Security – Page 3 – Digital Dark Matter

January 8, 2018

Meet the new threat same as the old threat

One of the many prediction articles I suspect we will see in coming days.

http://www.smh.com.au/technology/innovation/swarm-cyber-attacks-crypto-currency-stealing-malware-predicted-for-2018-20180107-p4yyaz.html

The main message we can take away from this is that those wanting to attack systems will use new technology to help them do that, just as those that are wanting to defend systems from attack will use new technology to prevent those attacks. Nothing that startling revealed here, just the continuation of the arms race that has been going on for some years now.

Certainly a concerning future, but not a surprising one.

Original source for the article can be found here: https://blog.fortinet.com/2017/11/14/fortinet-fortiguard-2018-threat-landscape-predictions

January 8, 2018

More Regulation Please?

An interesting op-ed piece. While I wouldn’t necessarily say that regulation (government or otherwise) is always the answer (other than to bolster the compliance industry), there is a point to be made here.

Are we reaching a tipping point like that experienced after the Enron fallout where a more holistic and measure approach to this problem needs to be mandated?

A data breach today is less likely to be an annoyance and more likely to have potentially significant and devastating real world consequences. The hit list of recent events in this regard identified in the article clear demonstrates that the problem is just getting bigger.

https://www.nytimes.com/2018/01/08/opinion/cybersecurity-breach-spectre-meltdown.html

January 4, 2018

Happy New Year, Happy New Devastating Vulnerabilities

Another year and another critical vulnerability (ies) that impact the very infrastructure we live upon. Spectre and Meltdown have hit the press today . The NY Times has written a fairly well balanced article (https://www.nytimes.com/2018/01/03/business/computer-flaws.html) and hopefully other media will give it the same responsible attention, but somehow I doubt it.

Giving vulnerabilities catchy names and logos is a little bit of a double-edged sword I think. It certainly raises serious issues and gives them the attention they need, but it also creates a bit of link-bait fodder which doesn’t help things that much when the issue needs a serious and rational approach to a solution. But it is the world we live in I guess.

For those interested, the papers relating to the two vulnerabilities can be found under their own registered domain (!) https://meltdownattack.com/

December 23, 2017December 21, 2017

The New World Order of Privacy

I suspect we will be seeing more of these types of articles in coming months and years. This is essentially the same type of problem that impacts other areas of security from secure software development to encryption; we develop an assurance method and then research (legitimate or otherwise) finds the flaws. The problem I see is that unlike secure software development and encryption, de-identification methods don’t have the same level of maturity. With the current environment of data (especially personal data) being of high value, we are going to need to mature these methods very quickly

http://www.smh.com.au/technology/innovation/australians-health-records-unwittingly-exposed-20171218-p4yxt2.html

December 22, 2017December 21, 2017

The Infosec Hits of 2017

Looking back at the year that was. Certainly some things that I don’t think we would have conceived in 2016. Let’s see what surprises 2018 will bring. Fairly certain that things won’t necessarily improve!

https://www.wired.com/story/2017-biggest-hacks-so-far/

May 7, 2017

Article: Privacy in the digital age is only possible if we act now

Recent article published by Charlie Lewis in Crikey discussing the state of affairs that is information security and privacy in the digital age.

Privacy in the digital age is only possible if we act now

I think the last paragraph highlights the key issue we have here; privacy advocates don’t seem to be able to agree on the most appropriate way forward.

There should also be some acknowledgement in this discussion that in many ways this discussion is too little too late. So many major businesses rely on the collection and trade of personal information. If we were make any meaningful change in this area, those companies would require a new income and business model.

I am afraid that we have long ago given away our rights for privacy in exchange for convenience.

(Note: new Crikey articles are behind a paywall for the first two weeks after publishing)