MIT's Time-Sharing Computer

Passwords Evolved: Authentication Guidance for the Modern Era

Here’s the bigger picture of what all this guidance from governments and tech companies alike is recognising: security is increasingly about a composition of controls which when combined, improve the overall security posture of a service. What you’ll see across this post is a collection of recommendations which all help contribute to a more robust solution by virtue of complementing one another.

Read More
Ray Holt - Photograph: William Widmer

The Secret History of the First Microprocessor, the F-14, and Me

This is the story, then, of how another first microprocessor, a secret one, came to be—and of my own entwinement with it. The device was designed by a team at a company called Garrett AiResearch on a subcontract for Grumman, the aircraft manufacturer. It was larger, it was a combination of six chips, and it performed crucial functions for the F-14 Tomcat fighter jet, which celebrates the 50th anniversary of its first flight this week.

Read More
complex traffic signals - Credit: Palm Jumeirah Guides

Securing Internet Applications from Routing Attacks

This article provides a new perspective by showing that routing attacks on Internet applications can have even more devastating consequences for users—including uncovering users (such as political dissidents) trying to communicate anonymously, impersonating websites even if the traffic uses HTTPS, and stealing cryptocurrency. This article argues that the security of Internet applications and the network infrastructure should be considered together, as vulnerabilities in one layer led to broken assumptions (and new vectors for attacks) in the other.

Read More
computers at edge of crator, illustration - Credit: Novikov Aleksey

Cybersecurity: Is It Worse than We Think?

[In this article, we] seek to complement the myriad security research notes by investigating specific cybersecurity practices within organizations to evaluate where organizations are showing improvement, where they are stagnant, and what may be influencing these changes. Our results confirm that cyber-security continues to receive attention on the surface, but when looking beyond surface-level impressions a surprising lack of progress is being made.

Read More
The Dark Triad, illustration - Credit: Alicia Kubista / Andrij Borys Associates

The Dark Triad and Insider Threats in Cyber Security

In this article, we focus on a set of pathological personality traits known as the dark triad. Evidence from recent insider threat cases leads us to believe these traits may correlate with intentions to engage in malicious behavior.23 After discussing insider threats and the dark triad traits, we present results from an empirical study that illustrate the relationship between the dark triad traits and malicious intent. We then discuss the importance of these results and make recommendations for security managers and practitioners based on our findings.

Read More
binary code on colorful background - Credit: Alesanko Rodriguez

The Life of a Data Byte

This article also travels in time through various storage media, diving into how data has been stored throughout history. By no means does this include every single storage medium ever manufactured, sold, or distributed. This article is meant to be fun and informative but not encyclopedic. It wraps up with a look at the current and future technologies for storage.

Read More
envelope and key on smartphone display, illustration - Credit:

Security Analysis of SMS as a Second Factor of Authentication

This article provides some insight into the security challenges of SMS-based multifactor authentication: mainly cellular security deficiencies, exploits in the SS7 (Signaling System No. 7) protocol, and the dangerously simple yet highly efficient fraud method known as SIM (subscriber identity module) swapping. Based on these insights, readers can gauge whether SMS tokens should be used for their online accounts. This article is not an actual analysis of multifactor authentication methods and what can be considered a second (or third, fourth, and so on) factor of authentication; for such a discussion, the author recommends reading security expert Troy Hunt’s report on the topic.

Read More