Information

by Paul Ducklin Here’s an important thing to remember about jurisprudential arithmetic, where two negatives definitely don’t make a positive: stealing money from someone who originally acquired it through criminal means doesn’t “cancel out” the criminality. You can still go to prison for a very lengthy stretch, and here’s one way. Remember Silk Road? Not the actual road, or more properly, the web of East-West trading routes linking China to the Middle East and Europe…

Read More

Make sure that the device that’s supposed to help you keep tabs on your little one isn’t itself a privacy and security risk We’ve probably all read horror stories online: a parent is woken in the middle of the night by strange noises coming from their child’s bedroom. They open the door, only to find a stranger “talking” to their baby through the monitor. While rare, such cases do happen from time to time. Smart…

Read More

by Paul Ducklin Well-known cybersecurity researcher Fabian Bräunlein has featured not once but twice before on Naked Security for his work in researching the pros and cons of Apple’s AirTag products. In 2021, he dug into the protocol devised by Apple for keeping tags on tags and found that the cryprography was good, making it hard for anyone to keep tabs on you via an AirTag that you owned. Even though the system relies on…

Read More

The digital skills gap, especially in cybersecurity, is not a new phenomenon, with the problem now further exacerbated by the prevalence of burnout Discussion of the resourcing issues within the cybersecurity sector is not a new phenomenon; according to Cybersecurity Ventures, the number of unfilled cybersecurity positions worldwide grew 350% between 2013 and 2021, from 1 million to 3.5 million. The article breaks this number down further, estimating that there are 1 million cybersecurity workers in…

Read More

Windows used to be the big talking point when it came to exploits resulting in mass casualties. Nowadays, talks turned to other massive attack platforms like #cloud and cars In years past, a massive Windows exploit netted mass casualties, but here at Black Hat, talks turned toward other massive attack platforms like clouds and cars. Windows is no longer alone at the front of the pack, hackwise – it has company. It makes sense. If…

Read More

The Sender Policy Framework can’t help prevent spam and phishing if you allow billions of IP addresses to send as your domain Twenty years ago, Paul Vixie published a Request for Comments on Repudiating MAIL FROM that helped spur the internet community to develop a new way of fighting spam with the Sender Policy Framework (SPF). The issue then, as now, was that the Simple Mail Transfer Protocol (SMTP), which is used to send email…

Read More