Hardware

Podcast: Is Defense-In-Depth The Only Real Heartbleed Fix?

Like everyone else, we wrote extensively in the last month about the serious security vulnerability in OpenSSL dubbed “Heartbleed,” which affected many of the world’s leading web sites and services, including Facebook and Google. The large-type headlines about Heartbleed have passed. But that doesn’t mean that the danger has. As we have noted,  we are entering a phase that might be considered Heartbleed’s ‘long tail.’ Most of the well-trafficked websites that were vulnerable to Heartbleed have gotten around to fixing the vulnerability. But public-facing web servers are only the beginning of the story for OpenSSL. Chasing down the vulnerability’s long tail in third-party applications and on internal web sites and applications is a much larger task. As I’ve noted: open source components make their way into all manner of applications and bespoke products these days, often without any effort to assess the security of the borrowed code. For companies that need to protect critical IT […]

Continue Reading

Video: The Internet of Things and Enterprise Risk

The Security Ledger recently hosted our inaugural event: The Security of Things Forum (SECOT). This was a high-energy, day long conference in Cambridge, Massachusetts, that brought together subject experts, executives and thought leaders from disparate areas like high tech, finance and industrial systems to talk about the tsunami of change that is the Internet of Things. One of the big questions hovering over the event: how will IoT technologies and services change the security paradigm that we’ve all be operating under- but especially in enterprises. In fact, IoT and enterprise was the topic of our very first discussion of the day: a panel chaired by Chris Rezendes of INEX Advisors, a leading consultancy focusing on IoT. SECoT Forum 2014 – Democratized Data, IOT and Enterprise Risk from Exhibitor Media Group on Vimeo It’s a really big and messy problem. As panelist Ken Pfeil of Pioneer Investments pointed out: the hack of […]

Continue Reading

Report: Samsung Investing In IoT Security

South Korean electronics giant Samsung Electronics Co. said on Tuesday that it will invest heavily in security for the Internet of Things sector, citing security for IoT as a ‘key future technology’ alongside energy storage and harvesting.   The report on Tuesday, from South Korea’s Yonhap News Service said Samsung, currently the world’s top maker of mobile phones, said Samsung is soliciting proposals on IoT security algorithms and protocols through the end of June. Possible applications include “biometrics, smart structures and advanced traffic networks,” according to Yonhap. The announcement comes by way of Samsung’s Future Technology Fostering Center, a research group that the company established last year to help keep it on the cutting edge in technology. According to published reports, Samsung has pledged 1.5 trillion won ($1.34 billion) over 10 years to fund the Center. Approximately 750 billion won ($670 million) will be allocated to research projects through 2017.

Continue Reading

Bad Actor: With Update, LG Says No Monitoring, No Smart TV!

Customers of consumer electronics giant LG are raising alarm about a recent software update that asks owners to agree to have their viewing behavior tracked and monitored, or see their ‘smart’ TVs made dumb: with access to features like YouTube and Netflix disabled. Owners of some models of LG brand SmartTVs who have applied a recent firmware have taken to blogs to complain about a firmware update for their TVs that prompt them to agree to lengthy new Terms of Service and Privacy Agreements. The revised documents grant LG permission to monitor and record their viewing habits and their interactions with the device, including voice commands. Users who do not agree to the new terms find many of their smart TV features disabled, according to customer testimony and an analysis by one independent IT researcher. The prompt to read and accept a new “Legal Notice,” “Terms of Use” and “Privacy Policy” appears when SmartTV users first […]

Continue Reading

WSJ: Samsung Looks To Iris Scans To Secure Mobile Devices

Min-Jeong Lee has an interesting article over at The Wall Street Journal Digits blog on how mobile device maker Samsung is looking to expand its use of biometric sensors in mobile devices beyond the finger-print scanners that are now the state of the art. According to the article, Samsung is considering “various types of biometric [mechanisms]” in addition to fingerprint scanners. Samsung’s senior vice president Rhee In-jong told analysts and investors at a forum in Hong Kong on Monday that iris scanners are a top consideration. “One of things that everybody is looking at is iris detection,” Rhee said. The biometric features are part of Samsung’s enterprise-focused mobile software, dubbed “Knox.”According to Rhee, only a small portion of some 80 million Samsung devices that shipped with the Knox software, which provides additional security functions for use by businesses, such as hardware based “TrustZone” technology to isolate sensitive data, virtualization for data- […]

Continue Reading
1 72 73 74 75 76 100