18 Matching Annotations
  1. Jun 2020
    1. Wyróżniamy 2 podstawowe metody wykrywania malware(można mówić o większej ilości, jednak na potrzeby przybliżenia podstaw wspomnę tylko o dwóch):

      2 ways antiviruses detect malware:

      • Signature-Based Detection - based on signatures (known byte sequences) updated continuously. For example, the method deletes software immediately after it's downloaded
      • Heuristic and Behavioral-Based Detection - based on malware's "behaviour" (each of its instructions)
    1. xposed the collective vulnerability to disruption and abuse. In one week in April 2020, there were over 18 million daily malware and

      It is important to underline that doesn't mean we have seen the surge in numbers of attacks or new malware (eg. AV test shows rather average number of new malware discovered throughout the top pandemics month comparing to last years: https://www.av-test.org/en/statistics/malware/). Instead, we are seeing new types of threats which take Covid19 as context: either specific phishing campaigns which are based on Covid19 hooks, or greater consequences of attacks against critical infrastructure like hospitals and medical centers - but also e-learning and e-commerce platforms (see the short video summary of threats: https://www.youtube.com/watch?v=XFCV_wIIEr8 ).

  2. May 2020
    1. The most common method of preventing CSRF is by generating a secret random string, known as a CSRF token, on the server, and checking for that token when the client performs a write.

      To completely defend the CSRF attack, one needs to generate a CSRF token

    2. CORS relaxes the Same-Origin Policy (SOP), a critical security measure that prevents scripts on one site (e.g. the attacker’s site) from accessing sensitive data on another site (e.g. the Definitely Secure Bank portal). If something was protecting you from CSRF, it would be the SOP.

      Thanks to Cross-Origin Resource Sharing (CORS), Same-Origin Policy (SOP) is being relaxed and CSRF is blocked from cross-origin reads, but not from writes (so POST is still effective but attacker cannot read the response)

    3. Cross-Site Request Forgery is a web security exploit where an attacker induces a victim to perform an action they didn’t mean to. In this case, the attacker tricked you into unintentionally transferring them money.

      Cross-Site Request Forgery (CSRF) attack example: sending cookies to the origin (bank site) even when the request originates from a different origin

  3. May 2019
    1. Several Businesses prefer to outsource their IoT Security compliance to third party agencies to ensure security measures to maintain IoT security and Device security of the organization. However merely entrusting your security compliance framework with an external body does not mitigate your risk of falling prey to Cyber Attacks and IoT security breaches. You need to ensure that the compliance framework takes into consideration the following factors in security audit checklist:

      IoT Security Compliance audit checklist must be followed by all developers working in this domain. Doing so can effectively prevent cyber attacks that have become so common.

  4. Nov 2017
    1. As an example, one of the most significant problems in healthcare security is the need for users to authenticate quickly to shared workstations in clinical environments. I could see a future version of Face ID embedded in an iMac solving that problem, changing an entire industry, and selling a lot of iMacs!

      Sounds very unlikely.

    1. Perhaps they will learn something about how a hacker can gain access to Web sites and why there is a burden on those of us who create on the Web to also secure what we create.
    1. Obviously, securing student data is critical. There are a lot of data sharing services that shouldn’t be offered until that security can be guaranteed.
  5. Feb 2017
    1. IBM research estimates that security teams have to deal with, on average, 200,000 individual events every single day.

      Wow, scary number!

    2. Evan and Mike Spisak invented an interface that could help fundamentally improve how cybersecurity works.

      Cybersecurity advances

  6. Jun 2016
    1. The cause of the security breach is under investigation by the University of Maryland Police Department, the U.S. Secret Service and federal law enforcement authorities, as well as forensic computer investigators.

      Despite this deposition from two years ago, U. Md. still hasn’t updated this page.

  7. Dec 2015
    1. Apple CEO Tim Cook has repeatedly and strongly criticized those in government who have demanded backdoors, explaining: “You can’t have a back door in the software because you can’t have a back door that’s only for the good guys.” And a representative of many of the large tech companies recently remarked: “Weakening security with the aim of advancing security simply does not make sense.” Eighty-five percent of cybersecurity experts recently surveyed by Politico called backdoors “a bad idea”. (We know, for example, the NSA in particular loves to prey on foreign phone companies’ backdoors.)
    1. A group of 19 civil liberties organizations from across the political spectrum this morning issued a letter to the White House and Congress urging lawmakers to oppose the final “conferenced” version of a dangerous cyber bill that experts say will dramatically expand government surveillance while failing to make us safer from cyber attacks.
    1. "It makes zero sense to lock up this information forever," said Jeremiah Grossman, who founded cybersecurity firm WhiteHat Security. "Certainly there are past breaches that the public should know about, is entitled to know about, and that others can learn from."

      I used to think the most fanciful thing about the movie "War Games" was not the A.I., but the defense computer connected to a public network. But if industrial control systems can be reached by the Internet or other public lines -- then maybe the government is that stupid.