Author Archives: Taylor Armerding

Security experts have been saying for decades that human weakness can trump the best technology.

Apparently, it can also trump conventional wisdom.

Since passwords became the chief method of online authentication, conventional wisdom has been that changing them every month or so would improve a person’s, or an organization’s, security.

Not according to Lorrie Cranor, chief technologist of the Federal Trade Commission (FTC), who created something of a media buzz earlier this year when she declared in a blog post that it was, “time to rethink mandatory password changes.”

To read this article in full or to leave a comment, please click here

Security experts have been saying for decades that human weakness can trump the best technology.

Apparently, it can also trump conventional wisdom.

Since passwords became the chief method of online authentication, conventional wisdom has been that changing them every month or so would improve a person’s, or an organization’s, security.

Not according to Lorrie Cranor, chief technologist of the Federal Trade Commission (FTC), who created something of a media buzz earlier this year when she declared in a blog post that it was, “time to rethink mandatory password changes.”

To read this article in full or to leave a comment, please click here

The auto industry now has at least a couple of “best practices” guide for cybersecurity.

One, from the Automotive Information Sharing and Analysis Center (Auto ISAC), was released about a month ago, generated a flurry of stories that highlighted the group’s exhortations to automakers to start building security into their software from the ground up – from design through production.

Another is from Intel Security, which released a white paper earlier this month titled “Automotive Security Best Practices,” a set of, “recommendations for building security into the design, fabrication and operation phases of the automotive production process,” according to McAfee blogger Lorie Wigle (McAfee was acquired by Intel in 2011).

To read this article in full or to leave a comment, please click here

“Privacy is dead,” has been a mantra, for different reasons, for generations. In the cybersecurity community, it has been conventional wisdom for at least a decade. But Edward Snowden and Andrew “bunnie” Huang apparently think they can revive it a bit, at least if you own an iPhone 6.

Their goal, they say in a white paper titled, “Against the Law – Countering Lawful Abuses of Digital Surveillance,” is to create an add-on hardware component that will protect “front-line journalists” in repressive regimes where governments have demonstrated the capability to track people through their smartphones even if the devices are set to “Airplane Mode.”

To read this article in full or to leave a comment, please click here

“Privacy is dead,” has been a mantra, for different reasons, for generations. In the cybersecurity community, it has been conventional wisdom for at least a decade. But Edward Snowden and Andrew “bunnie” Huang apparently think they can revive it a bit, at least if you own an iPhone 6.

Their goal, they say in a white paper titled, “Against the Law – Countering Lawful Abuses of Digital Surveillance,” is to create an add-on hardware component that will protect “front-line journalists” in repressive regimes where governments have demonstrated the capability to track people through their smartphones even if the devices are set to “Airplane Mode.”

To read this article in full or to leave a comment, please click here

Near Field Communication (NFC) – the “mobile wallet” technology – hasn’t exactly gone mainstream yet. And experts don’t expect it will anytime soon, even with some high-profile promo at the upcoming Olympic and Paralympic Games in Rio.

While it has been available to consumers for a couple of years from mega-vendors like Google, Samsung and Apple, it is a long way from displacing the legacy credit card. Google even dropped support for its Google Wallet Card last month (Android Pay is still available).

But, perhaps hearing about, or seeing, Olympic athletes using an NFC device will get the masses more interested.

To read this article in full or to leave a comment, please click here

With the presidential nominating conventions looming, the candidates are getting ready to add to the hundreds of millions they’ve already spent to tell you about themselves – but only what they want you to know about themselves.

Meanwhile, they have also been spending millions of dollars collecting information about you – and you have no say in what is collected.

Which means that, in the era of Big Data, if you’re a potential voter, they know a lot more about you than you know about them.

[ ALSO ON CSO: When tech trips up presidential candidates ]

To read this article in full or to leave a comment, please click here

The FIDO (formerly Fast Identity Online) Alliance is out to kill the password.

It wouldn’t seem to be a tough sales job. There is little debate among security experts that passwords are a lousy, obsolete form of authentication.

The evidence is overwhelming. Most people in spite of exhortations to use long, complicated passwords, to change them at least monthly and to avoid using the same one for multiple sites, don’t.

The latest Verizon Data Breach Incident Report (DBIR) found that 63 percent of all data breaches involved the use of stolen, weak or default passwords.

To read this article in full or to leave a comment, please click here

The FIDO (formerly Fast Identity Online) Alliance is out to kill the password.

It wouldn’t seem to be a tough sales job. There is little debate among security experts that passwords are a lousy, obsolete form of authentication.

The evidence is overwhelming. Most people in spite of exhortations to use long, complicated passwords, to change them at least monthly and to avoid using the same one for multiple sites, don’t.

The latest Verizon Data Breach Incident Report (DBIR) found that 63 percent of all data breaches involved the use of stolen, weak or default passwords.

To read this article in full or to leave a comment, please click here

In a world of ubiquitous security cameras, most people know by now that some form of Big Brother – government or private – is watching them. But they are less likely to know that in some areas, he is also listening.

While it is not yet widespread, audio surveillance is increasingly being used on parts of urban mass transit systems.

That is the bad news, in the view of privacy advocates. But the good news is that public awareness can, at least in some cases, curtail it.

This past week, following revelations that New Jersey Transit didn’t have policies governing storage and who had access to data from audio surveillance on some of its light-rail trains, the agency ended the program.

To read this article in full or to leave a comment, please click here