Information Security & Occasional Forays Into Adjacent Realms
Suprised by the largest heist in history? Concerned about Carbanak APT? Clearly, proof-positive that advanced persistent threats are deeply evil - and highly efficient when coupled with other complimentary and stealth-like methodologies (aka Hiding in Plain Sight). Read on...
Dr. Michael Geist (Law Professor at the University of Ottawa, and the current holder of the Canada Research Chair in Internet and E-commerce Law) holds forth on current cloud cogitation up north (at least within the data confines of the Government of Canada / Gouvernement du Canada).
Well documented paper on the capability to identify entities via credit card metadata [i.e., the identification is based on what was once thought to be anonymous big data...]. Time to move back to currency transactions. Tout Simplement Incroyable.
In a new series (typically, behind Science Magazines' pay-wall, but free access to February 5th, 2015), comes this particularly disturbing revelation of Facebook Inc.'s (NasdaqGS: FB) DeepFace system which is now, apparently, as accurate as human's at facial recognition.
In a posting published by ProPublica, online advertising leviathan TURN is utilizing the dreaded zombie cookie, pioneered by those friendly folks at Verizon Wireless. ProPublica is also reporting that TURN's actions were originally discovered by Stanford University computer scientist and attorney Jonathan Mayer, and then tested by ProPublica staffers.
If you read anything today about cryptography today, read the work of Stanford University's Center for Internet and Society's Jeffrey Vagle, JD [Mr. Vagle is also a Lecturer in Law and the Executive Director of the Center for Technology, Innovation and Competition [CTIC] at the University of Pennsylvania Law School]; in which, Mr. Vagle examines the criminalization of cryptography [snippet of his work appears below].
'We've heard this story from governments before, of course, from the "crypto wars" of the early 1990s to recent claims by the FBI that encryption allows networks to "go dark," and prevent legitimate law enforcement efforts. But as the leaked security memo asserts, without strong crypto and secure networks, we're all put at greater risk. It is crucial that we keep this in perspective as the world's legislative bodies rush to do something--anything--in the face of these crises.' - via Jeffrey Vagle writing at the Center for Internet and Society, at Stanford University
via VentureBeat's Evan Schuman, comes the sorry tale of enterprise security failures, and importantly, the continued failures of both security implementation and deployment in the recently high profile retail security snafus of last year [eg. Target's gargantuan credit and debit card breach] Astonishing...
In a tour de force screed, published at InfosecIsland, Steve Martino, details exactly what is required for data classification to succeed, and the impact of that classification effort on an organization's information security posture. (Mr. Martino is CISCO Systems, Inc. (NasdaqGS: CSCO) CISO and VP of Information Security.)
Bad news for Network Attached Storage users, as a newly devised POC now exists. Should you be concerned? Probably.
Glenn Fleishman, writing at MacWorld, regales us with a sort of iCloud Omnibus; in which, the Good Mr. Fleishman tells of Cupertino's take on the security of the remote storage behemoth's infrastructure (also known as Apple Inc.'s (NasdaqGS: AAPL) iCloud).
Fascinating screed, via ArsTechnica, by the inimitable Dan Goodin. In which, the well-lettered Mr. Goodin details the discovery of the paucity of BitCoin security. Surprised? Read more at Ars.
