“How can the United States protect cyberspace “control system of our country,” without restricting the open “flow of information on the Internet“? What should countries consider when developing international cybersecurity standards and protocol? What should their citizens know to protect their information and their rights? Cybersecurity Policy Research Links provide news, background information, legislation, analysis,… Continue Reading
Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002
Category Archives: PC Security
Research shows smartphone sensors leave trackable fingerprints
News release, ECE Illinois: “Research by Associate Professor Romit Roy Choudhury and graduate students Sanorita Dey and Nirupam Roy have demonstrated that the accelerometers used in mobile devices posses unique, trackable fingerprints. This suggests that even when a smartphone application doesn’t ask for geospatial information (“…would like to use your current location”), there are other… Continue Reading
EFF – Which Tech Companies Help Protect You From Government Data Demands?
EFF Survey Shows Improved Privacy and Transparency Policies of the Internet’s Biggest Companies “Technology companies are privy to our most sensitive information: our conversations, photos, location data, and more. But which companies fight the hardest to protect your privacy from government data requests? Today, the Electronic Frontier Foundation (EFF) releases its fourth annual “Who Has… Continue Reading
NIST Revises Guide to Use of Transport Layer Security (TLS) in Networks
“The National Institute of Standards and Technology (NIST) has released an update to a document that helps computer administrators maintain the security of information traveling across their networks. The document, NIST Special Publication 800-52 Revision 1: Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations, updates the original SP 800-52, released in 2005. Sensitive data—from… Continue Reading
The Target Data Breach: Frequently Asked Questions
CRS – The Target Data Breach: Frequently Asked Questions. N. Eric Weiss. Specialist in Financial Economics; Rena S. Miller, Specialist in Financial Economics. April 22, 2014. “According to Target, in November and December of 2013, information on 40 million payment cards (credit, debit, and ATM cards) and personally identifiable information (PII) on 70 million customers was compromised. The Secret Service has… Continue Reading
Biggest EU cyber security exercise to date
“Today, 28 April 2014, European countries kick off the Cyber Europe 2014 (CE2014). CE2014 is a highly sophisticated cyber exercise, involving more than 600 security actors across Europe. More than 200 organisations and 400 cyber-security professionals across Europe join forces today during the first phase of ENISA’s bi-annual large scale cyber security exercise, Cyber Europe 2014.… Continue Reading
More online Americans say they’ve experienced a personal data breach
Pew Research – Mary Madden – “As news of large-scale data breaches and vulnerabilities grows, new findings from the Pew Research Center suggest that growing numbers of online Americans have had important personal information stolen and many have had an account compromised. Findings from a January 2014 survey show that: 18% of online adults have… Continue Reading
Financial Institutions Directed to Respond to Hearbleed Attacks
Via American Banker: “The Federal Financial Institutions Examination Council said Thursday that it expects “financial institutions to incorporate patches on systems and services, applications, and appliances using OpenSSL and upgrade systems as soon as possible to address the vulnerability.” OpenSSL is open-source software that lets web sites encrypt communications with visitors. A vulnerability has been found… Continue Reading
FTC- Heartbleed May Cause You Some Heartache
News release: “If you’re thinking “Heartbleed” sounds serious, you’re right. But it’s not a health condition. It’s a critical flaw in OpenSSL, a popular software program that’s used to secure websites and other services (like VPN and email). If your company relies on OpenSSL to encrypt data, take steps to fix the problem and limit… Continue Reading
IRS misses XP deadline, pays Microsoft millions for patches
ComputerWorld: “The U.S. Internal Revenue Service (IRS) acknowledged this week that it missed the April 8 cut-off for Windows XP support, and will be paying Microsoft millions for an extra year of security patches. Microsoft terminated Windows XP support on Tuesday when it shipped the final public patches for the nearly-13-year-old operating system. Without patches for vulnerabilities… Continue Reading
EFF- Why the Web Needs Perfect Forward Secrecy More Than Ever
“EFF has long advocated for websites to support HTTPS instead of plain HTTP to encrypt and authenticate data transmitted on the Internet. However, we learned yesterday of a catastrophic bug, nicknamed “Heartbleed,” that has critically threatened the security of some HTTPS sites since 2011. By some estimates, Heartbleed affects 2 out of 3 web servers on the Internet. Heartbleed isn’t a… Continue Reading
EFF – Websites Must Use HSTS in Order to Be Secure
EFF: “You would think that by now the Internet would have grown up enough that things like online banking, email, or government websites would rely on thoroughly engineered security to make sure your data isn’t intercepted by attackers. Unfortunately when it comes to the vast majority of websites on the Internet, that assumption would be… Continue Reading
