Google

Wired Imagines Our Dystopian Connected Home Future

Over at Wired.com, the ever-provocative Matt Honan has a great little thought exercise on the “nightmare” that could come from connected home technology gone wrong. His piece, The Nightmare on Connected Home Street, is a first person narrative of a man who wakes up to discover he’s transformed into a cockroach  inhabiting a virus infected home. “Technically it’s malware. But there’s no patch yet, and pretty much everyone’s got it. Homes up and down the block are lit up, even at this early hour. Thankfully this one is fairly benign. It sets off the alarm with music I blacklisted decades ago on Pandora. It takes a picture of me as I get out of the shower every morning and uploads it to Facebook. No big deal.” The story goes on to chronicle some of the other dystopian features of connected home malware – the hacked “Dropcam Total Home Immersion” account that […]

Continue Reading

Car Makers, Suppliers Going Their Own Way On Security

I was surprised to see a big feature story over at CNN.com this morning – given that the security of connected vehicles has no obvious link to LA Clippers owner Don Sterling, the on-going shakeup at the Veterans Administration or a tornado or other natural disaster. Still – there it is: “Your car is a giant computer – and it can be hacked.” The feature, by Jose Pagliery is solid enough – though it doesn’t break much new ground. He mentions the research by Chris Valasek and Charlie Miller at The Black Hat Briefings last year. He also talks to the folks over at Security Innovation. [Want more on security and connected vehicles? Check out our video: Insecure At Any Speed: Are Automakers Failing The Software Crash Test? ] The big take-away: automobiles are rife with old and outdated software and hardware, much of it lacking even basic security features  like secure communications […]

Continue Reading

Podcast: Is Defense-In-Depth The Only Real Heartbleed Fix?

Like everyone else, we wrote extensively in the last month about the serious security vulnerability in OpenSSL dubbed “Heartbleed,” which affected many of the world’s leading web sites and services, including Facebook and Google. The large-type headlines about Heartbleed have passed. But that doesn’t mean that the danger has. As we have noted,  we are entering a phase that might be considered Heartbleed’s ‘long tail.’ Most of the well-trafficked websites that were vulnerable to Heartbleed have gotten around to fixing the vulnerability. But public-facing web servers are only the beginning of the story for OpenSSL. Chasing down the vulnerability’s long tail in third-party applications and on internal web sites and applications is a much larger task. As I’ve noted: open source components make their way into all manner of applications and bespoke products these days, often without any effort to assess the security of the borrowed code. For companies that need to protect critical IT […]

Continue Reading

Pew: IoT Will Take Off By 2025, Despite Security Woes

A survey of technology experts by the Pew Research Center and Elon University predicts that the Internet of Things will take off in the next decade despite serious concerns about the security of IoT devices and the data they hold. The IoT will gain wide adoption in the next decade, with the result that many aspects of day-to-day life will be transformed by a combination of inexpensive sensors, cloud based computing and data analytics. The report cites a number of likely innovations that will become commonplace by 2025 – from “smart” food products that can report when they are exhausted or spoiled, to smart roads and infrastructure to “subcutaneous sensors or chips that provide patients’ real-time vital signs to self-trackers and medical providers.” The Pew Center canvassed more than 1600 technology leaders and analysts about the Internet of Things and published the findings of the survey on Wednesday. The survey population included […]

Continue Reading

Tripping Over Heartbleed’s Long Tail

The news about the dreadful Heartbleed OpenSSL vulnerability keeps pumping – almost a month since it first made headlines. But now that other, equally scary security news is stealing the headlines (like the nasty Internet Explorer vulnerability that was announced this week, Heartbleed is taking a back seat. So where do things stand? I think its safe to say that we’re entering a phase that might be considered Heartbleed’s ‘long tail.’ On the one hand: there’s evidence of good news. The Register reported today that data collected by the firm Qualys suggests that almost all websites that were vulnerable to Heartbleed three weeks ago are now patched and no longer vulnerable. The Register’s John Leyden quotes Ristic, the director of engineering at Qualys, putting the percent of web sites, globally, that are still vulnerable to Heartbleed at 1 percent. That’s great news – but I don’t think its the end of the story […]

Continue Reading
1 12 13 14 15 16 31