worker portraits on a shield, illustration - Credit: Peter Crowther Associates, Shutterstock

Implementing Insider Defenses

Classical approaches to cyber-security—isolation, monitoring, and the like—are a good starting point for defending against attacks, regardless of perpetrator. But implementations of those approaches in hardware and/or software can invariably be circumvented by insiders, individuals who abuse privileges and access their trusted status affords.

Read More
gold box with circuit board exterior, illustration - Credit: Arleksey / Shutterstock

Better Security Through Obfuscation

Last year, three mathematicians published a viable method for hiding the inner workings of software. The paper was a culmination of close to two decades of work by multiple teams around the world to show that concept could work. The quest now is to find a way to make indistinguishability obfuscation (iO) efficient enough to become a practical reality.

Read More
lock in electronic pattern, illustration - Credit: Diyajyoti / Shutterstock

Fixing the Internet

Aftab Siddiqui, senior manager of Internet technology at the Internet Society, says the initial BGP protocol was conceived by experts at research institutions, defense organizations, and equipment vendors. “When they designed [BGP], it was based on the premise that everybody trusts each other,” Siddiqui says. “Fast-forward 30 years, I’m pretty sure we cannot claim that anymore.”

Read More
Cover Logo - Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2021

Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2021

In honor of Cybersecurity Awareness Month 2021, the National Cyber Security Alliance and CybSafe have launched the world’s first Cybersecurity Attitudes & Behaviors Report. The research report is the first of its kind. It examines cybersecurity attitudes and behaviors of the general public, shedding light on one of the most important aspects of cyber risk – the human factor.

Read More
Microsoft - Research

Microsoft Password Guidance

This paper provides Microsoft’s recommendations for password management based on current research and lessons from our own experience as one of the largest Identity Providers (IdPs) in the world. It covers recommendations for end users and identity administrators.

Read More
complex traffic signals - Credit: Palm Jumeirah Guides

Securing Internet Applications from Routing Attacks

This article provides a new perspective by showing that routing attacks on Internet applications can have even more devastating consequences for users—including uncovering users (such as political dissidents) trying to communicate anonymously, impersonating websites even if the traffic uses HTTPS, and stealing cryptocurrency. This article argues that the security of Internet applications and the network infrastructure should be considered together, as vulnerabilities in one layer led to broken assumptions (and new vectors for attacks) in the other.

Read More