The General Data Protection Regulation (GDPR) just went into effect in the European Union. It is a law that is designed to protect the privacy of individuals by requiring explicit permission for data collection and the enforcement of strict data usage policies. Companies, specifically those that employ machine learning, have complained about the onerous regulation,
Adversarial Artificial Intelligence or Adversarial AI is the new buzzword on Capitol Hill. In the past few weeks there have been hearings on Adversarial AI in the House and the Senate, multiple articles written on the subject and even calls for a commission to investigate the threat. However, there have been very few details about
Last week Senators Ron Wyden and Claire McCaskill released a letter demanding that US Customs and Border Patrol (CBP) close a critical gap in our nation’s border security. The gap is not related to the border wall or drug submarines, but that we are not checking digital signatures on e-Passports. Even though it sounds like
According to Verizon’s 2017 Data Breach Investigations Report (DBIR), “81% of hacking-related breaches leveraged either stolen and/or weak passwords.” The National Institute of Standards and Technology (NIST) understands this. This is why, I believe, they are taking a tougher approach to identity risk than to other areas of network security. As proof I would point
While at a recent industry event I heard a senior military leader note their preference for hardware-based security because “software is hackable”. The idea of hardware as an uncrackable vault was rocked by this month’s announcement of two major cybersecurity flaws in Intel chips, Meltdown and Spectre. Meltdown and Spectre caused widespread panic and raised
In June 2017, the National Institute of Standards and Technology (NIST) released its updated Digital Identity Guidelines in Special Publication 800-63-3. The draft of this publication gained a lot of press in 2016 for highlighting the cybersecurity risks when using SMS for multi-factor authentication. While the final version has not had as much focus, the
A recent experience I had while charging my phone leads me to believe that it is possible to hack a phone through a power outlet. This thought occurred to me while I was attending an Identity Management Conference and had to charge my phone from an ordinary wall outlet. While using my phone I began
Active Directory has long been a favorite target for hackers. As every penetration tester knows, the best way to compromise a network is to gain access to the Active Directory (AD) server and escalate your account privileges. In the past few months though we have seen a shift towards more sophisticated Active Directory cyber attacks
3 Ways Blockchain Can Improve PKI When it comes to technology buzzwords there are few bigger than blockchain. Speak with any overexcited technologist and you will get an hour lecture about how it is the future of secure transactions. The benefits of blockchain technology are that it is public, distributed, and tamper-resistant. Indeed blockchain technology
This week we received news of another global ransomware attack that has reportedly affected FedEx, Rosneft, Moller-Maersk, and Merck. This comes hot on the heels of last month’s WannaCry ransomware attack that affected 300,000 computers in 150 countries. It seems these two attacks are linked because they both use the Server Message Block (SMB) protocol
