Technology

Zombies Gone, Problems Persist With Emergency Alert System

More than six months after hacked Emergency Alert System (EAS) hardware allowed a phony warning about a zombie uprising to air in several U.S. states, a security consulting company is warning that serious issues persist in software from Monroe Electronics, whose equipment was compromised in the earlier attack. Software updates issued by Monroe to fix security problems with earlier versions of its software have introduced serious, new issues that could once again allow EAS devices to be compromised by a remote hacker, according to a post by Mike Davis, a researcher at the security firm IOActive on Thursday. Patches issued by Monroe Electronics, the Lyndonville, New York firm that is a leading supplier of EAS hardware, do not adequately address problems raised by Davis and others earlier this year, including the use of “bad and predictable” login credentials. Further inspection by Davis turned up other problems that were either missed […]

Continue Reading

Printable Smart Labels Warn When The Milk’s Gone Bad

What’s been called “The Internet of Things” or “The Internet of Everything” is a revolution in computing that has seen the population of Internet connected “stuff” skyrocket. By 2020, there will be an estimated 50 billion devices connected to the Internet (or whatever its called then). Today, the list of IP-enabled stuff is already long: phones, automobiles, household appliances, clothing. But, under the hood, a lot of these devices really aren’t much different from the PCs that grace our desks. They have hard drives, CPUs, memory, input devices, and so on. Most are still assembled in factories by humans and machines. This can be done cheaply and, in some cases, automated. But it’s still a labor-intensive and expensive process. But what if you could just “print” working electronics like, say, The New York Times prints its daily newspaper (at least for now!)?   That would change everything. For one thing: […]

Continue Reading

News Roundup: Plundering The Internet Of Things

There were two interesting pieces on the fast-evolving topic of security and the Internet of Things that are worth reading. The first is a long piece by Bob Violino over at CSO that takes the pulse of the IoT and security question right now. The big picture: its early days, but that there are some troubling trends.   The vast expansion of IP-enabled devices is matched by a lack of security know-how at device makers, Violino writes. And, as the environment of “smart devices” grows, the interactions between those devices become more difficult to anticipate – especially as devices start sharing contextual data and taking actions based on that data. “As machines become autonomous they are able to interact with other machines and make decisions which impact upon the physical world,” notes Andrew Rose, a principal analyst at Forrester Research Inc. in Cambridge, Mass. Rose says. “But these are coded by […]

Continue Reading

IT Risk And The Zombie Apocalypse: Surviving The Onslaught

One of the most vexing problems that faces IT organizations these days is how to measure their relative risk of being hacked or otherwise attacked. This sounds like pretty dry stuff, but it’s not. Failing to adequately account for your risks and exposure can mean the difference between swatting away an annoying intrusion attempt, and watching as foreign competitors or nation-states siphon off your critical intellectual property, bleeding your company of its competitiveness. But raising the alarm about this is always a tricky matter. Soft pedal it, and nobody takes you seriously. Scream from the rafters and …well…you’re screaming from the rafters. My friend and former colleague Josh Corman, however, found a good metaphor for the whole affair: the ZOMBIE APOCALYPSE. It’s all a bit of fun – though Mr. Corman is dead serious about the zombie stuff. Still, the idea is simple: attacks on your network and those of […]

Continue Reading

Google Will Use Cash To Clean Up Open Source

The widespread use of vulnerable or buggy third party code is serious problem facing public and private sector organizations, alike. Just this week, for example, The Wall Street Journal reported that an independent audit of Healthcare.gov, the star-crossed Federal Government website that is the primary health exchange in more than 30 states, is choking on poorly integrated or extraneous code that “served no purpose they could identify.” But what happens when the third-party code in question is open source code? Things get more complex. For one thing: open source is the salt and pepper of the software world: a common ingredient in applications of all sorts. And, as security researchers have noted: many of the so-called “smart devices” that are populating the physical world run variants of Linux, the open source operating system. But because those source code repositories are managed cooperatively and collectively by volunteers, security often takes a […]

Continue Reading
1 57 58 59 60 61 64