Invite to discuss

Want posts & news about #computer security on your wall?

Sign Up

computer security

Posts
79
Experts
55
Views
78.9K
Shares
226
Upvotes
1.1K

Posts

Graham Joseph Penrose

Does legislation stifle innovation?

Does legislation stifle innovation? No. Why? Because it legislates in "catch up mode" mostly and on those rare occasions when the legislators do see something coming in advance (examples? I don't have any actually) - then they fail to implement the legislation or put in place checks and balances to monitor compliance. Legislators are better at legislating for the abuse of datRead more
3
5
Join the discussion...
mesbernard@gmail.com
When you consider the fact that legislation usually is created to control risks associated with a "leap frog" innovation event then the obvious answer is "YES!". Legislation goes on to stifle the ongoing creative process that led to the immediate evolution. A follow up question might be, "could legislation be designed to encourage future innovation?" … Read more
1
David Froud
My cynicism goes nowhere near as deep as yours, perhaps because I see this from an information security perspective, not so much a privacy/human right one, but I absolutely agree with "catch-up mode". What choice do they have? Vendors create something new and amazing, everyone want it, and by then it's too late to take it away. Governments regulate after the fact, and can onl… Read more
Bob Turkin

Fileless Application Whitelist Bypass and Powershell Obfuscation

The attacker had installed the backdoor almost a year before detection. They got in through a phishing attack, as in most cases. The detection? A kind and friendly letter from a law enforcement agency that had taken control of the command and control (C2) and was observing traffic to identify victims. http://blog.4n6ir.com/2017/06/fileless-application-whitelist-bypass.html
3
Start the discussion...
Join the discussion...
Karl M.
Welcome. The world is a bit hectic today!
3
Graham Joseph Penrose

A Diabolical Way of Hacking a Chip with a Wave of your Hand

A new hands-off hack‍ uses an ‍ EMP‍ attack to overcome fundamental software‍ protections At the recent REcon computer security conference, Red Balloon Security founder Ang Cui and research scientist Rick Housley presented a new approach to hacking a processor that uses electromagnetic pulses to produce specific glitches in hardware. By disrupting nor… Read more
2
1
Join the discussion...
Karl M.
That is brilliant research.
1
Cristian Driga

NIS Directive 1148/2016 summary in a sigle slide

The Directive on security of network and information systems (NIS Directive) provides legal measures to boost the overall level of cybersecurity in the EU by ensuring: Member States preparedness by requiring them to be appropriately equipped, e.g. via a Computer Security Incident Response Team (CSIRT) and a competent national NIS authority; cooperation among all the Member States, by setting up a… Read more
4
3
Join the discussion...
Claus Cramon Houmann
Useful enough to be a resource, short but succinct.
1
2
Rob Lewis

The one fix needed to keep Trump's cyber executive order from failing

Last month, this article by Roger Schell came out, without much fanfare or notice. I was curious to see if someone would mention it here; https://gcn.com/articles/2017/05/22/cybersecurity-eo-opportunity.aspx Roger Schell, was behind TCSEC and the Orange Book, which was a standard for testing trusted systems before the common criteria. (EAL) I thought some of his comments were interesting and hi-l… Read more
3
3
Join the discussion...
Karl M.
The Industry will be fine, it's profiting hugely from things not being secure enough. NIST and others, such as the author of the post above, seem to want to change things radically. Which is an approach that will impact infosec vendors and their share prices negatively... Read more
2
1
Lewis De Payne
I would be happy to chime in on some of this, having dealt with the politics that force NIST to compromise on standards myself (which also applies to government technology mandates in general). "the root cause of failures remains that without a trustworthy OS, real cybersecurity is scientifically impossible" That seems like a short-sighted sentiment, and it makes me wonder what the fact… Read more
3