Your browser identified itself as a version of IE that was often shipped with default settings that were less than secure. Your internet experience could be made more secure by opening Internet Options in your browser, going to the Advanced tab and looking under the security settings for "Use TLS 1.1" and "Use TLS 1.2". Ensure these are turned on (checked). Doing so will enable your browser to support a higher quality of encryption on this and other websites. You will still be able to browse this site without turning on support for TLS 1.1 and 1.2, but we will have to use a lower level of encryption to accomodate you. See this question on Stack Exchange's Superuser forum from 2011 for more details keeping in mind the comments about TLS 1.2 non-support were made many years ago, and things have changed since then.

If the support for better cryptography has been turned on for your browser, thank you, and you can safely ignore this advisory.

Browser Security Alert

It's easy to say that our society needs better cybersecurity. The daily barrage of cyber attacks against companies, government agencies, and individuals has made that that clear enough.

The hard part is finding a path forward— developing a strategy that involves the right stakeholders, addresses the right threats, and strikes the right balance between privacy and security. It seems that for every step we take toward better security, we take a step back as politicians, law enforcement officials, and corporate leaders continue to pursue conflicting agendas.

Read more ...

What happens when someone sees a USB drive lying on the sidewalk? About half of the time, as multiple experiments have demonstrated, the person will pick up the drive, take it home, and plug it into his or her computer.

What happens next depends on what’s on the drive. If it contains identifying information, the finder might return it to its rightful owner. If it contains malware, it might kick off a widespread cybersecurity crisis. If it contains a few gigabytes of classified airport security information, including patrol timetables and maps of the security facilities used by foreign dignitaries, it becomes one of the most embarrassing security breaches of the year.

Read more ...

Two months after it first disclosed the theft of 145 million consumers' personal information, Equifax is still finding ways to make the story worse.

In the latest round of congressional hearings, Richard Smith, Equifax's former CEO, confirmed that the lack of encryption on the stolen data was not caused by an error or oversight, but by a conscious decision not to encrypt. That decision seems questionable, to say the least, given that the people whose data Equifax lost had essentially no say in whether their information was part of the database to begin with.

As perplexing as Richard Smith's testimony may have been, it was the company's new interim CEO, Paulino do Rego Barros Jr., who provided the day's most difficult-to-believe sound bite.

Read more ...

The world got a glimpse of the future in December 2015, when hackers—presumably Russian—shut down a Ukrainian power station, leaving hundreds of thousands of people without electricity.

Although numerous reports had documented the vulnerability of power grids to cyber threats, the Ukraine breach was the first large-scale demonstration of the havoc a hostile organization can create with an attack on public infrastructure. In this case, power was restored after a few hours with relatively little lasting damage. The next time, things may be much worse.

Read more ...