For my Computer Security students.
NIST
Publishes Second Draft of Cybersecurity Framework
… Introduced
in 2014, the framework is designed to help organizations,
particularly ones in the critical infrastructure sector, manage
cybersecurity risks. Some security firms and experts advise
businesses to use the NIST Cybersecurity Framework as a best practice
guide. Others, however, believe
such static guidelines cannot keep up with the constantly evolving
threat landscape, and malicious actors may even use it to devise
their attack strategy.
… According
to NIST, the second
draft for version 1.1 of the Cybersecurity Framework “focuses
on clarifying, refining, and enhancing the Framework – amplifying
its value and making it easier to use.”
The
second draft also comes with an updated roadmap
that details plans for advancing the framework’s development
process.
A nice survey of the field.
Cryptography was once the realm of academics,
intelligence services, and a few cypherpunk hobbyists who sought to
break the monopoly on that science of secrecy. Today, the
cypherpunks have won: Encryption
is everywhere. It’s easier to use than ever before. And no
amount of handwringing over its surveillance-flouting powers from
an FBI director or attorney general has been able to change that.
Thanks in part to drop-dead simple, increasingly
widespread encryption apps like Signal,
anyone with a vested interest in keeping their communications away
from prying eyes has no shortage of options.
Better locks, not attack tools.
Fighting
Back Against the Cyber Mafia
Four
distinct groups of cybercriminals have emerged, serving as the new
syndicates of cybercrime: traditional gangs, state-sponsored
attackers, ideological hackers and hackers-for-hire. This is the
central thesis of a new report titled 'The
New Mafia: Gangs and Vigilantes'.
In this report, the gangs are the criminals and the vigilantes are
consumers and businesses -- and the vigilantes are urged to 'fight
back'.
The
report (PDF)
is compiled by endpoint protection firm Malwarebytes. It is designed
to explain the evolution of cybercrime from its earliest, almost
innocuous, beginnings to the currently dangerous 'endemic global
phenomenon'; and to suggest to consumers and businesses they don't
need to simply accept the current state. They can fight back.
Fighting
back, however, is not hacking back -- or in the more
politically acceptable euphemism, active defense.
We
should be so lucky!
Howard Solomon reports:
Canadians don’t give up their right to privacy after sending a text message to another person, the country’s top court has ruled. It’s a decision that one privacy lawyer said still means if you want to ensure privacy, encrypt your text messages.
The case involved an Ottawa area man who had his conviction for firearms offences dismissed after the Supreme Court of Canada ruled today that evidence of text messages he sent and found on an alleged accomplice were wrongly admitted as evidence at his trial. Essentially, the court ruled that without a search warrant the accused right to privacy under the Charter of Rights had been violated.
Police in fact had a warrant to search the house of a man the court calls M and the alleged accomplice and seized their cellphones. However, the trial judge ruled that warrant was invalid for technical reasons and the text messages on M’s phone couldn’t be entered as evidence.
Read more on IT
World. This is actually quite huge and a slap on the side of the
head to the U.S., where third party doctrine would suggest that there
is no expectation of privacy. As Solomon reports, in Marakah,
the court held:
“An individual does not lose control over information for the purposes of s. 8 of the Charter [the right to privacy] simply because another individual possesses it or can access it,” the court ruled. “Nor does the risk that a recipient could disclose an electronic conversation negate a reasonable expectation of privacy in an electronic conversation. Therefore, even where an individual does not have exclusive control over his or her personal information, only shared control, he or she may yet reasonably expect that information to remain safe from state scrutiny.”
Good
arguments make good laws.
Why
Microsoft Challenged the Right Law: A Response to Orin Kerr
This coming spring, the Supreme Court will hear
arguments in the United
States v. Microsoft – a case that will determine the
authority of U.S. law enforcement to compel, via a warrant, US-based
companies to turn over data held outside the United States. Over at
Lawfare, Orin
Kerr posits that Microsoft and the government—as well as the
numerous lower court judges that have weighed in—have missed the
core issue in the case. According to Kerr, the key is the All Writs
Act; the parties and lower court judges have, in contrast, all
focused on the Stored Communications Act. According to Kerr, only
the All Writs Act gives the Supreme Court the necessary latitude to
craft the kind of nuanced response that is needed.
This is a more detailed reprise of a claim that
Kerr made some two year ago. I disagreed then (see our back and
forth here).
And I disagree now.
Zig in public, Zag in private? All things are
possible?
Trump says
fines against Wells Fargo could be increased
… “Fines and penalties against Wells Fargo
Bank for their bad acts against their customers and others will not
be dropped, as has incorrectly been reported, but will be pursued
and, if anything, substantially increased. I will cut Regs but make
penalties severe when caught cheating!” Trump wrote.
… The financial industry is hoping regulatory
agencies will adopt a less aggressive approach to fines under the
Trump administration.
Those hopes were raised when Mulvaney, Trump’s
pick to lead the CFPB on a temporary basis, told reporters this week
that he was reviewing more than 100 enforcement actions currently in
the works, including litigation, cases that are being settled and
investigations. Mulvaney said he would delay at least two
enforcement actions, without naming them.
“The notion that this administration is or will
be tough on Wall Street doesn’t pass the laugh test, and that fact
is evident in deeds, not tweets,” said Lisa Donner, the executive
director of Americans for Financial Reform, a coalition of groups
advocating for tougher oversight of the financial system.
Why the University has really great anti-virus
security?