Government

Must Read: How Russian Hackers Stole the Nasdaq – Businessweek

If there’s one story you should read this week, its Michael Riley’s extensive report over at Businessweek on the 2010 compromise of systems belonging to the Nasdaq stock exchange, “How Russian Hackers Stole the Nasdaq.” The incident was extensively reported at the time, but not in great depth. Obviously, the parties involved weren’t talking. And Nasdaq’s public statements about the compromise woefully downplayed its severity, as Riley’s report makes clear. Among the interesting revelations: the Nasdaq may have fallen victim to a third-party compromise – similar to the hack of Target earlier this year. In the case of Nasdaq, investigators from the FBI, NSA and (eventually) CIA found discovered that the website run by the building management company responsible for Nasdaq’s headquarters at One Liberty Plaza had been “laced with a Russian-made exploit kit known as Blackhole, infecting tenants who visited the page to pay bills or do other maintenance.” What’s clear is […]

Continue Reading

Nest, Samsung and AMD Back Thread For Home Automation

A week that has already been full of standards news for the Internet of Things added more with the unveiling of Thread, a proposed communications standard backed by Google’s NEST group that promises a “new and better way to connect products in the home.” Google was joined by Samsung, Freescale Semiconductor, ARM, smart lock maker Yale Security and Big Ass Fans (favorite company name ever) in forming The Thread Group to promote Thread. In a press release on Tuesday, the group said that the Internet of Things presents unique challenges that are not well met by existing wireless communications technologies such as Wi-Fi, ZigBee and Z-Wave. In contrast to those technologies, Thread focuses exclusively on network connectivity, not application-layer exchanges and connection management. Thread Group says existing application protocols and IoT platforms can easily run on Thread networks. Specifically, it uses 6LoWPAN (IPV6 over Low power Wireless Personal Area Networks) to create 802.15.4-standard mesh networks of smart […]

Continue Reading

Google Unveils Project Zero Hacking Team

Google has unveiled an all-star team of hackers and security researchers it is calling “Project Zero.” According to a post on Google’s security blog, the company is hoping to use its security research muscle to investigate the security of “any software depended upon by large numbers of people, paying careful attention to the techniques, targets and motivations of attackers.” Research like Google employee Neel Mehta’s, which helped expose the “Heartbleed” vulnerability in OpenSSL is a good example of the kinds of stuff Project Zero will do. Researchers will devote their time to finding and reporting software vulnerabilities and researching new exploits, mitigations and “program analysis.” The company said it plans to disclose any vulnerabilities it finds to the vendor first, then to the public in an external database. The public can monitor “time to patch” (given that the vulnerability is disclosed ahead of a patch). Project Zero brings Google’s elite hackers under […]

Continue Reading

Intel Promotes ‘Trustlets’ To Secure Embedded Devices

The integrity of data stored on- and transmitted between Internet-connected embedded devices is one of the biggest technical hurdles standing in the way of widespread adoption of Internet of Things technology. For one thing: embedded devices like wearable technology and “smart” infrastructure are often deployed on simple, inexpensive and resource constrained hardware. Unlike laptops or even smart phones, these are purpose-built devices that, by design, run for long periods in remote deployments, with extremely constrained features and low power consumption that is the result of limited processing power and memory. [Read Security Ledger’s coverage of connected vehicles.] Now Intel is promoting a platform that it says can bridge the gap and provide robust security features even for resource-constrained Internet of Things devices like wearables and connected vehicles. Back in April, the Intel Labs  unveiled the results of joint research with Technische Universität Darmstadt in Germany. The researchers have developed a platform, dubbed TrustLite […]

Continue Reading

$10,000 Is On Offer For Anyone Who Can Hack A Tesla Car – Forbes

Thomas Brewster over at Forbes has an interesting story this week on a $10,000 bounty that’s being offered for anyone who can hack Tesla’s Model S sedan. The contest is open to all registered attendees of SyScan Conference in Beijing, which takes place later in July. (Conference web site is here.) According to Brewster, the contest is not endorsed by Tesla, nor is the company cooperating in any way. The conference features a number of hacking demonstrations, including at least one on hacking cars: this presentation on strategies for securing Controller Area Network (CAN) based systems – CAN is the most commonly used networking protocol in automobiles. Tesla – which makes the most wired cars on the road – have flirted with both hackers and mod-ers in the past. Notably: this article mentions one car owner’s hack of Tesla’s (really nice) on board touch screen interface. That prompted a warning from […]

Continue Reading
1 107 108 109 110 111 143