Gov. Jerry Brown on Sept. 28 signed into law S.B. 327, which will ban companies from selling Internet-connected devices with weak or default passwords, such as “Password” or “1234567.” Instead, beginning on Jan. 1, 2020, all devices must have a “preprogrammed password [that] is unique to each device manufactured.” A primary concern with weak pre-programmed passwords is that users don’t change them to strong, unique passwords after purchasing the device. […]
Akamai today released an Attack Spotlight recounting how it mitigated the largest distributed denial of service (DDoS) attack in its history. Earlier this year, an Akamai client, an unnamed software company, was the target of a massive DDoS attack–one that broke the 1 terabyte per second threshold for the first time.[…]
Welcome to MeriTalk News Briefs, where we bring you all the day’s action that didn’t quite make the headlines. No need to shout about ‘em, but we do feel that they merit talk.
The National Institute of Standards and Technology (NIST) is seeking nominations for new members of various Federal boards, including the Information Security and Privacy Advisory Board (ISPAB). NIST listed the eight Federal advisory boards with openings, which also include the NIST Smart Grid Committee, and the Visiting Committee on Advanced Technology, in a Federal Register notice.[…]
Not all bots are bad. But in the wrong hands, botnets can be commanded to do some very nefarious things, like Distributed Denial of Service–DDoS–attacks to disrupt and bring down websites. There are also malware-based bots that are increasingly being used to steal data and personal information.[…]
Organizations will be able to alert one another about incoming distributed denial of service attacks through one network “sooner rather than later,” according to Erin Chapman, program manager at Galois. The company is working with the Department of Homeland Security Science and Technology Directorate to create a tool that will help partners stop DDoS attacks from spreading.[…]