Rosalie F. Donlon reports: Travelers’ cybersecurity experts have developed common cyber claims scenarios across five industries, as shown in the following pages. The costs add up quickly, often reaching more than $1 million. For each of the scenarios/industries, Donlon reports estimates based on the NetDiligence® Data Breach Cost Calculator and then factors in estimates from Ponemon’s Ponemon’s…
Category: Commentaries and Analyses
Lawful Hacking After the Encryption Debate
Marshall Erwin writes: The Obama administration has apparently decided not to support exceptional access proposals that would provide law enforcement with the means to access data on iPhones and other personal devices. As I argued previously on Just Security, instead of pursuing exceptional access, policymakers should seek to build a durable legal structure that would provide the FBI with the…
Shared passwords and the Computer Fraud and Abuse Act
Orin Kerr writes: Next week, a panel of the Ninth Circuit Court of Appeals (Thomas, Reinhardt, and McKeown) will hear oral argument in the second round of United States v. Nosal. This time around, the main question in the case is whether and when accessing an account using a shared password is an unauthorized access under the Computer…
CERT.pl report on “The Postal Group”
From CERT.pl: During the SECURE conference, we presented a talk outlining actions performed by a group of criminals, which we have called “The Postal Group”. Their name is derived from the fact that they masquerade their phishing attacks as messages from the post office. This phishing then leads to either cryptolocker or a banking trojan….
US taxman slammed: Half of the IRS’s servers still run doomed Windows Server 2003
Kieren McCarthy reports: Half of America’s Internal Revenue Service’s (IRS) servers are running Windows Server 2003, despite extended support for it ending in July. That’s according to a report by the Treasury Inspector General that took a look at the IRS’ $139m upgrade program. The report is distinctly unimpressed and notes that the IRS “did not follow established policies…
Aadhaar encryption protects privacy, will take eons to crack
Mahendra Singh & Rajeev Deshpande report: The Aadhaar system’s data collection and storage is strongly protected by sophisticated encryption processes to ensure biometric data does not leak either through private contractors running enrollment centres or at the central data servers that store the details. […] The encryption uses highest available public key cryptography encryption (PKI-2048…