Electronics

Supply Chain Risk Escapes Notice At Many Firms

Online attacks that come by way of suppliers and other third party business partners are one of the biggest threats that modern organizations face. But too few firms are giving supply chain security the attention it deserves, a panel of legal and information security experts told attendees at a cyber security forum in Boston on Wednesday. Companies need to protect their exposure through third parties better, according to the panel: beefing up auditing of internal- and partner assets and including contractual protections that will indemnify them in the event that a breach at a supplier or business partner exposes data that materially affects their firm. The panel, “Fortifying the Supply Chain,” was part of a day long event at The Federal Reserve in Boston and sponsored by the Advanced Cyber Security Center, a technology industry consortium. It brought together top legal and information security experts, including FireEye researcher Alex Lanstein and Jim Halpert, the […]

Continue Reading

Is IoT Innovation Outpacing Our Ability To Keep It Safe?

GigaOm has an interesting, high-level piece that looks at the issue of law, liability and the Internet of Things. The article takes off from a discussion at the Download event in New York City earlier this month, wondering whether adoption of Internet of Things technologies like wearables is starting to run far ahead of society’s ability to manage them.   Specifically: is the pace of technology innovation outstripping the ability of our legal system to reign in excess and protect public safety and civil liberties? On the list of ‘what-if’s’ are some familiar questions: How to assign liability. (“If one of Google’s automated cars crashes, is it the fault of the driver or Google?”) Read more Security Ledger coverage of Internet of Things here.  What responsibility to users have to take advantage of safety features in connected products? (Does a parent’s failure to password-protect a baby monitor change the manufacturer’s liability when and […]

Continue Reading

The IoT Comes To Chicago: IoT World Forum

The Internet of Things is increasingly an industry unto itself, with the conferences to prove it. And “no,” I’m not just talking about The Security of Things Forum – Security Ledger’s own IoT and security show. (Videos from our first annual show are now available, by the way. Register to view them here.) No: there are forums and symposiums focused on all different aspects of IoT: smart cities, design, wearables, and so on. There’s O’Reilly’s Solid, GigaOm Structure and any number of smaller, regional events. I’m at one of the more prominent IoT shows this week: The Internet of Things World Forum (IoTWF), which is sponsored by Cisco Systems. I’m moderating a really interesting panel that addresses a critical issue: the ways in with information technology (IT), operations technology (OT) and consumer technology (CT) converge in the IoT. These are three areas that, until recently, were separate. But a variety of developments […]

Continue Reading
Philips Hue Lightbulbs

AllSeen Alliance Announces Smart Lighting Framework

Smart lightbulbs aren’t anything new. In fact, products like the Philips Hue bulb have been in the market for years. The devices, which typically couple a standard incandescent or CF bulb with a wireless transmitter, allow lights to be managed via mobile device and also respond to environmental changes monitored by other sensors. But – as with much of the Internet of Things – each family of smart bulbs is something of an island: interacting- and communicating mostly with other smart home products from the same manufacturer. That’s good for the lightbulb maker, but bad for smart home advocates, see out-of-the box connectivity across product silos as a precursor to broad adoption of smart home technologies.   It’s also been the case that the products that have been released have often fallen short in areas like security. In August, 2013, security researcher Nitesh Dhanjani disclosed a proof of concept hack […]

Continue Reading

Supply Chain Risk: Raspberry Pi Device Used for War Shipping

An interesting post on supply chain security over at Security Affairs. The post looks at a new approach to supply chain surveillance (and, presumably, attacks): ‘war shipping.’ War shipping is, of course, a play on the ‘war driving’ scene from the early days of consumer wifi, in which cars outfitted with antennae would canvas whole cities, documenting open wi-fi hotspots that could be used to grab some free Internet. In this case, Security Affairs notes a shippable board-sized package designed by security expert Larry Pesce of Paul’s Security Weekly (fka Pauldotcom). The device can be contained in a standard UPS shipping box and delivered to a target network to passively surveil or even attack it. The kit is built on a Raspberry Pi b_ with an AWUS051NH wireless card, a cheap battery charger, kismet and custom software. Pesce demonstrated the device at Derbycon, a Louisville, Kentucky based event last month. The device includes both […]

Continue Reading
1 6 7 8 9 10 22