Security Bytes:


December 29, 2017  6:58 PM

Official TLS 1.3 release date: Still waiting, and that’s OK

Peter Loshin Peter Loshin Profile: Peter Loshin

"Measure twice, cut once," is a good way to approach new protocols, and TLS 1.3 is no exception. When it comes to approving updates to key security protocols, the Internet Engineering Task Force may seem to move slowly as it measures the impact of changes to important protocols. In the case of...

November 1, 2017  12:55 AM

The Equation Group malware mystery: Kaspersky offers an explanation

Rob Wright Profile: Rob Wright

The ongoing drama between Kaspersky Lab and the U.S. government received some much-needed sunlight last week as the antivirus vendor finally uttered two very important words: Equation Group. Kaspersky issued a statement describing how it came to


October 31, 2017  9:18 PM

Is “responsible encryption” the new answer to “going dark”?

Peter Loshin Peter Loshin Profile: Peter Loshin

"Three may keep a Secret, if two of them are dead." So wrote Benjamin Franklin, in Poor Richard's Almanack, in 1735. Franklin knew a thing or two about secrets, as well as about cryptography, given his experience as a diplomat for the fledgling United States, and he's right: a secret...


October 20, 2017  6:46 PM

Latest Kaspersky controversy brings new questions, few answers

Rob Wright Profile: Rob Wright

Kaspersky Lab's latest salvo in its ongoing feud with the U.S. government and media offered some answers but raised eve more questions. The company on Tuesday broke its silence a week after a series of explosive news reports turned up the heat on the Kaspersky controversy. We discussed the...


September 29, 2017  8:16 PM

FBI’s Freese: It’s time to stop blaming hacking victims

Rob Wright Profile: Rob Wright

The infosec industry needs to express more empathy for hacking victims and engage in less public shaming. That was the message fromĀ  Don Freese, deputy assistant director of the FBI and former head of the bureau's National Cyber Investigative Joint Task Force (NCIJTF), at the (ISC)2 Security...


August 8, 2017  6:38 PM

The Symantec-Google feud can’t be swept under the rug

Rob Wright Profile: Rob Wright

The feud between Symantec and the web browser community, most notably Google, appears to be over now that DigiCert has agreed to acquire Symantec Website...

0 Comments     RSS Feed     Email a friend


November 30, 2016  9:31 PM

How cloud file sharing is creating new headaches for security teams

Rob Wright Profile: Rob Wright

In the past, the simple sharing of a Microsoft Word document with a colleague over email wasn't cause for alarm. It wasn't the kind of event that was regularly reviewed or even recorded by a security operations center. Maybe it should've been. Regardless, in the age of rapid cloud adoption, such...


July 21, 2016  2:18 PM

Environment variables: Should they be considered harmful?

Peter Loshin Peter Loshin Profile: Peter Loshin

Outside of command line tutorials for Linux, the term "environment variable" increasingly appears right next to "security vulnerability." Consider Shellshock -- one of the worst exploitable flaws ever -- which requires little more work than attaching malicious code onto an environment variable....


May 13, 2016  8:43 PM

EMM software on every device? MobileIron makes the case

Rob Wright Profile: Rob Wright

During the legal battle between Apple and the FBI over gaining access to an iPhone used by one of the San Bernardino shooters in December's terrorist attack, an unexpected development...


April 8, 2016  5:29 PM

Vulnerability branding becomes another marketing tool

Michael Heller Michael Heller Profile: Michael Heller

Branding a security threat with a catchy nickname isn't new but the practice has evolved over time. Nicknames used to be for worms or viruses (Melissa, Code Red, etc.) and most were named by those who created the code...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: