Surveillance, privacy, and data mining
As data and metadata about individuals is collected and analyzed, can individuals maintain
their privacy? Does the fact of increasingly powerful, valuable, and compelling services necessarily
mean that privacy must be lost in order to take advantage of them?
Cloud data control and ownership
What systems and operators should be trusted, and for what properties? Can an individual
retain meaningful control over use of his or her data if it is stored and processed elsewhere? What data
will providers process, and what data will be encrypted to protect against undesired use and
access by the providers that store it?
Loss, theft, or failure of devices
With a valuable and powerful mobile device holding the keys to an individual's digital
identity, what happens if the
device is lost or stolen, or breaks down? It's necessary
to provide users with means for users to recover their
information and access rights easily and effectively, without providing attackers with shortcuts
that enable them to take over identities.
Malware as an economy
Malware has evolved from the realm of pranks into a monetized economy supporting
widespread cybercrime, and extends to government-level attackers perpetrating
sophisticated Advanced Persistent Threats (APTs). Attackers provide and sell attack
components and supporting services to other attackers.
Malware controls lose effectiveness
As attacks become more dynamic, static malware controls
like antivirus signature checks become less effective. Some organizations start to
emphasize responses to successful attacks rather than expecting to prevent them.
Exposed shortly before this site's preparation,
took advantage of an implementation
flaw in the OpenSSL library's implementation of the TLS heartbeat function. It enabled attackers
to obtain sensitive data from a server's memory, beyond the boundaries of a message buffer.
US National Security Agency (NSA) surveillance disclosures (2013)
CryptoLocker malware (2013)
This ransomware infects computers, typically via downloaded email attachments.
It encrypts accessible copies of a user's data files in local and networked storage,
and releases the key needed to decrypt the data only after an an anonymous payment is made.
DigiNotar and PKI vulnerabilities (2011)
was a PKI Certification Authority (CA) based in the
Netherlands. An attacker penetrated DigiNotar's systems and was able to generate fraudulent certificates
enabling many prominent sites to be impersonated.
Heartland Payment Systems (2009) and TJ Maxx (2007) credit card data breaches
stole credit card data
from a payment processor, potentially exposing up to 100 million credit cards. This event
was thought to be the largest exposure of credit card information to that time, more than twice the
earlier breach at retailer TJ Maxx
that had been considered as the prior record.