complex traffic signals - Credit: Palm Jumeirah Guides

Securing Internet Applications from Routing Attacks

This article provides a new perspective by showing that routing attacks on Internet applications can have even more devastating consequences for users—including uncovering users (such as political dissidents) trying to communicate anonymously, impersonating websites even if the traffic uses HTTPS, and stealing cryptocurrency. This article argues that the security of Internet applications and the network infrastructure should be considered together, as vulnerabilities in one layer led to broken assumptions (and new vectors for attacks) in the other.

Securing Internet Applications from Routing Attacks Read More
computers at edge of crator, illustration - Credit: Novikov Aleksey

Cybersecurity: Is It Worse than We Think?

[In this article, we] seek to complement the myriad security research notes by investigating specific cybersecurity practices within organizations to evaluate where organizations are showing improvement, where they are stagnant, and what may be influencing these changes. Our results confirm that cyber-security continues to receive attention on the surface, but when looking beyond surface-level impressions a surprising lack of progress is being made.

Cybersecurity: Is It Worse than We Think? Read More
The Dark Triad, illustration - Credit: Alicia Kubista / Andrij Borys Associates

The Dark Triad and Insider Threats in Cyber Security

In this article, we focus on a set of pathological personality traits known as the dark triad. Evidence from recent insider threat cases leads us to believe these traits may correlate with intentions to engage in malicious behavior.23 After discussing insider threats and the dark triad traits, we present results from an empirical study that illustrate the relationship between the dark triad traits and malicious intent. We then discuss the importance of these results and make recommendations for security managers and practitioners based on our findings.

The Dark Triad and Insider Threats in Cyber Security Read More
envelope and key on smartphone display, illustration - Credit: Shutterstock.com

Security Analysis of SMS as a Second Factor of Authentication

This article provides some insight into the security challenges of SMS-based multifactor authentication: mainly cellular security deficiencies, exploits in the SS7 (Signaling System No. 7) protocol, and the dangerously simple yet highly efficient fraud method known as SIM (subscriber identity module) swapping. Based on these insights, readers can gauge whether SMS tokens should be used for their online accounts. This article is not an actual analysis of multifactor authentication methods and what can be considered a second (or third, fourth, and so on) factor of authentication; for such a discussion, the author recommends reading security expert Troy Hunt’s report on the topic.

Security Analysis of SMS as a Second Factor of Authentication Read More
die with molten circuitry, illustration - Credit: dgtl.escapism

The Die is Cast

While globalization has drastically reduced industry costs by tapping inexpensive labor markets and economies of scale, it has simultaneously opened many windows of opportunity for attackers to maliciously modify hardware without the knowledge of original device manufacturers (ODMs) or their customers.

The Die is Cast Read More
Credit: Shutterstock

Cybersecurity Research for the Future

Nonetheless, while the dark side is daunting, emerging research, development, and education across interdisciplinary topics addressing cybersecurity and privacy are yielding promising results. The shift from R&D on siloed add-on security, to new fundamental research that is interdisciplinary, and positions privacy, security, and trustworthiness as principal defining objectives, offer opportunities to achieve a shift in the asymmetric playing field.

Cybersecurity Research for the Future Read More