I generally stay away from politics in this blog, but this item is an interesting intersection of security and politics. And, it is pretty unique. Most non-public sector businesses don’t have to worry about this. While they may or may not let employees use their business email for personal reasons, there are no laws or […]
Continue reading → [DISPLAY_ACURAX_ICONS]Symantec, who is already on probation for issuing inappropriate SSL certificates, issued more than a hundred additional “illegit” certificates. SSL certificates – more technically TLS certificates – are the bits of technology required to make those “secure” web sites work. Certificates are issued by certificate authorities (CAs) – organizations who have supposedly set up processes […]
Continue reading → [DISPLAY_ACURAX_ICONS]NIST Special Pub 800-171 sets the rules for protecting information that defense contractors create and/or store called “Controlled Unclassified Information” or CUI. CUI includes the information that would be very enticing to foreign governments such as Russia, China and others. SP 800-171 was originally released last year and NIST publications usually have a 3 to […]
Continue reading → [DISPLAY_ACURAX_ICONS]You might think this is obvious, but just in case it is not, California wants to make this clear. It used to be, in California, that if you had sensitive data encrypted and that data was stolen, you didn’t have to tell people because, after all, it was encrypted. But there is a rub with […]
Continue reading → [DISPLAY_ACURAX_ICONS]We often tell you about web sites that use your data and sometimes in ways that you don’t expect, but usually it is to sell it to advertisers. However, apparently, AT&T has created a new revenue stream. AT&T calls the program Project Hemisphere. Hemisphere is a program which allows law enforcement to search AT&T call […]
Continue reading → [DISPLAY_ACURAX_ICONS]While the Cloud has an amazing number of advantages, it is important to remember that it is hard to see inside a cloud and what you can’t see could hurt you. I was recently involved in responding to a potential email compromise where the company was using cloud based email. While this cloud based email […]
Continue reading → [DISPLAY_ACURAX_ICONS]