Author: Lou Covey

The problem with proxies

Proxies are absolutely crucial to the operation of the internet, but they also represent a clear and present danger to users. Finding that balance is pretty much a full-time job for cybersecurity. The recent Amazon Web Services (AWS) and Microsoft Azure outages are good examples of that.

Amazon explained the outage was caused by “failing intermediaries” monitoring system health, preventing proper traffic routing. Another word for intermediaries is “proxies”. When the monitoring subsystem malfunctioned, health check updates were not propagated properly, causing backend servers to appear offline even when they were active, which invalidated DNS lookups. This created a cascading failure.
Likewise, the Azure outage was caused by a misconfiguration of the proxy Front Door, a global entry point for content delivery network functionality, load balancing, and application acceleration.

How Proxies Function

When a user wants to access a website, the request goes to the proxy server instead of going directly to the internet. The proxy server receives the request, then forwards it to the target website. It modifies the request header to hide the user's original IP address.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here
Read more...

Bolaji Ojo and renewed importance of the press

Technology journalism, like the rest of journalism,has struggled for most of the 21st century. The advent of AI generated content his restoring the value of professional journalists. It is crucial not just to democracies but to business success.

One of the most prolific and successful technology journalists is Bolaji Ojo. He has headed editorial efforts for the EETimes, AspenCore Media, the recently closed Ojo-Yoshida Report and the now-defunct EBN. Some of those titles may be foreign to people in the cybersecurity world, but not to executives in the electronics world that cybersecurity rests upon. Cyber Protection Magazine's chief editor talked with him this week.

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here
Read more...

Scam Bucket: The Docusign scam is back

For almost a decade and generally in the summer and early fall, email boxes get hit with several phishing attempts claiming to be from Docusign. This reporter received seven just in the past few weeks. It seems appropriate to give out a few tips about how to recognize them, avoid dealing with them and what you may have to do if you clicked on the link.

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here
Read more...

Credibility and fortunes at risk with AI

The failure of the current iteration of generative AI to live up to its promises is putting severe strain on its credibility. A collapse could result in the destruction of personal wealth on a massive scale. While it is probably a given that the artificial intelligence (AI) industry is here to stay, questions are many. What form will survive, what will it really cost, and what is the near-term effect on other sectors like the cybersecurity industry?
There are more than 5,000 cybersecurity tool providers and thousands more MSSPs and all of them, in some form, are reliant on AI to some degree. Cybersecurity marketing, investment, and especially technology development could be a disastrous dependency… or not.
AI startup funding reached $333 billion in 2024 AI in 2024. Global venture capital funding for generative AI reached approximately $45 billion in 2024, from $24 billion in 2023 AI Investment Trends 2025. AI-related investments accounted for 33 percent of total investments into VC-backed companies in the U.S. This year, global venture capital investment in generative AI appears ready to dwarf those totals, with $49.2 billion in the first half of 2025. It is on track to exceed $100 billion this year .
The big knock on AI is the lack of an effective infrastructure to support the claims the AI companies are making on potential uses. In response, tech giants are making massive infrastructure investments: More than $300 billion has been invested this year on AI infrastructure tech megacaps plan to spend more than $300 billion in 2025 as AI race intensifies.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here
Read more...

Deepfakes in legal fraud unaddressed

Stopping fraud is a major focus of cybersecurity is criminal fraud. Largely, the industry is winning that war. Nowhere is that protection more successful than in combatting deepfake crime, even though industry marketing is geared to promote fear over success. Where deepfakes are causing the real problem is in legal fraud.

Digital fraud represents 0.02 percent of all fraud claims according the National Crime Insurance Bureau (NCIB). While there is evidence that criminal use of AI is increasing the number of attacks, the number of successful attacks is too low to warrant recording.

Deepfake crime a trifle

The FBI’s Internet Crime Complaint Center (IC3) lumps all forms of online fraud into a single category. Even so, the IC3 fielded 859,532 complaints of suspected internet crime in 2024. Of those complaints, 256,256 incidents resulted in actual monetary losses, representing an average loss of $19,372 per complaint. Overall, the reported losses exceeded $16.6 billion, a 33% increase from 2023. However, the top three cybercrimes in 2024 reported to IC3 were phishing/spoofing, extortion, and personal data breaches. None of those required the use of deepfake technology, and rarely did.

Extrapolating the data from NCIB with IC3’s indicates successful deepfake fraud cases were less than 50 in total in 2024 with 94% of those occurring during a spike of activity between November and December 2024.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here
Read more...

AI chaos creates MCP hole

The AI industry is an absolute mess. The technologies necessary for its operation are siloed and opaque to customers without the technical skills to understand them. The chaos of model context protocol (MCP) adoption is a case in point.

Anthropic’s created MCP and released last November). The companies chatbot, Claude, said the protocol “bridges the gap between AI models and the external world.” More simply, it is an AI application integrator. MCP servers are supposed to do this securely without giving access to sensitive areas of a user's computer or network. Multiple reports from security researchers say it fails miserably in that effort. That makes current agentic AI technology development dangerous. Undaunted, corporate momentum and boardroom ignorance is driving it forward.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here
Read more...