Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybersecurity

Equifax says it owns all its data about you – really!

Senate Commerce Committee Hearing – Protecting Consumers in the Era of Major Data Breaches – November 8, 2017: “…“Massive data breaches have touched the vast majority of American consumers,” said [Senator John] Thune [R- S.D.]. “When such breaches occur, urgent action is necessary to protect sensitive personal information. This hearing will give the public the… Continue Reading

EFF – Here’s How Congress Should Respond to the Equifax Breach

“There is very little doubt that Equifax’s negligent security practices were a major contributing factor in the massive breach of 145.5-million Americans’ most sensitive information. In the wake of the breach, EFF has spent a lot of time thinking through how to ensure that such a catastrophic breach doesn’t happen again and, just as importantly,… Continue Reading

New York Times is Now Available as a Tor Onion Service

Runa Sandvik is the Director of Information Security at The New York Times: “Today we are announcing an experiment in secure communication, and launching an alternative way for people to access our site: we are making the website available as a Tor Onion Service…One way we can help is to set up nytimes.com as an… Continue Reading

FERC Proposes New Security Management Controls for Grid Cyber Systems

“The Federal Energy Regulatory Commission (FERC) [on October 19, 2017] proposed new cyber security management controls to further enhance the reliability and resilience of the nation’s bulk electric system. These include mandatory controls to address the risks posed by malware from transient electronic devices like laptop computers, thumb drives and other devices used at low-impact… Continue Reading

Enabling Blockchain Innovation in the U.S. Federal Government

GCN.com – “As more government agencies investigate the potential for blockchain technology, ACT-IAC has put together a primer, Enabling Blockchain Innovation in the U.S. Federal Government. Including thought leaders from government and industry, ACT-IAC’s Blockchain Working Group was created in May at the request of the General Services Administration. Jose Arrieta, director of the Office… Continue Reading

Common Internet of Things Devices May Expose Consumers to Cyber Exploitation

From FBI News Release, October 17, 2017: “In conjunction with National Cyber Security Awareness Month, the FBI is re-iterating the growing concern of cyber criminals targeting unsecure Internet of Things (IoT) devices. The number of IoT devices in use is expected to increase from 5 billion in 2016 to an estimated 20 to 50 billion… Continue Reading

NIST – Passphrases are the new way to protect your digital world

NIST Blog, Mike Garcia: “…First, I’m going to share the takeaways from our new password guidance. Simply put: Use passphrases, not passwords. Then, I’m going to explain the absolute most important thing to know about passwords: Try not to use them at all. And if you do, don’t rely on passwords, or even passphrases, alone.… Continue Reading

DHS issues operational network security directive to all federal agencies

FCW.com: “The Department of Homeland Security is requiring agencies to use new email and web security guidelines that address man-in-the-middle attacks. A binding operational directive from DHS gives federal agencies 90 days to implement a pair of tools, Domain-based Message Authentication Reporting and Conformance (DMARC) and STARTTLS. DMARC is an email authentication tool designed to… Continue Reading

Cybersecurity, Encryption and United States National Security Matters

Cybersecurity, Encryption and United States National Security Matters, Senate Armed Services Committee, September 13, 2016 (published September 2017), via FAS. Steven Aftergood, Secrecy News: “What constitutes an act of war in the cyber domain? It’s a question that officials have wrestled with for some time without being able to provide a clear-cut answer. But in… Continue Reading

Active Cyber Defense Certainty Act

The Register: “Two members of the US House of Representatives today introduced a law bill that would allow hacking victims to seek revenge and hack the hackers who hacked them. The Active Cyber Defense Certainty Act (ACDC) [PDF] amends the Computer Fraud and Abuse Act to make limited retaliatory strikes against cyber-miscreants legal in America… Continue Reading

Thomson Reuters Podcast – Dangers of Public Wi-Fi

Legal Current – “Free wi-fi is widely available and tempting to use, especially when traveling.  Hotels, airports, coffee shops, even NYC subway stations provide it. But the dangers of public wi-fi are many-fold.  Not only are they hunting grounds for hackers, but a new report from security firm FireEye claims a Russian hacker group known… Continue Reading

Business Email Scams: Protecting Your Company’s Information

From the Pennsylvania Department of Banking and Securities, a succinct and very useful Infographic guide: “Business Email Compromise is a cyber threat targeted against businesses, both large and small, that typically involves a con artist targeting employees with access to company financial or sensitive documents. The scammers lead the employees to believe they are a… Continue Reading