Weekend Reads 051421

For this post, I wanted to explore some ways that an organisation or individual might start building a new security “habit” so that, in time, acting securely becomes automatic.

Research into methods of attacking machine-learning and artificial-intelligence systems has surged—with nearly 2,000 papers published on the topic in one repository over the last decade—but organizations have not adopted commensurate strategies to ensure that the decisions made by AI systems are trustworthy

Efforts have been ongoing in the ICANN community to develop a better understanding of its role in the combat of abuse.

But the Advanced Persistent Threat (APT) carries with it a worrying sub-text that requires further exploration as companies continue to tackle the ongoing issues of a global pandemic and an increasingly fatigued and remote workforce.

With organizational data practices coming under increasing scrutiny, demand is growing for mechanisms that can assist organizations in meeting their data-management obligations

All good parties come to an end, and the one that Intel has enjoyed for an unbelievable dozen years, starting with the rollout of the “Nehalem” Xeon E5500 processors back in March 2009, is over. Find the Advil, grab a glass of water, and try not to drop all the pills on the floor.

Political hand-wringing in Washington over Russia’s hacking of federal agencies and interference in U.S. politics has mostly overshadowed a worsening digital scourge with a far broader wallop: crippling and dispiriting extortionary ransomware attacks by cybercriminal mafias that mostly operate in foreign safe havens out of the reach of Western law enforcement.

Online scammers are playing a numbers game. If they send out their scams to enough people, they’ll find a few people who posses a magic combination: Folks who are distracted by life and also concerned with their online accounts.

Despite receiving extensive attention from the cybersecurity community, phishing remains a major, and agile, threat to Internet users.

SRE is seen as a high modernist project, intent on scientifically managing their systems, all techne and no metis; all SLOs and Kubernetes and no systems knowledge and craft. That view is not entirely wrong.

VPNs are a big business worth billions of dollars a year. With so much money up for grabs, it’s no surprise that many VPN providers just aren’t trustworthy. So how do you choose a good, trustworthy VPN?

Those empty buildings remain abandoned a year-and-counting later. No telling what has occurred in there in all this time — or what new and awful challenges are brewing in there still.

Open source is living through a curious moment: just like sharing movements in academia and communities once helped develop open source, open source is now inspiring the development of communities

The adage: ‘On the Internet, nobody knows you’re a dog‘ has been popularized by the Internet community, for obvious reasons. The saying hints at the anonymous nature of the Internet and the many ways in which people can pretend to be something that they’re not.

In a 81-page report delivered to the Biden administration this week, top executives from Amazon, Cisco, FireEye, McAfee, Microsoft and dozens of other firms joined the U.S. Department of Justice (DOJ), Europol and the U.K. National Crime Agency in calling for an international coalition to combat ransomware criminals, and for a global network of ransomware investigation hubs.

From SolarWinds to Ubiquiti, data breaches have stormed recent headlines, and they all have one risk in common: non-people identities. As affected enterprises recover, there’s debate over why these breaches happen and how cloud security can improve.

If I were to ask you why you scanned for compliance at your company, I’d bet you’d tell me it was to help you pass requirements easier, to ensure that your audits are good on the first pass and so that you could troubleshoot technical issues with another process.

Today, somebody had a problem: they kept seeing a popup on their screen, and obvious scam trying to sell them McAfee anti-virus. Where was this coming from?

Secret-key encryption uses the same key for encryption and decryption, while public-key encryption uses different keys for encryption and decryption. There are pros and cons to each method.

Cross Site Request Forgery, or CSRF occurs when a malicious site or program causes a user’s browser to perform an unwanted action on a trusted site when the user is authenticated.