Qualys

Welcoming A New Sponsor: Gemalto

Just a note to my loyal readers that The Security Ledger is welcoming a new sponsor this week: Gemalto. If you’re not familiar with them, Gemalto NV (GTO) is a ~3B firm that makes a wide range of software for e-identity documents, chip payment cards, network authentication devices and wireless modules, as well as the software to manage confidential data and secure transactions in the telecommunications, financial services, e-government, and information technology security markets. This is an especially exciting win for The Security Ledger because Gemalto, with 10,000 employees and offices in 46 countries is a key supplier to the global Internet of Things. Products like its Protiva platform provide the foundation of trust that undergirds online person-to-machine and machine-to-machine transactions and exchanges of all kinds: on mobile devices, smart cards, medical devices, automobiles and more. We’re really excited to have Gemalto on board as a Security Ledger sponsor. Please join […]

Mercedes

Traffic Safety Agency Calls Vehicle Cyber Security Standards

The U.S. Government’s lead agency for vehicle safety has told Congress that more research into “vehicle cyber security” to address the threats to a coming generation of networked automobiles that connect to the public Internet and to each other. In testimony before Congress on Thursday,  David Strickland, the chief Administrator for the National Highway Traffic Safety Administration (NHTSA) told a Senate Committee that the electronics systems are “critical to the functioning” of modern autos, and are becoming increasingly interconnected, leading to “different safety and cyber security risks.”  The agency is requesting $2 million in the 2014 budget to research “vehicle electronics and emerging technologies” with an eye to developing requirements for the safety and reliability of vehicle controls. “With electronic systems assuming safety critical roles in nearly all vehicle controls, we are facing the need to develop general requirements for electronic control systems to ensure their reliability and security,” Strickland […]

AppSec And The Ghost In The Supply Chain

Tomorrow afternoon, Security Ledger, with help from our sponsor Veracode, will record its first video conversation. The show’s name: Talking Code (#talkingcode). The topic: application security, and – in particular – securing the supply chain. Joining me for the discussion will by Chris Wysopal, the co-founder and CTO of Veracode and Joshua Corman, the Director of Security Intelligence at Akamai Inc. Two things: you can send us questions or comments on Twitter. Our discussion will be filmed in studio, not live, but we’ll be tweeting comments live and engaging in realtime via Twitter. Just use the hashtag #talkingcode to pose questions. Say the term “supply chain,” and people immediately think of automobile and electronics manufacturers, who must assemble products from components makers scattered around the globe. These days, however, its not just manufacturers who have to worry about supply chains. Almost every company has a “supply chain” in one form or […]

The Security Ledger podcast

Podcast: Switch To IPV6 Demands A Security Re-Think

Podcast: Play in new window | Download () | EmbedSubscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | RSS | https://www.securityledger.com/subscribeEditor’s Note: This  interview with Qualys CTO Wolfgang Kandek was originally recorded on March 29th. You’re probably not aware of it, but a major transformation is taking place on the Internet. We’ve exhausted the approximately 4.3 billion available addresses for IPV4 – Internet Protocol Version 4 – the Internet’s lingua franca. (Roughly 98% of all Internet traffic.)   With billions of new, intelligent devices set to join the global Internet in the next decade, a new addressing scheme was needed. Enter Internet Protocol Version 6 (IPV6), which will create a practically inexhaustible supply of new addresses and some much needed, new security features that can prevent man in the middle attacks, ARP poisoning and a host of other ills. But organizations that have the […]

Researchers: Hole In TLS Encryption Could Expose Secure Web Sessions

Researchers at the University of London are going public with a paper that claims to have found a flaw in the specification for Transport Layer Security (TLS) that could leave supposedly secure Web, IM, VoIP and other online sessions exposed to prying eyes. The researchers, Nadhem Al Fardan and Kenny Patterson of the Information Security Group at Royal Holloway, University of London said that the security hole stem from a flaw in the TLS specification, rather than a bug in how TLS is implemented. The two researchers have developed proof of concept attacks that take advantage of the flaw, and that could be used to recover a complete block of TLS-encrypted plaintext, the researchers said. Al Fardan is a Ph.D student in the Information Security Group. Patterson is a professor of Information Security there. The two have  discovered other, serious holes in TLS before. Notably: the two discovered a critical […]