Soghoian, Your Smartphone is a Civil Rights Issue →
Dr. Soghoian's Take...
Tip O' The Hat to Firewall Consultants!
ISACA document entitled 'Firmware Security Risks and Mitigation: Enterprise Practices and Challenges' (registration required) in which, the authors detail the data illustrated ion the infographic above. Today's MustRead.
Concisely crafted (by Dinei Florencio, Cormac Herley, and Paul C. Can Oorschot) contributed article - entitled 'Pushing on String: The 'Don't Care' Region of Password Strength' - in this month's Communications of the ACM, details research on why organizations that enforce strict password 'composition' security policies end up with flawed password-related security issues - effectively the same as those organizations that do not enforce password strength. Something to get those wheels of cogitation spinning over the weekend...
New, oddly optimistic screed - detailing the belief that ISP's should mitigate/remediate bad IoTbehaviors - has surfaced at Wired. You be the judge.
That is, "Whodunnit? Russia and Coercion through Cyberspace" a superlative blog post by Robert Morgus at War on the Rocks is today's MustRead.
This mornings' dive into Beltway views of Information and Cybersecurity Security was brought to my excruciatingly long (as opposed to short) attention span by a fellow member of theInternet Society - Joly MacFie (Joly is a member of the ISOC NY Chapter).
Panel participants are Jane Chong of the Hoover Institution and the National Security and Law Associate there, Joshua Corman - the Director of Cyber Statecraft Initiative at the Atlantic Council, Robert Morgus - a Policy Analyst for Cybersecurity Initiative, New America thinktank and Sasha Romanosky - Policy Researcher at the RAND Corporation and Faculty Member at the Pardee School; with the Panel Moderator- Trey Herr, Fellow, Harvard Belfer Center and Non-Resident Cybersecurity Fellow, New America's Cybersecurity Initiative and the Editor, Cyber Insecurity: Navigating the Perils of the Next Information Age. All in all, a stellar panel, and an engaging video.
Enjoy.
PREDATOR – Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration, described in the released paper, details the newly developed capability to predict bad-behavior (in this case criminally bad behavior), with the use of analytics at the time of domain registration. Created by Nick Feamster, Shuang Ho, Alex Kantchelian, Brad Miller and Vern Paxson. Outstanding.
"Princeton professor Nick Feamster and University of California Santa Barbara PhD student Shuang Ho worked with Alex Kantchelian (UC Berkley), Google's Brad Miller and Vern Paxson of the International Computer Science Institute to create PREDATOR – Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration...." "The important numbers are: the researchers say PREDATOR identified 70 per cent of domain registrations that were later abused; and they claim a false positive rate of just 0.35 per cent." - via El Reg's Richard Chirgwin
via ZDNet's Charlie Osborne comes a well-wrought report of the continued unremediated and unmitigated flaws in Microsoft Corporation's (NasdaqGS: MSFT) Windows 10.