I spent the last week at the RSA security conference in fear of getting sick before my talk on Friday, the last day of the conference. During that time I was nearly obsessive about using hand sanitizer to protect me against any germs I might be getting from shaking hands, or touching surfaces.
“In the latest security lapse involving the Internet’s widely used encryption system, Google said unauthorized digital certificates have been issued for several of its domains and warned misissued credentials may be impersonating other unnamed sites as well.” (more…)
DutchNews.nl reports that ISPs in the Netherlands will no longer be required to retain data for law enforcement.
Since 2009, national laws have required keeping records on the activities of all users for a period of one year. In 2014 the EU determined that such mass storage was a violation of fundamental privacy rights.
This court ruling brings the EU and Dutch rules into accord by ending the data retention requirement.
There is a new “man in the middle” attack against web pages that is significantly worse than I have seen before. Interestingly, it does not even appear to be intended as an attack. (more…)
Security researchers discovered a very sophisticated watering hole attack against Forbes.
There is a major trend towards increasingly targeted cyber attacks, from advanced persistent threats (APT), to spear phishing. Now we are seeing targeting applied to watering hole attacks. I think of this as the sniper at the watering hole. (more…)