Browsing Tag

Information Security

General

Machine Learning Threat Taxonomy

In the last two years, more than 200 papers have been written on how Machine Learning (ML) can fail because of adversarial attacks on the algorithms and data; this number balloons if we were to incorporate non-adversarial failure modes. The spate of papers has made it difficult for ML practitioners, let alone engineers, lawyers and policymakers, to keep up with the attacks against and defenses of ML systems. However, as these systems become more pervasive, the need to understand how…

Continue Reading

General

Are Cryptographers Being Denied Entry into the US?

Why Are Cryptographers Being Denied Entry into the US? - Schneier on Security (Schneier on Security ) In March, Adi Shamir -- that's the "S" in RSA -- was denied a US visa to attend the RSA Conference. He's Israeli. This month, British citizen Ross Anderson couldn't attend an awards ceremony in DC because of visa issues. (You can listen to his recorded acceptance speech.) I've heard of two other prominent cryptographers who are in the same boat. Is there…

Continue Reading

General

NIST Proposes Privacy Framework to Help Make Sense of Global Privacy Regulations

NIST Proposes Privacy Framework to Help Make Sense of Global Privacy Regulations by Stephanie Hazlewood (Security Intelligence) In October 2018, NIST, collaborating with public and private stakeholders, started drafting its privacy framework. The framework is intended to serve as a guide for chief information security officers (CISOs), chief privacy officers (CPOs) and other internal privacy stakeholders and is geared toward helping them improve their organizational privacy posture. Like the NIST Cybersecurity Framework introduced in 2014, organizations that choose to comply…

Continue Reading

General

BGP hijackers made $29M

How 3ve’s BGP hijackers eluded the Internet—and made $29M by DAN GOODIN Members of 3ve (pronounced "eve") used their large reservoir of trusted IP addresses to conceal a fraud that otherwise would have been easy for advertisers to detect. The scheme employed a thousand servers hosted inside data centers to impersonate real human beings who purportedly "viewed" ads that were hosted on bogus pages run by the scammers themselves­ -- who then received a check from ad networks for these…

Continue Reading