All posts in Encryption

The Funniest Password Recovery Questions and Why Even These Don’t Work

Daniel Solove
Founder of TeachPrivacy

Passwords

 

A recent article in Wired argues that it is time to kill password recovery questions. Password recovery questions are those questions that you set up in case you forget your password. Common questions are:

In what city were you born?

What is your mother’s maiden name?

Where did you go to high school?

Continue Reading

Ransomware on a Rampage

Daniel Solove
Founder of TeachPrivacy

Ransomware Training 01

Ransomware is on a rampage!  Attacks are happening with ever-increasing frequency, and ransomware is evolving and becoming more powerful.

Several major media sites, such as the New York Times, BBC, AOL, and the NFL, were recently infected with malware that directed visitors to sites attempting to install ransomware on their computers.

Ransomware Malware Training

Ransomware has the potential to attack the Internet of Things.  In one instance, a researcher was able to infect a TV with ransomware.

Ransomware is now attacking smart phones.

Last month, one hospital paid $17,000 in ransom when ransomware attacked its computer system.  The computer network was down for more than a week, and patients had to be transferred to other hospitals.

Continue Reading

Can the FBI Force Apple to Write Software to Weaken Its Software?

Daniel Solove
Founder of TeachPrivacy

title image

A dramatic legal battle is taking place that will have dramatic implications for the future of technology, privacy, security, and the extent of government power.  The FBI obtained an order from a magistrate judge to force Apple to develop software to help the FBI break into an encrypted iPhone.

Continue Reading

The Kafkaesque Sacrifice of Encryption Security in the Name of Security

Daniel Solove
Founder of TeachPrivacy

The Kafkaesque Sacrifice of Encryption Security in the Name of Security

By Daniel J. Solove

Proponents for allowing government officials to have backdoors to encrypted communications need to read Franz Kafka.  Nearly a century ago, Kafka deftly captured the irony at the heart of their argument in his short story, “The Burrow.”

After the Paris attacks, national security proponents in the US and abroad have been making even more vigorous attempts to mandate a backdoor to encryption.

Continue Reading

OPM Data Breach Fallout, Fingerprints, and Other Privacy + Security Updates

Daniel Solove
Founder of TeachPrivacy

OPM Fallout

By Daniel J. Solove

Co-authored by Professor Paul Schwartz

This post is part of a post series where we round up some of the interesting news and resources we’re finding. For a PDF version of this post, and for archived issues of previous posts, click here. We cover health issues in a separate post.

general devels

News

Mayer Brown survey of executives: 25% of organizations lack both a CPO and CIO (March 2015)

stats

Continue Reading

Security Experts Critique Government Backdoor Access to Encrypted Data

Daniel Solove
Founder of TeachPrivacy

Data Ballby Daniel J. Solove

In a recent report, MIT security experts critiqued calls by government law enforcement for backdoor access to encrypted information.  As the experts aptly stated:

“Political and law enforcement leaders in the United States and the United Kingdom have called for Internet systems to be redesigned to ensure government access to information — even encrypted information. They argue that the growing use of encryption will neutralize their investigative capabilities. They propose that data storage and communications systems must be designed for exceptional access by law enforcement agencies. These proposals are unworkable in practice, raise enormous legal and ethical questions, and would undo progress on security at a time when Internet vulnerabilities are causing extreme economic harm.”

The report is called Keys Under Doormats: Mandating Insecurity by Requiring Government Access to all Data and Communications and is by Harold Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael Specter, and Daniel J. Weitzner.

Continue Reading

Cybersecurity: Leviathan vs. Low-Hanging Fruit

Daniel Solove
Founder of TeachPrivacy

Data Security Training Low-Hanging Fruit

by Daniel J. Solove

There are certainly many hackers with sophisticated technical skills and potent malicious technologies.  These threats can seem akin to Leviathan — all powerful and insurmountable.

Leviathan 01

It can be easy to get caught up focusing on the Leviathan and miss the low-hanging fruit of cybersecurity.  This low-hanging fruit consists of rather simple and easy-to-fix vulnerabilities and bad practices.

Continue Reading

The OPM Data Breach: Harm Without End?

Daniel Solove
Founder of TeachPrivacy

title image

By Daniel J. Solove

The recent breach of the Office of Personnel Management (OPM) network involved personal data on millions of federal employees, including data related to background checks. OPM is now offering 18 months of free credit monitoring and identity theft insurance to victims. But as experts note in a recent Washington Post article, this is not nearly enough:

If the data is in the hands of traditional cyber criminals, the 18-month window of protection may not be enough to protect workers from harm down the line. “The data is sold off, and it could be a while before it’s used,” said Michael Sussmann, a partner in the privacy and data security practice at law firm Perkins Coie. “There’s often a very big delay before having a loss.”

Continue Reading

Use of Encryption Is Increasing — Albeit Slowly

Daniel Solove
Founder of TeachPrivacy

old metal numbers

by Daniel J. Solove

According to a survey commissioned by Thales e-Security, the use of encryption by organizations is increasing.  Ten years ago, only 15% had an enterprise-wide encryption strategy. Now, 36% have such a strategy.

Chart Encryption Increase 01 Some other interesting findings from the survey also found, according to a ZDNet article:

Continue Reading

The Funniest Hacker Stock Photos

Daniel Solove
Founder of TeachPrivacy

stock photos

By Daniel J. Solove

 

I produce computer-based privacy and data security training, so I’m often in the hunt for stock photos. One of the hardest things in the world to do is to find a stock photo of a hacker that doesn’t look absolutely ridiculous.

I’ve gone through hundreds of hacker stock photos, and I’ve discovered some that are so absurdly funny that they are true classics and deserve to be celebrated in a hall of fame. So I bought some of these gems to share them with you — because if there’s any sense of justice in the universe, when so much thought, creativity, and effort goes into a stock photo, it deserves to be sold.

Continue Reading