The Pegasus Spyware
(T) The Pegasus spyware is quite impressive. Developed by the NSO Group in Israel and sold to governments across the world, it has been capable of collecting passwords, reading text […]
Make sure to Protect your Data
(E) There have been recently many new high profile cases of ransomware: the Colonial Pipeline, the D.C. Police Department, and Scripps Health. Cyber intelligence firm Intel 471 described the techniques […]
Analyzing the Recent US Massive Cyber Breach
(T) Bruce Schneider has just published an essay on December 24th in his blog and in the Guardian about the recent US massive cyber breach. The essay analyzes the state […]
Cyber Security Attack on FireEye
(T) Another quite surprising security breach. FireEye disclosed this week details of a cyber attack that it believes was carried out by “a nation with top-tier offensive capabilities”. Specifically, FireEye […]
Spectre and Meltdown
(T) The Spectre and Meltdown vulnerabilities, that we learned this week, are affecting pretty much any microprocessor that is used in any of our computing platforms (mobile, desktops, servers, embedded). […]
Identity Theft
(E) Two of my co-workers were affected by the Equifax security breach. Reddit has two excellent threads about the Equifax security breach – what to do? and protecting yourself against identity […]
The Cryptographers Panel
(T) This week was the RSA Security Conference at the Moscone Center in San Francisco. Most of the session videos are online. If you do not have the time to […]
DARPA Cyber Security Programs
(T) Interesting interview from Bloomberg’s Emily Chang with Arati Prabhakar, director at DARPA, this week, from self-driving cars to self-driving ships. More interesting are Mrs. Prabhakar’s comments on cybersecurity, in […]
IoT Botnet Mirai Today in Action in Dyn’s DDoS
(T) Large-scale Internet attacks are now reaching a point where their impacts are incredible. Leveraging Mirai a botnet that launches attacks from DVRs, IP Cameras and other IoT devices, multiple […]
Data Stolen from a NSA Server
(T) The media have just broadcasted this week that 300 Megabytes of data stolen from an NSA server has been posted on the Internet. The data seems to be cyberweapon […]
Quantum Encryption and Post-Quantum Cryptography
(T) Researchers have been working on quantum encryption for a long time. Quantum encryption is based on quantum key distribution (QKD). QKD algorithms can leverage well-defined quantum states (or photon […]
iOS and Android Security Models
(T) The architecture and implementation of iOS and Android are both similar when you compare feature-to-feature, and different when you compare implementation-to-implementation. Very basically, the iOS security model is based […]
Weakening Encryption
(T) At the same time that the RSA Security Conference is happening this week at the Moscone Center in San Francisco, everyone is talking and writing about the battle between […]
The Innovation Sandbox
(B) For the last few years, the RSA Security Conference holds the Innovation Sandbox which showcases a number of emerging security technologies and start-ups. Last year, the winner was RedOwl […]
Another Military-Grade Malware – Not a Good Thing!
(T) Both Symantec and Kaspersky have disclosed their findings of Regin – the latest discovered military-grade surveillance malware. Symantec has published a good white paper about the capabilities and the […]
Cybersecurity – When Governments are Both Doing the Right and Wrong Things
(B) One day, we hear governments working together to keep the bad guys out the Internet: the US, Canada, France, Germany, Luxembourg, Ukraine, and the UK collaborating together to route […]
Sharing Code Implies Sharing Vulnerabilities
(E) If Microsoft software has a vulnerability either in one of its application such as Internet Explorer or Office or in its Windows operating system – no problem – just […]
Can we Build Trust into the DNA of the Internet?
(T) “We have to trust the infrastructure (of the Internet)…The fact that it has been subverted in ways we don’t understand…we don’t know what to trust. And that is an […]
From Stuxnet to Careto
(T) It started with Stuxnet. And then, came Duqu, Flame, Gauss, Red October…and this week, Careto discovered by Kaspersky Lab. Unfortunately, those cyberweapons that we are identifying are likely to be just the top of the iceberg […]
Innovation Sandbox at RSA 2013
(B) For the last few years, the RSA Security Conference holds on Monday before the security conference starts, the Innovation Sandbox which showcases a number of emerging security technologies and start-ups. Last […]
The Latest in Cryptography
(T) One of my favorite keynotes at the RSA Security Conference is definitely the Cryptographers‘ Panel. The speakers at the panels are always the same – two of the three […]
Symantec Stuxnet Deep Diving
(T) “I think that computer viruses should count as life. I think that it says something about human nature. The only form of life, we have created so far is purely […]
Brilliant Ideas from Brilliant Minds
(T) Every year at the RSA Conference, I have the same feeling: that information security is not changing and at the same time somewhat changing. What is changing is obviously […]
Simple Ideas from Simple Minds
(T) Although most of us have been exposed to the basis of computation theory through the Turing Machine, fewer of us probably remembered that Alan Turing was a code breaker […]
Providing Security Policies and Encryption Keys
(T) To continue on my previous article about data encryption and access control, following is a new approach to provide security policies and encryption keys for IP Security (IPSec) network […]
A Silicon Valley Insider 