Standards and certifications created by industry groups are "largely based on what feels right, rather than data showing what makes something strong in a security sense," said Peiter Zatko, who went by the name Mudge. He asked: "Where's the equivalent of the National Transportation Safety Board crash test results" for software? Cybersecurity is a public safety issue, "so why has this been almost entirely left to the free market to secure and make safe?" The hackers raised similar concerns in their 1998 hearing, telling lawmakers that companies couldn't be trusted to police themselves. "At this point it's time for the government to step in and step up," Zatko said Tuesday. … [Read more...] about The Cybersecurity 202: These hackers warned Congress the internet was not secure; 20 years later, their message is the same.
Internet security news
Like many other researchers working on deep packet inspection, I learned that its algorithms may fail to correctly identify different types of traffic – and that it can be fooled by a data sender dedicated to avoiding detection. In the context of internet security, these limitations are acceptable, because it’s impossible to prevent all attacks, so the main goal is to make them more difficult. … [Read more...] about Internet openness pits collaborative history against competitive future
However, these are domestic policies that have been put into place. The legitimacy of creating an international policy for combatting cyber security flows from the Security Council’s primary responsibility for the maintenance of peace and security, which may be carried out by means of the mandate in the UN Charter. Member states of the UN help to create international law that applies to cyberspace, but the international law only applies at the state level and not the individual level which means member states must comply but it is left to the member states to enforce the international laws upon its citizens. However, there are challenges to having an international policy and law on cyber security. Challenges to the Security Council combatting cyber terrorism and enforcing cyber security exist in many areas. One of the challenges with the Security Council is being able to utilize cyber operations to neutralize networks as part of a tool for peace. The SC has not been able to … [Read more...] about Cyber Security and the Need for International Governance
Do convey that you understand the risks to your business. Whether it’s competition that wants your intellectual property or concerns about a malicious insider, you want your customers and business partners to know that you are on the case. Avoid deemphasizing risks, as this may make you appear disinterested in the topic and ignoring a potential hole in your security program. Recently a CIO was quoted in an article saying that mobile device security was not a concern. Perhaps that CIO had a solid mobile device management program and could track every bit coming and going from their iPhones, but the article did not read that way. … [Read more...] about Media Query Call on Line 1: Do’s and Don’ts from an Information Security Officer
One such unsuspecting victim was Scott Foernsler, who is in charge of global sales at an an Atlanta-based mobile messaging and marketing company, the newspaper explains in a page-one article today. When he responded to a seemingly legitimate e-mail complaint from the “Better Business Bureau,” clicking on a link as requested, a scammer who had targeted him by impersonating the well-known agency scored. … [Read more...] about Execs Scammed on Internet Wild West