For nearly four decades, states have used proxy actors to conduct cyber operations. In doing so, they profit from diverse low-intensity efforts that harass, subvert and burgle foreign competitors, often shaping favorable conditions without risking escalation. Using proxies, from mercenary groups to criminal elements and so-called “patriotic hackers,” creates a degree of plausible deniability for states and can bring other benefits as well. In some cases, for instance, criminal organizations have better access to job-specific coding talent or hacking infrastructure than the state, thus saving the state from having to commit resources to develop new capacity.

To read this article in full, please click here

Read More

SSL and its descendent, TLS, are protocols that encrypt internet traffic, making secure internet communication and ecommerce possible.

The decades-long history of these protocols has been marked by continuous updates that aim to keep pace with increasingly sophisticated attackers. The next major version of the protocol, TLS 1.3, will soon be finalized — and most anyone who runs a website will want to upgrade, because cybercriminals are catching up.

Secure Sockets Layer, or SSL, was the original name of the protocol when it was developed in the mid-1990s by Netscape, the company that made the most popular Web browser at the time. SSL 1.0 was never released to the public, and SSL 2.0 had serious flaws. SSL 3.0, released in 1996, was completely revamped, and set the stage for what followed.

To read this article in full, please click here

Read More

Ethical hacking, also known as penetration testing, is legally breaking into computers and devices to test an organization’s defenses. It’s among the most exciting IT jobs any person can be involved in. You are literally getting paid to keep up with the latest technology and get to break into computers without the threat of being arrested. 

Companies engage ethical hackers to identify vulnerabilities in their systems. From the penetration tester’s point of view, there is no downside: If you hack in past the current defenses, you’ve given the client a chance to close the hole before an attacker discovers it. If you don’t find anything, your client is even happier because they now get to declare their systems “secure enough that even paid hackers couldn’t break into it.” Win-win!

To read this article in full, please click here

Read More