Author Archives: Taylor Armerding

President Obama is only a couple of weeks out of office, but his legacy on cybersecurity is already getting reviews – mixed reviews.

According to a number of experts, Obama said a lot of good things, did a lot of good things and devoted considerable energy to making cybersecurity a priority, but ultimately didn’t accomplish the goal of making either government or the private sector more secure.

The most recent, stark illustration was the series of leaks, enabled by hacks that US intelligence agencies attribute to Russia, that undermined both the credibility of Democratic presidential candidate Hillary Clinton and the election itself.

To read this article in full or to leave a comment, please click here

President Obama is only a couple of weeks out of office, but his legacy on cybersecurity is already getting reviews – mixed reviews.

According to a number of experts, Obama said a lot of good things, did a lot of good things and devoted considerable energy to making cybersecurity a priority, but ultimately didn’t accomplish the goal of making either government or the private sector more secure.

The most recent, stark illustration was the series of leaks, enabled by hacks that US intelligence agencies attribute to Russia, that undermined both the credibility of Democratic presidential candidate Hillary Clinton and the election itself.

To read this article in full or to leave a comment, please click here

The campaign to eliminate passwords has been ongoing, and growing, for close to a decade. There are even some declarations that this might be the year, or at least ought to be the year, that it happens.

Don’t hold your breath. Brett McDowell, executive director of the FIDO (Fast IDentity Online) Alliance, is as passionate an advocate of eliminating passwords as anyone. He says that day is coming, given the creation of a, “new generation of authentication technology” largely based on biometrics, and a “massive collaboration among hundreds of companies” to define standards for that technology.

To read this article in full or to leave a comment, please click here

The campaign to eliminate passwords has been ongoing, and growing, for close to a decade. There are even some declarations that this might be the year, or at least ought to be the year, that it happens.

Don’t hold your breath. Brett McDowell, executive director of the FIDO (Fast IDentity Online) Alliance, is as passionate an advocate of eliminating passwords as anyone. He says that day is coming, given the creation of a, “new generation of authentication technology” largely based on biometrics, and a “massive collaboration among hundreds of companies” to define standards for that technology.

To read this article in full or to leave a comment, please click here

The private sector often views government as the problem, not the solution. But, in the view of a growing number of experts, the opposite is true when it comes to addressing the rampant and increasing security risks of the Internet of Things (IoT).

While it is not a unanimous view, there is general agreement that the blessings the IoT brings to modern life are being undermined by its curses – and that the market will not correct those curses.

Its almost magical benefits are well documented and well advertised – self-driving cars and the ability to lock or unlock doors or adjust a home thermostat from hundreds of miles away were fantasies only a few years ago. But its billions of connected devices are so lacking in security that they are putting not only individual users at risk, but public and private infrastructure as well, including the infrastructure of the internet itself.

To read this article in full or to leave a comment, please click here

The private sector often views government as the problem, not the solution. But, in the view of a growing number of experts, the opposite is true when it comes to addressing the rampant and increasing security risks of the Internet of Things (IoT).

While it is not a unanimous view, there is general agreement that the blessings the IoT brings to modern life are being undermined by its curses – and that the market will not correct those curses.

Its almost magical benefits are well documented and well advertised – self-driving cars and the ability to lock or unlock doors or adjust a home thermostat from hundreds of miles away were fantasies only a few years ago. But its billions of connected devices are so lacking in security that they are putting not only individual users at risk, but public and private infrastructure as well, including the infrastructure of the internet itself.

To read this article in full or to leave a comment, please click here

The private sector often views government as the problem, not the solution. But, in the view of a growing number of experts, the opposite is true when it comes to addressing the rampant and increasing security risks of the Internet of Things (IoT).

While it is not a unanimous view, there is general agreement that the blessings the IoT brings to modern life are being undermined by its curses – and that the market will not correct those curses.

Its almost magical benefits are well documented and well advertised – self-driving cars and the ability to lock or unlock doors or adjust a home thermostat from hundreds of miles away were fantasies only a few years ago. But its billions of connected devices are so lacking in security that they are putting not only individual users at risk, but public and private infrastructure as well, including the infrastructure of the internet itself.

To read this article in full or to leave a comment, please click here

How valuable is personal healthcare data?

Apparently it depends. Based on at least some price comparisons on the Dark Web – the underground online marketplace for cyber criminals – electronic health records (EHR) are not even close to premium goods.

McAfee, now a division of Intel Security, reported recently that the price for an individual medical record ranges from a fraction of a cent to $2.50, while a so-called “fullz” record – name, Social Security number plus financial account information from a credit or debit card can fetch $14 to $25.

To read this article in full or to leave a comment, please click here

How valuable is personal healthcare data?

Apparently it depends. Based on at least some price comparisons on the Dark Web – the underground online marketplace for cyber criminals – electronic health records (EHR) are not even close to premium goods.

McAfee, now a division of Intel Security, reported recently that the price for an individual medical record ranges from a fraction of a cent to $2.50, while a so-called “fullz” record – name, Social Security number plus financial account information from a credit or debit card can fetch $14 to $25.

To read this article in full or to leave a comment, please click here