Technology

iPhone TouchID Falls To Well-Known Hack

Apple’s Touch ID may be the new thing when it comes to signing on to your iPhone. But the underlying finger print scanning technology proved vulnerable to a very old-school attack, according to information posted by the German hacking crew The Chaos Computer Club (CCC). The group announced late Saturday that it was able to successfully bypass TouchID with a fake fingerprint, lifted from a glass surface. “This demonstrates – again – that fingerprint biometrics is unsuitable as access control method (sp) and should be avoided,” the group wrote in blog post announcing the compromise. Apple’s Touch ID biometric sign-on was the major new feature in the just-released iPhone 5S (the feature is not offered for the lower-cost 5C, which was also just announced.) The feature makes use of technology Apple acquired in July 2012 with the firm AuthenTec, and its addition to the iPhone line was no surprise. But […]

Continue Reading

Podcast: Securing The Internet of Things

One of the most vexing problems created by the fast-evolving Internet of Things is how to secure the massive trove of data that is transmitted and then stored by smart devices such as automobiles, consumer and household electronics and personal devices. As we’ve seen, private sector firms have been aggressive in leveraging new technology to connect their products to the Internet. But less thought has been given to the security and privacy implications of doing so. Now people are starting to take notice. In recent weeks,  the FTC settled a case with a California firm, TRENDNet over balky home surveillance cameras they sold – cameras that were discovered to be easily discoverable and hackable from the public Internet. But, with so many cooks in the IoT kitchen (so to speak), where does responsibility for securing technology lie? Recently, I chatted with an expert on security and the Internet of Things. […]

Continue Reading

APT-For-Hire: Symantec Outs Hidden Lynx Hacking Crew

This site and others have been writing about the “Advanced Persistent Threat” problem, which has generally been treated as a euphemism for the government and military of The People’s Republic of China or – in some cases – Russia, Iran, North Korea or other un-friendlies. Firms like Mandiant have taken pains to separate the concept of APT from run of the mill cyber criminal hacking groups whose motivation is profit, rather than the acquisition of information that can be used to advance geopolitical or economic goals. Cyber criminal groups may well use “advanced” in their attack methods and “persistent” in their efforts to compromise victim networks, but they weren’t “APT.” Now Symantec Corp. has put a fly into that ointment: publishing a report that pulls the covers off an APT group dubbed “Hidden Lynx” that it claims is responsible for some of the most sophisticated and large scale hacks of […]

Continue Reading

Welcoming A New Sponsor: Mocana

You’ll notice some new artwork gracing The Security Ledger this week, and that’s because we’ve welcomed a new sponsor to the family: Mocana. I’d like to officially welcome them to the Security Ledger family.   This is a big win for Security Ledger.  Mocana will join Veracode, The Trusted Computing Group and Gemalto in underwriting The Security Ledger’s coverage of IT security news and the intersection of security with The Internet of Things (IoT). But we also win the support of a company that is all about IoT.   If you haven’t already checked out Mocana, I’d urge you to do so. Launched in 2004, the company’s expertise is in securing non-traditional endpoints. Mocana’s Device Security Framework, a suite of device-resident security software that is embedded into devices during the manufacturing process. DSF is a platform that supports a wide range of security functions, both through Mocana-created security modules and support of other […]

Continue Reading

World-is-Flat Author Weighs In On Internet Of Things

Those of you who don’t religiously read the Op-ed page of The New York Times, but who are interested in the Internet of Things, probably want to surf on over to the Times’s web site to check out Thomas Friedman’s opinion piece “When Complexity Is Free” from the Sunday Times. There are a couple of points, here. Friedman is one of the most astute observers of the geopolitical zeitgeist. His 2005 book The World Is Flat talked about the confluence of technologic innovation, the Internet and economic globalization. It is one of the most widely read works of “business writing” of the last century and helped explain, for the public and policymakers, the tectonic changes taking place in emerging and mature economies worldwide. Friedman’s stature as a trend-spotter (see #1) means that, when he says something is important (as he did with IoT this week) important folks take notice. In the […]

Continue Reading
1 60 61 62 63 64