Infrastructure

Industrial Control Vendors Identified In Dragonfly Attack

Two of the three vendors who were victims of a targeted malware attack dubbed ‘Dragonfly’ by the security firm Symantec have been identified by industrial control system security experts. Writing on Tuesday, Dale Peterson of the firm Digitalbond identified the vendors as MB Connect Line, a German maker of industrial routers and remote access appliances and eWon, a Belgian firm that makes virtual private network (VPN) software that is used to access industrial control devices like programmable logic controllers. Peterson has also identified the third vendor, identified by F-Secure as a Swiss company, but told The Security Ledger that he cannot share the name of that firm. The three firms, which serve customers in industry, including owners of critical infrastructure, were the subject of a warning from the Department of Homeland Security. DHS’s ICS CERT, the Industrial Control Systems Computer Emergency Response Team, said it was alerted to compromises of the vendors’ by researchers […]

GE Opens Purse To Boost IoT Security

One of the big questions looming over Internet of Things with regard to cyber security is how well legacy security products will adjust to the IoT context. I think its safe to say that many of the tools and technologies that populate traditional IT environments (think: antivirus) aren’t well suited to use with Internet of Things devices which are often power and resource-constrained. IoT is a “ten-years-from-now” problem for enterprises. But for manufacturers like GE, it’s a “today” problem. That’s why GE is already investing in technology that it thinks is well suited to securing IoT and industrial environments. Last week, the company announced one such deal: acquiring the firm WurldTech of Vancouver Canada. The deal, announced on May 9th, will add Wurldtech’s technology and professional services to GE’s portfolio, with GE saying that Wurldtech products and services will “help to enhance the reliability of Industrial Internet operations.” Wurldtech makes security […]

Blade Runner Redux: Do Embedded Systems Need A Time To Die?

The plot of the 1982 film Blade Runner (loosely based on the 1968 novel Do Androids Dream of Electric Sheep by Philip K Dick) turns on the question of what makes us ‘human.’ Is it memories? Pain? Our ability to feel empathy? Or is it merely the foreknowledge of our own certain demise? In that movie, a group of rebellious, human-like androids – or “replicants” – return to a ruined Earth to seek out their maker. Their objective: find a way to disable an programmed ‘end of life’ in each of them.  In essence: the replicants want to become immortal. It’s a cool idea. And the replicants – pre-loaded with fake memories and histories – pose an interesting philosophical question about what it is that makes us humans. Our artificial intelligence isn’t quite to the ‘replicant’ level yet (the fictional tale takes place in 2019, so we have time). But some […]

connected car - audi-thumbnail

Traffic Monitoring Tech Vulnerable To Hacking

Connected cars aren’t the only transportation innovation that’s coming down the pike (pun intended). As we’ve noted before: smart roads and smart infrastructure promise even more transformative changes than – say – having Siri read  your text messages to you through your stereo system. The applications of smart road and connected infrastructure are almost limitless. But at this early stage (mostly proof of concept), much of the light and heat around smart roads is around applications of remote sensors at the roadside, or embedded in the road surface to identify problems like icy roads, the presence of liquids, traffic density, vehicle and pedestrian detection and more. For a nice overview of some sensor applications, check out this video from Liebelium. But that doesn’t mean that attacks against smart infrastructure are problems for the future. The security researcher Cesar Cerrudo points out in a blog post over at IOActive.com that many […]

Google-DataCenter

Heartbleed: Technology Monoculture’s Second Act

Say ‘technology monoculture’ and most people (who don’t look at you cross-eyed or say ‘God bless you!’) will say “Microsoft” or “Windows” or “Microsoft Windows.” That makes sense. Windows still runs on more than 90% of all desktop systems, long after Redmond’s star is rumored to have dimmed next to that of Apple. Microsoft is the poster child for the dangers and benefits of a monoculture. Hardware makers and application developers have a single platform to write to – consumers have confidence that the software and hardware they buy will “just work” so long as they’re running some version of Windows. The downside, of course, is that the Windows monoculture has also been a boon to bad guys, who can tailor exploits to one operating system or associated application (Office, Internet Explorer) and be confident that 9 of 10 systems their malicious software encounters will at least be running some version of the […]