The National Highway Traffic Safety Administration (NHTSA), part of the US Department of Transportation recently issued their much anticipated Federal Automated Vehicles Policy. This 116-page document is guidance, not mandatory rulemaking to "guide manufacturers and other entities in the safe design, development, testing, and deployment of HAVs [Highly Automated Vehicles]."
Yahoo confirmed on Thursday that data associated with at least 500 million user accounts have been stolen from a 2014 data breach - what many are calling one of the largest cybersecurity breaches in history. What information did these hackers get? Yahoo tells us "the account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt), and in some cases, encrypted or unencrypted security questions and answers."
I was asked to meet with the some of the staff from the Office of Management and Budget (OMB) this week. To be clear, the OMB is a White House department but sadly the meeting wasn't in the White House itself -- it was a couple of blocks west.
The OMB's job is to run a cost/benefit analysis on any new regulations to make sure they're worth doing. Since February, the OMB has been analyzing the Department of Transportation's proposed mandate for Vehicle to Vehicle (V2V) Communications using a technology known as Dedicated Short Range Communications (DSRC).
Hey Dad: sorry for what I am about to share!
…but please keep your plane tickets to visit next month and babysit!
Happy 25th birthday to the world wide web! It's difficult to imagine the first public website was launched just 25 years ago in 1991. For most people, it's hard to think about our lives without the internet.
Internet use has grown substantially over the years, with estimates of over 3.5 billion users around the world in 2016, up from 2.2 billion the year before.1 And while many are now embracing the convenience of the internet, concerns about internet security are greater than ever. Security needs to be thought about as technology and the internet continue to advance and grow over the next 25 years.
CISO Executive Summary
Application security differs in a number of ways from IT security, Network Security, and Information Security, so standard solutions from those domains don’t necessarily address the challenges of Application security. It is a very knowledge-dependent discipline, and defense in depth is rarely achieved with technology solutions alone.
With Apple's recent announcement about starting its first Bug Bounty Program this September, it raises the issue of why they waited so long and why they did finally did decide to create one.
Bug Bounty Hunter (BBH) programs are relatively simple in theory - security professionals or hackers who find security holes receive compensation based on the criteria defined in the program. A well-managed program can be a valuable component of a mature software development lifecycle; however, a poorly-organized one can generate a lot of headaches and effectively paralyze an entire security team as they sift through the findings.
All organizations that process credit card data are required to be PCI compliant and abide by PCI DSS security standards. However, many organizations treat PCI compliance as an expensive, stressful, and time-consuming annual event. Often departments have fixed budgets, which is why it's important to reduce costs whenever possible while still being able to maintain compliance requirements.
In the wake of Pangu releasing the latest iPhone jailbreak, the industry will continue to debate on whether jailbreaking your iPhone is worth the security risk.
With a jailbroken iPhone, you can get past many of the locked down features to customize your iPhone in nearly any way you can imagine. However, this luxury comes with a risk that makes all the information on your phone a likely target for cyber criminals. So, if jailbreaking is such a big security risk, why do it in the first place?