A recent report released by the Virginia Information Technologies Agency (VITA) showed that the state’s WINVote voting devices had severe vulnerabilities that could compromise the validity of elections. SecureState encounters security deficiencies similar to the ones identified in the report on a regular basis. These vulnerabilities and security gaps take on an added importance since voter confidence in the validity of elections is the backbone of a functioning democracy. Below, we outline the major voting machine vulnerabilities identified in the report and our recommendations to parties responsible for managing elections.
A recent article on Slate ended with the statement, “There’s still no answer to the question of how to get Americans fired up about cybersecurity.” SecureState’s cybersecurity experts decided to get together and brainstorm ways to raise public awareness of cybersecurity risks. While certainly not a definite answer to the question of how to get Americans to care about security, we believe by taking a few small sets we will increase the likelihood that people will start to care about cybersecurity.
What’s the saying, “If you can’t beat ‘em, join ‘em.”? Sure. Something like that. Doesn’t really work in the world of cybersecurity, though. Staying ahead of the curve does. I guess you can say Target “took one for the team” in December 2013. Otherwise, the giant steps taken may still be only a concept.
Verizon Enterprise’s 2015 Data Breach Investigations Report (DBIR) was recently released, and SecureState is here to give you some of the big takeaways from this massive report. Verizon works with thousands of partner companies to correlate information on the past year’s worth of data breaches and security incidents, identifying trends and information that can guide security efforts in the year to come. They combine all of their efforts into this massive report, which we have read over and pulled out some of the key issues highlighted.
As the calendar flips from March to April, so to do the priorities of Congress. To the back burner goes topics like immigration, oil pipelines and funding government departments, while the nation’s cybersecurity gets rebooted. Almost nothing has been top-of-mind over the last 12 months more than the threat of cyberattacks, following a half-dozen or more breaches from companies like JP Morgan Chase, Target, Sony and Anthem. In fact, just days ago, President Barack Obama dropped the hammer on would-be cyberterrorists using his power of executive order. This “big stick” approach allows the U.S. government to act quickly and slap sanctions on foreign hackers, if the threat is potentially damaging enough on a large scale.
SecureState recently covered how weak passwords can leave your accounts open to attack. However, once you have created complex, unique, 14 character passwords for your social networking, email, shopping, banking, and work accounts, how will you remember them all?
Recently, SecureState has seen a significant increase in our clients asking us about physical security assessments. This type of work is especially relevant for our clients in the medical industry, where protecting personal health information (PHI) is an essential part of HIPAA compliance. As hospitals, doctors, and insurers are depending further and further on third party companies, they want to know that each of these third party companies is protecting information and their business environment physically, not just electronically.
When the average person hears that rival nations, criminal organization, and individuals are targeting the U.S.’s power grid, they picture apocalyptic scenarios of the country returning to the dark ages the or terrorists controlling the nation’s infrastructure like a video game. Although these might be Hollywood fantasies, cyber-attacks against the nation’s critical infrastructure can result in very real, and very serious, consequences.
Given the relative inaccuracies of the CSI franchise as a whole and how Hollywood regularly fails to tackle hackers with any sort of realism, it should surprise nobody that the new CSI show, CSI:Cyber, plays fast and loose with realistic hacking. The question we all had going in was just how inaccurate it would all be. The answer is, for the most part, completely inaccurate. Below is our take on the first episode.
Recently, a team of cryptographers at INRIA, Microsoft, and IMDEA discovered an SSL vulnerability in OpenSSL and Apple’s SecureTransfer that allow attackers to downgrade the encryption being used from ‘strong’ RSA to ‘export-grade’ RSA. By using a Man-in-the Middle style attack, attackers intercept communications and are able to trick servers into providing a much weaker encryption key than they otherwise would. With this new vulnerability making the rounds among the various news outlets, SecureState is here to answer some questions you might have about the new vulnerability, known as FREAK.