Here we go again. A major zero day vulnerability in a widely deployed application, Internet Explorer, has been discovered. The usual cycle of discovery-disclosure-patch-announcement-exploitation has bee reversed this time. FireEye Research Labs discovered the exploit being actively used in what they have dubbed “Operation Clandestine Fox.” The fact that a zero day in IE6 through…
Last year SafeNet sponsored my work on a project to develop the Breach Level Index (BLI). The BLI is designed to provide a simple way to input publicly disclosed information on data breaches and calculate a score indicating breach severity. I looked at other scales that had been created such as wind severity classified by the…
This week the White House felt the need to formalize statements the President has made on responsible disclosure. They did so through a blog post penned by Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator. Daniel acknowledges the issue, partly highlighted by the insinuation that the HeartBleed bug may have been known and used…
Earlier today, the United States Supreme Court heard oral argument in two cases involving police authority to search the contents of cell phones without a warrant after they have arrested the person possessing the phone. To the police, the answer is simple. After a person is arrested, the police have the authority to frisk them,…
LA Clippers owner Donald Sterling is in a lot of hot water over remarks he made to his ex-girlfriend, V. Stiviano (aka María Vanessa Perez, aka Monica Gallegos, aka Maria Monica Perez Gallegos, aka Maria Valdez), which Stiviano apparently recorded and intends to use as leverage in connection with a multimillion dollar lawsuit filed by…