Articles by: Paul
I'm an experienced writer, reporter and industry analyst with a decade of experience covering IT security, cyber security and hacking, and a fascination with the fast-emerging "Internet of Things."

Clueless Clause: Insurer Cites Lax Security in Challenge to Cottage Health Claim

May 26, 2015 12:440 comments
Clueless Clause: Insurer Cites Lax Security in Challenge to Cottage Health Claim

In-brief: In what may become a trend, an insurance company is denying a claim from a California healthcare provider following the leak of data on more than 32,000 patients. The insurer, Columbia Casualty, charges that Cottage Health System did an inadequate job of protecting patient data.  Like this:Like Loading…

Read more ›

The Evolving CISO: A Conversation with Dell’s Alan Daines

May 22, 2015 17:130 comments
The Evolving CISO: A Conversation with Dell’s Alan Daines

In-brief: Tune in to our conversation with Dell CISO Alan Daines on Friday, May 29th at 1:00 PM ET. Click the image above to register!  Like this:Like Loading…

Read more ›

IEEE Proposes Standards For Safe, Connected Health Products

May 21, 2015 13:000 comments
The IEEE and NSF have published what they're calling a "building code" for connected health devices.

In-brief: a new publication by IEEE lays out a “building code” for medical device makers to help address security and privacy issues in products.  Like this:Like Loading…

Read more ›

NetUSB, IoT and Supply Chain Risk

May 20, 2015 12:290 comments
NetUSB, a common software component for many embedded devices was found to have a serious, exploitable vulnerability. What other problems lurk in the global supply chain?

If you want an object lesson in the dangers that await us on the Internet of Things, check out SEC Consult’s write up on NetUSB, a widely used technology developed by an obscure Taiwanese company that just happens to contain a nasty, remotely exploitable vulnerability. According to this alert, published on Tuesday, NetUSB “suffers from a remotely exploitable kernel stack buffer overflow” that could be used to run malicious code on affected devices. Even worse: the NetUSB component is ubiquitous – found in a long list of devices, from low-end wireless access points and broadband routers for small office and home office deployments to what SEC Consult called “high end devices…released very recently.” Networking devices from 26 vendors, including TP-Link, NetGear and others were found to use the NetUSB technology in their products. The vulnerability discovered by SEC Consult is straight-forward enough. According to their advisory, the NetUSB code does an inadequate […]

Read more ›
%d bloggers like this: