Compromise of safety systems could have resulted in the release of toxic gas or an explosion – causing physical damage to facilities and the loss of life.
Read more in my article on the Hot for Security blog.
For nearly four decades, states have used proxy actors to conduct cyber operations. In doing so, they profit from diverse low-intensity efforts that harass, subvert and burgle foreign competitors, often shaping favorable conditions without risking escalation. Using proxies, from mercenary groups to criminal elements and so-called “patriotic hackers,” creates a degree of plausible deniability for states and can bring other benefits as well. In some cases, for instance, criminal organizations have better access to job-specific coding talent or hacking infrastructure than the state, thus saving the state from having to commit resources to develop new capacity.
Alethe Denis was on maternity leave when she decided to participate in DEF CON’s Social Engineering Capture the Flag competition in 2019. She took her three-month-old daughter and her husband to Las Vegas and planned the trip to the finest detail.
“Things could have gone wildly wrong,” Denis says. “It was extremely exhausting just to be there, let alone to compete.”
Bringing an infant to a security conference, where crowds are loud and rooms are filled with cigarette smoke, is not something she recommends. “I found myself standing in a bathroom stall nursing quite frequently, which is pretty gross, or changing her quick enough that nobody would walk by and potentially see and be alarmed or disgusted,” she says.
SSL and its descendent, TLS, are protocols that encrypt internet traffic, making secure internet communication and ecommerce possible.
The decades-long history of these protocols has been marked by continuous updates that aim to keep pace with increasingly sophisticated attackers. The next major version of the protocol, TLS 1.3, will soon be finalized — and most anyone who runs a website will want to upgrade, because cybercriminals are catching up.
Secure Sockets Layer, or SSL, was the original name of the protocol when it was developed in the mid-1990s by Netscape, the company that made the most popular Web browser at the time. SSL 1.0 was never released to the public, and SSL 2.0 had serious flaws. SSL 3.0, released in 1996, was completely revamped, and set the stage for what followed.
Ethical hacking, also known as penetration testing, is legally breaking into computers and devices to test an organization’s defenses. It’s among the most exciting IT jobs any person can be involved in. You are literally getting paid to keep up with the latest technology and get to break into computers without the threat of being arrested.
Companies engage ethical hackers to identify vulnerabilities in their systems. From the penetration tester’s point of view, there is no downside: If you hack in past the current defenses, you’ve given the client a chance to close the hole before an attacker discovers it. If you don’t find anything, your client is even happier because they now get to declare their systems “secure enough that even paid hackers couldn’t break into it.” Win-win!
Making security simpler as controls become integrated into organizations’ zero-trust journeys is a tremendous opportunity for democratizing security.
Phishing attacks on Spokane Regional Health District triggers two data breach announcements in 2022
Bipartisan proposal aims to protect America’s healthcare and public health sector
Researchers find a spike in zero-day exploits and faster exploitation speeds in 2021
