MikroTik is part of a bigger problem: the failure of infrastructure owners to take appropriate action to address serious security holes in products.
Hardware
Podcast Episode 115: Joe Grand on Unicorn Spotting and Bloomberg’s Supply Chain Story
Podcast: Play in new window | Download (Duration: 35:36 — 40.7MB)Subscribe: Android | Email | Google Podcasts | RSSIn this week’s episode (#115), noted hardware enthusiast and hacker Joe Grand (aka “Kingpin”) told reporters from Bloomberg that finding an in-the-wild supply chain hack implanting malicious hardware on motherboards was akin to witnessing “a unicorn jumping over a rainbow.” They went with their story about just such an attack anyway. Joe joins us in the Security Ledger studios to talk about whether Bloomberg got it right. Also, Adam Meyers of Crowdstrike comes into the studio to talk about the U.S. Department of Justice indictment of seven Russian nationals. Adam talks about the hacks behind the charges and what comes next.
Spotlight Podcast: Synopsys’ Dan Lyon on the Challenge of Securing Connected Medical Devices
Podcast: Play in new window | Download (Duration: 27:07 — 31.0MB)Subscribe: Android | Email | Google Podcasts | RSSIn this Spotlight Podcast, sponsored by Synopsys: In the wake of a presentation at Black Hat about security flaws in implantable pace maker devices, Synopsys Principal Consultant Dan Lyon joins us to talk about why medical device makers struggle to make their connected medical devices more secure. Dan and I discuss some of the flaws in the approach that medical device makers take to security, and how manufacturers can take a page out of their own book: applying the same standards to cyber security as they do to – say- device safety.
Breaking the Ice on DICE: scaling secure Internet of Things Identities
Podcast: Play in new window | Download (Duration: 33:20 — 38.2MB)Subscribe: Android | Email | Google Podcasts | RSSIn this Spotlight Podcast, sponsored by Trusted Computing Group*, Dennis Mattoon of Microsoft Research gives us the low-down on DICE: the Device Identifier Composition Engine Architectures, which provides a means of solving a range of security and identity problems on low cost, low power IoT endpoints. Among them: establishing strong device identity, doing device attestation and safe deployment at scale and verifying software updates.
Episode 103: On the Voice-Controlled Internet, How Will We Authenticate?
Podcast: Play in new window | Download (Duration: 22:38 — 25.9MB)Subscribe: Android | Email | Google Podcasts | RSSVoice based interfaces are growing in popularity, complexity and influence. But securing these interfaces has, thus far, been an afterthought. If we are destined to interact with the smart systems around us using our voice, how exactly will we manage to authenticate to those devices? In this podcast we speak with Ben Rafferty of the firm Semafone about the challenges of securing voice-based systems. Semafone won the recent PAYMNTS.com Voice Challenge with a way to use Amazon’s Alexa voice assistant as an out of band authentication mechanism.
