Weekend Reads 040221

The Atlas, launched in July, contains data on more than 7,000 surveillance programs—including facial recognition, drones, and automated license plate readers—operated by thousands of local police departments and sheriffs’ offices nationwide.

Power management may not be at the top of anyone’s priority list when they think about cybersecurity. But to quote the famous words of Bob Dylan: “The times, they are a-changin’.”

Three years ago, Spectre changed the way we think about security boundaries on the web. It quickly became clear that flaws in modern processors undermined the guarantees that web browsers could make about preventing data leaks between applications.

With a growing number of threat sources and successful cybersecurity attacks, organizations find themselves in a tricky spot if they wish to survive cyberspace.

Until the (more or less) recent explosion of new DNS RFCs (aka the ‘DNS Camel’, loosely referring to the straw that broke the camel’s back), I used to think of the DNS as something similar to chess, with a fairly simple set of rules that developed into complex systems when deployed.

As I write this, the world is probably days away from the “Great Email Robbery,” where a large number of threat actors around the globe are going to pillage and ransom the email servers of tens of thousands of businesses and local governments.

In a control experiment in which no one was distracted, the researchers observed a previously described phenomenon known as lane formation: As the two groups made contact, people arranged themselves in two or three columns.

The objective of an organization when implementing cybersecurity controls is to eliminate risk, but this oftentimes involves settling for managing risk at an acceptable level. Each organization defines what that acceptable level is depending on several factors including the environment, the criticality of function, the asset type, etc.

Intel’s 11th-gen Rocket Lake-S chips are finally crossing the finish line as the latest desktop chips finally go on sale starting March 18.

The most common way thieves hijack SMS messages these days involves “sim swapping,” a crime that entails bribing or tricking employees at wireless phone companies into modifying customer account information.

The botnet’s designers are using this idea to create an unblockable means of coordination, but the implications are much greater. Imagine someone using this idea to evade government censorship. Most Bitcoin mining happens in China. What if someone added a bunch of Chinese-censored Falun Gong texts to the blockchain?

Ransomware gangs aimed to bilk business victims of even more money in 2020, causing the average ransom paid by companies to jump 171% to more than $312,000.

The FBI is reminding organisations of the serious threat posed by business email compromise (BEC) scams, declaring that it caused over $1.8 billion worth of losses to businesses last year.

Throughout our “Managing with Open Values” series, we’ve interviewed a number of managers and leaders who shared with us their experiences and practices. In this installment, I interviewed fellow Open Organization Ambassador Sam Knuth to discuss how he lets open values guide his approach to leading large teams.

With this article, the audience gets to know effective ways to ensure Kubernetes security, using must-have solutions, proven practices, and the best tools empowering building and maintaining a secure environment on the platform.

CP/M was a text-based operating system created by American programmer Gary Kildall of Digital Research in 1974. Its initials stood for “Control Program/Monitor” at first, but Digital Research changed it to the more friendly “Control Program for Microcomputers” later.

Large organizations have relied on so-called “browser isolation” services to deal with this risk for years, but these tools are often slow and clunky. As a result, many companies only require them for the most sensitive work; otherwise, employees would search for workarounds.

Even though Intel just announced its Rocket Lake-S desktop processor, eyes are already turning to what Intel has next up its sleeve: the next-generation CPU code-named Alder Lake, expected before the end of 2021.

The PCI Express standard, or PCIe, has been a staple for connecting PC peripherals and components to a desktop. If you buy new PC parts in 2021, they’ll likely support the current fourth generation.

The maintainers of OpenSSL have released a fix for two high-severity security flaws in its software that could be exploited to carry out denial-of-service (DoS) attacks and bypass certificate verification.