with the iconic line from the prison boss in 1967’s “Cool Hand Luke”: “What we got here is a failure to communicate.”

That was a recurring theme from those on a “Ransomware Panel” Thursday at SOURCE Boston 2017, moderated by Paul Roberts, founder and editor in chief of The Security Ledger.

The communication breakdown occurs at all levels, the panelists said, starting with victims.

Frank McLaughlin, a Boston Police detective, said when a business gets hit with ransomware, “the police are the last people they want to call, for obvious reasons. It becomes a public record.”

To read this article in full or to leave a comment, please click here

Even the good news is bad news.

While Joshua Corman didn’t use that exact line in his opening keynote at SOURCE Boston this week, that was a pervasive, and sobering, theme.

Corman, a founder of I am The Cavalry and director of the Cyber Statecraft Initiative for the Atlantic Council, said he was there to tell some “uncomfortable truths” about the state of cybersecurity – among them that, “the critical infrastructure of our space is too big to fail, and it’s failing.”

He said the current statistics are depressing enough – that the database of CVEs (Common Vulnerabilities and Exposures), “which is the predicate for all of our intrusion detection,” holds only about 80 percent of those in existence, and that there is security “coverage” – blocking or detection technology – for only 60 percent of that number. “So you’re at 60 percent of 80 percent,” he said. “At best, you’re getting about 50 percent coverage of the knowns. When you make a risk decision, you’re doing it with a 50 percent blind spot.

To read this article in full or to leave a comment, please click here

Pedophiles have the same right to privacy as everyone else.

That is almost surely a losing political argument. But privacy advocates contend that if it is not a winning legal argument, then everybody’s privacy will be in jeopardy.

It is an argument that is especially intense now, regarding the so-called Playpen cases. The US Department of Justice (DoJ) is prosecuting a reported 137 people who they allege visited a now-defunct child porn website called Playpen in 2015, while it was under the control of the FBI.

And while privacy advocates hasten to say they are not defending the sexual abuse of children, and don’t oppose lawful investigations of such crimes, they contend that the government surveillance of Playpen visitors violated the defendants’ Fourth Amendment privacy rights.

To read this article in full or to leave a comment, please click here