You are here
Home > Posts tagged "Tech Republic"

The best developer-centric security products

The list of tools given in this article are more like components for developers to include in their projects. I believe that designing security and privacy starts with a threat modelling exercise which should come before and then as an integral part of the development process...: [...] For these and other developer-oriented security products to work, they need to fit into the developer's natural workflow (i.e., their preferred toolchain, among other things). They need great

How security leaders can help SOC analysts adjust to working from home

You may have been planning to do some of this anyway but the pandemic has forced several years of change to be carried out in a few months. Here's some advice for coping...: [...] Amy Blackshaw, director of product marketing at RSA and Adler's partner in the session, had five recommendations for security teams working remotely. Some of these shifts are already in process and others are accelerating: Automating workflows: Analysts should be able to collaborate and work f

The future of encryption: Getting ready for the quantum computer attack

If you're concerned about encrypted data being decrypted in the future by a quantum computer attack, then it's time to investigate and possibly invest in quantum secure cryptography...: [...] Kaafarani is a former engineer at Hewlett-Packard Labs and leads a team of 10 full-time quantum cryptographers, from what he estimates to be a worldwide pool of just a hundred or so. The company is busy working on the development of quantum-secure cryptography– encryption solutions for

How to run an SSH connection through Tor

For the internet-facing servers I administer I usually lock down the IPs that can access ssh (banning by country), also install fail2ban, and run sshd on a port other than the default of 22. This technique goes the other way, using Tor to obfuscate the connection but allowing anyone with the '.onion' hostname to attempt to connect. I'm going to file it under 'might be useful'...: SSH is, by design, a fairly secure means of gaining shell access to remote machines. However, th

86% of data breaches are conducted for financial gain

When I started in the infosec game (last millennium) only a few of the incidents we worked on were driven by criminal intent. Hacktivism (remember that?), and "for the LOLZ" were big drivers for the relatively unsophisticated stuff we had to deal with. The one thing that hasn't changed is that most incidents start with someone screwing up (reusing passwords/no password, public shares, ANY/ANY/ANY "testing"...)...: [...] "Criminals are going to go the path of least resistance

COVID-19 contact tracing: The tricky balance between privacy and relief efforts

For any of these apps to be useful, there has to be widespread take-up. If more than 2 billion devices are unable to run the apps being developed that means an even higher take-up rate is required. If the technorati can't gain the trust of most users, then these projects will fail. I see two versions of app being developed. The first creates a central database of all person-person interactions for later querying; the second holds all data on an individual's device until they

Coronavirus-related digital fraud: 22% of Americans targeted

One of the things that's remarked on in the startup community is the ability of a company to 'pivot' (no, I don't like the anthimeria of words but hey-ho) to meet changing conditions. The criminal fraternity seem to be especially adept at this...: [...] "It is clear that social distancing has changed consumer shopping behaviors globally and will continue to do so for the foreseeable future," said Greg Pierson, senior vice president of business planning and development at Tra

Almost half of mobile malware are hidden apps

Fake reviews are as much a part of the malware distributors armoury as any scammer on Amazon...: [...] Using the authorized app stores [such as the App Store and Google Play] is very important, "but also don't necessarily rely on reviews as an example of legitimacy," Samani advised, adding that there are examples detailed in the report with some malicious apps writing fake reviews. One way to tell is by looking for reviews that reuse the same simple phrases, as they are p

Mac attacks on the rise

Ever since the Mac and PC ads, and for quite a while before that, there's been a smugness exhibited by certain Mac users about "there's so much more malware that affects Windows users". No longer true...: For the first time ever, Macs saw more cyberthreats per endpoint than Windows PCs, according to the 2020 State of Malware Report. "We saw a significant rise in the overall prevalence of Mac threats in 2019, with an increase of over 400% from 2018,'' the report by Malware

How to report a phishing or spam email to Microsoft

I've been through adding this to my Outlook client (yes, it works on a Mac) for one of my customer Office 365 accounts. I do find it mildly irksome that the user has to install something (an inherently risky activity) in order to be able to help train Microsoft's spam filters...: You receive an email that you find suspicious--potentially a phishing email--so you ignore or delete it. Another option is to report the email to Microsoft for analysis via the Outlook add-in called