Category Archives: Peter "Mudge" Zatko

Researchers to Supreme Court: Terms of service violations shouldn’t be CFAA crime

Posted on by

As the Supreme Court prepares to consider a controversial federal anti-hacking law, a group of prominent cybersecurity researchers and legal advocates is pleading with the court not to criminalize digital research in the public interest. In a brief filed with the court Wednesday led by digital rights group Electronic Frontier Foundation, the researchers warned that if violations of a company’s “terms of service” are deemed to be illegal, it risks chilling important research into voting systems, medical devices and other key equipment. “Despite widespread agreement about the importance of this work—including by the government itself— researchers face legal threat for engaging in socially beneficial security testing,” wrote the EFF, the nonprofit Center for Democracy & Technology, and cybersecurity companies Bugcrowd, Rapid7, SCYTHE and Tenable. Famous security researchers like Peiter “Mudge” Zatko and Chris Wysopal, who warned Congress of the internet’s insecurities in the 1990s as members of the L0pht hacking collective, […]

The post Researchers to Supreme Court: Terms of service violations shouldn’t be CFAA crime appeared first on CyberScoop.

Continue reading Researchers to Supreme Court: Terms of service violations shouldn’t be CFAA crime

No wonder cybersecurity is so bad: There’s no way to measure it

Posted on by

When the founders of a new nonprofit assessing the cybersecurity of software for consumers were trying to develop a scoring system that would rate programs depending on which security features they used, they encountered a “mind-blowing” problem. No one had ever measured how well such features actually worked. “There haven’t been a lot of studies that look at how effective are the safety measures that we use and trust,” Sarah Zatko, co-founder of the Cyber Independent Testing Lab, told a session at the DEF CON hacker convention Friday. The gap, she said, helped create space for the relatively high proportion of “snake oil” products in the cybersecurity market, she said. “In most other industries that sort of data [about how well different security measures worked relative to each other] would be pretty fundamental — something you could take for granted that it existed,” said Zatko, whose husband and co-founder is Peter Zatko, […]

The post No wonder cybersecurity is so bad: There’s no way to measure it appeared first on Cyberscoop.

Continue reading No wonder cybersecurity is so bad: There’s no way to measure it