Tag: Policy

North American firms may be early targets of EU regulators once the GDPR data privacy laws go into effect in May, 2018.

US Firms May Be Early GDPR Targets

Large US firms may be among the first targets of EU regulators once the General Data Protection Rule goes into effect. (Editor’s Note: this blog post first appeared on Digital Guardian’s Digital Insider blog. You can read the full post here. )

Podcast: Infosec has a #MeToo Problem also TOR-ifying Wikipedia

Podcast: Infosec has a #MeToo Problem also TOR-ifying Wikipedia

In this week’s Security Ledger Podcast, we talk with Genevieve Southwick, CEO of the B-Sides Las Vegas hacker conference about the information security industry’s #metoo problem and what steps conference organizers are taking to stem sexual assault and harassment at information security events. Also: researcher Alec Muffet talks with us about making a TOR version of Wikipedia (and why it’s not sticking around). Finally, Martin McKeay of Akamai talks about the state of Internet security one year after Mirai. (Spoiler alert: Mirai is still a problem.) Podcast: Play in new window | DownloadSubscribe: Android | RSS

Experts testifying before the House Energy and Commerce Committee about the impact of data breaches on online authentication. (Image courtesy of US House of Representatives.)

Congress told Breaches, Sharing Spell End of Authentication by What We Know

The days of logging into a web site or application with nothing more than facts stored in your brain are nearing their end, pushed to extinction by the unrelenting pace of information sharing online and an equally unrelenting storm of data breaches that expose that data.

Dev Ops Secrets are a major source of breaches, including the recent hack of Uber. We speak with Elizabeth Lawler of CyberArk about it.

Podcast: Uber Breach Puts Focus on Securing DevOps Secrets

The hack of Uber and the loss of information on 57 million customers is just the latest security incident stemming from what our guest Elizabeth Lawler calls “DevOps secrets” – valuable credentials, APIs and other sensitive information that often end up exposed to the public as a result of lax continuous development operations. In this Spotlight Edition* of The Security Ledger Podcast, sponsored by CyberArk, we talk with Elizabeth about how to contain DevOps secrets and secure the secret super user lurking in modern organizations: highly privileged application code.  Podcast: Play in new window | DownloadSubscribe: Android | RSS

Germany wants to destroy kids' smart watches. Why?

Podcast: Why Germany wants Smart Watches destroyed and One Nation Under Trolls

In this week’s Security Ledger podcast, sponsored by our friends at CyberArk, we talk about the German government’s recent decision to declare kids smart watches “surveillance devices” and to order their destruction. Also: Adrian Shabaz of Freedom House comes in to talk to us about the latest Internet Freedom report, which finds that governments are increasingly manipulating online content to shape online discussions and even the outcome of elections at home and abroad. And finally: leaked credentials in a GitHub repository may have been behind Uber’s loss of information on some 50 million customers. In a preview of a Security Ledger spotlight podcast, we hear from Elizabeth Lawler of CyberArk about the proliferation of so-called “Dev Ops secrets” and how companies need to do a better managing the permissions assigned to applications.  Podcast: Play in new window | DownloadSubscribe: Android | RSS