Articles on Encryption

Below are my perspectives on Encryption, drawn from my work as a security leader and practitioner.

• Social Engineering How to Send Customer Emails That Don't Look Like Phishing
  Many legitimate business emails look indistinguishable from phishing attempts, training customers to accept fraudulent messages. Secure customer messages should avoid deep links, come from validated...
• Privacy Security of Third-Party Keyboard Apps on Mobile Devices
  Third-party mobile keyboards with network access can capture keystrokes and transmit them to developers' servers, creating keylogger-like risks. Keyboard developers vary widely in their security...
• Encryption How the Digital Certificates Ecosystem is Being Strengthened
  Several initiatives are strengthening the digital certificate ecosystem: improved certificate revocation checking, EFF's SSL Observatory for cataloging certificates, Google's Certificate Transparency...
• Encryption How Digital Certificates Are Used and Misused
  Digital certificates enable HTTPS communications, software signing, VPNs, and Wi-Fi authentication, but the PKI ecosystem shows weaknesses. Attackers misuse stolen code-signing certificates, CAs...
• Malware Attributing Cyberattack Activities to a Group in India
  Researchers attributed coordinated cyberattacks against South Asian organizations to a group operating from India based on target profiles, decoy document contents, embedded debug strings,...
• Encryption Confusing the Padlock and the Favicon in the Web Browser
  Attackers can display padlock-shaped favicons to fool users into thinking non-HTTPS connections are secure. Chrome and Firefox addressed this by removing favicons from the URL bar, while Internet...