Collaborate Disseminate
It really sounds like Reddit employees got SIM hijacked. If that’s the case, the company should be more transparent. Everyone gets hacked: It’s how you disclose it, and deal with it, that distinguishes you and makes a difference. Continue reading Reddit Should Tell Us More About How it Got Hacked
When it comes to cybersecurity, the United States government is great at talking the talk, yet consistently falls short of walking the walk. Unless the U.S. government actually implements the cybersecurity best practices it touts, the nation and its citizens will continue to be at an increased risk of a cyberattack. The government has already acknowledged the need for multi-factor authentication. In 2003, it started fielding Common Access Cards (CAC) in the military, as well as Personal Identification Verification (PIV) cards in civilian agencies. At that time, the game plan was to complete the MFA implementation across the government before the end of 2008. In April 2015, MFA implementation levels hovered below 50 percent. The massive breach at the Office of Personnel Management (OPM), which leveraged compromised user name and password credentials, could have been stopped with more rigid MFA practices. It wouldn’t have made this attack impossible, but […]
The post Advice for the U.S. government: Stop talking and start doing appeared first on Cyberscoop.
Continue reading Advice for the U.S. government: Stop talking and start doing
Public libraries incubate working-class brilliance, and privatizing them would be a terrible injustice. Continue reading Turning Libraries into Amazon Stores Is Class Warfare
The California Consumer Privacy Act is set to go into effect on Jan. 1, 2020, enacting a series of sweeping data privacy reforms for the state’s nearly 40 million citizens. In a classic David-vs.-Goliath scenario, California residents will have the power to call at least some of the shots on how their data is used by corporate behemoths in Silicon Valley and beyond. While residents of all 50 states are already covered under a patchwork of breach notification and privacy laws, the California legislation introduces some significant changes. Californians will have the power to ask companies to cough up all the data they’ve collected about them. They also will be able to tell these same companies to delete everything – personal information, data on what’s been shared, clicked on, and more — much like European Union residents are protected under the GDPR’s “right to be forgotten.” What can we expect […]
The post 2020 Vision: California sees the future, and it looks like GDPR appeared first on Cyberscoop.
Continue reading 2020 Vision: California sees the future, and it looks like GDPR
There’s a common belief in the security world that obscurity shouldn’t be used as a layer of protection. This line of thinking is based on Kerchoffs’s Principle, which states that the security of a cryptographic system should depend on its key, not on the secrecy of its design. When analyzing cryptographic primitives or doing any sort of system audit, letting auditors in on the details makes complete sense. Skilled reviewers should spend their time searching out novel weaknesses and not on layers that are intended to slow an attacker or to alert someone to an attack. That said, there is much to be gained through properly applied obfuscation in deployed systems. If there’s one thing that the history of cryptography has taught us, it’s that each system has a lifespan. Some of this is expected. Over time, RSA key sizes have grown as machines have increased in speed and power. Yet, experience […]
The post Obscurity is the only security appeared first on Cyberscoop.
The epidemic of security breaches is escalating globally across all sectors of business, yet only half of CISOs and CIOs are ready with a crisis contingency plan and have the secure communications to implement one. What are we waiting for? After many high-profile cyber attacks that have brought down brands like Equifax, JP Morgan Chase and Yahoo!, most companies still haven’t implemented a company-wide crisis strategy. According to a recent global study conducted by Ponemon for IBM Resilient, 77 percent of respondents admit they don’t have a formal cybersecurity incident response plan (CSIRP) that is applied across their organizations, despite 65 percent agreeing that the severity of cyber attacks has increased and part of the severity stems from the longevity it takes to rebuild communications and infrastructure. Regardless of clear awareness of the risks and skyrocketing damages to companies who have suffered a cyber attack – which are expected to […]
The post How crisis communications factor into a cyberattack appeared first on Cyberscoop.
Continue reading How crisis communications factor into a cyberattack
We can now add “a growing lack of trustworthiness on encryption-related topics” to the FBI’s list of problems. Recent reports have shown the FBI’s encryption argument is not only wrong, but greatly exaggerates the problem’s magnitude. This comes on the heels of a shocking report by the Department of Justice’s Inspector General, suggesting that some FBI staff purposely slowed efforts to unlock Syed Rizwan Farook’s iPhone in the aftermath of the San Bernardino shooting to pressure Apple to build a backdoor. These two episodes are troubling; lawmakers should demand a thorough accounting of the FBI’s actions and the public deserves full transparency about the true nature of the FBI’s encryption problem. The FBI and DOJ have long argued that the proliferation of end-to-end encryption — whereby only the user can access the plain text of their data — allows criminals to “go dark,” operating beyond law enforcement’s reach. Cybersecurity experts […]
The post In the dark about ‘going dark’ appeared first on Cyberscoop.
There’s no precisely defined career track for DevOps engineers because they’re typically developers or sysadmins who develop an interest in other aspects of operations — such as network operations, deployment, or coding and scripting…. Continue reading 24 DevOps Pros Reveal the Most Important Characteristic of a Successful DevOps Engineer
Developers gonna develop. That’s why we’re developers. We want to set some implementation goal and then make that a reality. We like to stay heads down and focus on the immediate task at hand. Unfortunately, this can sometimes cause collate… Continue reading SLDC, SOC 2, and Other Four Letter Words
We champion a security-first DevOps culture at Threat Stack, and I’ve had the opportunity of building DevOps best practices into the company since its earliest days. In our experience, this is the best way of simultaneously reducing risk and achi… Continue reading 20 Dev Leaders and Hiring Managers Reveal Their Favorite DevOps Interview Questions