Lifeboat Foundation

Ensuring security in the software market is undeniably crucial, but it is important to strike a balance that avoids excessive government regulation and the burdens associated with government-mandated legal responsibility, also called a liability regime. While there’s no question the market is broken with regards to security, and intervention is necessary, there is a less intrusive approach that enables the market to find the right level of security while minimizing the need for heavy-handed government involvement.

Imposing a liability regime on software companies may go too far and create unintended consequences. The downsides of liability, such as increased costs, potential legal battles, and disincentives to innovation, can hinder the development of secure software without necessarily guaranteeing improved security outcomes. A liability regime could also burden smaller companies disproportionately and stifle the diversity and innovation present in the software industry.

Instead, a more effective approach involves influencing the software market through measures that encourage transparency and informed decision-making. By requiring companies to be fully transparent about their security practices, consumers and businesses can make informed choices based on their risk preferences. Transparency allows the market to drive the demand for secure software, enabling companies with robust security measures to potentially gain a competitive edge.

Every seven minutes a cyber-attack is reported in Australia.

Millions of Australians have had their data stolen in malicious attacks, costing some businesses tens of millions of dollars in ransom. The federal government is warning the country must brace for even more strikes as cyber gangs become more sophisticated and ruthless.

Continue reading “How cyber-crime has become organised warfare | Four Corners” »

X, formerly known as Twitter, will begin collecting users’ biometric data, according to its new privacy policy that was first spotted by Bloomberg. The policy also says the company wants to collect users’ job and education history. The policy page indicates that the change will go into effect on September 29.

“Based on your consent, we may collect and use your biometric information for safety, security, and identification purposes,” the updated policy reads. Although X hasn’t specified what it means by biometric information, it is usually used to describe a person’s physical characteristics, such as their face or fingerprints. X also hasn’t provided any details about how it plans to collect it.

The company told Bloomberg that the biometrics are for premium users and will give them the option to submit their government ID and an image in order to add a verification layer. Biometric data may be extracted from both the ID and image for matching purposes, Bloomberg reports.

This post is also available in: עברית (Hebrew)

The GhostSec cybergang claims to have breached the FANAP Behnama software, exposing 20GB of data including face recognition and motion detection systems it says are used by the Iranian government to monitor and track its people.

Now the group says it intends to make the data public, “in the interests of the Iranian people, but also in the interests of protecting the privacy of each and every one of us.” Cybersecurity analyst Cyberint commented on the group’s statement, saying that while GhostSec’s actions align with hacktivist principles, they also position themselves as advocates for human rights.

NBC News Global Security Reporter Dan De Luce joins Meet the Press NOW to discuss the latest cyberattack hitting U.S. government agencies.

» Subscribe to NBC News: http://nbcnews.to/SubscribeToNBC
» Watch more NBC video: http://bit.ly/MoreNBCNews.

Continue reading “U.S. hit by cyberattack: ‘Once you plug the dam one place, hackers find some other weakness’” »

I’m excited to share my new opinion article for Newsweek. It advocates for transforming America from a military-industrial complex into a science-industrial complex! Give it a read!

America spends 45 percent of its discretionary federal spending on defense and wars, while around us, the world burns in ways that have nothing to do with fighting or the military. Global warming has escalated into an enormous crisis. A fifth of everyone we know will die from heart disease. And an opioid crisis is reducing the average lifespans of Americans for the first time in decades. There’s plenty of tragedy, fear, and hardship all around us, but it has nothing to do with the need to make more bombs. It does, however, have to do with science.

It seems obvious America should do something different than spend so much of its tax dollars on defense. We should consider halving that money, and directing it to science, transforming America from a military-industrial complex into a science-industrial complex. Despite science and technological progress being broadly responsible for raising the standard of living around the world over the last 50 years, America spends only 3 percent of its GDP ($205 billion) on science and medical research across the federal government. Notably, this is dramatically less than the $877 billion the U.S. will spend on defense this year.

Continue reading “Could We Transform America Into a Science-Industrial Complex?” »

Canada: The European Society of Cardiology (ESC) has taken a significant stride in the field of heart failure management with a focused update to their heart failure guidelines. This update incorporates crucial data from nearly a dozen new clinical trials that have been published since 2021. The trials include notable studies such as EMPEROR-Preserved, DELIVER, STRONG-HF, IRONMAN, and more. The updated guidelines, which were unveiled on the opening day of the ESC Congress 2023, offer novel recommendations related to the use of SGLT2 inhibitors in patients with heart failure and updates on comorbidity management.

New Recommendations:

Top technology stories: US government launches new AI cybersecurity challenge; China outlines new rules for facial recognition technology; How to make AI more energy efficient.

• Encryption and segmentation: These operate on the assumption some fraction of the network is already compromised. Restricting the reach and utility of any captured data and accessible networks will mitigate the damage even on breached systems.

• SBOM documentation: Regulatory compliance can be driven by industry organizations and the government, but it will take time to establish standards. SBOM documentation is an essential foundation for best practices.

If “democracy dies in darkness,” and that includes lies of omission in reporting, then cybersecurity suffers the same fate with backdoors. The corollary is “don’t roll your own crypto” even if well-intentioned. The arguments for weakening encryption to make law enforcement easier falls demonstrably flat, with TETRA just the latest example. Secrets rarely stay that way forever, and sensitive data is more remotely accessible than at any time in history. Privacy and global security affect us all, and the existence of these single points of failure in our cybersecurity efforts are unsustainable and will have unforeseeable consequences. We need to innovate and evolve the internet away from this model to have durable security assurances.