Today, if I had to secure some new infrastructure paradigm I've never worked with, I would approach it by asking a series of questions based on those core security principles and suggest changes based on the answers. I can ask the same set of questions no matter what infrastructure paradigm is used because they are so foundational to securing any infrastructure.
Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering.
TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet traffic in an encrypted tunnel and to cloak the user’s IP address. The researchers believe it affects all VPN applications when they’re connected to a hostile network and that there are no ways to prevent such attacks except when the user's VPN runs on Linux or Android. They also said their attack technique may have been possible since 2002 and may already have been discovered and used in the wild since then.
Normal people, as you may have heard, hang out on the internet. And what is the internet’s biggest trove of everyday moral dilemmas? Why, it’s Reddit’s “Am I the Asshole?” forum!
So, why not comb through millions of comments there to find out how people make moral decisions?
The domain name code.microsoft.com has an interesting story behind it. Today it’s not linked to anything but that wasn’t always true. This is the story of one of my most successful honeypot instances and how it enabled Microsoft to collect varied threat intelligence against a broad range of actor groups targeting Microsoft.
Scam victims tend to be single, lonely, and economically insecure with low financial literacy. I am none of those things. I’m closer to the opposite. I’m a journalist who had a weekly column in the “Business” section of the New York Times. I’ve written a personal-finance column for this magazine for the past seven years. I interview money experts all the time and take their advice seriously. I’m married and talk to my friends, family, and colleagues every day.
And while this is harder to quantify — how do I even put it? — I’m not someone who loses her head. My mother-in-law has described me as even-keeled; my own mom has called me “maddeningly rational.” I am listed as an emergency contact for several friends — and their kids. I vote, floss, cook, and exercise. In other words, I’m not a person who panics under pressure and falls for a conspiracy involving drug smuggling, money laundering, and CIA officers at my door. Until, suddenly, I was.
On the lunar surface, a single Earth day would be roughly 56 microseconds shorter than on our home planet — a tiny number that can lead to significant inconsistencies over time.
Dutch cybersecurity expert Bert Hubert makes the case for robust services with limited dependencies fully owned and operated by local experts.
The legal controversy was documented and ruled on by the Colorado Supreme Court in an October 2023 decision, Colorado v. Seymour. The court’s decision to deny the defendant’s suppression motion was a narrow one. However, the decision is one of the first to analyze the constitutionality of reverse warrants when no suspects have been identified.
Adtech uses the basic lifeblood of digital commerce—the trail of data that comes off nearly all mobile phones—to deliver valuable intelligence information. Edward Snowden’s 2013 leaks showed that, for a time, spy agencies could get data from digital advertisers by tapping fiber-optic cables or internet choke points. But in the post-Snowden world, more and more traffic like that was being encrypted; no longer could the National Security Agency pull data from advertisers by eavesdropping. So it was a revelation—especially given the public outcry over Snowden’s leaks—that agencies could just buy some of the data they needed straight from commercial entities. One technology consultant who works on projects for the US government explained it this way to me: “The advertising technology ecosystem is the largest information-gathering enterprise ever conceived by man. And it wasn’t built by the government.”
In a company of 10,000, stuff like that happens with clockwork regularity; your security team is pitted against the sum of human ingenuity. You work to lower the base rate of security lapses, but even with the best tooling and education efforts, there’s that 1% or 5% you’re bound to miss. A breach is only a matter of time; your average CISO is losing sleep over this, not over buffer overflows.