Tools for Reducing Software Vulnerabilities
NIST, the US National Institute of Standards and Technology, released a report last December, “Dramatically Reducing Software Vulnerabilities.” It has multiple useful and interesting ideas for improving vulnerabilities in software. I want to highlight two that I felt were most important. 1. Education There is no technological substitute for developer discipline. Education is not just […]
Could a Hand-held EMP Device Threaten Cyber Security?
The ability to disable computers, cars, or other machinery from a distance without being easily detected has fascinated me for a long time. Years ago I worked for defense cub-contractor founded by engineers who had worked on the Airborne LASER Laboratory (ALL). They successfully used a LASER on board an airplane to shoot down drones. […]
GDPR: What You Need to Know and Do
GDPR or the General Data Protection Regulation takes effect next May. It’s an EU regulation. However, everyone must comply with it or else suffer heavy financial penalties and risk criminal prosecution. What Is GDPR? Simply put, the GDPR requires strong protection of personal privacy of people in the EU. Violations can lead to crippling fines, […]
How Can We Help Users Improve Security?
Maybe we should rename CIA. I don’t mean the government agency by that name. I’m risking heresy by saying that the tired old acronym CIA for Confidentiality, Integrity, and Availability isn’t sacred text. We talk about CIA in Learning Tree’s System and Network Security Introduction course. Let’s take a critical look at it here. I’ve […]
Using SSH for IoT Authentication
In a previous post, I wrote about attackers using default passwords in FTP and Telnet to compromise devices (especially IoT ones such as cameras). The compromised devices were then used to attack other devices on the Internet. I suggested users change passwords on the devices where possible but acknowledged that some were not changeable. I […]