Tag: Strategies
As Figures 5 and 6 illustrate, CAPTCHA solver services have made it possible for attackers to completely circumvent CAPTCHAs, including Google’s latest version called CAPTCHA Enterprise (not shown here). The Business of Human CAPTCHA Solvers In many respects, CAPTCHA solver services operate like any legitimate enterprise, and they are clearly in business to make a…
Read MoreHeadlines about breaches and compliance penalties give us a strong idea of what we do not want for our security programs. Of the breaches in 2020, the financial sector had the highest percentage at 17 percent, as noted in the 2021 Application Protection Report. With breaches, come regulator attention. In 2017, New York’s Department of…
Read MoreUpdate, June 22, 2022: In light of the root cause analysis published by Cloudflare for their recent outage, we thought we’d refresh this article since it remains relevant. Much as was the case with Facebook back in October 2021, the downtime was the result of a misconfiguration of BGP – in the case of Cloudflare,…
Read MoreSingle points of failure are the bane of engineering, and engineers put great effort into eliminating them from the systems they design. Increasingly, however, companies are handing over large amounts of their IT infrastructure and application portfolios to third-party providers. This reveals an interesting form of the single point of failure. If an organization uses…
Read MoreTo find the correct password, attackers must check word after word until they find one which outputs the same hash value as the one they have stolen. While this sounds tedious, password cracking tool, such as Hashcat, are capable of calculating billions of hashes per second on a single computer. Renting cloud computing services allows…
Read MoreFraud has become a pervasive part of the discussion around cybersecurity. In part, this reflects a change in attacker motives, as cyber-attacks were not always as vicious as they are now. From the 1980s into the early 2000s, hacking was not really about profit. It was primarily about achieving fame in the hacker community by…
Read MoreIt is in this spirit of collaboration, and with all the respect in the world for the incident responders who have had to deal with Log4Shell, that we want to use this event to reflect a bit on the present and immediate future of security as both an industry and a body of knowledge. In…
Read MoreManaging privacy online is a constant balancing act. On the one hand, we need to provide a certain amount of our personal information to authenticate ourselves. In select environments, we also want to provide some additional information to our friends, family, and peers. On the other hand, we want to withhold that information from those…
Read MoreIn July 2020, the FBI Cyber Division issued Flash Alert AC-000129-TT reporting that malware had been found in the software used to calculate China’s value-added tax (VAT). However, the Chinese State Taxation Administration requires companies to install this particular software to operate within China. Third-party applications are already risky, but here a pre-infected application was…
Read MoreOn November 9, 2022 Twitter CISO Lea Kissner resigned along with the company’s chief privacy officer and its chief compliance officer. The Washington Post and other media outlets reported that internal Slack messages at Twitter revealed serious concerns that new leadership was pushing for the release of products and changes without effective security reviews—and that…
Read More