Government Archives

Government

Punch Out: Security Holes In Time Clock Bite TSA, Others

August 6, 2014 Paul Roberts

A common time clock that is used by companies and government agencies, including the Transportation Security Administration (TSA) contains pre-programmed “back door” user accounts that could allow malicious attackers to gain access to sensitive networks, according to research by a security researcher at Qualys Inc. Speaking before an audience at the Black Hat Briefings in Las Vegas on Wednesday, Billy Rios, the Director of Threat Intelligence at Qualys Inc., revealed research on the Kronos 4500, a “time and attendance” product (aka time clock) that employees use to ‘punch in’ and ‘punch out’ from work. Rios said that an in-depth analysis of the Kronos equipment and the software that it runs revealed two types of backdoor accounts (user names and passwords) that will provide access to any deployed 4500 device. The accounts are particularly worrying because some vulnerable devices can be discovered using Internet searches, and because TSA is known to use Kronos attendance […]

Dan Geer’s Other Keynote: Embedded Devices Need A Time To Die

August 4, 2014 Paul Roberts

With the Black Hat Conference well under way and DEFCON starting later this week, the security world’s attention will turn to Las Vegas, where some of the cyber security industry’s top researchers and thinkers will be holding court. One of the most anticipated talks is the Black Hat Briefings opening keynote. This year, the honor goes to none other than Dr. Dan Geer, the CISO of In-Q-Tel, the investment arm of the U.S. intelligence sector. Geer’s talk on Wednesday, August 6, 2014 is entitled “Cybersecurity as Realpolitik.” In anticipation of Dr. Geer’s Black Hat, we’re releasing another recent talk he gave: this one a keynote speech at our May, 2014 Security of Things Forum in Cambridge, MA. In this talk, Dan focused on the security of embedded devices and the fast-emerging Internet of Things. (A full transcript of the talk is available here.) “The embedded systems space, already bigger than what is normally thought of as […]

Report: CIA Fears the Internet of Things | Nextgov.com

July 30, 2014 Paul Roberts

A story by Patrick Tucker over at Nextgov.com picks up on some comments from Dawn Meyerriecks, the deputy director of the Central Intelligence Agency’s directorate of science and technology regarding the agency’s thinking about the Internet of Things. Meyerriecks was speaking at The Aspen Institute’s Security Forum on Thursday of last week in a panel on “The Future of Warfare.” Speaking about the topic of cyber warfare, she said that current debates about the shape of cyber war don’t address the “looming geo-security threats posed by the Internet of Things.” Meyerriecks cited the now-debunked Proofpoint report about smart refrigerators being used in spam and distributed denial of service attacks.” She also mentioned “smart fluorescent LEDs [that are] are communicating that they need to be replaced but are also being hijacked for other things.” Those might be some sensational (and dubious) examples, but Meyerriecks main point was more pedestrian: that we’re on the cusp of disruptive […]

Chinese Firm Claims To Hack Tesla Model S To Win Security Contest – chicagotribune.com

July 18, 2014 Paul Roberts

A mainland China security firm, Qihoo 360 Technology Co., claims it has found a way to hack into systems that control Tesla’s Model S sedan, controlling features like the door locks, car horn and sunroof even while the vehicle was being operated, according to a report by Bloomberg News. The hack was in response to a contest associated with the SysCan security conference in Beijing. As reported by The Security Ledger, that contest offered a $10,000 reward to anyone who could hack the Model S. Bloomberg reporter Ma Jie cited this post on the company’s Sina Weibo account as proof of the compromise. Tranlated (via Google), the post reads: “Our safety performance Tesla recently conducted a series of tests and found that the certificate can be used to unlock the remote control of the vehicle, whistle, flash and so on. And can open the sunroof while driving the vehicle. Tesla owners […]

Is It Time For Customs To Inspect Software? | Veracode Blog

July 18, 2014 Paul Roberts

If you want to import beef, eggs or chicken into the U.S., you need to get your cargo past inspectors from the U.S. Department of Agriculture. Not so hardware and software imported into the U.S. and sold to domestic corporations. But a spate of stories about products shipping with malicious software raises the question: is it time for random audits to expose compromised supply chains? Concerns about ‘certified, pre-pwned’ hardware and software are nothing new. In fact, they’ve permeated the board rooms of technology and defense firms, as well as the halls of power in Washington, D.C. for years. The U.S. Congress conducted a high profile investigation of Chinese networking equipment maker ZTE in 2012 with the sole purpose of exploring links between the company and The People’s Liberation Army, and (unfounded) allegations that products sold by the companies were pre-loaded with spyware. Of course, now we know that such […]

Government

Punch Out: Security Holes In Time Clock Bite TSA, Others

Dan Geer’s Other Keynote: Embedded Devices Need A Time To Die

Report: CIA Fears the Internet of Things | Nextgov.com

Chinese Firm Claims To Hack Tesla Model S To Win Security Contest – chicagotribune.com

Is It Time For Customs To Inspect Software? | Veracode Blog

Press Release

Link11 brings three brands together on one platform with new branding

SecAI Debuts at RSA 2025, Redefining Threat Investigation with AI

Court Dismisses Criminal Charges Against VPN Executive, Affirms No-Log Policy

Lattica Emerges from Stealth to Solve AI’s Biggest Privacy Challenge with FHE

Criminal IP to Showcase Advanced Threat Intelligence at RSAC™ 2025

Subscribe to Podcast

Government

Share this:

Share this:

Share this:

Share this:

Share this:

Subscribe to Podcast