In-brief: Unmanned aerial vehicles manufactured by the Chinese firm DJI will be blocked from flying over the U.S. Capitol according to a statement by the company. The move raises important questions about the role that connected device makers will play in determining how, when and where customers use their products. (Update adds commentary from Justin Davis of Dronecamps.com – PFR Jan 29, 2015 17:30)
In-brief: The security firm Qualys is warning of a serious and remotely exploitable vulnerability in a function of the GNU C Library (glibc) known as gethostbyname. The security hole raises more questions about dangers lurking in legacy, open source software.
In-brief: adoption of Internet of Things technologies puts a premium on the use of network segmentation to ensure connected devices don’t undermine the overall security of the network, according to Cisco’s Scott Harrell.
The magazine CIO has picked up on a report by the firm National Instruments on some of the key challenges facing the industrial Internet of Things. No surprise: security and management are two of them. National Instruments has an interesting perspective on the topic: it makes equipment that is used by heavy industry (energy, oil and gas, automotive, etc.) to monitor industrial processes. As a result, NI is knee deep in the transformation to “smart” industry powered by autonomous, sensing equipment. The company anticipates big challenges as more and more industrial systems come online. From the article: “As massive networks of systems come online, these systems need to communicate with each other and with the enterprise, often over vast distances…Both the systems and the communications need to be secure, or millions of dollars’ worth of assets are put at risk.” Beyond that, NI notes that companies developing products for the industrial Internet of Things […]
On Friday, the firm Allegro Software of Boxborough, Massachusetts, released an odd-sounding statement encouraging all its customers to “maintain firmware for highest level of embedded device security.” Specifically, Allegro wanted to warn customers about the need to apply a software update to address two recently discovered vulnerabilities affecting its Rom Pager embedded web server: CVE-2014-9222 and CVE-2014-9223, collectively known as the “Misfortune Cookie” vulnerabilities. That patch in question was released almost ten years ago – in 2005. As reported widely last week, the vulnerabilities affecting the Rom Pager software can be found in some 12 million broadband routers by manufacturers including Linksys, D-Link, Huawei, TP-Link, ZTE and Edimax. In short: some of the most common sellers of broadband routers in the world. The security firm CheckPoint discovered the vulnerabilities and issued a report about them. (The report web site is here and a PDF format report is here.) According to CheckPoint, the Misfortune Cookie vulnerability has to […]
