The Cost of Cyberattacks Is Less than You Might Think

Interesting research from Sasha Romanosky at RAND: Abstract: In 2013, the US President signed an executive order designed to help secure the nation’s critical infrastructure from cyberattacks. As part of that order, he directed the National Institute for Standards and Technology (NIST) to develop a framework that would become an authoritative source for information security best practices. Because adoption of… Continue reading The Cost of Cyberattacks Is Less than You Might Think

Real-World Security and the Internet of Things

Disaster stories involving the Internet of Things are all the rage. They feature cars (both driven and driverless), the power grid, dams, and tunnel ventilation systems. A particularly vivid and realistic one, near-future fiction published last month in New York Magazine, described a cyberattack on New York that involved hacking of cars, the water system, hospitals, elevators, and the power… Continue reading Real-World Security and the Internet of Things

Detecting When a Smartphone Has Been Compromised

Andrew "bunnie" Huang and Edward Snowden have designed a smartphone case that detects unauthorized transmissions by the phone. Paper. Three news articles. Looks like a clever design. Of course, it has to be outside the device; otherwise, it could be compromised along with the device. Note that this is still in the research design stage; there are no public prototypes…. Continue reading Detecting When a Smartphone Has Been Compromised

New Credit Card Scam

A criminal ring was arrested in Malaysia for credit card fraud: They would visit the online shopping websites and purchase all their items using phony credit card details while the debugging app was activated. The app would fetch the transaction data from the bank to the online shopping website, and trick the website into believing that the transaction was approved,… Continue reading New Credit Card Scam

CONIKS

CONIKS is an new easy-to-use transparent key-management system: CONIKS is a key management system for end users capable of integration in end-to-end secure communication services. The main idea is that users should not have to worry about managing encryption keys when they want to communicate securely, but they also should not have to trust their secure communication service providers to… Continue reading CONIKS

Cryptography Is Harder Than It Looks

Writing a magazine column is always an exercise in time travel. I’m writing these words in early December. You’re reading them in February. This means anything that’s news as I write this will be old hat in two months, and anything that’s news to you hasn’t happened yet as I’m writing. This past November, a group of researchers found some… Continue reading Cryptography Is Harder Than It Looks

Possible Government Demand for WhatsApp Backdoor

The New York Times is reporting that WhatsApp, and its parent company Facebook, may be headed to court over encrypted chat data that the FBI can’t decrypt. This case is fundamentally different from the Apple iPhone case. In that case, the FBI is demanding that Apple create a hacking tool to exploit an already existing vulnerability in the iPhone 5c,… Continue reading Possible Government Demand for WhatsApp Backdoor