Articles on Encryption

Below are my perspectives on encryption, drawn from my work as a security leader and practitioner.

• Social Engineering How to Send Customer Emails That Don't Look Like Phishing
  Many legitimate business emails look indistinguishable from phishing attempts, training customers to accept fraudulent messages. Secure customer messages should avoid deep links, come from validated...
• Cloud How You Can Set up Honeytokens Using Canarytokens to Detect Intrusions
  Honeytokens are data or computing resources that exist solely to alert you when someone accesses them, offering intrusion detection with relatively low false positives. The open source Canarytokens...
• Privacy Security of Third-Party Keyboard Apps on Mobile Devices
  Third-party mobile keyboards with network access can capture keystrokes and transmit them to developers' servers, creating keylogger-like risks. Keyboard developers vary widely in their security...
• Encryption How the Digital Certificates Ecosystem is Being Strengthened
  Several initiatives are strengthening the digital certificate ecosystem: improved certificate revocation checking, EFF's SSL Observatory for cataloging certificates, Google's Certificate Transparency...
• Encryption How Digital Certificates Are Used and Misused
  Digital certificates enable HTTPS communications, software signing, VPNs, and Wi-Fi authentication, but the PKI ecosystem shows weaknesses. Attackers misuse stolen code-signing certificates, CAs...
• Malware Attributing Cyberattack Activities to a Group in India
  Researchers attributed coordinated cyberattacks against South Asian organizations to a group operating from India based on target profiles, decoy document contents, embedded debug strings,...