Google

IoT And Big Data To Create Insurance Industry Winners, Losers

This blog writes a lot about risk and the Internet of Things. Specifically: we talk about how smart, sensor rich, connected devices create all kinds of new risks for enterprises and consumers. It goes without saying that feature development (and adoption) are running well ahead of pesky issues like secure design and deployment or data privacy. Smart companies are trying to put some brakes on that trend. (Witness Google prohibiting sensitive health data from its Android Wear platform.) But, by and large, companies are plowing ahead into IoT technologies without a lot of consideration of the risks. But there’s one industry where risk _is_ the business: the insurance industry. And there, the thinking about the potential of Internet of Things is decidedly bullish. In fact, a recent report from the financial services research firm Celent (paywall) suggests that broad adoption of IoT technologies will revolutionize the way insurance companies market and sell to […]

Continue Reading

History Suggests Heartbleed Will Continue To Beat

The SANS Internet Storm Center dialed down the panic on Monday, resetting the Infocon to “Green” and citing the increased awareness of the critical OpenSSL vulnerability known as Heartbleed as the reason.   Still, the drumbeat of news about a serious vulnerability in the OpenSSL encryption software continued this week. Among the large-font headlines: tens of  millions of Android mobile devices running version 4.1 of that mobile operating system (or “Jelly Bean”) use a vulnerable version of the OpenSSL software. Also: more infrastructure and web application players announced patches to address the Heartbleed vulnerability. They include virtualization software vendor VMWare, as well as cloud-based file sharing service Box. If history is any guide: at some point in the next week or two, the drumbeat will soften and, eventually, go silent or nearly so. But that hardly means the Heartbleed problem has gone away. In fact, if Heartbleed follows the same […]

Continue Reading

Heartbleed For Poets And Other Must-Reads

It’s H-Day + 2 – two full days since we learned that one of the pillars of online security, OpenSSL, has contained a gaping security hole for the past two years that rendered its protections illusory. As I wrote over on Veracode’s blog today: this one hurts. It exposes private encryption keys, allowing encrypted SSL sessions to be revealed. Trend Micro data suggests around 5% of one million Internet top-level domains are vulnerable.  IOActive notes that Heartbleed also appears to leave data such as user sessions subject to hijacking, exposes encrypted search queries and leaves passwords used to access online services subject to snooping, provided the service hasn’t updated their OpenSSL instance to the latest version. In fact, its safe to bet that the ramifications of Heartbleed will continue to be felt for months – even years to come. In the meantime, there is a lot of interesting coverage and […]

Continue Reading

The Heartbleed OpenSSL Flaw: What You Need To Know

There’s a serious vulnerability in most versions of the OpenSSL technology that requires an immediate update to avoid exposing sensitive information and Internet traffic to snooping. In response, the SANS Internet Storm Center (ISC) has raised its InfoCon (threat) level to “Yellow,” indicating that…well…the Internet’s not as safe a place today as it was yesterday, before the vulnerability was released. Here’s what we know right now: + Researcher Neel Mehta of Google Security discovered the vulnerability, which was apparently introduced with a OpenSSL update in December, 2011, but only fixed with the release of OpenSSL 1.0.1g on Monday. + Dubbed “heartbleed” (thank the Codenomicon marketing department for that one), the vulnerability (CVE-2014-0160) is described as a TLS heartbeat read overrun. TLS stands for Transport Layer Security. According to OpenSSL.org, vulnerable versions of the OpenSSL software have version numbers ranging from 1.0.1 and 1.0.2-beta. + Codenomicon described the vulnerability as an “implementation problem” […]

Continue Reading

Vint Cerf: CS Changes Needed To Address IoT Security, Privacy

The Internet of Things has tremendous potential but also poses a tremendous risk if the underlying security of Internet of Things devices is not taken into account, according to Vint Cerf, Google’s Internet Evangelist. Cerf, speaking in a public Google Hangout on Wednesday, said that he’s tremendously excited about the possibilities of an Internet of billions of connected objects, but said that securing the data stored on those devices and exchanged between them represents a challenge to the field of computer science – and one that the nation’s universities need to start addressing. “I’m very excited,” Cerf said, in response to a question from host Leo Laporte. He cited the Philips HUE lightbulb as an example of a cool IoT application. “So you’re going to be able to manage quite a wide range of appliances at home , at work and in your car. Eventually, that will include things you’re […]

Continue Reading
1 13 14 15 16 17 31